XOOPS / XoopsCore

htdocs/modules/protector/language/japanese/admin.php

Spacing +47 added lines, -47 removed lines

@@ -1,59 +1,59 @@
 <?php
 
 // mymenu
-define('_MD_A_MYMENU_MYTPLSADMIN','');
-define('_MD_A_MYMENU_MYBLOCKSADMIN','アクセス権限');
-define('_MD_A_MYMENU_MYPREFERENCES','一般設定');
+define('_MD_A_MYMENU_MYTPLSADMIN', '');
+define('_MD_A_MYMENU_MYBLOCKSADMIN', 'アクセス権限');
+define('_MD_A_MYMENU_MYPREFERENCES', '一般設定');
 
 // index.php
-define("_AM_TH_DATETIME","日時");
-define("_AM_TH_USER","ユーザ");
-define("_AM_TH_IP","IP");
-define("_AM_TH_AGENT","AGENT");
-define("_AM_TH_TYPE","種別");
-define("_AM_TH_DESCRIPTION","詳細");
-
-define("_AM_TH_BADIPS" , '拒否IPリスト<br /><br /><span style="font-weight:normal;">１行１IPアドレスで記述してください（前方一致）。空欄なら全許可。</span>' ) ;
-
-define("_AM_TH_GROUP1IPS" , '管理者グループ(1)の許可IP<br /><br /><span style="font-weight:normal;">１行１IPアドレスで記述してください（前方一致）。<br />192.168. とすれば、192.168.*からのみ管理者になれます。空欄なら全許可。</span>' ) ;
-
-define("_AM_LABEL_COMPACTLOG" , "ログをコンパクト化する" ) ;
-define("_AM_BUTTON_COMPACTLOG" , "コンパクト化実行" ) ;
-define("_AM_JS_COMPACTLOGCONFIRM" , "IPと種別の重複したレコードを削除します" ) ;
-define("_AM_LABEL_REMOVEALL" , "全レコードを削除する:" ) ;
-define("_AM_BUTTON_REMOVEALL" , "全削除実行" ) ;
-define("_AM_JS_REMOVEALLCONFIRM" , "ログを無条件で削除します。本当によろしいですか？" ) ;
-define("_AM_LABEL_REMOVE" , "チェックしたレコードを削除する:" ) ;
-define("_AM_BUTTON_REMOVE" , "削除実行" ) ;
-define("_AM_JS_REMOVECONFIRM" , "本当に削除してよろしいですか？" ) ;
-define("_AM_MSG_IPFILESUPDATED" , "IPリストファイルを書き換えました" ) ;
-define("_AM_MSG_BADIPSCANTOPEN" , "拒否IPリストファイルが開けません" ) ;
-define("_AM_MSG_GROUP1IPSCANTOPEN" , "管理者用IPリストファイルが開けません" ) ;
-define("_AM_MSG_REMOVED" , "削除しました" ) ;
+define("_AM_TH_DATETIME", "日時");
+define("_AM_TH_USER", "ユーザ");
+define("_AM_TH_IP", "IP");
+define("_AM_TH_AGENT", "AGENT");
+define("_AM_TH_TYPE", "種別");
+define("_AM_TH_DESCRIPTION", "詳細");
+
+define("_AM_TH_BADIPS", '拒否IPリスト<br /><br /><span style="font-weight:normal;">１行１IPアドレスで記述してください（前方一致）。空欄なら全許可。</span>');
+
+define("_AM_TH_GROUP1IPS", '管理者グループ(1)の許可IP<br /><br /><span style="font-weight:normal;">１行１IPアドレスで記述してください（前方一致）。<br />192.168. とすれば、192.168.*からのみ管理者になれます。空欄なら全許可。</span>');
+
+define("_AM_LABEL_COMPACTLOG", "ログをコンパクト化する");
+define("_AM_BUTTON_COMPACTLOG", "コンパクト化実行");
+define("_AM_JS_COMPACTLOGCONFIRM", "IPと種別の重複したレコードを削除します");
+define("_AM_LABEL_REMOVEALL", "全レコードを削除する:");
+define("_AM_BUTTON_REMOVEALL", "全削除実行");
+define("_AM_JS_REMOVEALLCONFIRM", "ログを無条件で削除します。本当によろしいですか？");
+define("_AM_LABEL_REMOVE", "チェックしたレコードを削除する:");
+define("_AM_BUTTON_REMOVE", "削除実行");
+define("_AM_JS_REMOVECONFIRM", "本当に削除してよろしいですか？");
+define("_AM_MSG_IPFILESUPDATED", "IPリストファイルを書き換えました");
+define("_AM_MSG_BADIPSCANTOPEN", "拒否IPリストファイルが開けません");
+define("_AM_MSG_GROUP1IPSCANTOPEN", "管理者用IPリストファイルが開けません");
+define("_AM_MSG_REMOVED", "削除しました");
 //define("_AM_FMT_CONFIGSNOTWRITABLE" , "configsディレクトリが書込許可されていません: %s" ) ;
 
 
 // prefix_manager.php
-define("_AM_H3_PREFIXMAN" , "PREFIX マネージャ" ) ;
-define("_AM_MSG_DBUPDATED" , "データベースが更新されました" ) ;
-define("_AM_CONFIRM_DELETE" , "全テーブルが削除されますがよろしいですか?" ) ;
-define("_AM_TXT_HOWTOCHANGEDB" , "prefixを変更する場合は、%s/mainfile.php 内の以下の部分を書き換えてください<br /><br />define('XOOPS_DB_PREFIX','<b>%s</b>');" ) ;
+define("_AM_H3_PREFIXMAN", "PREFIX マネージャ");
+define("_AM_MSG_DBUPDATED", "データベースが更新されました");
+define("_AM_CONFIRM_DELETE", "全テーブルが削除されますがよろしいですか?");
+define("_AM_TXT_HOWTOCHANGEDB", "prefixを変更する場合は、%s/mainfile.php 内の以下の部分を書き換えてください<br /><br />define('XOOPS_DB_PREFIX','<b>%s</b>');");
 
 
 // advisory.php
-define("_AM_ADV_NOTSECURE","非推奨");
-
-define("_AM_ADV_TRUSTPATHPUBLIC","上にNGという画像が表示されていたり、リンク先でエラーが出ないようならXOOPS_TRUST_PATHの設置方法に問題があります。XOOPS_TRUST_PATHはDocumentRoot外に設置するのが基本ですが、そうできない場合でもXOOPS_TRUST_PATH直下にDENY FROM ALLの一行を持つ.htaccessを追加するなどして、XOOPS_TRUST_PATH内に直接アクセスできないようにする必要があります。");
-define("_AM_ADV_TRUSTPATHPUBLICLINK","TRUST_PATH内のPHPファイルに直アクセスできないことの確認（リンク先が404,403,500エラーなら正常）");
-define("_AM_ADV_REGISTERGLOBALS","この設定は、様々な変数汚染攻撃を招きます<br />もし、.htaccessを置けるサーバであれば、XOOPSインストールディレクトリの.htaccessを作るか編集するかして下さい");
-define("_AM_ADV_ALLOWURLFOPEN","この設定だと、外部の任意のスクリプトを実行される危険性があります<br />この設定変更にはサーバの管理者権限が必要です<br />ご自身で管理しているサーバであれば、php.iniやhttpd.confを編集して下さい<br />そうでない場合は、サーバ管理者にお願いしてみて下さい");
-define("_AM_ADV_USETRANSSID","セッションIDが自動的にリンクに表示される設定となっています。<br />セッションハイジャックを防ぐためにも、XOOPSインストールディレクトリに.htaccessを作るか編集するかして下さい<br /><b>php_flag session.use_trans_sid off</b>");
-define("_AM_ADV_DBPREFIX","DB接頭辞がデフォルトのxoopsのままなので、SQL Injectionに弱い状態です<br />「孤立コメントの無害化」など、SQL Injection対策の設定をONにすることをお忘れなく");
-define("_AM_ADV_LINK_TO_PREFIXMAN","PREFIXマネージャへ");
-define("_AM_ADV_MAINUNPATCHED","READMEに記述された通りに、mainfile.php にパッチを当てて下さい");
-define("_AM_ADV_DBFACTORYPATCHED","データベースファクトリは対応済みです");
-define("_AM_ADV_DBFACTORYUNPATCHED","データベースファクトリクラスへのパッチが当たっていないのでDBレイヤートラップanti-SQL-Injectionは効きません");
-
-define("_AM_ADV_SUBTITLECHECK","Protectorの動作チェック");
-define("_AM_ADV_CHECKCONTAMI","変数汚染");
-define("_AM_ADV_CHECKISOCOM","孤立コメント");
+define("_AM_ADV_NOTSECURE", "非推奨");
+
+define("_AM_ADV_TRUSTPATHPUBLIC", "上にNGという画像が表示されていたり、リンク先でエラーが出ないようならXOOPS_TRUST_PATHの設置方法に問題があります。XOOPS_TRUST_PATHはDocumentRoot外に設置するのが基本ですが、そうできない場合でもXOOPS_TRUST_PATH直下にDENY FROM ALLの一行を持つ.htaccessを追加するなどして、XOOPS_TRUST_PATH内に直接アクセスできないようにする必要があります。");
+define("_AM_ADV_TRUSTPATHPUBLICLINK", "TRUST_PATH内のPHPファイルに直アクセスできないことの確認（リンク先が404,403,500エラーなら正常）");
+define("_AM_ADV_REGISTERGLOBALS", "この設定は、様々な変数汚染攻撃を招きます<br />もし、.htaccessを置けるサーバであれば、XOOPSインストールディレクトリの.htaccessを作るか編集するかして下さい");
+define("_AM_ADV_ALLOWURLFOPEN", "この設定だと、外部の任意のスクリプトを実行される危険性があります<br />この設定変更にはサーバの管理者権限が必要です<br />ご自身で管理しているサーバであれば、php.iniやhttpd.confを編集して下さい<br />そうでない場合は、サーバ管理者にお願いしてみて下さい");
+define("_AM_ADV_USETRANSSID", "セッションIDが自動的にリンクに表示される設定となっています。<br />セッションハイジャックを防ぐためにも、XOOPSインストールディレクトリに.htaccessを作るか編集するかして下さい<br /><b>php_flag session.use_trans_sid off</b>");
+define("_AM_ADV_DBPREFIX", "DB接頭辞がデフォルトのxoopsのままなので、SQL Injectionに弱い状態です<br />「孤立コメントの無害化」など、SQL Injection対策の設定をONにすることをお忘れなく");
+define("_AM_ADV_LINK_TO_PREFIXMAN", "PREFIXマネージャへ");
+define("_AM_ADV_MAINUNPATCHED", "READMEに記述された通りに、mainfile.php にパッチを当てて下さい");
+define("_AM_ADV_DBFACTORYPATCHED", "データベースファクトリは対応済みです");
+define("_AM_ADV_DBFACTORYUNPATCHED", "データベースファクトリクラスへのパッチが当たっていないのでDBレイヤートラップanti-SQL-Injectionは効きません");
+
+define("_AM_ADV_SUBTITLECHECK", "Protectorの動作チェック");
+define("_AM_ADV_CHECKCONTAMI", "変数汚染");
+define("_AM_ADV_CHECKISOCOM", "孤立コメント");

htdocs/modules/protector/class/gtickets.php

Spacing +18 added lines, -18 removed lines

@@ -38,8 +38,8 @@ 
 
             // language file
             if ($language && !strstr($language, '/')) {
-                if (XoopsLoad::fileExists(dirname(__DIR__) . '/language/' . $language . '/gticket_messages.phtml')) {
-                    include dirname(__DIR__) . '/language/' . $language . '/gticket_messages.phtml';
+                if (XoopsLoad::fileExists(dirname(__DIR__).'/language/'.$language.'/gticket_messages.phtml')) {
+                    include dirname(__DIR__).'/language/'.$language.'/gticket_messages.phtml';
                 }
             }
 
@@ -58,7 +58,7 @@ 
         // render form as plain html
         function getTicketHtml($salt = '', $timeout = 1800, $area = '')
         {
-            return '<input type="hidden" name="XOOPS_G_TICKET" value="' . $this->issue($salt, $timeout, $area) . '" />';
+            return '<input type="hidden" name="XOOPS_G_TICKET" value="'.$this->issue($salt, $timeout, $area).'" />';
         }
 
         // returns an object of XoopsFormHidden including the ticket
@@ -82,7 +82,7 @@ 
         // return GET parameter string.
         function getTicketParamString($salt = '', $noamp = false, $timeout = 1800, $area = '')
         {
-            return ($noamp ? '' : '&amp;') . 'XOOPS_G_TICKET=' . $this->issue($salt, $timeout, $area);
+            return ($noamp ? '' : '&amp;').'XOOPS_G_TICKET='.$this->issue($salt, $timeout, $area);
         }
 
         // issue a ticket
@@ -93,7 +93,7 @@ 
             // create a token
             list($usec, $sec) = explode(" ", microtime());
             $appendix_salt = empty($_SERVER['PATH']) ? \XoopsBaseConfig::get('db-name') : $_SERVER['PATH'];
-            $token = crypt($salt . $usec . $appendix_salt . $sec);
+            $token = crypt($salt.$usec.$appendix_salt.$sec);
             $this->_latest_token = $token;
 
             if (empty($_SESSION['XOOPS_G_STUBS'])) {
@@ -119,7 +119,7 @@ 
             );
 
             // paid md5ed token as a ticket
-            return md5($token . \XoopsBaseConfig::get('db-prefix'));
+            return md5($token.\XoopsBaseConfig::get('db-prefix'));
         }
 
         // check a ticket
@@ -148,14 +148,14 @@ 
             foreach ($stubs_tmp as $stub) {
                 // default lifetime 30min
                 if ($stub['expire'] >= time()) {
-                    if (md5($stub['token'] . \XoopsBaseConfig::get('db-prefix')) === $ticket) {
+                    if (md5($stub['token'].\XoopsBaseConfig::get('db-prefix')) === $ticket) {
                         $found_stub = $stub;
                     } else {
                         // store the other valid stubs into session
                         $_SESSION['XOOPS_G_STUBS'][] = $stub;
                     }
                 } else {
-                    if (md5($stub['token'] . \XoopsBaseConfig::get('db-prefix')) === $ticket) {
+                    if (md5($stub['token'].\XoopsBaseConfig::get('db-prefix')) === $ticket) {
                         // not CSRF but Time-Out
                         $timeout_flag = true;
                     }
@@ -224,7 +224,7 @@ 
             }
 
             $table = '<table>';
-            $form = '<form action="?' . htmlspecialchars(@$_SERVER['QUERY_STRING'], ENT_QUOTES) . '" method="post" >';
+            $form = '<form action="?'.htmlspecialchars(@$_SERVER['QUERY_STRING'], ENT_QUOTES).'" method="post" >';
             foreach ($_POST as $key => $val) {
                 if ($key === 'XOOPS_G_TICKET') {
                     continue;
@@ -240,14 +240,14 @@ 
                     if (get_magic_quotes_gpc()) {
                         $val = stripslashes($val);
                     }
-                    $table .= '<tr><th>' . htmlspecialchars($key, ENT_QUOTES) . '</th><td>' . htmlspecialchars($val, ENT_QUOTES) . '</td></tr>' . "\n";
-                    $form .= '<input type="hidden" name="' . htmlspecialchars($key, ENT_QUOTES) . '" value="' . htmlspecialchars($val, ENT_QUOTES) . '" />' . "\n";
+                    $table .= '<tr><th>'.htmlspecialchars($key, ENT_QUOTES).'</th><td>'.htmlspecialchars($val, ENT_QUOTES).'</td></tr>'."\n";
+                    $form .= '<input type="hidden" name="'.htmlspecialchars($key, ENT_QUOTES).'" value="'.htmlspecialchars($val, ENT_QUOTES).'" />'."\n";
                 }
             }
             $table .= '</table>';
-            $form .= $this->getTicketHtml(__LINE__, 300, $area) . '<input type="submit" value="' . $this->messages['btn_repost'] . '" /></form>';
+            $form .= $this->getTicketHtml(__LINE__, 300, $area).'<input type="submit" value="'.$this->messages['btn_repost'].'" /></form>';
 
-            echo '<html><head><title>' . $this->messages['err_general'] . '</title><style>table,td,th {border:solid black 1px; border-collapse:collapse;}</style></head><body>' . sprintf($this->messages['fmt_prompt4repost'], $this->getErrors()) . $table . $form . '</body></html>';
+            echo '<html><head><title>'.$this->messages['err_general'].'</title><style>table,td,th {border:solid black 1px; border-collapse:collapse;}</style></head><body>'.sprintf($this->messages['fmt_prompt4repost'], $this->getErrors()).$table.$form.'</body></html>';
         }
 
         /**
@@ -262,15 +262,15 @@ 
                     $key = stripslashes($key);
                 }
                 if (is_array($val)) {
-                    list($tmp_table, $tmp_form) = $this->extract_post_recursive($key_name . '[' . htmlspecialchars($key, ENT_QUOTES) . ']', $val);
+                    list($tmp_table, $tmp_form) = $this->extract_post_recursive($key_name.'['.htmlspecialchars($key, ENT_QUOTES).']', $val);
                     $table .= $tmp_table;
                     $form .= $tmp_form;
                 } else {
                     if (get_magic_quotes_gpc()) {
                         $val = stripslashes($val);
                     }
-                    $table .= '<tr><th>' . $key_name . '[' . htmlspecialchars($key, ENT_QUOTES) . ']</th><td>' . htmlspecialchars($val, ENT_QUOTES) . '</td></tr>' . "\n";
-                    $form .= '<input type="hidden" name="' . $key_name . '[' . htmlspecialchars($key, ENT_QUOTES) . ']" value="' . htmlspecialchars($val, ENT_QUOTES) . '" />' . "\n";
+                    $table .= '<tr><th>'.$key_name.'['.htmlspecialchars($key, ENT_QUOTES).']</th><td>'.htmlspecialchars($val, ENT_QUOTES).'</td></tr>'."\n";
+                    $form .= '<input type="hidden" name="'.$key_name.'['.htmlspecialchars($key, ENT_QUOTES).']" value="'.htmlspecialchars($val, ENT_QUOTES).'" />'."\n";
                 }
             }
             return array($table, $form);
@@ -311,8 +311,8 @@ 
 
         function errorHandler4FindOutput($errNo, $errStr, $errFile, $errLine)
         {
-            if (preg_match('?' . preg_quote(\XoopsBaseConfig::get('root-path')) . '([^:]+)\:(\d+)?', $errStr, $regs)) {
-                echo "Irregular output! check the file " . htmlspecialchars($regs[1]) . " line " . htmlspecialchars($regs[2]);
+            if (preg_match('?'.preg_quote(\XoopsBaseConfig::get('root-path')).'([^:]+)\:(\d+)?', $errStr, $regs)) {
+                echo "Irregular output! check the file ".htmlspecialchars($regs[1])." line ".htmlspecialchars($regs[2]);
             } else {
                 echo "Irregular output! check language files etc.";
             }

htdocs/modules/protector/class/protector.php

Spacing +47 added lines, -47 removed lines

@@ -138,7 +138,7 @@ 
                     $this->_safe_contami = false;
                     $this->last_error_type = 'CONTAMI';
                 }
-                $this->_initial_recursive($subval, $key . '_' . base64_encode($subkey));
+                $this->_initial_recursive($subval, $key.'_'.base64_encode($subkey));
             }
         } else {
             // check nullbyte attack
@@ -172,7 +172,7 @@ 
             return false;
         }
 
-        $result = @mysqli_query("SELECT conf_name,conf_value FROM " . \XoopsBaseConfig::get('db-prefix') . "_config WHERE conf_title like '" . "_MI_PROTECTOR%'", $this->_conn);
+        $result = @mysqli_query("SELECT conf_name,conf_value FROM ".\XoopsBaseConfig::get('db-prefix')."_config WHERE conf_title like '"."_MI_PROTECTOR%'", $this->_conn);
         if (!$result || mysql_num_rows($result) < 5) {
             return false;
         }
@@ -231,7 +231,7 @@ 
         }
 
         if ($redirect_to_top) {
-            header('Location: ' . \XoopsBaseConfig::get('url') . '/');
+            header('Location: '.\XoopsBaseConfig::get('url').'/');
             exit;
         } else {
             $ret = $this->call_filter('prepurge_exit');
@@ -265,7 +265,7 @@ 
         $agent = @$_SERVER['HTTP_USER_AGENT'];
 
         if ($unique_check) {
-            $result = mysqli_query('SELECT ip,type FROM ' . \XoopsBaseConfig::get('db-prefix') . '_' . $this->mydirname . '_log ORDER BY timestamp DESC LIMIT 1', $this->_conn);
+            $result = mysqli_query('SELECT ip,type FROM '.\XoopsBaseConfig::get('db-prefix').'_'.$this->mydirname.'_log ORDER BY timestamp DESC LIMIT 1', $this->_conn);
             list($last_ip, $last_type) = mysql_fetch_row($result);
             if ($last_ip == $ip && $last_type == $type) {
                 $this->_logged = true;
@@ -273,7 +273,7 @@ 
             }
         }
 
-        mysqli_query("INSERT INTO " . XOOPS_DB_PREFIX . "_" . $this->mydirname . "_log SET ip='" . addslashes($ip) . "',agent='" . addslashes($agent) . "',type='" . addslashes($type) . "',description='" . addslashes($this->message) . "',uid='" . (int)($uid) . "',timestamp=NOW()", $this->_conn);
+        mysqli_query("INSERT INTO ".XOOPS_DB_PREFIX."_".$this->mydirname."_log SET ip='".addslashes($ip)."',agent='".addslashes($agent)."',type='".addslashes($type)."',description='".addslashes($this->message)."',uid='".(int)($uid)."',timestamp=NOW()", $this->_conn);
         $this->_logged = true;
         return true;
     }
@@ -288,7 +288,7 @@ 
         $fp = @fopen($this->get_filepath4bwlimit(), 'w');
         if ($fp) {
             @flock($fp, LOCK_EX);
-            fwrite($fp, $expire . "\n");
+            fwrite($fp, $expire."\n");
             @flock($fp, LOCK_UN);
             fclose($fp);
             return true;
@@ -307,7 +307,7 @@ 
 
     function get_filepath4bwlimit()
     {
-        return \XoopsBaseConfig::get('trust-path') . '/modules/protector/configs/bwlimit' . substr(md5(\XoopsBaseConfig::get('root-path') . \XoopsBaseConfig::get('db-user') . \XoopsBaseConfig::get('db-prefix')), 0, 6);
+        return \XoopsBaseConfig::get('trust-path').'/modules/protector/configs/bwlimit'.substr(md5(\XoopsBaseConfig::get('root-path').\XoopsBaseConfig::get('db-user').\XoopsBaseConfig::get('db-prefix')), 0, 6);
     }
 
     function write_file_badips($bad_ips)
@@ -317,7 +317,7 @@ 
         $fp = @fopen($this->get_filepath4badips(), 'w');
         if ($fp) {
             @flock($fp, LOCK_EX);
-            fwrite($fp, serialize($bad_ips) . "\n");
+            fwrite($fp, serialize($bad_ips)."\n");
             @flock($fp, LOCK_UN);
             fclose($fp);
             return true;
@@ -368,7 +368,7 @@ 
 
     function get_filepath4badips()
     {
-        return \XoopsBaseConfig::get('root-path') . '/modules/protector/configs/badips' . substr(md5(\XoopsBaseConfig::get('root-path') . \XoopsBaseConfig::get('db-user') . \XoopsBaseConfig::get('db-prefix')), 0, 6);
+        return \XoopsBaseConfig::get('root-path').'/modules/protector/configs/badips'.substr(md5(\XoopsBaseConfig::get('root-path').\XoopsBaseConfig::get('db-user').\XoopsBaseConfig::get('db-prefix')), 0, 6);
     }
 
     function get_group1_ips($with_info = false)
@@ -388,12 +388,12 @@ 
 
     function get_filepath4group1ips()
     {
-        return \XoopsBaseConfig::get('var-path') . '/configs/protector_group1ips_' . substr(md5(\XoopsBaseConfig::get('root-path') . \XoopsBaseConfig::get('db-user') . \XoopsBaseConfig::get('db-prefix')), 0, 6);
+        return \XoopsBaseConfig::get('var-path').'/configs/protector_group1ips_'.substr(md5(\XoopsBaseConfig::get('root-path').\XoopsBaseConfig::get('db-user').\XoopsBaseConfig::get('db-prefix')), 0, 6);
     }
 
     function get_filepath4confighcache()
     {
-        return XOOPS_VAR_PATH . '/configs/protector_configcache_' . substr(md5(XOOPS_ROOT_PATH . XOOPS_DB_USER . XOOPS_DB_PREFIX), 0, 6);
+        return XOOPS_VAR_PATH.'/configs/protector_configcache_'.substr(md5(XOOPS_ROOT_PATH.XOOPS_DB_USER.XOOPS_DB_PREFIX), 0, 6);
     }
 
     function ip_match($ips)
@@ -450,8 +450,8 @@ 
             return false;
         }
 
-        $target_htaccess = \XoopsBaseConfig::get('root-path') . '/.htaccess';
-        $backup_htaccess = \XoopsBaseConfig::get('root-path') . '/uploads/.htaccess.bak';
+        $target_htaccess = \XoopsBaseConfig::get('root-path').'/.htaccess';
+        $backup_htaccess = \XoopsBaseConfig::get('root-path').'/uploads/.htaccess.bak';
 
         $ht_body = file_get_contents($target_htaccess);
 
@@ -476,9 +476,9 @@ 
             if (substr($regs[2], -strlen($ip)) == $ip) {
                 return true;
             }
-            $new_ht_body = $regs[1] . "#PROTECTOR#\n" . $regs[2] . " $ip\n#PROTECTOR#\n" . $regs[3];
+            $new_ht_body = $regs[1]."#PROTECTOR#\n".$regs[2]." $ip\n#PROTECTOR#\n".$regs[3];
         } else {
-            $new_ht_body = "#PROTECTOR#\nDENY FROM $ip\n#PROTECTOR#\n" . $ht_body;
+            $new_ht_body = "#PROTECTOR#\nDENY FROM $ip\n#PROTECTOR#\n".$ht_body;
         }
 
         // error_log( "$new_ht_body\n" , 3 , "/tmp/error_log" ) ;
@@ -532,7 +532,7 @@ 
 
         if (!empty($this->_dblayertrap_doubtfuls) || $force_override) {
             @define('XOOPS_DB_ALTERNATIVE', 'ProtectorMysqlDatabase');
-            require_once dirname(__DIR__) . '/class/ProtectorMysqlDatabase.class.php';
+            require_once dirname(__DIR__).'/class/ProtectorMysqlDatabase.class.php';
         }
     }
 
@@ -694,7 +694,7 @@ 
             if (!is_array($current)) {
                 return false;
             }
-            $current =& $current[$index];
+            $current = & $current[$index];
         }
         return $current;
     }
@@ -709,16 +709,16 @@ 
 
         switch ($base_array) {
             case 'G' :
-                $main_ref =& $this->get_ref_from_base64index($_GET, $indexes);
-                $legacy_ref =& $this->get_ref_from_base64index($HTTP_GET_VARS, $indexes);
+                $main_ref = & $this->get_ref_from_base64index($_GET, $indexes);
+                $legacy_ref = & $this->get_ref_from_base64index($HTTP_GET_VARS, $indexes);
                 break;
             case 'P' :
-                $main_ref =& $this->get_ref_from_base64index($_POST, $indexes);
-                $legacy_ref =& $this->get_ref_from_base64index($HTTP_POST_VARS, $indexes);
+                $main_ref = & $this->get_ref_from_base64index($_POST, $indexes);
+                $legacy_ref = & $this->get_ref_from_base64index($HTTP_POST_VARS, $indexes);
                 break;
             case 'C' :
-                $main_ref =& $this->get_ref_from_base64index($_COOKIE, $indexes);
-                $legacy_ref =& $this->get_ref_from_base64index($HTTP_COOKIE_VARS, $indexes);
+                $main_ref = & $this->get_ref_from_base64index($_COOKIE, $indexes);
+                $legacy_ref = & $this->get_ref_from_base64index($HTTP_COOKIE_VARS, $indexes);
                 break;
             default :
                 exit;
@@ -726,7 +726,7 @@ 
         if (!isset($main_ref)) {
             exit;
         }
-        $request_ref =& $this->get_ref_from_base64index($_REQUEST, $indexes);
+        $request_ref = & $this->get_ref_from_base64index($_REQUEST, $indexes);
         if ($request_ref !== false && $main_ref == $request_ref) {
             $request_ref = $val;
         }
@@ -783,7 +783,7 @@ 
                     $image_attributes = @getimagesize($_file['tmp_name']);
                     if ($image_attributes === false && is_uploaded_file($_file['tmp_name'])) {
                         // open_basedir restriction
-                        $temp_file = \XoopsBaseConfig::get('root-path') . '/uploads/protector_upload_temporary' . md5(time());
+                        $temp_file = \XoopsBaseConfig::get('root-path').'/uploads/protector_upload_temporary'.md5(time());
                         move_uploaded_file($_file['tmp_name'], $temp_file);
                         $image_attributes = @getimagesize($temp_file);
                         @unlink($temp_file);
@@ -832,7 +832,7 @@ 
                 if ($str === false) {
                     $this->message .= "Isolated comment-in found. ($val)\n";
                     if ($sanitize) {
-                        $this->replace_doubtful($key, $val . '*/');
+                        $this->replace_doubtful($key, $val.'*/');
                     }
                     $this->_safe_isocom = false;
                     $this->last_error_type = 'ISOCOM';
@@ -875,10 +875,10 @@ 
             return false;
         }
 
-        $query = "f=serial&ip=" . $_SERVER['REMOTE_ADDR'];
-        $query .= isset($_POST['email']) ? "&email=" . $_POST['email'] : '';
-        $query .= isset($_POST['uname']) ? "&username=" . $_POST['uname'] : '';
-        $url = "http://www.stopforumspam.com/api?" . $query;
+        $query = "f=serial&ip=".$_SERVER['REMOTE_ADDR'];
+        $query .= isset($_POST['email']) ? "&email=".$_POST['email'] : '';
+        $query .= isset($_POST['uname']) ? "&username=".$_POST['uname'] : '';
+        $url = "http://www.stopforumspam.com/api?".$query;
         $ch = curl_init();
         curl_setopt($ch, CURLOPT_URL, $url);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
@@ -912,16 +912,16 @@ 
                 break;
             case 'san' :
                 $_POST = array();
-                $this->message .= "POST deleted for IP:" . $_SERVER['REMOTE_ADDR'];
+                $this->message .= "POST deleted for IP:".$_SERVER['REMOTE_ADDR'];
                 break;
             case 'biptime0' :
                 $_POST = array();
-                $this->message .= "BAN and POST deleted for IP:" . $_SERVER['REMOTE_ADDR'];
+                $this->message .= "BAN and POST deleted for IP:".$_SERVER['REMOTE_ADDR'];
                 $this->_should_be_banned_time0 = true;
                 break;
             case 'bip' :
                 $_POST = array();
-                $this->message .= "Ban and POST deleted for IP:" . $_SERVER['REMOTE_ADDR'];
+                $this->message .= "Ban and POST deleted for IP:".$_SERVER['REMOTE_ADDR'];
                 $this->_should_be_banned = true;
                 break;
         }
@@ -951,7 +951,7 @@ 
         }
 
         // gargage collection
-        $result = $db->queryF("DELETE FROM " . $db->prefix($this->mydirname . "_access") . " WHERE expire < UNIX_TIMESTAMP()");
+        $result = $db->queryF("DELETE FROM ".$db->prefix($this->mydirname."_access")." WHERE expire < UNIX_TIMESTAMP()");
 
         // for older versions before updating this module
         if ($result === false) {
@@ -960,11 +960,11 @@ 
         }
 
         // sql for recording access log (INSERT should be placed after SELECT)
-        $sql4insertlog = "INSERT INTO " . $db->prefix($this->mydirname . "_access") . " SET ip='$ip4sql',request_uri='$uri4sql',expire=UNIX_TIMESTAMP()+'" . (int)($this->_conf['dos_expire']) . "'";
+        $sql4insertlog = "INSERT INTO ".$db->prefix($this->mydirname."_access")." SET ip='$ip4sql',request_uri='$uri4sql',expire=UNIX_TIMESTAMP()+'".(int)($this->_conf['dos_expire'])."'";
 
         // bandwidth limitation
         if (@$this->_conf['bwlimit_count'] >= 10) {
-            $result = $db->query("SELECT COUNT(*) FROM " . $db->prefix($this->mydirname . "_access"));
+            $result = $db->query("SELECT COUNT(*) FROM ".$db->prefix($this->mydirname."_access"));
             list($bw_count) = $db->fetchRow($result);
             if ($bw_count > $this->_conf['bwlimit_count']) {
                 $this->write_file_bwlimit(time() + $this->_conf['dos_expire']);
@@ -972,7 +972,7 @@ 
         }
 
         // F5 attack check (High load & same URI)
-        $result = $db->query("SELECT COUNT(*) FROM " . $db->prefix($this->mydirname . "_access") . " WHERE ip='$ip4sql' AND request_uri='$uri4sql'");
+        $result = $db->query("SELECT COUNT(*) FROM ".$db->prefix($this->mydirname."_access")." WHERE ip='$ip4sql' AND request_uri='$uri4sql'");
         list($f5_count) = $db->fetchRow($result);
         if ($f5_count > $this->_conf['dos_f5count']) {
 
@@ -1026,7 +1026,7 @@ 
         }
 
         // Crawler check (High load & different URI)
-        $result = $db->query("SELECT COUNT(*) FROM " . $db->prefix($this->mydirname . "_access") . " WHERE ip='$ip4sql'");
+        $result = $db->query("SELECT COUNT(*) FROM ".$db->prefix($this->mydirname."_access")." WHERE ip='$ip4sql'");
         list($crawler_count) = $db->fetchRow($result);
 
         // delayed insert
@@ -1095,18 +1095,18 @@ 
         $mal4sql = addslashes("BRUTE FORCE: $victim_uname");
 
         // gargage collection
-        $result = $xoopsDB->queryF("DELETE FROM " . $xoopsDB->prefix($this->mydirname . "_access") . " WHERE expire < UNIX_TIMESTAMP()");
+        $result = $xoopsDB->queryF("DELETE FROM ".$xoopsDB->prefix($this->mydirname."_access")." WHERE expire < UNIX_TIMESTAMP()");
 
         // sql for recording access log (INSERT should be placed after SELECT)
-        $sql4insertlog = "INSERT INTO " . $xoopsDB->prefix($this->mydirname . "_access") . " SET ip='$ip4sql',request_uri='$uri4sql',malicious_actions='$mal4sql',expire=UNIX_TIMESTAMP()+600";
+        $sql4insertlog = "INSERT INTO ".$xoopsDB->prefix($this->mydirname."_access")." SET ip='$ip4sql',request_uri='$uri4sql',malicious_actions='$mal4sql',expire=UNIX_TIMESTAMP()+600";
 
         // count check
-        $result = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix($this->mydirname . "_access") . " WHERE ip='$ip4sql' AND malicious_actions like 'BRUTE FORCE:%'");
+        $result = $xoopsDB->query("SELECT COUNT(*) FROM ".$xoopsDB->prefix($this->mydirname."_access")." WHERE ip='$ip4sql' AND malicious_actions like 'BRUTE FORCE:%'");
         list($bf_count) = $xoopsDB->fetchRow($result);
         if ($bf_count > $this->_conf['bf_count']) {
             $this->register_bad_ips(time() + $this->_conf['banip_time0']);
             $this->last_error_type = 'BruteForce';
-            $this->message .= "Trying to login as '" . addslashes($victim_uname) . "' found.\n";
+            $this->message .= "Trying to login as '".addslashes($victim_uname)."' found.\n";
             $this->output_log('BRUTE FORCE', 0, true, 1);
             $ret = $this->call_filter('bruteforce_overrun');
             if ($ret == false) {
@@ -1140,7 +1140,7 @@ 
             }
 
             // count BBCode likd [url=www....] up (without [url=http://...])
-            $this->_spamcount_uri += count(preg_split('/\[url=(?!http|\\"http|\\\'http|' . $http_host . ')/i', $val)) - 1;
+            $this->_spamcount_uri += count(preg_split('/\[url=(?!http|\\"http|\\\'http|'.$http_host.')/i', $val)) - 1;
         }
     }
 
@@ -1153,7 +1153,7 @@ 
         $this->_spam_check_point_recursive($_POST);
 
         if ($this->_spamcount_uri >= $points4deny) {
-            $this->message .= @$_SERVER['REQUEST_URI'] . " SPAM POINT: $this->_spamcount_uri\n";
+            $this->message .= @$_SERVER['REQUEST_URI']." SPAM POINT: $this->_spamcount_uri\n";
             $this->output_log('URI SPAM', $uid, false, 128);
             $ret = $this->call_filter('spamcheck_overrun');
             if ($ret == false) {
@@ -1227,11 +1227,11 @@ 
 
             // preview CSRF zx 2004/12/14
             // news submit.php
-            if (substr(@$_SERVER['SCRIPT_NAME'], -23) === 'modules/news/submit.php' && isset($_POST['preview']) && strpos(@$_SERVER['HTTP_REFERER'], \XoopsBaseConfig::get('url') . '/modules/news/submit.php') !== 0) {
+            if (substr(@$_SERVER['SCRIPT_NAME'], -23) === 'modules/news/submit.php' && isset($_POST['preview']) && strpos(@$_SERVER['HTTP_REFERER'], \XoopsBaseConfig::get('url').'/modules/news/submit.php') !== 0) {
                 $HTTP_POST_VARS['nohtml'] = $_POST['nohtml'] = 1;
             }
             // news admin/index.php
-            if (substr(@$_SERVER['SCRIPT_NAME'], -28) === 'modules/news/admin/index.php' && ($_POST['op'] === 'preview' || $_GET['op'] === 'preview') && strpos(@$_SERVER['HTTP_REFERER'], \XoopsBaseConfig::get('url') . '/modules/news/admin/index.php') !== 0) {
+            if (substr(@$_SERVER['SCRIPT_NAME'], -28) === 'modules/news/admin/index.php' && ($_POST['op'] === 'preview' || $_GET['op'] === 'preview') && strpos(@$_SERVER['HTTP_REFERER'], \XoopsBaseConfig::get('url').'/modules/news/admin/index.php') !== 0) {
                 $HTTP_POST_VARS['nohtml'] = $_POST['nohtml'] = 1;
             }
             // comment comment_post.php
@@ -1259,7 +1259,7 @@ 
      */
     function call_filter($type, $dying_message = '')
     {
-        require_once __DIR__ . '/ProtectorFilter.php';
+        require_once __DIR__.'/ProtectorFilter.php';
         $filter_handler = ProtectorFilterHandler::getInstance();
         $ret = $filter_handler->execute($type);
         if ($ret == false && $dying_message) {

htdocs/modules/protector/class/ProtectorFilter.php

Spacing +7 added lines, -7 removed lines

@@ -31,10 +31,10 @@ 
         $xoops = Xoops::getInstance();
         $language = $xoops->getConfig('language');
         $this->protector = Protector::getInstance();
-        $lang = !$language  ? @$this->protector->_conf['default_lang'] : $language;
-        @include_once dirname(__DIR__) . '/language/' . $lang . '/main.php';
+        $lang = !$language ? @$this->protector->_conf['default_lang'] : $language;
+        @include_once dirname(__DIR__).'/language/'.$lang.'/main.php';
         if (!defined('_MD_PROTECTOR_YOUAREBADIP')) {
-            include_once dirname(__DIR__) . '/language/english/main.php';
+            include_once dirname(__DIR__).'/language/english/main.php';
         }
     }
 
@@ -65,7 +65,7 @@ 
     function ProtectorFilterHandler()
     {
         $this->protector = Protector::getInstance();
-        $this->filters_base = dirname(__DIR__) . '/filters_enabled';
+        $this->filters_base = dirname(__DIR__).'/filters_enabled';
     }
 
     static function getInstance()
@@ -84,9 +84,9 @@ 
 
         $dh = opendir($this->filters_base);
         while (($file = readdir($dh)) !== false) {
-            if (strncmp($file, $type . '_', strlen($type) + 1) === 0) {
-                include_once $this->filters_base . '/' . $file;
-                $plugin_name = 'protector_' . substr($file, 0, -4);
+            if (strncmp($file, $type.'_', strlen($type) + 1) === 0) {
+                include_once $this->filters_base.'/'.$file;
+                $plugin_name = 'protector_'.substr($file, 0, -4);
                 if (function_exists($plugin_name)) {
                     // old way
                     $ret |= call_user_func($plugin_name);

htdocs/modules/protector/class/form/center.php

Spacing +3 added lines, -3 removed lines

@@ -38,17 +38,17 @@
         global $xoopsDB;
         $db = $xoopsDB;
         $protector = Protector::getInstance($db->conn);
-        require_once dirname(__DIR__) . '/gtickets.php';
+        require_once dirname(__DIR__).'/gtickets.php';
 
         parent::__construct('', "form_prefip", "center.php", 'post', true);
 
         $bad_ips = new Xoops\Form\TextArea(_AM_TH_BADIPS, 'bad_ips', $bad_ips4disp, 3, 90);
-        $bad_ips->setDescription('<br />' . htmlspecialchars($protector->get_filepath4badips()));
+        $bad_ips->setDescription('<br />'.htmlspecialchars($protector->get_filepath4badips()));
         $bad_ips->setClass('span3');
         $this->addElement($bad_ips);
 
         $group1_ips = new Xoops\Form\TextArea(_AM_TH_GROUP1IPS, 'group1_ips', $group1_ips4disp, 3, 90);
-        $group1_ips->setDescription('<br />' . htmlspecialchars($protector->get_filepath4group1ips()));
+        $group1_ips->setDescription('<br />'.htmlspecialchars($protector->get_filepath4group1ips()));
         $group1_ips->setClass('span3');
         $this->addElement($group1_ips);
         $formTicket = new xoopsGTicket;

htdocs/modules/protector/class/ProtectorMysqlDatabase.class.php

Spacing +86 added lines, -86 removed lines

@@ -22,103 +22,103 @@ 
 $root_path = \XoopsBaseConfig::get('root-path');
 $db_type = \XoopsBaseConfig::get('db-type');
 
-if( XoopsLoad::fileExists( $root_path.'/class/database/drivers/'.$db_type.'/database.php' ) ) {
+if (XoopsLoad::fileExists($root_path.'/class/database/drivers/'.$db_type.'/database.php')) {
     require_once $root_path.'/class/database/drivers/'.$db_type.'/database.php';
 } else {
     require_once $root_path.'/class/database/'.$db_type.'database.php';
 }
 
-require_once $root_path.'/class/database/database.php' ;
+require_once $root_path.'/class/database/database.php';
 
 class ProtectorMySQLDatabase extends XoopsMySQLDatabaseProxy
 {
 
-var $doubtful_requests = array() ;
+var $doubtful_requests = array();
 var $doubtful_needles = array(
     // 'order by' ,
-    'concat' ,
-    'information_schema' ,
-    'select' ,
-    'union' ,
-    '/*' , /**/
-    '--' ,
-    '#' ,
-) ;
+    'concat',
+    'information_schema',
+    'select',
+    'union',
+    '/*', /**/
+    '--',
+    '#',
+);
 
 
 function ProtectorMySQLDatabase()
 {
-    $protector = Protector::getInstance() ;
-    $this->doubtful_requests = $protector->getDblayertrapDoubtfuls() ;
-    $this->doubtful_needles = array_merge( $this->doubtful_needles , $this->doubtful_requests ) ;
+    $protector = Protector::getInstance();
+    $this->doubtful_requests = $protector->getDblayertrapDoubtfuls();
+    $this->doubtful_needles = array_merge($this->doubtful_needles, $this->doubtful_requests);
 }
 
 
-function injectionFound( $sql )
+function injectionFound($sql)
 {
-    $protector = Protector::getInstance() ;
+    $protector = Protector::getInstance();
 
-    $protector->last_error_type = 'SQL Injection' ;
-    $protector->message .= $sql ;
-    $protector->output_log( $protector->last_error_type ) ;
-    die( 'SQL Injection found' ) ;
+    $protector->last_error_type = 'SQL Injection';
+    $protector->message .= $sql;
+    $protector->output_log($protector->last_error_type);
+    die('SQL Injection found');
 }
 
 
-function separateStringsInSQL( $sql )
+function separateStringsInSQL($sql)
 {
-    $sql = trim( $sql ) ;
-    $sql_len = strlen( $sql ) ;
-    $char = '' ;
-    $string_start = '' ;
+    $sql = trim($sql);
+    $sql_len = strlen($sql);
+    $char = '';
+    $string_start = '';
     $in_string = false;
-    $sql_wo_string = '' ;
-    $strings = array() ;
-    $current_string = '' ;
-
-    for( $i = 0 ; $i < $sql_len ; ++$i ) {
-        $char = $sql[$i] ;
-        if( $in_string ) {
-            while( 1 ) {
-                $new_i = strpos( $sql , $string_start , $i ) ;
-                $current_string .= substr( $sql , $i , $new_i - $i + 1 ) ;
-                $i = $new_i ;
-                if( $i === false ) {
-                    break 2 ;
-                } else if( /* $string_start == '`' || */ $sql[$i-1] !== '\\' ) {
-                    $string_start = '' ;
-                    $in_string = false ;
-                    $strings[] = $current_string ;
-                    break ;
+    $sql_wo_string = '';
+    $strings = array();
+    $current_string = '';
+
+    for ($i = 0; $i < $sql_len; ++$i) {
+        $char = $sql[$i];
+        if ($in_string) {
+            while (1) {
+                $new_i = strpos($sql, $string_start, $i);
+                $current_string .= substr($sql, $i, $new_i - $i + 1);
+                $i = $new_i;
+                if ($i === false) {
+                    break 2;
+                } else if ( /* $string_start == '`' || */ $sql[$i - 1] !== '\\' ) {
+                    $string_start = '';
+                    $in_string = false;
+                    $strings[] = $current_string;
+                    break;
                 } else {
-                    $j = 2 ;
-                    $escaped_backslash = false ;
-                    while( $i - $j > 0 && $sql[$i-$j] === '\\' ) {
-                        $escaped_backslash = ! $escaped_backslash ;
+                    $j = 2;
+                    $escaped_backslash = false;
+                    while ($i - $j > 0 && $sql[$i - $j] === '\\') {
+                        $escaped_backslash = !$escaped_backslash;
                         ++$j;
                     }
                     if ($escaped_backslash) {
-                        $string_start = '' ;
-                        $in_string = false ;
-                        $strings[] = $current_string ;
-                        break ;
+                        $string_start = '';
+                        $in_string = false;
+                        $strings[] = $current_string;
+                        break;
                     } else {
                         ++$i;
                     }
                 }
             }
-        } else if( $char === '"' || $char === "'" ) { // dare to ignore ``
-            $in_string = true ;
-            $string_start = $char ;
-            $current_string = $char ;
+        } else if ($char === '"' || $char === "'") { // dare to ignore ``
+            $in_string = true;
+            $string_start = $char;
+            $current_string = $char;
         } else {
-            $sql_wo_string .= $char ;
+            $sql_wo_string .= $char;
         }
         // dare to ignore comment
         // because unescaped ' or " have been already checked in stage1
     }
 
-    return array( $sql_wo_string , $strings ) ;
+    return array($sql_wo_string, $strings);
 }
 
 
@@ -126,24 +126,24 @@ 
 /**
  * @param string $sql
  */
-function checkSql( $sql )
+function checkSql($sql)
 {
-    list( $sql_wo_strings , $strings ) = $this->separateStringsInSQL( $sql ) ;
+    list($sql_wo_strings, $strings) = $this->separateStringsInSQL($sql);
 
     // stage1: addslashes() processed or not
-    foreach( $this->doubtful_requests as $request ) {
-        if( addslashes( $request ) != $request ) {
-            if( stristr( $sql , trim( $request ) ) ) {
+    foreach ($this->doubtful_requests as $request) {
+        if (addslashes($request) != $request) {
+            if (stristr($sql, trim($request))) {
                 // check the request stayed inside of strings as whole
-                $ok_flag = false ;
-                foreach( $strings as $string ) {
-                    if( strstr( $string , $request ) ) {
-                        $ok_flag = true ;
-                        break ;
+                $ok_flag = false;
+                foreach ($strings as $string) {
+                    if (strstr($string, $request)) {
+                        $ok_flag = true;
+                        break;
                     }
                 }
-                if( ! $ok_flag ) {
-                    $this->injectionFound( $sql ) ;
+                if (!$ok_flag) {
+                    $this->injectionFound($sql);
                 }
             }
         }
@@ -155,39 +155,39 @@ 
     // OK: select a from b where c='$d_escaped'
     // $_GET['d'] = '(select ... FROM)'
     // NG: select a from b where c=(select ... from)
-    foreach( $this->doubtful_requests as $request ) {
-        if( strstr( $sql_wo_strings , trim( $request ) ) ) {
-            $this->injectionFound( $sql ) ;
+    foreach ($this->doubtful_requests as $request) {
+        if (strstr($sql_wo_strings, trim($request))) {
+            $this->injectionFound($sql);
         }
     }
 
     // stage3: comment exists or not without quoted strings (too sensitive?)
-    if( preg_match( '/(\/\*|\-\-|\#)/' , $sql_wo_strings , $regs ) ) {
-        foreach( $this->doubtful_requests as $request ) {
-            if( strstr( $request , $regs[1] ) ) {
-                $this->injectionFound( $sql ) ;
+    if (preg_match('/(\/\*|\-\-|\#)/', $sql_wo_strings, $regs)) {
+        foreach ($this->doubtful_requests as $request) {
+            if (strstr($request, $regs[1])) {
+                $this->injectionFound($sql);
             }
         }
     }
 }
 
 
-function query( $sql , $limit = 0 , $start = 0 )
+function query($sql, $limit = 0, $start = 0)
 {
-    $sql4check = substr( $sql , 7 ) ;
-    foreach( $this->doubtful_needles as $needle ) {
-        if( stristr( $sql4check , $needle ) ) {
-            $this->checkSql( $sql ) ;
-            break ;
+    $sql4check = substr($sql, 7);
+    foreach ($this->doubtful_needles as $needle) {
+        if (stristr($sql4check, $needle)) {
+            $this->checkSql($sql);
+            break;
         }
     }
 
-    if( ! defined( 'XOOPS_DB_PROXY' ) ) {
-        $ret = parent::queryF( $sql , $limit , $start ) ;
+    if (!defined('XOOPS_DB_PROXY')) {
+        $ret = parent::queryF($sql, $limit, $start);
     } else {
-        $ret = parent::query( $sql , $limit , $start ) ;
+        $ret = parent::query($sql, $limit, $start);
     }
-    return $ret ;
+    return $ret;
 }
 
 }

htdocs/modules/menus/admin/admin_menus.php

Spacing +5 added lines, -5 removed lines

@@ -20,7 +20,7 @@ 
  * @version         $Id$
  */
 
-include_once __DIR__ . '/header.php';
+include_once __DIR__.'/header.php';
 
 $xoops = Xoops::getInstance();
 $helper = Menus::getInstance();
@@ -32,7 +32,7 @@ 
 $xoops->theme()->addStylesheet('modules/system/css/admin.css');
 
 // Get $_GET, $_POST, ...
-$op =Request::getCmd('op', 'list');
+$op = Request::getCmd('op', 'list');
 $id = Request::getInt('id', 0);
 $limit = Request::getInt('limit', 15);
 $start = Request::getInt('start', 0);
@@ -66,7 +66,7 @@ 
         $msg[] = _AM_MENUS_SAVE;
 
         $id = Request::getInt('id', 0);
-        if (isset($id) && $id !=0) {
+        if (isset($id) && $id != 0) {
             $obj = $helper->getHandlerMenus()->get($id);
         } else {
             $obj = $helper->getHandlerMenus()->create();
@@ -102,7 +102,7 @@ 
             echo $xoops->confirm(
                 array('ok' => 1, 'id' => $id, 'op' => 'del'),
                 $helper->url('admin/admin_menus.php'),
-                _AM_MENUS_MSG_SUREDEL . '<br /><strong>' . $obj->getVar('title') . '</strong>'
+                _AM_MENUS_MSG_SUREDEL.'<br /><strong>'.$obj->getVar('title').'</strong>'
             );
         }
         break;
@@ -121,7 +121,7 @@ 
 
         $criteria = new CriteriaCompo();
         if ($query != '') {
-            $crit = new CriteriaCompo(new Criteria('title', $query . '%', 'LIKE'));
+            $crit = new CriteriaCompo(new Criteria('title', $query.'%', 'LIKE'));
             $criteria->add($crit);
         }
 

htdocs/modules/menus/admin/admin_menu.php

Indentation +1 added lines, -1 removed lines

@@ -191,7 +191,7 @@
             $menusArray = $builder->render();
             $xoops->tpl()->assign('menus', $menusArray);
         } else {
-             $xoops->tpl()->assign('error_message', _AM_MENUS_MSG_NOTFOUND);
+                $xoops->tpl()->assign('error_message', _AM_MENUS_MSG_NOTFOUND);
         }
         break;
 }

Spacing +8 added lines, -8 removed lines

@@ -20,7 +20,7 @@ 
  * @version         $Id$
  */
 
-include_once __DIR__ . '/header.php';
+include_once __DIR__.'/header.php';
 
 $xoops = Xoops::getInstance();
 $helper = Menus::getInstance();
@@ -94,7 +94,7 @@ 
         $msg[] = _AM_MENUS_SAVE;
 
         $id = Request::getInt('id', 0);
-        if (isset($id) && $id !=0) {
+        if (isset($id) && $id != 0) {
             $obj = $helper->getHandlerMenu()->get($id);
         } else {
             $obj = $helper->getHandlerMenu()->create();
@@ -119,7 +119,7 @@ 
 
         if ($helper->getHandlerMenu()->insert($obj)) {
             $this_handler->update_weights($obj);
-            $xoops->redirect('admin_menu.php?op=list&amp;menu_id=' . $obj->getVar('mid'), 2, implode('<br />', $msg));
+            $xoops->redirect('admin_menu.php?op=list&amp;menu_id='.$obj->getVar('mid'), 2, implode('<br />', $msg));
         }
         echo $xoops->alert('error', $obj->getHtmlErrors());
         $form = $helper->getForm($obj, 'menus_menu');
@@ -135,7 +135,7 @@ 
                 $xoops->redirect('admin_menu.php', 3, implode(',', $xoops->security()->getErrors()));
             }
             if ($helper->getHandlerMenu()->delete($obj)) {
-                $xoops->redirect('admin_menu.php?menu_id=' . $menu_id, 2, _AM_MENUS_MSG_SUCCESS);
+                $xoops->redirect('admin_menu.php?menu_id='.$menu_id, 2, _AM_MENUS_MSG_SUCCESS);
             } else {
                 echo $xoops->alert('error', $obj->getHtmlErrors());
             }
@@ -143,7 +143,7 @@ 
             echo $xoops->confirm(
                 array('ok' => 1, 'id' => $id, 'op' => 'del', 'menu_id' => $menu_id),
                 $helper->url('admin/admin_menu.php'),
-                _AM_MENUS_MSG_SUREDEL . '<br /><strong>' . $obj->getVar('title') . '</strong>'
+                _AM_MENUS_MSG_SUREDEL.'<br /><strong>'.$obj->getVar('title').'</strong>'
             );
         }
         break;
@@ -154,7 +154,7 @@ 
         $obj->setVar('weight', $weight);
         $this_handler->insert($obj);
         $this_handler->update_weights($obj);
-        $xoops->redirect('admin_menu.php?op=list&amp;menu_id=' . $obj->getVar('mid'), 2, _AM_MENUS_SAVE);
+        $xoops->redirect('admin_menu.php?op=list&amp;menu_id='.$obj->getVar('mid'), 2, _AM_MENUS_SAVE);
         break;
 
     case 'toggle':
@@ -163,12 +163,12 @@ 
         $obj = $this_handler->get($id);
         $obj->setVar('visible', $visible);
         $this_handler->insert($obj);
-        $xoops->redirect('admin_menu.php?op=list&amp;menu_id=' . $obj->getVar('mid'), 2, _AM_MENUS_SAVE);
+        $xoops->redirect('admin_menu.php?op=list&amp;menu_id='.$obj->getVar('mid'), 2, _AM_MENUS_SAVE);
         break;
 
     case 'list':
     default:
-        $admin_page->addItemButton(_AM_MENUS_ADD_MENUS, 'admin_menu.php?op=add&amp;menu_id=' . $menu_id, 'add');
+        $admin_page->addItemButton(_AM_MENUS_ADD_MENUS, 'admin_menu.php?op=add&amp;menu_id='.$menu_id, 'add');
         $admin_page->renderButton();
 
         $this_handler = $helper->getHandlerMenu();

htdocs/modules/menus/admin/header.php

Spacing +1 added lines, -1 removed lines

@@ -18,7 +18,7 @@
  * @version         $Id$
  */
 
-require_once dirname(dirname(dirname(__DIR__))) . '/include/cp_header.php';
+require_once dirname(dirname(dirname(__DIR__))).'/include/cp_header.php';
 
 $xoops = Xoops::getInstance();
 $helper = Xoops\Module\Helper::getHelper('menus');