Issues in categories.php (master) - Issues in master - XoopsModules25x/apcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1210)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/categories.php (2 issues)

Labels

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright   {@link http://xoops.org/ XOOPS Project}
 * @license     {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
 * @package
 * @since
 * @author       XOOPS Development Team,
 * @author       Antiques Promotion (http://www.antiquespromotion.ca)
 * @author       GIJ=CHECKMATE (PEAK Corp. http://www.peak.ne.jp/)
 */

/**
 * @param $cat
 * @param $form_title
 * @param $action
 */

function display_edit_form($cat, $form_title, $action)
{
    global $cattree, $xoopsModuleConfig;

    // Beggining of XoopsForm
    $form = new XoopsThemeForm($form_title, 'MainForm', '');

    // Hidden
    $form->addElement(new XoopsFormHidden('action', htmlspecialchars($action, ENT_QUOTES)));
    $form->addElement(new XoopsFormHidden('cid', (int)$cat->cid));

    // Subject
    $form->addElement(new XoopsFormText(_AM_APCAL_CAT_TH_TITLE, 'cat_title', 60, 128, htmlspecialchars($cat->cat_title, ENT_QUOTES)), true);

    // Description
    $tarea_tray = new XoopsFormElementTray(_AM_APCAL_CAT_TH_DESC, '<br>');
    if (class_exists('XoopsFormEditor')) {
        $configs = array(
            'name'   => 'cat_desc',
            'value'  => htmlspecialchars($cat->cat_desc, ENT_QUOTES),
            'rows'   => 15,
            'cols'   => 60,
            'width'  => '100%',
            'height' => '400px',
            'editor' => 'tinymce'
        );
        $tarea_tray->addElement(new XoopsFormEditor('', 'cat_desc', $configs, false, $onfailure = 'textarea'));
    } else {
        $tarea_tray->addElement(new XoopsFormDhtmlTextArea('', 'cat_desc', htmlspecialchars($cat->cat_desc, ENT_QUOTES), 15, 60));
    }
    $form->addElement($tarea_tray);

    // Parent Category
    ob_start();
    $cattree->makeMySelBox('cat_title', 'weight', $cat->pid, 1, 'pid');
    $cat_selbox = ob_get_contents();
    ob_end_clean();
    $form->addElement(new XoopsFormLabel(_AM_APCAL_CAT_TH_PARENT, $cat_selbox));

    // Weight
    $form->addElement(new XoopsFormText(_AM_APCAL_CAT_TH_WEIGHT, 'weight', 6, 6, (int)$cat->weight), true);

    // Options
    $checkbox_tray       = new XoopsFormElementTray(_AM_APCAL_CAT_TH_OPTIONS, '<br>');
    $ismenuitem_checkbox = new XoopsFormCheckBox('', 'ismenuitem', (int)$cat->ismenuitem);
    $ismenuitem_checkbox->addOption(1, _AM_APCAL_CAT_TH_SUBMENU);
    $checkbox_tray->addElement($ismenuitem_checkbox);
    $canbemain_checkbox = new XoopsFormCheckBox('', 'canbemain', (int)$cat->canbemain);
    $canbemain_checkbox->addOption(1, _AM_APCAL_CANBEMAIN);
    $checkbox_tray->addElement($canbemain_checkbox);
    $form->addElement($checkbox_tray);

    // Color picker
    $color = isset($cat->color) ? $cat->color : $xoopsModuleConfig['apcal_allcats_color'];
    $form->addElement(new XoopsFormColorPicker(_AM_APCAL_COLOR, 'color', $color), false);

    // Last Modified
    $form->addElement(new XoopsFormLabel(_AM_APCAL_CAT_TH_LASTMODIFY, formatTimestamp($cat->udtstamp)));

    // Buttons
    $button_tray = new XoopsFormElementTray('', '&nbsp;');
    $button_tray->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
    $button_tray->addElement(new XoopsFormButton('', 'reset', _CANCEL, 'reset'));
    $form->addElement($button_tray);

    // Ticket
    $GLOBALS['xoopsGTicket']->addTicketXoopsFormElement($form, __LINE__);

    // End of XoopsForm
    $form->display();
}

// ツリー順になるように、weightを再計算し、ツリーの深さも測っておく
/**
 * @param $cat_table
 */
function rebuild_cat_tree($cat_table)
{
    global $conn, $xoopsDB;

    $rs      = $GLOBALS['xoopsDB']->query("SELECT cid,pid FROM $cat_table ORDER BY pid ASC,weight DESC");
    $cats[0] = array('cid' => 0, 'pid' => -1, 'next_key' => -1, 'depth' => 0);
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
    $key     = 1;
    while ($cat = $GLOBALS['xoopsDB']->fetchObject($rs)) {
        $cats[$key] = array('cid' => (int)$cat->cid, 'pid' => (int)$cat->pid, 'next_key' => $key + 1, 'depth' => 0);
        ++$key;
    }
    $sizeofcats = $key;

    $loop_check_for_key = 1024;
    for ($key = 1; $key < $sizeofcats; ++$key) {
        $cat    =& $cats[$key];
        $target =& $cats[0];
        if (--$loop_check_for_key < 0) {
            $loop_check = -1;
        } else {
            $loop_check = 4096;
        }

        while (1) {
            if ($cat['pid'] == $target['cid']) {
                $cat['depth']       = $target['depth'] + 1;
                $cat['next_key']    = $target['next_key'];
                $target['next_key'] = $key;
                break;
            } elseif (--$loop_check < 0) {
                $GLOBALS['xoopsDB']->query("UPDATE $cat_table SET pid='0' WHERE cid={$cat['cid']}");
                $cat['depth']       = 1;
                $cat['next_key']    = $target['next_key'];
                $target['next_key'] = $key;
                break;
            } elseif ($target['next_key'] < 0) {
                $cat_backup = $cat;
                array_splice($cats, $key, 1);
                array_push($cats, $cat_backup);
                --$key;
                break;
            }
            $target =& $cats[$target['next_key']];
        }
    }

    $cat =& $cats[0];
    for ($weight = 1; $weight < $sizeofcats; ++$weight) {
        $cat =& $cats[$cat['next_key']];
        $GLOBALS['xoopsDB']->query("UPDATE $cat_table SET weight=" . ($weight * 10) . ",cat_depth={$cat['depth']} WHERE cid={$cat['cid']}");
    }
}

require_once __DIR__ . '/admin_header.php';
//require_once __DIR__ . '/../../../include/cp_header.php';
require_once __DIR__ . '/../class/APCal.php';
require_once __DIR__ . '/../class/APCal_xoops.php';

require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
require_once XOOPS_ROOT_PATH . '/class/xoopslists.php';
require_once XOOPS_ROOT_PATH . '/class/xoopstree.php';

// for "Duplicatable"
$moduleDirName = basename(dirname(__DIR__));
if (!preg_match('/^(\D+)(\d*)$/', $moduleDirName, $regs)) {
    echo('invalid dirname: ' . htmlspecialchars($moduleDirName));
}
$mydirnumber = $regs[2] === '' ? '' : (int)$regs[2];

require_once XOOPS_ROOT_PATH . "/modules/$moduleDirName/include/gtickets.php";

// SERVER, GET �ѿ��μ���
$action = isset($_POST['action']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['action']) : '';
$done   = isset($_GET['done']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_GET['done']) : '';
$disp   = isset($_GET['disp']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_GET['disp']) : '';
$cid    = isset($_GET['cid']) ? (int)$_GET['cid'] : 0;

// MySQL�ؤ���³
$conn = $GLOBALS['xoopsDB']->conn;

// setting physical & virtual paths
$mod_path = XOOPS_ROOT_PATH . "/modules/$moduleDirName";
$mod_url  = XOOPS_URL . "/modules/$moduleDirName";

// creating an instance of APCal
$cal = new APCal_xoops('', $xoopsConfig['language'], true);

// setting properties of APCal
$cal->conn = $conn;
include __DIR__ . '/../include/read_configs.php';
$cal->base_url    = $mod_url;
$cal->base_path   = $mod_path;
$cal->images_url  = "$mod_url/assets/images/$skin_folder";
$cal->images_path = "$mod_path/assets/images/$skin_folder";

// XOOPS関連の初期化
$myts          = MyTextSanitizer::getInstance();
$cattree       = new XoopsTree($cal->cat_table, 'cid', 'pid');
$gpermHandler = xoops_getHandler('groupperm');

// データベース更新などがからむ処理
if ($action === 'insert') {

    // Ticket Check
    if (!$xoopsGTicket->check()) {
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
    }

    // 新規登録
    $sql  = "INSERT INTO $cal->cat_table SET ";
    $cols = array(
        'weight'     => 'I:N:0',
        'ismenuitem' => 'I:N:0',
        'canbemain'  => 'I:N:0',
        'cat_title'  => '255:J:1',
        'cat_desc'   => 'A:J:0',
        'pid'        => 'I:N:0'
    );
    $sql  .= $cal->get_sql_set($cols);
    $sql  .= ",cat_shorttitle='" . $cal->makeShort(utf8_decode($_POST['cat_title'])) . "'";
    $sql  .= ",color='" . $_POST['color'] . '\'';
    if (!$GLOBALS['xoopsDB']->query($sql)) {
        die($GLOBALS['xoopsDB']->error());
    }
    rebuild_cat_tree($cal->cat_table);
    $mes = urlencode(_AM_APCAL_MB_CAT_INSERTED);
    $cal->redirect("done=inserted&mes=$mes");
    exit;
} elseif ($action === 'update' && $_POST['cid'] > 0) {

    // Ticket Check
    if (!$xoopsGTicket->check()) {
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
    }

    // ����
    $cid  = (int)$_POST['cid'];
    $sql  = "UPDATE $cal->cat_table SET ";
    $cols = array(
        'weight'     => 'I:N:0',
        'ismenuitem' => 'I:N:0',
        'canbemain'  => 'I:N:0',
        'cat_title'  => '255:J:1',
        'cat_desc'   => 'A:J:0',
        'pid'        => 'I:N:0'
    );
    $sql  .= $cal->get_sql_set($cols);
    $sql  .= ",cat_shorttitle='" . $cal->makeShort(utf8_decode($_POST['cat_title'])) . "'";
    $sql  .= ",color='" . $_POST['color'] . '\'';
    $sql  .= "WHERE cid='$cid'";
    if (!$GLOBALS['xoopsDB']->query($sql)) {
        die($GLOBALS['xoopsDB']->error());
    }
    rebuild_cat_tree($cal->cat_table);
    $mes = urlencode(_AM_APCAL_MB_CAT_UPDATED);
    $cal->redirect("done=updated&mes=$mes");
    exit;
} elseif (!empty($_POST['delcat'])) {

    // Ticket Check
    if (!$xoopsGTicket->check()) {
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
    }

    // Delete
    $cid = (int)$_POST['delcat'];

    // Category2Group permission �κ�� (2.0.3 �����Ǥ⤦�ޤ�ư���褦��)
    // xoops_groupperm_deletebymoditem( $xoopsModule->mid() , 'apcal_cat' , $cid ) ;
    $criteria = new CriteriaCompo(new Criteria('gperm_modid', $xoopsModule->mid()));
    $criteria->add(new Criteria('gperm_name', 'apcal_cat'));
    $criteria->add(new Criteria('gperm_itemid', (int)$cid));
    $gpermHandler->deleteAll($criteria);

    // Category Notify の削除
    // (必要であれば該当イベント削除の機能も)

    // 対象カテゴリーの子供をWHERE節に追加し、Cat2Group Permissionを削除
    $children = $cattree->getAllChildId($cid);
    $whr      = 'cid IN (';
    foreach ($children as $child) {
        // WHERE��ؤ��ɲ�
        $whr .= "$child,";
        // Category2Group permission の削除 (2.0.3 以前でもうまく動くように)
        // xoops_groupperm_deletebymoditem( $xoopsModule->mid() , 'apcal_cat' , $child ) ;
        $criteria = new CriteriaCompo(new Criteria('gperm_modid', $xoopsModule->mid()));
        $criteria->add(new Criteria('gperm_name', 'apcal_cat'));
        $criteria->add(new Criteria('gperm_itemid', (int)$child));
        $gpermHandler->deleteAll($criteria);
    }
    $whr .= "$cid)";

    // cat�ơ��֥뤫��κ��
    if (!$GLOBALS['xoopsDB']->query("DELETE FROM $cal->cat_table WHERE $whr")) {
        die($GLOBALS['xoopsDB']->error());
    }
    rebuild_cat_tree($cal->cat_table);
    $mes = urlencode(sprintf(_AM_APCAL_FMT_CAT_DELETED, $GLOBALS['xoopsDB']->getAffectedRows()));
    $cal->redirect("done=deleted&mes=$mes");
    exit;
} elseif (!empty($_POST['batch_update'])) {

    // Ticket Check
    if (!$xoopsGTicket->check()) {
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
    }

    // バッチアップデート
    $affected = 0;
    foreach ($_POST['weights'] as $cid => $weight) {
        $weight  = (int)$weight;
        $cid     = (int)$cid;
        $enabled = !empty($_POST['enabled'][$cid]) ? 1 : 0;
        if (!$GLOBALS['xoopsDB']->query("UPDATE $cal->cat_table SET weight='$weight', enabled='$enabled' WHERE cid=$cid")) {
            die($GLOBALS['xoopsDB']->error());
        }
        $affected += $GLOBALS['xoopsDB']->getAffectedRows();
    }
    if ($affected > 0) {
        rebuild_cat_tree($cal->cat_table);
    }
    $mes = urlencode(sprintf(_AM_APCAL_FMT_CAT_BATCHUPDATED, $affected));
    $cal->redirect("done=batch_updated&mes=$mes");
    exit;
}

// メイン出力部
xoops_cp_header();
$adminObject->displayNavigation(basename(__FILE__));
// 表示処理の振り分け
if ($disp === 'edit' && $cid > 0) {

    // ����оݥ��ƥ��꡼�ǡ����μ���
    $sql = "SELECT *,UNIX_TIMESTAMP(dtstamp) AS udtstamp FROM $cal->cat_table WHERE cid='$cid'";
    $crs = $GLOBALS['xoopsDB']->query($sql);
    $cat = $GLOBALS['xoopsDB']->fetchObject($crs);
    display_edit_form($cat, _AM_APCAL_MENU_CAT_EDIT, 'update');
} elseif ($disp === 'new') {

    // ��������Ʊ�����Υ��֥������Ȥ��Ѱ�

    /**
     * Class Dummy
     */
    class Dummy
    {
        public $cid        = 0;
        public $pid        = 0;
        public $cat_title  = '';
        public $cat_desc   = '';
        public $weight     = 0;
        public $ismenuitem = 0;
        public $canbemain  = 1;
        public $udtstamp   = 0;
    }

    $cat           = new Dummy();
    $cat->pid      = $cid;
    $cat->udtstamp = time();
    display_edit_form($cat, _AM_APCAL_MENU_CAT_NEW, 'insert');
} else {
    echo '<h4>' . _AM_APCAL_MENU_CATEGORIES . "</h4>\n";

    if (!empty($_GET['mes'])) {

        echo "<p><style='color: blue; '>" . htmlspecialchars($_GET['mes'], ENT_QUOTES) . '</style></p>';
    }

    echo "<p><a href='?disp=new&cid=0'>" . _AM_APCAL_MB_MAKETOPCAT . "<img src='../assets/images/cat_add.gif' width='18' height='15' alt='' /></a></p>\n";

    // ���ƥ��꡼�ǡ�������
    $cat_tree_array = $cattree->getChildTreeArray(0, 'weight ASC,cat_title');

    // TH Part
    echo "
    <form class='apcalForm' id='MainForm' name='MainForm' action='' method='post' style='margin:10px;'>
    " . $xoopsGTicket->getTicketHtml(__LINE__) . "
    <input type='hidden' name='delcat' value='' />
    <table width='75%' class='outer' cellpadding='4' cellspacing='1'>
      <tr valign='middle'>
        <th>" . _AM_APCAL_CAT_TH_TITLE . '</th>
        <th>' . _AM_APCAL_CAT_TH_OPERATION . '</th>
        <th>' . _AM_APCAL_CAT_TH_ENABLED . '</th>
        <th>' . _AM_APCAL_CAT_TH_WEIGHT . '</th>
      </tr>
    ';

    // �ꥹ�Ƚ�����
    $oddeven = 'odd';
    foreach ($cat_tree_array as $cat_node) {
        $oddeven = ($oddeven === 'odd' ? 'even' : 'odd');
        extract($cat_node);

        $prefix         = str_replace('.', '&nbsp;--', substr($prefix, 1));
        $enable_checked = $enabled ? 'checked' : '';
        $cid            = (int)$cid;
        $cat_title      = $myts->htmlSpecialChars($cat_title);
        $del_confirm    = 'confirm("' . sprintf(_AM_APCAL_FMT_CATDELCONFIRM, $cat_title) . '")';
        echo "
      <tr>
        <td class='$oddeven' width='100%'><a href='?disp=edit&amp;cid=$cid'>$prefix&nbsp;$cat_title</a></td>
        <td class='$oddeven' align='center' nowrap='nowrap'>
          <a href='$mod_url/index.php?action=Edit&amp;cid=$cid' target='_blank'><img src='$cal->images_url/addevent.gif' border='0' width='14' height='12' /></a>
          &nbsp;
          <a href='?disp=edit&amp;cid=$cid'><img src='../assets/images/cat_edit.gif' width='18' height='15' alt='" . _AM_APCAL_MENU_CAT_EDIT . "' title='" . _AM_APCAL_MENU_CAT_EDIT . "' /></a>
          &nbsp;
          <a href='?disp=new&amp;cid=$cid'><img src='../assets/images/cat_add.gif' width='18' height='15' alt='" . _AM_APCAL_MENU_CAT_NEW . "' title='" . _AM_APCAL_MENU_CAT_NEW . "' /></a>
          &nbsp;
          <input type='button' value='" . _DELETE . "'  onclick='if ($del_confirm) {document.MainForm.delcat.value=\"$cid\"; submit();}' />
        </td>
        <td class='$oddeven' align='center'><input type='checkbox' name='enabled[$cid]' value='1' $enable_checked /></td>
        <td class='$oddeven' align='right'><input type='text' name='weights[$cid]' size='4' maxlength='6' value='$weight' /></td>
      </tr>\n";
    }

    // �ơ��֥�եå���
    echo "
      <tr>
        <td colspan='4' align='right' class='head'><input type='submit' name='batch_update' value='" . _AM_APCAL_BTN_UPDATE . "' /></td>
      </tr>
      <tr>
        <td colspan='8' align='right' valign='bottom' height='50'>" . _AM_APCAL_COPYRIGHT . '</td>
      </tr>
    </table>
    </form>
    ';
}

require_once __DIR__ . '/admin_footer.php';


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits
4		* of supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or credit authors.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10		*/
11
12		/**
13		* @copyright {@link http://xoops.org/ XOOPS Project}
14		* @license {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
15		* @package
16		* @since
17		* @author XOOPS Development Team,
18		* @author Antiques Promotion (http://www.antiquespromotion.ca)
19		* @author GIJ=CHECKMATE (PEAK Corp. http://www.peak.ne.jp/)
20		*/
21
22		/**
23		* @param $cat
24		* @param $form_title
25		* @param $action
26		*/
27
28		function display_edit_form($cat, $form_title, $action)
29		{
30		global $cattree, $xoopsModuleConfig;
31
32		// Beggining of XoopsForm
33		$form = new XoopsThemeForm($form_title, 'MainForm', '');
34
35		// Hidden
36		$form->addElement(new XoopsFormHidden('action', htmlspecialchars($action, ENT_QUOTES)));
37		$form->addElement(new XoopsFormHidden('cid', (int)$cat->cid));
38
39		// Subject
40		$form->addElement(new XoopsFormText(_AM_APCAL_CAT_TH_TITLE, 'cat_title', 60, 128, htmlspecialchars($cat->cat_title, ENT_QUOTES)), true);
41
42		// Description
43		$tarea_tray = new XoopsFormElementTray(_AM_APCAL_CAT_TH_DESC, '<br>');
44		if (class_exists('XoopsFormEditor')) {
45		$configs = array(
46		'name' => 'cat_desc',
47		'value' => htmlspecialchars($cat->cat_desc, ENT_QUOTES),
48		'rows' => 15,
49		'cols' => 60,
50		'width' => '100%',
51		'height' => '400px',
52		'editor' => 'tinymce'
53		);
54		$tarea_tray->addElement(new XoopsFormEditor('', 'cat_desc', $configs, false, $onfailure = 'textarea'));
55		} else {
56		$tarea_tray->addElement(new XoopsFormDhtmlTextArea('', 'cat_desc', htmlspecialchars($cat->cat_desc, ENT_QUOTES), 15, 60));
57		}
58		$form->addElement($tarea_tray);
59
60		// Parent Category
61		ob_start();
62		$cattree->makeMySelBox('cat_title', 'weight', $cat->pid, 1, 'pid');
63		$cat_selbox = ob_get_contents();
64		ob_end_clean();
65		$form->addElement(new XoopsFormLabel(_AM_APCAL_CAT_TH_PARENT, $cat_selbox));
66
67		// Weight
68		$form->addElement(new XoopsFormText(_AM_APCAL_CAT_TH_WEIGHT, 'weight', 6, 6, (int)$cat->weight), true);
69
70		// Options
71		$checkbox_tray = new XoopsFormElementTray(_AM_APCAL_CAT_TH_OPTIONS, '<br>');
72		$ismenuitem_checkbox = new XoopsFormCheckBox('', 'ismenuitem', (int)$cat->ismenuitem);
73		$ismenuitem_checkbox->addOption(1, _AM_APCAL_CAT_TH_SUBMENU);
74		$checkbox_tray->addElement($ismenuitem_checkbox);
75		$canbemain_checkbox = new XoopsFormCheckBox('', 'canbemain', (int)$cat->canbemain);
76		$canbemain_checkbox->addOption(1, _AM_APCAL_CANBEMAIN);
77		$checkbox_tray->addElement($canbemain_checkbox);
78		$form->addElement($checkbox_tray);
79
80		// Color picker
81		$color = isset($cat->color) ? $cat->color : $xoopsModuleConfig['apcal_allcats_color'];
82		$form->addElement(new XoopsFormColorPicker(_AM_APCAL_COLOR, 'color', $color), false);
83
84		// Last Modified
85		$form->addElement(new XoopsFormLabel(_AM_APCAL_CAT_TH_LASTMODIFY, formatTimestamp($cat->udtstamp)));
86
87		// Buttons
88		$button_tray = new XoopsFormElementTray('', ' ');
89		$button_tray->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
90		$button_tray->addElement(new XoopsFormButton('', 'reset', _CANCEL, 'reset'));
91		$form->addElement($button_tray);
92
93		// Ticket
94		$GLOBALS['xoopsGTicket']->addTicketXoopsFormElement($form, __LINE__);
95
96		// End of XoopsForm
97		$form->display();
98		}
99
100		// ツリー順になるように、weightを再計算し、ツリーの深さも測っておく
101		/**
102		* @param $cat_table
103		*/
104		function rebuild_cat_tree($cat_table)
105		{
106		global $conn, $xoopsDB;
107
108		$rs = $GLOBALS['xoopsDB']->query("SELECT cid,pid FROM $cat_table ORDER BY pid ASC,weight DESC");
109		$cats[0] = array('cid' => 0, 'pid' => -1, 'next_key' => -1, 'depth' => 0);
		0 ignored issues – show Coding Style Comprehensibility introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$cats` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$cats = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
110		$key = 1;
111		while ($cat = $GLOBALS['xoopsDB']->fetchObject($rs)) {
112		$cats[$key] = array('cid' => (int)$cat->cid, 'pid' => (int)$cat->pid, 'next_key' => $key + 1, 'depth' => 0);
113		++$key;
114		}
115		$sizeofcats = $key;
116
117		$loop_check_for_key = 1024;
118		for ($key = 1; $key < $sizeofcats; ++$key) {
119		$cat =& $cats[$key];
120		$target =& $cats[0];
121		if (--$loop_check_for_key < 0) {
122		$loop_check = -1;
123		} else {
124		$loop_check = 4096;
125		}
126
127		while (1) {
128		if ($cat['pid'] == $target['cid']) {
129		$cat['depth'] = $target['depth'] + 1;
130		$cat['next_key'] = $target['next_key'];
131		$target['next_key'] = $key;
132		break;
133		} elseif (--$loop_check < 0) {
134		$GLOBALS['xoopsDB']->query("UPDATE $cat_table SET pid='0' WHERE cid={$cat['cid']}");
135		$cat['depth'] = 1;
136		$cat['next_key'] = $target['next_key'];
137		$target['next_key'] = $key;
138		break;
139		} elseif ($target['next_key'] < 0) {
140		$cat_backup = $cat;
141		array_splice($cats, $key, 1);
142		array_push($cats, $cat_backup);
143		--$key;
144		break;
145		}
146		$target =& $cats[$target['next_key']];
147		}
148		}
149
150		$cat =& $cats[0];
151		for ($weight = 1; $weight < $sizeofcats; ++$weight) {
152		$cat =& $cats[$cat['next_key']];
153		$GLOBALS['xoopsDB']->query("UPDATE $cat_table SET weight=" . ($weight * 10) . ",cat_depth={$cat['depth']} WHERE cid={$cat['cid']}");
154		}
155		}
156
157		require_once __DIR__ . '/admin_header.php';
158		//require_once __DIR__ . '/../../../include/cp_header.php';
159		require_once __DIR__ . '/../class/APCal.php';
160		require_once __DIR__ . '/../class/APCal_xoops.php';
161
162		require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
163		require_once XOOPS_ROOT_PATH . '/class/xoopslists.php';
164		require_once XOOPS_ROOT_PATH . '/class/xoopstree.php';
165
166		// for "Duplicatable"
167		$moduleDirName = basename(dirname(__DIR__));
168		if (!preg_match('/^(\D+)(\d*)$/', $moduleDirName, $regs)) {
169		echo('invalid dirname: ' . htmlspecialchars($moduleDirName));
170		}
171		$mydirnumber = $regs[2] === '' ? '' : (int)$regs[2];
172
173		require_once XOOPS_ROOT_PATH . "/modules/$moduleDirName/include/gtickets.php";
174
175		// SERVER, GET �ѿ��μ��
176		$action = isset($_POST['action']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_POST['action']) : '';
177		$done = isset($_GET['done']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_GET['done']) : '';
178		$disp = isset($_GET['disp']) ? preg_replace('/[^a-zA-Z0-9_-]/', '', $_GET['disp']) : '';
179		$cid = isset($_GET['cid']) ? (int)$_GET['cid'] : 0;
180
181		// MySQL�ؤ��³
182		$conn = $GLOBALS['xoopsDB']->conn;
183
184		// setting physical & virtual paths
185		$mod_path = XOOPS_ROOT_PATH . "/modules/$moduleDirName";
186		$mod_url = XOOPS_URL . "/modules/$moduleDirName";
187
188		// creating an instance of APCal
189		$cal = new APCal_xoops('', $xoopsConfig['language'], true);
190
191		// setting properties of APCal
192		$cal->conn = $conn;
193		include __DIR__ . '/../include/read_configs.php';
194		$cal->base_url = $mod_url;
195		$cal->base_path = $mod_path;
196		$cal->images_url = "$mod_url/assets/images/$skin_folder";
197		$cal->images_path = "$mod_path/assets/images/$skin_folder";
198
199		// XOOPS関連の初期化
200		$myts = MyTextSanitizer::getInstance();
201		$cattree = new XoopsTree($cal->cat_table, 'cid', 'pid');
202		$gpermHandler = xoops_getHandler('groupperm');
203
204		// データベース更新などがからむ処理
205		if ($action === 'insert') {
206
207		// Ticket Check
208		if (!$xoopsGTicket->check()) {
209		redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
210		}
211
212		// 新規登録
213		$sql = "INSERT INTO $cal->cat_table SET ";
214		$cols = array(
215		'weight' => 'I:N:0',
216		'ismenuitem' => 'I:N:0',
217		'canbemain' => 'I:N:0',
218		'cat_title' => '255:J:1',
219		'cat_desc' => 'A:J:0',
220		'pid' => 'I:N:0'
221		);
222		$sql .= $cal->get_sql_set($cols);
223		$sql .= ",cat_shorttitle='" . $cal->makeShort(utf8_decode($_POST['cat_title'])) . "'";
224		$sql .= ",color='" . $_POST['color'] . '\'';
225		if (!$GLOBALS['xoopsDB']->query($sql)) {
226		die($GLOBALS['xoopsDB']->error());
227		}
228		rebuild_cat_tree($cal->cat_table);
229		$mes = urlencode(_AM_APCAL_MB_CAT_INSERTED);
230		$cal->redirect("done=inserted&mes=$mes");
231		exit;
232		} elseif ($action === 'update' && $_POST['cid'] > 0) {
233
234		// Ticket Check
235		if (!$xoopsGTicket->check()) {
236		redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
237		}
238
239		// ��
240		$cid = (int)$_POST['cid'];
241		$sql = "UPDATE $cal->cat_table SET ";
242		$cols = array(
243		'weight' => 'I:N:0',
244		'ismenuitem' => 'I:N:0',
245		'canbemain' => 'I:N:0',
246		'cat_title' => '255:J:1',
247		'cat_desc' => 'A:J:0',
248		'pid' => 'I:N:0'
249		);
250		$sql .= $cal->get_sql_set($cols);
251		$sql .= ",cat_shorttitle='" . $cal->makeShort(utf8_decode($_POST['cat_title'])) . "'";
252		$sql .= ",color='" . $_POST['color'] . '\'';
253		$sql .= "WHERE cid='$cid'";
254		if (!$GLOBALS['xoopsDB']->query($sql)) {
255		die($GLOBALS['xoopsDB']->error());
256		}
257		rebuild_cat_tree($cal->cat_table);
258		$mes = urlencode(_AM_APCAL_MB_CAT_UPDATED);
259		$cal->redirect("done=updated&mes=$mes");
260		exit;
261		} elseif (!empty($_POST['delcat'])) {
262
263		// Ticket Check
264		if (!$xoopsGTicket->check()) {
265		redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
266		}
267
268		// Delete
269		$cid = (int)$_POST['delcat'];
270
271		// Category2Group permission �κ�� (2.0.3 ��Ǥ⤦�ޤ�ư��褦��)
272		// xoops_groupperm_deletebymoditem( $xoopsModule->mid() , 'apcal_cat' , $cid ) ;
273		$criteria = new CriteriaCompo(new Criteria('gperm_modid', $xoopsModule->mid()));
274		$criteria->add(new Criteria('gperm_name', 'apcal_cat'));
275		$criteria->add(new Criteria('gperm_itemid', (int)$cid));
276		$gpermHandler->deleteAll($criteria);
277
278		// Category Notify の削除
279		// (必要であれば該当イベント削除の機能も)
280
281		// 対象カテゴリーの子供をWHERE節に追加し、Cat2Group Permissionを削除
282		$children = $cattree->getAllChildId($cid);
283		$whr = 'cid IN (';
284		foreach ($children as $child) {
285		// WHERE��ؤ��ɲ�
286		$whr .= "$child,";
287		// Category2Group permission の削除 (2.0.3 以前でもうまく動くように)
288		// xoops_groupperm_deletebymoditem( $xoopsModule->mid() , 'apcal_cat' , $child ) ;
289		$criteria = new CriteriaCompo(new Criteria('gperm_modid', $xoopsModule->mid()));
290		$criteria->add(new Criteria('gperm_name', 'apcal_cat'));
291		$criteria->add(new Criteria('gperm_itemid', (int)$child));
292		$gpermHandler->deleteAll($criteria);
293		}
294		$whr .= "$cid)";
295
296		// cat�ơ��֥뤫��κ��
297		if (!$GLOBALS['xoopsDB']->query("DELETE FROM $cal->cat_table WHERE $whr")) {
298		die($GLOBALS['xoopsDB']->error());
299		}
300		rebuild_cat_tree($cal->cat_table);
301		$mes = urlencode(sprintf(_AM_APCAL_FMT_CAT_DELETED, $GLOBALS['xoopsDB']->getAffectedRows()));
302		$cal->redirect("done=deleted&mes=$mes");
303		exit;
304		} elseif (!empty($_POST['batch_update'])) {
305
306		// Ticket Check
307		if (!$xoopsGTicket->check()) {
308		redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
309		}
310
311		// バッチアップデート
312		$affected = 0;
313		foreach ($_POST['weights'] as $cid => $weight) {
314		$weight = (int)$weight;
315		$cid = (int)$cid;
316		$enabled = !empty($_POST['enabled'][$cid]) ? 1 : 0;
317		if (!$GLOBALS['xoopsDB']->query("UPDATE $cal->cat_table SET weight='$weight', enabled='$enabled' WHERE cid=$cid")) {
318		die($GLOBALS['xoopsDB']->error());
319		}
320		$affected += $GLOBALS['xoopsDB']->getAffectedRows();
321		}
322		if ($affected > 0) {
323		rebuild_cat_tree($cal->cat_table);
324		}
325		$mes = urlencode(sprintf(_AM_APCAL_FMT_CAT_BATCHUPDATED, $affected));
326		$cal->redirect("done=batch_updated&mes=$mes");
327		exit;
328		}
329
330		// メイン出力部
331		xoops_cp_header();
332		$adminObject->displayNavigation(basename(__FILE__));
333		// 表示処理の振り分け
334		if ($disp === 'edit' && $cid > 0) {
335
336		// ��оݥ��ƥ��꡼�ǡ��μ��
337		$sql = "SELECT *,UNIX_TIMESTAMP(dtstamp) AS udtstamp FROM $cal->cat_table WHERE cid='$cid'";
338		$crs = $GLOBALS['xoopsDB']->query($sql);
339		$cat = $GLOBALS['xoopsDB']->fetchObject($crs);
340		display_edit_form($cat, _AM_APCAL_MENU_CAT_EDIT, 'update');
341		} elseif ($disp === 'new') {
342
343		// ��Ʊ��Υ��֥��Ȥ��Ѱ�
344
345		/**
346		* Class Dummy
347		*/
348		class Dummy
349		{
350		public $cid = 0;
351		public $pid = 0;
352		public $cat_title = '';
353		public $cat_desc = '';
354		public $weight = 0;
355		public $ismenuitem = 0;
356		public $canbemain = 1;
357		public $udtstamp = 0;
358		}
359
360		$cat = new Dummy();
361		$cat->pid = $cid;
362		$cat->udtstamp = time();
363		display_edit_form($cat, _AM_APCAL_MENU_CAT_NEW, 'insert');
364		} else {
365		echo '<h4>' . _AM_APCAL_MENU_CATEGORIES . "</h4>\n";
366
367	View Code Duplication	if (!empty($_GET['mes'])) {
		0 ignored issues – show Duplication introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
368		echo "<p><style='color: blue; '>" . htmlspecialchars($_GET['mes'], ENT_QUOTES) . '</style></p>';
369		}
370
371		echo "<p><a href='?disp=new&cid=0'>" . _AM_APCAL_MB_MAKETOPCAT . "<img src='../assets/images/cat_add.gif' width='18' height='15' alt='' /></a></p>\n";
372
373		// ��ƥ��꡼�ǡ��
374		$cat_tree_array = $cattree->getChildTreeArray(0, 'weight ASC,cat_title');
375
376		// TH Part
377		echo "
378		<form class='apcalForm' id='MainForm' name='MainForm' action='' method='post' style='margin:10px;'>
379		" . $xoopsGTicket->getTicketHtml(__LINE__) . "
380		<input type='hidden' name='delcat' value='' />
381		<table width='75%' class='outer' cellpadding='4' cellspacing='1'>
382		<tr valign='middle'>
383		<th>" . _AM_APCAL_CAT_TH_TITLE . '</th>
384		<th>' . _AM_APCAL_CAT_TH_OPERATION . '</th>
385		<th>' . _AM_APCAL_CAT_TH_ENABLED . '</th>
386		<th>' . _AM_APCAL_CAT_TH_WEIGHT . '</th>
387		</tr>
388		';
389
390		// �ꥹ�Ƚ��
391		$oddeven = 'odd';
392		foreach ($cat_tree_array as $cat_node) {
393		$oddeven = ($oddeven === 'odd' ? 'even' : 'odd');
394		extract($cat_node);
395
396		$prefix = str_replace('.', ' --', substr($prefix, 1));
397		$enable_checked = $enabled ? 'checked' : '';
398		$cid = (int)$cid;
399		$cat_title = $myts->htmlSpecialChars($cat_title);
400		$del_confirm = 'confirm("' . sprintf(_AM_APCAL_FMT_CATDELCONFIRM, $cat_title) . '")';
401		echo "
402		<tr>
403		<td class='$oddeven' width='100%'><a href='?disp=edit&cid=$cid'>$prefix $cat_title</a></td>
404		<td class='$oddeven' align='center' nowrap='nowrap'>
405		<a href='$mod_url/index.php?action=Edit&cid=$cid' target='_blank'><img src='$cal->images_url/addevent.gif' border='0' width='14' height='12' /></a>
406
407		<a href='?disp=edit&cid=$cid'><img src='../assets/images/cat_edit.gif' width='18' height='15' alt='" . _AM_APCAL_MENU_CAT_EDIT . "' title='" . _AM_APCAL_MENU_CAT_EDIT . "' /></a>
408
409		<a href='?disp=new&cid=$cid'><img src='../assets/images/cat_add.gif' width='18' height='15' alt='" . _AM_APCAL_MENU_CAT_NEW . "' title='" . _AM_APCAL_MENU_CAT_NEW . "' /></a>
410
411		<input type='button' value='" . _DELETE . "' onclick='if ($del_confirm) {document.MainForm.delcat.value=\"$cid\"; submit();}' />
412		</td>
413		<td class='$oddeven' align='center'><input type='checkbox' name='enabled[$cid]' value='1' $enable_checked /></td>
414		<td class='$oddeven' align='right'><input type='text' name='weights[$cid]' size='4' maxlength='6' value='$weight' /></td>
415		</tr>\n";
416		}
417
418		// �ơ��֥�եå��
419		echo "
420		<tr>
421		<td colspan='4' align='right' class='head'><input type='submit' name='batch_update' value='" . _AM_APCAL_BTN_UPDATE . "' /></td>
422		</tr>
423		<tr>
424		<td colspan='8' align='right' valign='bottom' height='50'>" . _AM_APCAL_COPYRIGHT . '</td>
425		</tr>
426		</table>
427		</form>
428		';
429		}
430
431		require_once __DIR__ . '/admin_footer.php';
432

XoopsModules25x / apcal

Issues (1210)

Security Analysis not enabled

admin/categories.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like