Issues in admin.page.php - New Issues - Inspection of "Fixes for Bug #5 & Bug #10, update javascript-tree..." - XoopsModules25x/about - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#11)

unknown

created 2017-05-23 23:02 UTC

admin/admin.page.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * You may not change or alter any portion of this comment or credits of
 * supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or
 * credit authors.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.
 */
/**
 * Process and Display the Main Administration page
 *
 * @package    module\about\admin
 * @copyright  The XOOPS Co.Ltd. http://www.xoops.com.cn
 * @copyright  Copyright (c) 2001-2017 {@link http://xoops.org XOOPS Project}
 * @license    GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 * @author     Mengjue Shao <[email protected]>
 * @author     Susheng Yang <[email protected]>
 * @since      1.0.0
 */

require __DIR__ . '/admin_header.php';
xoops_cp_header();

$adminObject = Xmf\Module\Admin::getInstance();
$adminObject->displayNavigation(basename(__FILE__));

$op      = Xmf\Request::getCmd('op', null);
$op      = (null !== $op) ? $op : (isset($_REQUEST['id']) ? 'edit' : 'list');
$page_id = Xmf\Request::getInt('id', null);

$page_handler = xoops_getModuleHandler('page', 'about');

switch ($op) {
    default:
    case 'list':
        // Page order
        if (isset($_POST['page_order'])) {
            $page_order = Xmf\Request::getArray('page_order', array(), 'POST'); //$_POST['page_order'];
            foreach ($page_order as $page_id => $order) {
                $page_obj = $page_handler->get($page_id);
                if ($page_order[$page_id] != $page_obj->getVar('page_order')) {
                    $page_obj->setVar('page_order', $page_order[$page_id]);
                    $page_handler->insert($page_obj);
                }
                unset($page_obj);
            }
        }
        // Set index
        if (isset($_POST['page_index'])) {
            $page_index = Xmf\Request::getInt('page_index', AboutConstants::NOT_INDEX, 'POST');
            $page_obj = $page_handler->get($page_index);
            if ($page_index != $page_obj->getVar('page_index')) {
                $page_obj = $page_handler->get($page_index);
                if (!$page_obj->getVar('page_title')) {
                    $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_PAGE_ORDER_ERROR);
                }
                $page_handler->updateAll('page_index', AboutConstants::NOT_INDEX, null);
                unset($criteria);
                $page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
                $page_handler->insert($page_obj);
            }
            unset($page_obj);
        }
        $fields = array(
            'page_id',
            'page_pid',
            'page_menu_title',
            'page_author',
            'page_pushtime',
            'page_blank',
            'page_menu_status',
            'page_type',
            'page_status',
            'page_order',
            'page_index',
            'page_tpl'
        );

        $criteria = new CriteriaCompo();
        $criteria->setSort('page_order');
        $criteria->order = 'ASC';
        $pages           = $page_handler->getTrees(0, '--', $fields);
        $member_handler  = xoops_getHandler('member');

        foreach ($pages as $k => $v) {
            $pages[$k]['page_menu_title'] = $v['prefix'] . $v['page_menu_title'];
            $pages[$k]['page_pushtime']   = formatTimestamp($v['page_pushtime'], _DATESTRING);
            $thisuser                     = $member_handler->getUser($v['page_author']);
            $pages[$k]['page_author']     = $thisuser->getVar('uname');
            unset($thisuser);
        }

        $xoopsTpl->assign('pages', $pages);
        $xoopsTpl->display('db:about_admin_page.tpl');
        break;

    case 'new':

        $GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
        $page_obj = $page_handler->create();
        $form     = include $abtHelper->path("include/form.page.php");
        $form->display();
        break;

    case 'edit':

        $GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
        $page_obj = $page_handler->get($page_id);
        $form     = include $abtHelper->path("include/form.page.php");
        $form->display();
        break;

    case 'save':
        if (!$GLOBALS['xoopsSecurity']->check()) {
            $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, implode(',', $GLOBALS['xoopsSecurity']->getErrors()));
        }
        $page_obj = $page_handler->get($page_id); // will get page_obj if $page_id is valid, create one if not

        // Assign value to elements of objects
        foreach (array_keys($page_obj->vars) as $key) {
            if (isset($_POST[$key]) && $_POST[$key] != $page_obj->getVar($key)) {
                $page_obj->setVar($key, $_POST[$key]);
            }
        }
        // Assign menu title
        if (empty($_POST['page_menu_title'])) {
            $page_obj->setVar('page_menu_title', Xmf\Request::getString('page_title', ''));
        }
        // Set index
        if (!$page_handler->getCount()) {
            $page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
        }

        // Set submitter
        global $xoopsUser;
        $page_obj->setVar('page_author', $xoopsUser->getVar('uid'));
        $page_obj->setVar('page_pushtime', time());

        /* removed - this is now done during module install/update
        include_once $abtHelper->path("include/functions.php");
        if (Aboutmkdirs(XOOPS_UPLOAD_PATH . "/{$moduleDirName}")) {
            $upload_path = XOOPS_UPLOAD_PATH . "/{$moduleDirName}";
        }
        */

        // Upload image
        if (!empty($_FILES['userfile']['name'])) {
            include_once XOOPS_ROOT_PATH . '/class/uploader.php';
            $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/jpg', 'image/png', 'image/x-png');
            $maxfilesize       = 500000;
            $maxfilewidth      = 1200;
            $maxfileheight     = 1200;
            $uploader          = new XoopsMediaUploader($upload_path, $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
            if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
                $uploader->setPrefix('attch_');
                if (!$uploader->upload()) {
                    $error_upload = $uploader->getErrors();
                } elseif (file_exists($uploader->getSavedDestination())) {
                    if ($page_obj->getVar('page_image')) {
                        @unlink($upload_path . '/' . $page_obj->getVar('page_image'));
                    }
                    $page_obj->setVar('page_image', $uploader->getSavedFileName());
                }
            }
        }

        // Delete image
        if (isset($_POST['delete_image']) && empty($_FILES['userfile']['name'])) {
            @unlink($upload_path . '/' . $page_obj->getVar('page_image'));
            $page_obj->setVar('page_image', '');
        }

        // Insert object
        if ($page_handler->insert($page_obj)) {
            $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, sprintf(_AM_ABOUT_SAVEDSUCCESS, _AM_ABOUT_PAGE_INSERT));
        }

        echo $page_obj->getHtmlErrors();
        $format = 'p';
        $form   = include $abtHelper->path("include/form.page.php");
        $form->display();
        break;

    case 'delete':
        $page_obj = $page_handler->get($page_id);
        $image    = XOOPS_UPLOAD_PATH . "/{$moduleDirName}/" . $page_obj->getVar('page_image');
        if (isset($_REQUEST['ok']) && AboutConstants::CONFIRM_OK == $_REQUEST['ok']) {
            if ($page_handler->delete($page_obj)) {
                if (file_exists($image)) {
                    @unlink($image);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
                }
                $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_DELETESUCCESS);
            } else {
                echo $page_obj->getHtmlErrors();
            }
        } else {
            xoops_confirm(array('ok' => AboutConstants::CONFIRM_OK, 'id' => $page_obj->getVar('page_id'), 'op' => 'delete'), $_SERVER['REQUEST_URI'], sprintf(_AM_ABOUT_RUSUREDEL, $page_obj->getVar('page_menu_title')));
        }
        break;
}
include __DIR__ . "/admin_footer.php";


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits of
4		* supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or
6		* credit authors.
7		*
8		* This program is distributed in the hope that it will be useful, but WITHOUT
9		* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10		* FITNESS FOR A PARTICULAR PURPOSE.
11		*/
12		/**
13		* Process and Display the Main Administration page
14		*
15		* @package module\about\admin
16		* @copyright The XOOPS Co.Ltd. http://www.xoops.com.cn
17		* @copyright Copyright (c) 2001-2017 {@link http://xoops.org XOOPS Project}
18		* @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
19		* @author Mengjue Shao <[email protected]>
20		* @author Susheng Yang <[email protected]>
21		* @since 1.0.0
22		*/
23
24		require __DIR__ . '/admin_header.php';
25		xoops_cp_header();
26
27		$adminObject = Xmf\Module\Admin::getInstance();
28		$adminObject->displayNavigation(basename(__FILE__));
29
30		$op = Xmf\Request::getCmd('op', null);
31		$op = (null !== $op) ? $op : (isset($_REQUEST['id']) ? 'edit' : 'list');
32		$page_id = Xmf\Request::getInt('id', null);
33
34		$page_handler = xoops_getModuleHandler('page', 'about');
35
36		switch ($op) {
37		default:
38		case 'list':
39		// Page order
40		if (isset($_POST['page_order'])) {
41		$page_order = Xmf\Request::getArray('page_order', array(), 'POST'); //$_POST['page_order'];
42		foreach ($page_order as $page_id => $order) {
43		$page_obj = $page_handler->get($page_id);
44		if ($page_order[$page_id] != $page_obj->getVar('page_order')) {
45		$page_obj->setVar('page_order', $page_order[$page_id]);
46		$page_handler->insert($page_obj);
47		}
48		unset($page_obj);
49		}
50		}
51		// Set index
52		if (isset($_POST['page_index'])) {
53		$page_index = Xmf\Request::getInt('page_index', AboutConstants::NOT_INDEX, 'POST');
54		$page_obj = $page_handler->get($page_index);
55		if ($page_index != $page_obj->getVar('page_index')) {
56		$page_obj = $page_handler->get($page_index);
57		if (!$page_obj->getVar('page_title')) {
58		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_PAGE_ORDER_ERROR);
59		}
60		$page_handler->updateAll('page_index', AboutConstants::NOT_INDEX, null);
61		unset($criteria);
62		$page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
63		$page_handler->insert($page_obj);
64		}
65		unset($page_obj);
66		}
67		$fields = array(
68		'page_id',
69		'page_pid',
70		'page_menu_title',
71		'page_author',
72		'page_pushtime',
73		'page_blank',
74		'page_menu_status',
75		'page_type',
76		'page_status',
77		'page_order',
78		'page_index',
79		'page_tpl'
80		);
81
82		$criteria = new CriteriaCompo();
83		$criteria->setSort('page_order');
84		$criteria->order = 'ASC';
85		$pages = $page_handler->getTrees(0, '--', $fields);
86		$member_handler = xoops_getHandler('member');
87
88		foreach ($pages as $k => $v) {
89		$pages[$k]['page_menu_title'] = $v['prefix'] . $v['page_menu_title'];
90		$pages[$k]['page_pushtime'] = formatTimestamp($v['page_pushtime'], _DATESTRING);
91		$thisuser = $member_handler->getUser($v['page_author']);
92		$pages[$k]['page_author'] = $thisuser->getVar('uname');
93		unset($thisuser);
94		}
95
96		$xoopsTpl->assign('pages', $pages);
97		$xoopsTpl->display('db:about_admin_page.tpl');
98		break;
99
100	View Code Duplication	case 'new':
		0 ignored issues – show Duplication introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
101		$GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
102		$page_obj = $page_handler->create();
103		$form = include $abtHelper->path("include/form.page.php");
104		$form->display();
105		break;
106
107	View Code Duplication	case 'edit':
		0 ignored issues – show Duplication introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
108		$GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
109		$page_obj = $page_handler->get($page_id);
110		$form = include $abtHelper->path("include/form.page.php");
111		$form->display();
112		break;
113
114		case 'save':
115		if (!$GLOBALS['xoopsSecurity']->check()) {
116		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, implode(',', $GLOBALS['xoopsSecurity']->getErrors()));
117		}
118		$page_obj = $page_handler->get($page_id); // will get page_obj if $page_id is valid, create one if not
119
120		// Assign value to elements of objects
121		foreach (array_keys($page_obj->vars) as $key) {
122		if (isset($_POST[$key]) && $_POST[$key] != $page_obj->getVar($key)) {
123		$page_obj->setVar($key, $_POST[$key]);
124		}
125		}
126		// Assign menu title
127		if (empty($_POST['page_menu_title'])) {
128		$page_obj->setVar('page_menu_title', Xmf\Request::getString('page_title', ''));
129		}
130		// Set index
131		if (!$page_handler->getCount()) {
132		$page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
133		}
134
135		// Set submitter
136		global $xoopsUser;
137		$page_obj->setVar('page_author', $xoopsUser->getVar('uid'));
138		$page_obj->setVar('page_pushtime', time());
139
140		/* removed - this is now done during module install/update
141		include_once $abtHelper->path("include/functions.php");
142		if (Aboutmkdirs(XOOPS_UPLOAD_PATH . "/{$moduleDirName}")) {
143		$upload_path = XOOPS_UPLOAD_PATH . "/{$moduleDirName}";
144		}
145		*/
146
147		// Upload image
148		if (!empty($_FILES['userfile']['name'])) {
149		include_once XOOPS_ROOT_PATH . '/class/uploader.php';
150		$allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/jpg', 'image/png', 'image/x-png');
151		$maxfilesize = 500000;
152		$maxfilewidth = 1200;
153		$maxfileheight = 1200;
154		$uploader = new XoopsMediaUploader($upload_path, $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
155		if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
156		$uploader->setPrefix('attch_');
157		if (!$uploader->upload()) {
158		$error_upload = $uploader->getErrors();
159		} elseif (file_exists($uploader->getSavedDestination())) {
160		if ($page_obj->getVar('page_image')) {
161		@unlink($upload_path . '/' . $page_obj->getVar('page_image'));
162		}
163		$page_obj->setVar('page_image', $uploader->getSavedFileName());
164		}
165		}
166		}
167
168		// Delete image
169		if (isset($_POST['delete_image']) && empty($_FILES['userfile']['name'])) {
170		@unlink($upload_path . '/' . $page_obj->getVar('page_image'));
171		$page_obj->setVar('page_image', '');
172		}
173
174		// Insert object
175		if ($page_handler->insert($page_obj)) {
176		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, sprintf(_AM_ABOUT_SAVEDSUCCESS, _AM_ABOUT_PAGE_INSERT));
177		}
178
179		echo $page_obj->getHtmlErrors();
180		$format = 'p';
181		$form = include $abtHelper->path("include/form.page.php");
182		$form->display();
183		break;
184
185		case 'delete':
186		$page_obj = $page_handler->get($page_id);
187		$image = XOOPS_UPLOAD_PATH . "/{$moduleDirName}/" . $page_obj->getVar('page_image');
188		if (isset($_REQUEST['ok']) && AboutConstants::CONFIRM_OK == $_REQUEST['ok']) {
189		if ($page_handler->delete($page_obj)) {
190		if (file_exists($image)) {
191		@unlink($image);
		0 ignored issues – show Security Best Practice introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
192		}
193		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_DELETESUCCESS);
194		} else {
195		echo $page_obj->getHtmlErrors();
196		}
197		} else {
198		xoops_confirm(array('ok' => AboutConstants::CONFIRM_OK, 'id' => $page_obj->getVar('page_id'), 'op' => 'delete'), $_SERVER['REQUEST_URI'], sprintf(_AM_ABOUT_RUSUREDEL, $page_obj->getVar('page_menu_title')));
199		}
200		break;
201		}
202		include __DIR__ . "/admin_footer.php";
203

XoopsModules25x / about

Pull Request — master (#11)

admin/admin.page.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like