Issues in mygrouppermform.php (master) - Issues in master - XoopsModules25x/apcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1210)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/mygrouppermform.php (9 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright   {@link http://xoops.org/ XOOPS Project}
 * @license     {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
 * @package
 * @since
 * @author       XOOPS Development Team,
 * @author       GIJ=CHECKMATE (PEAK Corp. http://www.peak.ne.jp/)
 */

defined('XOOPS_ROOT_PATH') || exit('XOOPS Root Path not defined');

require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelement.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhidden.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formbutton.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelementtray.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/form.php';

/**
 * Renders a form for setting module specific group permissions
 *
 * @author      Kazumi Ono  <[email protected]>
 * @copyright   copyright (c) 2000-2003 XOOPS.org
 *
 * @package     kernel
 * @subpackage  form
 */
class MyXoopsGroupPermForm extends XoopsForm
{
    /**
     * Module ID
     * @var int
     */
    public $_modid;
    /**
     * Tree structure of items
     * @var array
     */
    public $_itemTree = array();
    /**
     * Name of permission
     * @var string
     */
    public $_permName;
    /**
     * Description of permission
     * @var string
     */
    public $_permDesc;
    /**
     * Appendix
     * @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
     */
    public $_appendix = array();

    /**
     * Constructor
     * @param string $title
     * @param string $modid
     * @param string $permname
     * @param string $permdesc
     */
    public function __construct($title, $modid, $permname, $permdesc)
    {
        //      $this->XoopsForm($title, 'groupperm_form', XOOPS_URL.'/modules/system/admin/groupperm.php', 'post'); GIJ
        parent::__construct($title, 'groupperm_form', '', 'post');
        $this->_modid    = (int)$modid;
        $this->_permName = $permname;
        $this->_permDesc = $permdesc;
        $this->addElement(new XoopsFormHidden('modid', $this->_modid));
    }

    /**
     * Adds an item to which permission will be assigned
     *
     * @param string $itemName
     * @param int    $itemId
     * @param int    $itemParent
     * @access public
     */
    public function addItem($itemId, $itemName, $itemParent = 0)
    {
        $this->_itemTree[$itemParent]['children'][] = $itemId;
        $this->_itemTree[$itemId]['parent']         = $itemParent;
        $this->_itemTree[$itemId]['name']           = $itemName;
        $this->_itemTree[$itemId]['id']             = $itemId;
    }

    /**
     * Add appendix
     *
     * @access public
     * @param $permName
     * @param $itemId
     * @param $itemName
     */
    public function addAppendix($permName, $itemId, $itemName)
    {
        $this->_appendix[] = array(
            'permname' => $permName,
            'itemid'   => $itemId,
            'itemname' => $itemName,
            'selected' => false
        );
    }

    /**
     * Loads all child ids for an item to be used in javascript
     *
     * @param int   $itemId
     * @param array $childIds
     * @access private
     */
    public function _loadAllChildItemIds($itemId, &$childIds)
    {
        if (!empty($this->_itemTree[$itemId]['children'])) {
            $first_child = $this->_itemTree[$itemId]['children'];
            foreach ($first_child as $fcid) {
                array_push($childIds, $fcid);
                if (!empty($this->_itemTree[$fcid]['children'])) {
                    foreach ($this->_itemTree[$fcid]['children'] as $_fcid) {
                        array_push($childIds, $_fcid);
                        $this->_loadAllChildItemIds($_fcid, $childIds);
                    }
                }
            }
        }
    }

    /**
     * Renders the form
     *
     * @return string
     * @access public
     */
    public function render()
    {
        global $xoopsGTicket;

        // load all child ids for javascript codes
        foreach (array_keys($this->_itemTree) as $item_id) {
            $this->_itemTree[$item_id]['allchild'] = array();
            $this->_loadAllChildItemIds($item_id, $this->_itemTree[$item_id]['allchild']);
        }
        $gpermHandler  = xoops_getHandler('groupperm');
        $memberHandler = xoops_getHandler('member');
        $glist          = $memberHandler->getGroupList();
        foreach (array_keys($glist) as $i) {
            // get selected item id(s) for each group
            $selected = $gpermHandler->getItemIds($this->_permName, $i, $this->_modid);
            $ele      = new MyXoopsGroupFormCheckBox($glist[$i], 'perms[' . $this->_permName . ']', $i, $selected);
            $ele->setOptionTree($this->_itemTree);

            foreach ($this->_appendix as $key => $append) {
                $this->_appendix[$key]['selected'] = $gpermHandler->checkRight($append['permname'], $append['itemid'], $i, $this->_modid);
            }
            $ele->setAppendix($this->_appendix);
            $this->addElement($ele);
            unset($ele);
        }

        // GIJ start
        $jstray          = new XoopsFormElementTray(' &nbsp; ');
        $jsuncheckbutton = new XoopsFormButton('', 'none', _NONE, 'button');
        $jsuncheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if (elements[i].type=='checkbox') {elements[i].checked=false;}}}\"");
        $jscheckbutton = new XoopsFormButton('', 'all', _ALL, 'button');
        $jscheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if(elements[i].type=='checkbox' && (elements[i].name.indexOf('module_admin')<0 || elements[i].name.indexOf('[groups][1]')>=0)) {elements[i].checked=true;}}}\"");
        $jstray->addElement($jsuncheckbutton);
        $jstray->addElement($jscheckbutton);
        $this->addElement($jstray);
        // GIJ end

        $tray = new XoopsFormElementTray('');
        $tray->addElement(new XoopsFormButton('', 'reset', _CANCEL, 'reset'));
        $tray->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
        $this->addElement($tray);

        $ret      = '<h4>' . $this->getTitle() . '</h4>' . $this->_permDesc . '<br>';
        $ret      .= "<form class='apcalForm' name='"
                     . $this->getName()

                     . "' id='"
                     . $this->getName()

                     . "' action='"
                     . $this->getAction()
                     . "' method='"
                     . $this->getMethod()
                     . "'"
                     . $this->getExtra()
                     . ">\n<table width='100%' class='outer' cellspacing='1'>\n";
        $elements = $this->getElements();
        foreach (array_keys($elements) as $i) {
            if (!is_object($elements[$i])) {
                $ret .= $elements[$i];
            } elseif (!$elements[$i]->isHidden()) {
                $ret .= "<tr valign='top' align='left'><td class='head'>" . $elements[$i]->getCaption();
                if ($elements[$i]->getDescription() !== '') {
                    $ret .= '<br><br><span style="font-weight: normal;">' . $elements[$i]->getDescription() . '</span>';
                }
                $ret .= "</td>\n<td class='even'>\n" . $elements[$i]->render() . "\n</td></tr>\n";
            } else {
                $ret .= $elements[$i]->render();
            }
        }
        $ret .= '</table>' . $xoopsGTicket->getTicketHtml(__LINE__, 1800, 'myblocksadmin') . '</form>';

        return $ret;
    }
}

/**
 * Renders checkbox options for a group permission form
 *
 * @author      Kazumi Ono  <[email protected]>
 * @copyright   copyright (c) 2000-2003 XOOPS.org
 *
 * @package     kernel
 * @subpackage  form
 */
class MyXoopsGroupFormCheckBox extends XoopsFormElement
{
    /**
     * Pre-selected value(s)
     * @var array;
     */
    public $_value;
    /**
     * Group ID
     * @var int
     */
    public $_groupId;
    /**
     * Option tree
     * @var array
     */
    public $_optionTree;
    /**
     * Appendix
     * @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
     */
    public $_appendix = array();

    /**
     * Constructor
     * @param      $caption
     * @param      $name
     * @param      $groupId
     * @param null $values
     */
    public function __construct($caption, $name, $groupId, $values = null)
    {
        $this->setCaption($caption);
        $this->setName($name);
        if (isset($values)) {
            $this->setValue($values);
        }
        $this->_groupId = $groupId;
    }

    /**
     * Sets pre-selected values
     *
     * @param mixed $value A group ID or an array of group IDs
     * @access public
     */
    public function setValue($value)
    {
        if (is_array($value)) {
            foreach ($value as $v) {
                $this->setValue($v);
            }
        } else {
            $this->_value[] = $value;
        }
    }

    /**
     * Sets the tree structure of items
     *
     * @param array $optionTree
     * @access public
     */
    public function setOptionTree(&$optionTree)
    {
        $this->_optionTree =& $optionTree;
    }

    /**
     * Sets appendix of checkboxes
     *
     * @access public
     * @param $appendix
     */
    public function setAppendix($appendix)
    {
        $this->_appendix = $appendix;
    }

    /**
     * Renders checkbox options for this group
     *
     * @return string
     * @access public
     */
    public function render()
    {
        $ret = '';

        if (count($this->_appendix) > 0) {
            $ret  .= '<table class="outer"><tr>';
            $cols = 1;
            foreach ($this->_appendix as $append) {
                if ($cols > 4) {
                    $ret  .= '</tr><tr>';
                    $cols = 1;
                }
                $checked = $append['selected'] ? 'checked' : '';
                $name    = 'perms[' . $append['permname'] . ']';
                $itemid  = $append['itemid'];
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
                $itemid  = $append['itemid'];
                $ret     .= "<td class=\"odd\"><input type=\"checkbox\" name=\"{$name}[groups][$this->_groupId][$itemid]\" id=\"{$name}[groups][$this->_groupId][$itemid]\" value=\"1\" $checked />{$append['itemname']}<input type=\"hidden\" name=\"{$name}[parents][$itemid]\" value=\"\" /><input type=\"hidden\" name=\"{$name}[itemname][$itemid]\" value=\"{$append['itemname']}\" /><br></td>";
                ++$cols;
            }
            $ret .= '</tr></table>';
        }

        $ret  .= '<table class="outer"><tr>';
        $cols = 1;
        if (!empty($this->_optionTree[0]['children'])) {
            foreach ($this->_optionTree[0]['children'] as $topitem) {
                if ($cols > 4) {
                    $ret  .= '</tr><tr>';
                    $cols = 1;
                }
                $tree   = '<td class="odd">';
                $prefix = '';
                $this->_renderOptionTree($tree, $this->_optionTree[$topitem], $prefix);
                $ret .= $tree . '</td>';
                ++$cols;
            }
        }
        $ret .= '</tr></table>';

        return $ret;
    }

    /**
     * Renders checkbox options for an item tree
     *
     * @param string $tree
     * @param array  $option
     * @param string $prefix
     * @param array  $parentIds
     * @access private
     */
    public function _renderOptionTree(&$tree, $option, $prefix, $parentIds = array())
    {
        $tree .= $prefix
                 . '<input type="checkbox" name="'
                 . $this->getName()

                 . '[groups]['
                 . $this->_groupId
                 . ']['
                 . $option['id']
                 . ']" id="'
                 . $this->getName()

                 . '[groups]['
                 . $this->_groupId
                 . ']['
                 . $option['id']
                 . ']" onclick="';
        // If there are parent elements, add javascript that will
        // make them selecteded when this element is checked to make
        // sure permissions to parent items are added as well.
        foreach ($parentIds as $pid) {
            $parent_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $pid . ']';

            $tree       .= "var ele = xoopsGetElementById('" . $parent_ele . "'); if (ele.checked !== true) {ele.checked = this.checked;}";
        }
        // If there are child elements, add javascript that will
        // make them unchecked when this element is unchecked to make
        // sure permissions to child items are not added when there
        // is no permission to this item.
        foreach ($option['allchild'] as $cid) {
            $child_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $cid . ']';

            $tree      .= "var ele = xoopsGetElementById('" . $child_ele . "'); if (this.checked !== true) {ele.checked = false;}";
        }
        $tree .= '" value="1"';
        if (isset($this->_value) && in_array($option['id'], $this->_value)) {
            $tree .= ' checked';
        }
        $tree .= ' />'
                 . $option['name']
                 . '<input type="hidden" name="'
                 . $this->getName()

                 . '[parents]['
                 . $option['id']
                 . ']" value="'
                 . implode(':', $parentIds)
                 . '" /><input type="hidden" name="'
                 . $this->getName()

                 . '[itemname]['
                 . $option['id']
                 . ']" value="'
                 . htmlspecialchars($option['name'])
                 . "\" /><br>\n";
        if (isset($option['children'])) {
            foreach ($option['children'] as $child) {
                array_push($parentIds, $option['id']);
                $this->_renderOptionTree($tree, $this->_optionTree[$child], $prefix . '&nbsp;-', $parentIds);
            }
        }
    }
}


1			<?php
2			/*
3			* You may not change or alter any portion of this comment or credits
4			* of supporting developers from this source code or any supporting source code
5			* which is considered copyrighted (c) material of the original comment or credit authors.
6			*
7			* This program is distributed in the hope that it will be useful,
8			* but WITHOUT ANY WARRANTY; without even the implied warranty of
9			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* @copyright {@link http://xoops.org/ XOOPS Project}
14			* @license {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
15			* @package
16			* @since
17			* @author XOOPS Development Team,
18			* @author GIJ=CHECKMATE (PEAK Corp. http://www.peak.ne.jp/)
19			*/
20
21			defined('XOOPS_ROOT_PATH') \|\| exit('XOOPS Root Path not defined');
22
23			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelement.php';
24			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhidden.php';
25			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formbutton.php';
26			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelementtray.php';
27			require_once XOOPS_ROOT_PATH . '/class/xoopsform/form.php';
28
29			/**
30			* Renders a form for setting module specific group permissions
31			*
32			* @author Kazumi Ono <[email protected]>
33			* @copyright copyright (c) 2000-2003 XOOPS.org
34			*
35			* @package kernel
36			* @subpackage form
37			*/
38			class MyXoopsGroupPermForm extends XoopsForm
39			{
40			/**
41			* Module ID
42			* @var int
43			*/
44			public $_modid;
45			/**
46			* Tree structure of items
47			* @var array
48			*/
49			public $_itemTree = array();
50			/**
51			* Name of permission
52			* @var string
53			*/
54			public $_permName;
55			/**
56			* Description of permission
57			* @var string
58			*/
59			public $_permDesc;
60			/**
61			* Appendix
62			* @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
63			*/
64			public $_appendix = array();
65
66			/**
67			* Constructor
68			* @param string $title
69			* @param string $modid
70			* @param string $permname
71			* @param string $permdesc
72			*/
73			public function __construct($title, $modid, $permname, $permdesc)
74			{
75			// $this->XoopsForm($title, 'groupperm_form', XOOPS_URL.'/modules/system/admin/groupperm.php', 'post'); GIJ
76			parent::__construct($title, 'groupperm_form', '', 'post');
77			$this->_modid = (int)$modid;
78			$this->_permName = $permname;
79			$this->_permDesc = $permdesc;
80			$this->addElement(new XoopsFormHidden('modid', $this->_modid));
81			}
82
83			/**
84			* Adds an item to which permission will be assigned
85			*
86			* @param string $itemName
87			* @param int $itemId
88			* @param int $itemParent
89			* @access public
90			*/
91			public function addItem($itemId, $itemName, $itemParent = 0)
92			{
93			$this->_itemTree[$itemParent]['children'][] = $itemId;
94			$this->_itemTree[$itemId]['parent'] = $itemParent;
95			$this->_itemTree[$itemId]['name'] = $itemName;
96			$this->_itemTree[$itemId]['id'] = $itemId;
97			}
98
99			/**
100			* Add appendix
101			*
102			* @access public
103			* @param $permName
104			* @param $itemId
105			* @param $itemName
106			*/
107			public function addAppendix($permName, $itemId, $itemName)
108			{
109			$this->_appendix[] = array(
110			'permname' => $permName,
111			'itemid' => $itemId,
112			'itemname' => $itemName,
113			'selected' => false
114			);
115			}
116
117			/**
118			* Loads all child ids for an item to be used in javascript
119			*
120			* @param int $itemId
121			* @param array $childIds
122			* @access private
123			*/
124			public function _loadAllChildItemIds($itemId, &$childIds)
125			{
126			if (!empty($this->_itemTree[$itemId]['children'])) {
127			$first_child = $this->_itemTree[$itemId]['children'];
128			foreach ($first_child as $fcid) {
129			array_push($childIds, $fcid);
130			if (!empty($this->_itemTree[$fcid]['children'])) {
131			foreach ($this->_itemTree[$fcid]['children'] as $_fcid) {
132			array_push($childIds, $_fcid);
133			$this->_loadAllChildItemIds($_fcid, $childIds);
134			}
135			}
136			}
137			}
138			}
139
140			/**
141			* Renders the form
142			*
143			* @return string
144			* @access public
145			*/
146			public function render()
147			{
148			global $xoopsGTicket;
149
150			// load all child ids for javascript codes
151			foreach (array_keys($this->_itemTree) as $item_id) {
152			$this->_itemTree[$item_id]['allchild'] = array();
153			$this->_loadAllChildItemIds($item_id, $this->_itemTree[$item_id]['allchild']);
154			}
155			$gpermHandler = xoops_getHandler('groupperm');
156			$memberHandler = xoops_getHandler('member');
157			$glist = $memberHandler->getGroupList();
158			foreach (array_keys($glist) as $i) {
159			// get selected item id(s) for each group
160			$selected = $gpermHandler->getItemIds($this->_permName, $i, $this->_modid);
161			$ele = new MyXoopsGroupFormCheckBox($glist[$i], 'perms[' . $this->_permName . ']', $i, $selected);
162			$ele->setOptionTree($this->_itemTree);
163
164			foreach ($this->_appendix as $key => $append) {
165			$this->_appendix[$key]['selected'] = $gpermHandler->checkRight($append['permname'], $append['itemid'], $i, $this->_modid);
166			}
167			$ele->setAppendix($this->_appendix);
168			$this->addElement($ele);
169			unset($ele);
170			}
171
172			// GIJ start
173			$jstray = new XoopsFormElementTray('   ');
174			$jsuncheckbutton = new XoopsFormButton('', 'none', _NONE, 'button');
175			$jsuncheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if (elements[i].type=='checkbox') {elements[i].checked=false;}}}\"");
176			$jscheckbutton = new XoopsFormButton('', 'all', _ALL, 'button');
177			$jscheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if(elements[i].type=='checkbox' && (elements[i].name.indexOf('module_admin')<0 \|\| elements[i].name.indexOf('[groups][1]')>=0)) {elements[i].checked=true;}}}\"");
178			$jstray->addElement($jsuncheckbutton);
179			$jstray->addElement($jscheckbutton);
180			$this->addElement($jstray);
181			// GIJ end
182
183			$tray = new XoopsFormElementTray('');
184			$tray->addElement(new XoopsFormButton('', 'reset', _CANCEL, 'reset'));
185			$tray->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
186			$this->addElement($tray);
187
188			$ret = '<h4>' . $this->getTitle() . '</h4>' . $this->_permDesc . '<br>';
189			$ret .= "<form class='apcalForm' name='"
190			. $this->getName()
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
191			. "' id='"
192			. $this->getName()
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
193			. "' action='"
194			. $this->getAction()
195			. "' method='"
196			. $this->getMethod()
197			. "'"
198			. $this->getExtra()
199			. ">\n<table width='100%' class='outer' cellspacing='1'>\n";
200			$elements = $this->getElements();
201			foreach (array_keys($elements) as $i) {
202			if (!is_object($elements[$i])) {
203			$ret .= $elements[$i];
204			} elseif (!$elements[$i]->isHidden()) {
205			$ret .= "<tr valign='top' align='left'><td class='head'>" . $elements[$i]->getCaption();
206			if ($elements[$i]->getDescription() !== '') {
207			$ret .= '<br><br><span style="font-weight: normal;">' . $elements[$i]->getDescription() . '</span>';
208			}
209			$ret .= "</td>\n<td class='even'>\n" . $elements[$i]->render() . "\n</td></tr>\n";
210			} else {
211			$ret .= $elements[$i]->render();
212			}
213			}
214			$ret .= '</table>' . $xoopsGTicket->getTicketHtml(__LINE__, 1800, 'myblocksadmin') . '</form>';
215
216			return $ret;
217			}
218			}
219
220			/**
221			* Renders checkbox options for a group permission form
222			*
223			* @author Kazumi Ono <[email protected]>
224			* @copyright copyright (c) 2000-2003 XOOPS.org
225			*
226			* @package kernel
227			* @subpackage form
228			*/
229			class MyXoopsGroupFormCheckBox extends XoopsFormElement
230			{
231			/**
232			* Pre-selected value(s)
233			* @var array;
234			*/
235			public $_value;
236			/**
237			* Group ID
238			* @var int
239			*/
240			public $_groupId;
241			/**
242			* Option tree
243			* @var array
244			*/
245			public $_optionTree;
246			/**
247			* Appendix
248			* @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
249			*/
250			public $_appendix = array();
251
252			/**
253			* Constructor
254			* @param $caption
255			* @param $name
256			* @param $groupId
257			* @param null $values
258			*/
259			public function __construct($caption, $name, $groupId, $values = null)
260			{
261			$this->setCaption($caption);
262			$this->setName($name);
263			if (isset($values)) {
264			$this->setValue($values);
265			}
266			$this->_groupId = $groupId;
267			}
268
269			/**
270			* Sets pre-selected values
271			*
272			* @param mixed $value A group ID or an array of group IDs
273			* @access public
274			*/
275			public function setValue($value)
276			{
277			if (is_array($value)) {
278			foreach ($value as $v) {
279			$this->setValue($v);
280			}
281			} else {
282			$this->_value[] = $value;
283			}
284			}
285
286			/**
287			* Sets the tree structure of items
288			*
289			* @param array $optionTree
290			* @access public
291			*/
292			public function setOptionTree(&$optionTree)
293			{
294			$this->_optionTree =& $optionTree;
295			}
296
297			/**
298			* Sets appendix of checkboxes
299			*
300			* @access public
301			* @param $appendix
302			*/
303			public function setAppendix($appendix)
304			{
305			$this->_appendix = $appendix;
306			}
307
308			/**
309			* Renders checkbox options for this group
310			*
311			* @return string
312			* @access public
313			*/
314			public function render()
315			{
316			$ret = '';
317
318			if (count($this->_appendix) > 0) {
319			$ret .= '<table class="outer"><tr>';
320			$cols = 1;
321			foreach ($this->_appendix as $append) {
322			if ($cols > 4) {
323			$ret .= '</tr><tr>';
324			$cols = 1;
325			}
326			$checked = $append['selected'] ? 'checked' : '';
327			$name = 'perms[' . $append['permname'] . ']';
328			$itemid = $append['itemid'];
			0 ignored issues – show Unused Code introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$itemid` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
329			$itemid = $append['itemid'];
330			$ret .= "<td class=\"odd\"><input type=\"checkbox\" name=\"{$name}[groups][$this->_groupId][$itemid]\" id=\"{$name}[groups][$this->_groupId][$itemid]\" value=\"1\" $checked />{$append['itemname']}<input type=\"hidden\" name=\"{$name}[parents][$itemid]\" value=\"\" /><input type=\"hidden\" name=\"{$name}[itemname][$itemid]\" value=\"{$append['itemname']}\" /><br></td>";
331			++$cols;
332			}
333			$ret .= '</tr></table>';
334			}
335
336			$ret .= '<table class="outer"><tr>';
337			$cols = 1;
338			if (!empty($this->_optionTree[0]['children'])) {
339			foreach ($this->_optionTree[0]['children'] as $topitem) {
340			if ($cols > 4) {
341			$ret .= '</tr><tr>';
342			$cols = 1;
343			}
344			$tree = '<td class="odd">';
345			$prefix = '';
346			$this->_renderOptionTree($tree, $this->_optionTree[$topitem], $prefix);
347			$ret .= $tree . '</td>';
348			++$cols;
349			}
350			}
351			$ret .= '</tr></table>';
352
353			return $ret;
354			}
355
356			/**
357			* Renders checkbox options for an item tree
358			*
359			* @param string $tree
360			* @param array $option
361			* @param string $prefix
362			* @param array $parentIds
363			* @access private
364			*/
365			public function _renderOptionTree(&$tree, $option, $prefix, $parentIds = array())
366			{
367			$tree .= $prefix
368			. '<input type="checkbox" name="'
369			. $this->getName()
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
370			. '[groups]['
371			. $this->_groupId
372			. ']['
373			. $option['id']
374			. ']" id="'
375			. $this->getName()
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
376			. '[groups]['
377			. $this->_groupId
378			. ']['
379			. $option['id']
380			. ']" onclick="';
381			// If there are parent elements, add javascript that will
382			// make them selecteded when this element is checked to make
383			// sure permissions to parent items are added as well.
384			foreach ($parentIds as $pid) {
385			$parent_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $pid . ']';
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
386			$tree .= "var ele = xoopsGetElementById('" . $parent_ele . "'); if (ele.checked !== true) {ele.checked = this.checked;}";
387			}
388			// If there are child elements, add javascript that will
389			// make them unchecked when this element is unchecked to make
390			// sure permissions to child items are not added when there
391			// is no permission to this item.
392			foreach ($option['allchild'] as $cid) {
393			$child_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $cid . ']';
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
394			$tree .= "var ele = xoopsGetElementById('" . $child_ele . "'); if (this.checked !== true) {ele.checked = false;}";
395			}
396			$tree .= '" value="1"';
397			if (isset($this->_value) && in_array($option['id'], $this->_value)) {
398			$tree .= ' checked';
399			}
400			$tree .= ' />'
401			. $option['name']
402			. '<input type="hidden" name="'
403			. $this->getName()
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
404			. '[parents]['
405			. $option['id']
406			. ']" value="'
407			. implode(':', $parentIds)
408			. '" /><input type="hidden" name="'
409			. $this->getName()
			0 ignored issues – show Bug introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
410			. '[itemname]['
411			. $option['id']
412			. ']" value="'
413			. htmlspecialchars($option['name'])
414			. "\" /><br>\n";
415			if (isset($option['children'])) {
416			foreach ($option['children'] as $child) {
417			array_push($parentIds, $option['id']);
418			$this->_renderOptionTree($tree, $this->_optionTree[$child], $prefix . ' -', $parentIds);
419			}
420			}
421			}
422			}
423

XoopsModules25x / apcal

Issues (1210)

Security Analysis not enabled

admin/mygrouppermform.php (9 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like