Issues in admin.page.php - New Issues - Inspection of "Fixes for Bug #5 & Bug #10, update javascript-tree..." - XoopsModules25x/about - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#11)

unknown

created 2017-05-03 02:40 UTC

admin/admin.page.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * About
 *
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * @copyright      The XOOPS Co.Ltd. http://www.xoops.com.cn
 * @copyright      XOOPS Project (http://xoops.org)
 * @license        GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
 * @since          1.0.0
 * @author         Mengjue Shao <[email protected]>
 * @author         Susheng Yang <[email protected]>
 */

require __DIR__ . '/admin_header.php';
xoops_cp_header();

$moduleAdmin = \Xmf\Module\Admin::getInstance();
$moduleAdmin->displayNavigation(basename(__FILE__));

$op      = \Xmf\Request::getCmd('op', null);
$op      = (null !== $op) ? $op : (isset($_REQUEST['id']) ? 'edit' : 'list');
$page_id = \Xmf\Request::getInt('id', null);
//$op      = isset($_REQUEST['op']) ? $_REQUEST['op'] : (isset($_REQUEST['id']) ? 'edit' : 'list');

//$page_id = isset($_REQUEST['id']) ? $_REQUEST['id'] : '';

$page_handler = xoops_getModuleHandler('page', 'about');

switch ($op) {
    default:
    case 'list':
        //page order
        if (isset($_POST['page_order'])) {
            $page_order = \Xmf\Request::getArray('page_order', array(), 'POST'); //$_POST['page_order'];
            foreach ($page_order as $page_id => $order) {
                $page_obj = $page_handler->get($page_id);
                if ($page_order[$page_id] != $page_obj->getVar('page_order')) {
                    $page_obj->setVar('page_order', $page_order[$page_id]);
                    $page_handler->insert($page_obj);
                }
                unset($page_obj);
            }
        }
        //set index
        if (isset($_POST['page_index'])) {
            $page_index = \Xmf\Request::getInt('page_index', AboutConstants::NOT_INDEX, 'POST');
            $page_obj = $page_handler->get($page_index);
            if ($page_index != $page_obj->getVar('page_index')) {
                $page_obj = $page_handler->get($page_index);
                if (!$page_obj->getVar('page_title')) {
                    $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_PAGE_ORDER_ERROR);
                }
                $page_handler->updateAll('page_index', AboutConstants::NOT_INDEX, null);
                unset($criteria);
                $page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
                $page_handler->insert($page_obj);
            }
            unset($page_obj);
        }
        $fields = array(
            'page_id',
            'page_pid',
            'page_menu_title',
            'page_author',
            'page_pushtime',
            'page_blank',
            'page_menu_status',
            'page_type',
            'page_status',
            'page_order',
            'page_index',
            'page_tpl'
        );

        $criteria = new CriteriaCompo();
        $criteria->setSort('page_order');
        $criteria->order = 'ASC';
        $pages           = $page_handler->getTrees(0, '--', $fields);
        $member_handler  = xoops_getHandler('member');

        foreach ($pages as $k => $v) {
            $pages[$k]['page_menu_title'] = $v['prefix'] . $v['page_menu_title'];
            $pages[$k]['page_pushtime']   = formatTimestamp($v['page_pushtime'], _DATESTRING);
            $thisuser                     = $member_handler->getUser($v['page_author']);
            $pages[$k]['page_author']     = $thisuser->getVar('uname');
            unset($thisuser);
        }

        $xoopsTpl->assign('pages', $pages);
        $xoopsTpl->display('db:about_admin_page.tpl');
        break;

    case 'new':

        $GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
        $page_obj = $page_handler->create();
        $form     = include $abtHelper->path("include/form.page.php");
        $form->display();
        break;

    case 'edit':

        $GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
        $page_obj = $page_handler->get($page_id);
        $form     = include $abtHelper->path("include/form.page.php");
        $form->display();
        break;

    case 'save':
        if (!$GLOBALS['xoopsSecurity']->check()) {
            $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, implode(',', $GLOBALS['xoopsSecurity']->getErrors()));
        }
        $page_obj = $page_handler->get($page_id); // will get page_obj if $page_id is valid, create one if not

/*
        if (isset($page_id)) {
            $page_obj = $page_handler->get($page_id);
        } else {
            $page_obj = $page_handler->create();
        }
*/
        //assign value to elements of objects
        foreach (array_keys($page_obj->vars) as $key) {
            if (isset($_POST[$key]) && $_POST[$key] != $page_obj->getVar($key)) {
                $page_obj->setVar($key, $_POST[$key]);
            }
        }
        //assign menu title
        if (empty($_POST['page_menu_title'])) {
            $page_obj->setVar('page_menu_title', \Xmf\Request::getString('page_title', ''));
        }
        //set index
        if (!$page_handler->getCount()) {
            $page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
        }

        //set submiter
        global $xoopsUser;
        $page_obj->setVar('page_author', $xoopsUser->getVar('uid'));
        $page_obj->setVar('page_pushtime', time());

        include_once $abtHelper->path("include/functions.php");
        if (Aboutmkdirs(XOOPS_UPLOAD_PATH . "/{$moduleDirName}")) {
            $upload_path = XOOPS_UPLOAD_PATH . "/{$moduleDirName}";
        }

        // upload image
        if (!empty($_FILES['userfile']['name'])) {
            include_once XOOPS_ROOT_PATH . '/class/uploader.php';
            $allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/jpg', 'image/png', 'image/x-png');
            $maxfilesize       = 500000;
            $maxfilewidth      = 1200;
            $maxfileheight     = 1200;
            $uploader          = new XoopsMediaUploader($upload_path, $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
            if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
                $uploader->setPrefix('attch_');
                if (!$uploader->upload()) {
                    $error_upload = $uploader->getErrors();
                } elseif (file_exists($uploader->getSavedDestination())) {
                    if ($page_obj->getVar('page_image')) {
                        @unlink($upload_path . '/' . $page_obj->getVar('page_image'));
                    }
                    $page_obj->setVar('page_image', $uploader->getSavedFileName());
                }
            }
        }

        // delete iamge
        if (isset($_POST['delete_image']) && empty($_FILES['userfile']['name'])) {
            @unlink($upload_path . '/' . $page_obj->getVar('page_image'));
            $page_obj->setVar('page_image', '');
        }

        // insert object
        if ($page_handler->insert($page_obj)) {
            $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, sprintf(_AM_ABOUT_SAVEDSUCCESS, _AM_ABOUT_PAGE_INSERT));
        }

        echo $page_obj->getHtmlErrors();
        $format = 'p';
        $form   = include $abtHelper->path("include/form.page.php");
        $form->display();
        break;

    case 'delete':
        $page_obj = $page_handler->get($page_id);
        $image    = XOOPS_UPLOAD_PATH . "/{$moduleDirName}/" . $page_obj->getVar('page_image');
        if (isset($_REQUEST['ok']) && AboutConstants::CONFIRM_OK == $_REQUEST['ok']) {
            if ($page_handler->delete($page_obj)) {
                if (file_exists($image)) {
                    @unlink($image);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
                }
                $abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_DELETESUCCESS);
            } else {
                echo $page_obj->getHtmlErrors();
            }
        } else {
            xoops_confirm(array('ok' => AboutConstants::CONFIRM_OK, 'id' => $page_obj->getVar('page_id'), 'op' => 'delete'), $_SERVER['REQUEST_URI'], sprintf(_AM_ABOUT_RUSUREDEL, $page_obj->getVar('page_menu_title')));
        }
        break;
}
include __DIR__ . "/admin_footer.php";
//xoops_cp_footer();


1		<?php
2		/**
3		* About
4		*
5		* You may not change or alter any portion of this comment or credits
6		* of supporting developers from this source code or any supporting source code
7		* which is considered copyrighted (c) material of the original comment or credit authors.
8		* This program is distributed in the hope that it will be useful,
9		* but WITHOUT ANY WARRANTY; without even the implied warranty of
10		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11		*
12		* @copyright The XOOPS Co.Ltd. http://www.xoops.com.cn
13		* @copyright XOOPS Project (http://xoops.org)
14		* @license GNU GPL 2 or later (http://www.gnu.org/licenses/gpl-2.0.html)
15		* @since 1.0.0
16		* @author Mengjue Shao <[email protected]>
17		* @author Susheng Yang <[email protected]>
18		*/
19
20		require __DIR__ . '/admin_header.php';
21		xoops_cp_header();
22
23		$moduleAdmin = \Xmf\Module\Admin::getInstance();
24		$moduleAdmin->displayNavigation(basename(__FILE__));
25
26		$op = \Xmf\Request::getCmd('op', null);
27		$op = (null !== $op) ? $op : (isset($_REQUEST['id']) ? 'edit' : 'list');
28		$page_id = \Xmf\Request::getInt('id', null);
29		//$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : (isset($_REQUEST['id']) ? 'edit' : 'list');
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this `70%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
30		//$page_id = isset($_REQUEST['id']) ? $_REQUEST['id'] : '';
31
32		$page_handler = xoops_getModuleHandler('page', 'about');
33
34		switch ($op) {
35		default:
36		case 'list':
37		//page order
38		if (isset($_POST['page_order'])) {
39		$page_order = \Xmf\Request::getArray('page_order', array(), 'POST'); //$_POST['page_order'];
40		foreach ($page_order as $page_id => $order) {
41		$page_obj = $page_handler->get($page_id);
42		if ($page_order[$page_id] != $page_obj->getVar('page_order')) {
43		$page_obj->setVar('page_order', $page_order[$page_id]);
44		$page_handler->insert($page_obj);
45		}
46		unset($page_obj);
47		}
48		}
49		//set index
50		if (isset($_POST['page_index'])) {
51		$page_index = \Xmf\Request::getInt('page_index', AboutConstants::NOT_INDEX, 'POST');
52		$page_obj = $page_handler->get($page_index);
53		if ($page_index != $page_obj->getVar('page_index')) {
54		$page_obj = $page_handler->get($page_index);
55		if (!$page_obj->getVar('page_title')) {
56		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_PAGE_ORDER_ERROR);
57		}
58		$page_handler->updateAll('page_index', AboutConstants::NOT_INDEX, null);
59		unset($criteria);
60		$page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
61		$page_handler->insert($page_obj);
62		}
63		unset($page_obj);
64		}
65		$fields = array(
66		'page_id',
67		'page_pid',
68		'page_menu_title',
69		'page_author',
70		'page_pushtime',
71		'page_blank',
72		'page_menu_status',
73		'page_type',
74		'page_status',
75		'page_order',
76		'page_index',
77		'page_tpl'
78		);
79
80		$criteria = new CriteriaCompo();
81		$criteria->setSort('page_order');
82		$criteria->order = 'ASC';
83		$pages = $page_handler->getTrees(0, '--', $fields);
84		$member_handler = xoops_getHandler('member');
85
86		foreach ($pages as $k => $v) {
87		$pages[$k]['page_menu_title'] = $v['prefix'] . $v['page_menu_title'];
88		$pages[$k]['page_pushtime'] = formatTimestamp($v['page_pushtime'], _DATESTRING);
89		$thisuser = $member_handler->getUser($v['page_author']);
90		$pages[$k]['page_author'] = $thisuser->getVar('uname');
91		unset($thisuser);
92		}
93
94		$xoopsTpl->assign('pages', $pages);
95		$xoopsTpl->display('db:about_admin_page.tpl');
96		break;
97
98	View Code Duplication	case 'new':
		0 ignored issues – show Duplication introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
99		$GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
100		$page_obj = $page_handler->create();
101		$form = include $abtHelper->path("include/form.page.php");
102		$form->display();
103		break;
104
105	View Code Duplication	case 'edit':
		0 ignored issues – show Duplication introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
106		$GLOBALS['xoTheme']->addStylesheet("modules/{$moduleDirName}/assets/css/admin_style.css");
107		$page_obj = $page_handler->get($page_id);
108		$form = include $abtHelper->path("include/form.page.php");
109		$form->display();
110		break;
111
112		case 'save':
113		if (!$GLOBALS['xoopsSecurity']->check()) {
114		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, implode(',', $GLOBALS['xoopsSecurity']->getErrors()));
115		}
116		$page_obj = $page_handler->get($page_id); // will get page_obj if $page_id is valid, create one if not
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this `44%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
117		/*
118		if (isset($page_id)) {
119		$page_obj = $page_handler->get($page_id);
120		} else {
121		$page_obj = $page_handler->create();
122		}
123		*/
124		//assign value to elements of objects
125		foreach (array_keys($page_obj->vars) as $key) {
126		if (isset($_POST[$key]) && $_POST[$key] != $page_obj->getVar($key)) {
127		$page_obj->setVar($key, $_POST[$key]);
128		}
129		}
130		//assign menu title
131		if (empty($_POST['page_menu_title'])) {
132		$page_obj->setVar('page_menu_title', \Xmf\Request::getString('page_title', ''));
133		}
134		//set index
135		if (!$page_handler->getCount()) {
136		$page_obj->setVar('page_index', AboutConstants::DEFAULT_INDEX);
137		}
138
139		//set submiter
140		global $xoopsUser;
141		$page_obj->setVar('page_author', $xoopsUser->getVar('uid'));
142		$page_obj->setVar('page_pushtime', time());
143
144		include_once $abtHelper->path("include/functions.php");
145		if (Aboutmkdirs(XOOPS_UPLOAD_PATH . "/{$moduleDirName}")) {
146		$upload_path = XOOPS_UPLOAD_PATH . "/{$moduleDirName}";
147		}
148
149		// upload image
150		if (!empty($_FILES['userfile']['name'])) {
151		include_once XOOPS_ROOT_PATH . '/class/uploader.php';
152		$allowed_mimetypes = array('image/gif', 'image/jpeg', 'image/jpg', 'image/png', 'image/x-png');
153		$maxfilesize = 500000;
154		$maxfilewidth = 1200;
155		$maxfileheight = 1200;
156		$uploader = new XoopsMediaUploader($upload_path, $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight);
157		if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
158		$uploader->setPrefix('attch_');
159		if (!$uploader->upload()) {
160		$error_upload = $uploader->getErrors();
161		} elseif (file_exists($uploader->getSavedDestination())) {
162		if ($page_obj->getVar('page_image')) {
163		@unlink($upload_path . '/' . $page_obj->getVar('page_image'));
164		}
165		$page_obj->setVar('page_image', $uploader->getSavedFileName());
166		}
167		}
168		}
169
170		// delete iamge
171		if (isset($_POST['delete_image']) && empty($_FILES['userfile']['name'])) {
172		@unlink($upload_path . '/' . $page_obj->getVar('page_image'));
173		$page_obj->setVar('page_image', '');
174		}
175
176		// insert object
177		if ($page_handler->insert($page_obj)) {
178		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, sprintf(_AM_ABOUT_SAVEDSUCCESS, _AM_ABOUT_PAGE_INSERT));
179		}
180
181		echo $page_obj->getHtmlErrors();
182		$format = 'p';
183		$form = include $abtHelper->path("include/form.page.php");
184		$form->display();
185		break;
186
187		case 'delete':
188		$page_obj = $page_handler->get($page_id);
189		$image = XOOPS_UPLOAD_PATH . "/{$moduleDirName}/" . $page_obj->getVar('page_image');
190		if (isset($_REQUEST['ok']) && AboutConstants::CONFIRM_OK == $_REQUEST['ok']) {
191		if ($page_handler->delete($page_obj)) {
192		if (file_exists($image)) {
193		@unlink($image);
		0 ignored issues – show Security Best Practice introduced 2017-05-03 02:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
194		}
195		$abtHelper->redirect('admin/admin.page.php', AboutConstants::REDIRECT_DELAY_MEDIUM, _AM_ABOUT_DELETESUCCESS);
196		} else {
197		echo $page_obj->getHtmlErrors();
198		}
199		} else {
200		xoops_confirm(array('ok' => AboutConstants::CONFIRM_OK, 'id' => $page_obj->getVar('page_id'), 'op' => 'delete'), $_SERVER['REQUEST_URI'], sprintf(_AM_ABOUT_RUSUREDEL, $page_obj->getVar('page_menu_title')));
201		}
202		break;
203		}
204		include __DIR__ . "/admin_footer.php";
205		//xoops_cp_footer();
206

XoopsModules25x / about

Pull Request — master (#11)

admin/admin.page.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like