Issues in onupdate.php (master) - Issues in master - XoopsModules25x/apcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1210)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/onupdate.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright    {@link http://xoops.org/ XOOPS Project}
 * @license      {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
 * @package
 * @since
 * @author       XOOPS Development Team,
 * @author       GIJ=CHECKMATE (PEAK Corp. http://www.peak.ne.jp/)
 * @author       Antiques Promotion (http://www.antiquespromotion.ca)
 * @return bool
 */

if ((!defined('XOOPS_ROOT_PATH')) || !($GLOBALS['xoopsUser'] instanceof XoopsUser)
    || !$GLOBALS['xoopsUser']->IsAdmin()
) {
    exit('Restricted access' . PHP_EOL);
}

/**
 * @param string $tablename
 *
 * @return bool
 */
function tableExists($tablename)
{
    $result = $GLOBALS['xoopsDB']->queryF("SHOW TABLES LIKE '$tablename'");

    return $GLOBALS['xoopsDB']->getRowsNum($result) > 0;
}

/**
 *
 * Prepares system prior to attempting to install module
 * @param XoopsModule $module {@link XoopsModule}
 *
 * @return bool true if ready to install, false if not
 */
function xoops_module_pre_update_apcal(XoopsModule $module)
{
    $moduleDirName = basename(dirname(__DIR__));
    $classUtility  = ucfirst($moduleDirName) . 'Utility';
    if (!class_exists($classUtility)) {
        xoops_load('utility', $moduleDirName);
    }
    //check for minimum XOOPS version
    if (!$classUtility::checkVerXoops($module)) {
        return false;
    }

    // check for minimum PHP version
    if (!$classUtility::checkVerPhp($module)) {
        return false;
    }

    return true;
}

function xoops_module_update_apcal(XoopsModule $module)

{
    //    global $xoopsDB;
    $moduleDirName = basename(dirname(__DIR__));
    $capsDirName   = strtoupper($moduleDirName);

    if (!$GLOBALS['xoopsDB']->queryF("SELECT shortsummary FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')}")) {
        if ($GLOBALS['xoopsDB']->queryF("ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_event')} ADD shortsummary VARCHAR(255) AFTER groupid")) {
        }
    }
    $result = $GLOBALS['xoopsDB']->queryF("SELECT id, summary FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')}");
    while ($row = $GLOBALS['xoopsDB']->fetchArray($result)) {
        $shortsummary = makeShort($row['summary']);
        $GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_event')} SET shortsummary='{$shortsummary}' WHERE id={$row['id']}");
    }

    if (!$GLOBALS['xoopsDB']->queryF("SELECT cat_shorttitle FROM {$GLOBALS['xoopsDB']->prefix('apcal_cat')}")) {
        if ($GLOBALS['xoopsDB']->queryF("ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_cat')} ADD cat_shorttitle VARCHAR(255) AFTER enabled")) {
        }
    }
    $result = $GLOBALS['xoopsDB']->queryF("SELECT cid, cat_title FROM {$GLOBALS['xoopsDB']->prefix('apcal_cat')}");
    while ($row = $GLOBALS['xoopsDB']->fetchArray($result)) {
        $cat_shorttitle = makeShort($row['cat_title']);
        $GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_cat')} SET cat_shorttitle='{$cat_shorttitle}' WHERE cid={$row['cid']}");
    }

    if (!$GLOBALS['xoopsDB']->queryF("SELECT email,url,mainCategory, otherHours FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')}")) {
        $sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_event')} ";
        $sql .= 'ADD url VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'\' AFTER location,';
        $sql .= 'ADD email VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'\' AFTER url,';
        $sql .= 'ADD mainCategory SMALLINT( 5 ) UNSIGNED ZEROFILL NOT NULL DEFAULT \'00000\' AFTER dtstamp,';
        $sql .= 'ADD otherHours VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'\' AFTER end';
        $GLOBALS['xoopsDB']->queryF($sql);
    }

    if (!$GLOBALS['xoopsDB']->queryF("SELECT color,canbemain FROM {$GLOBALS['xoopsDB']->prefix('apcal_cat')}")) {
        $sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_cat')} ";
        $sql .= 'ADD color VARCHAR( 7 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'#5555AA\' AFTER cat_desc,';
        $sql .= 'ADD canbemain TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT \'0\' AFTER autocreated';
        $GLOBALS['xoopsDB']->queryF($sql);
    }

    $sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_pictures')} ";
    $sql .= '(id int(10) unsigned NOT NULL AUTO_INCREMENT,';
    $sql .= 'event_id int(10) unsigned zerofill NOT NULL,';
    $sql .= 'picture varchar(255) NOT NULL,';
    $sql .= 'main_pic tinyint(1) unsigned NOT NULL DEFAULT \'0\',';
    $sql .= 'PRIMARY KEY (id)) ';
    $sql .= 'ENGINE=MyISAM DEFAULT CHARSET=utf8';
    $GLOBALS['xoopsDB']->queryF($sql);

    $sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_ro_events')} (
            roe_id int(10) unsigned NOT NULL AUTO_INCREMENT,
            roe_eventid mediumint(8) unsigned zerofill NOT NULL DEFAULT '00000000',
            roe_number int(10) NOT NULL DEFAULT '0',
            roe_datelimit int(10) NOT NULL DEFAULT '0',
            roe_needconfirm INT(10) NOT NULL DEFAULT '0',
            roe_waitinglist INT(10) NOT NULL DEFAULT '0',
            roe_submitter int(10) NOT NULL DEFAULT '0',
            roe_date_created int(10) NOT NULL DEFAULT '0',
            PRIMARY KEY (roe_id),
            KEY event (roe_eventid))
            ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1";
    $GLOBALS['xoopsDB']->queryF($sql);

    $sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_ro_members')} (
            rom_id int(10) unsigned NOT NULL AUTO_INCREMENT,
            rom_eventid mediumint(8) unsigned zerofill NOT NULL DEFAULT '00000000',
            rom_firstname varchar(200) DEFAULT NULL,
            rom_lastname varchar(200) DEFAULT NULL,
            rom_email varchar(200) DEFAULT NULL,
            rom_extrainfo1 varchar(200) DEFAULT NULL,
            rom_extrainfo2 varchar(200) DEFAULT NULL,
            rom_extrainfo3 varchar(200) DEFAULT NULL,
            rom_extrainfo4 varchar(200) DEFAULT NULL,
            rom_extrainfo5 varchar(200) DEFAULT NULL,
            rom_poster_ip  varchar(200) DEFAULT NULL,
            rom_status int(10) NOT NULL DEFAULT '0',
            rom_submitter int(10) NOT NULL DEFAULT '0',
            rom_date_created int(10) NOT NULL DEFAULT '0',
            PRIMARY KEY (rom_id),
            UNIQUE KEY UNQ_EMAIL (rom_eventid, rom_email),
            KEY event (rom_eventid))
            ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1";
    $GLOBALS['xoopsDB']->queryF($sql);

    $sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_ro_notify')} (
            ron_id int(10) unsigned NOT NULL AUTO_INCREMENT,
            ron_eventid mediumint(8) unsigned zerofill NOT NULL DEFAULT '00000000',
            ron_email varchar(200) DEFAULT NULL,
            ron_submitter int(10) DEFAULT NULL,
            ron_date_created int(11) NOT NULL DEFAULT '0',
            PRIMARY KEY (ron_id),
            KEY event (ron_eventid))
            ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1";
    $GLOBALS['xoopsDB']->queryF($sql);

    $GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_event')} SET start_date=NULL,end_date=NULL");
    $GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_event')} t, (SELECT id, shortsummary FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')} x WHERE x.rrule_pid>0 GROUP BY x.shortsummary ORDER BY start) AS e SET t.rrule_pid=e.id WHERE t.shortsummary=e.shortsummary;");

    //    fix problem from removed poster_ip
    $sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_members')} ADD `rom_status` INT(1) NOT NULL DEFAULT '0' AFTER `rom_extrainfo5`;";
    $GLOBALS['xoopsDB']->queryF($sql);
    //    fix problem from removed poster_ip
    $sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_members')} ADD `rom_poster_ip` VARCHAR(200) NULL DEFAULT '' AFTER `rom_extrainfo5`;";
    $GLOBALS['xoopsDB']->queryF($sql);

    //    fix problem from removed roe_waitinglist
    $sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_events')} ADD `roe_waitinglist` INT(10) NOT NULL DEFAULT '0' AFTER `roe_datelimit`;";
    $GLOBALS['xoopsDB']->queryF($sql);

    //    fix problem from removed roe_waitinglist
    $sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_events')} ADD `roe_needconfirm` INT(10) NOT NULL DEFAULT '0' AFTER `roe_datelimit`;";
    $GLOBALS['xoopsDB']->queryF($sql);

    //    if (!is_dir(XOOPS_UPLOAD_PATH . '/apcal/')) {
    //        mkdir(XOOPS_UPLOAD_PATH . '/apcal/', 0755);
    //    }
    //    if (!is_dir(XOOPS_UPLOAD_PATH . '/apcal/thumbs/')) {
    //        mkdir(XOOPS_UPLOAD_PATH . '/apcal/thumbs/', 0755);
    //    }

    require_once __DIR__ . '/config.php';
    $configurator = new ModuleConfigurator();
    $classUtility = ucfirst($moduleDirName) . 'Utility';
    if (!class_exists($classUtility)) {
        xoops_load('utility', $moduleDirName);
    }

    //delete old HTML templates
    if (count($configurator->templateFolders) > 0) {
        foreach ($configurator->templateFolders as $folder) {
            $templateFolder = $GLOBALS['xoops']->path('modules/' . $moduleDirName . $folder);
            if (is_dir($templateFolder)) {
                $templateList = array_diff(scandir($templateFolder), array('..', '.'));
                foreach ($templateList as $k => $v) {
                    $fileInfo = new SplFileInfo($templateFolder . $v);
                    if ($fileInfo->getExtension() === 'html' && $fileInfo->getFilename() !== 'index.html') {
                        if (file_exists($templateFolder . $v)) {
                            unlink($templateFolder . $v);
                        }
                    }
                }
            }
        }
    }

    //  ---  DELETE OLD FILES ---------------
    if (count($configurator->oldFiles) > 0) {
        //    foreach (array_keys($GLOBALS['uploadFolders']) as $i) {
        foreach (array_keys($configurator->oldFiles) as $i) {
            $tempFile = $GLOBALS['xoops']->path('modules/' . $moduleDirName . $configurator->oldFiles[$i]);
            if (is_file($tempFile)) {
                unlink($tempFile);
            }
        }
    }

    //  ---  DELETE OLD FOLDERS ---------------
    xoops_load('XoopsFile');
    if (count($configurator->oldFolders) > 0) {
        //    foreach (array_keys($GLOBALS['uploadFolders']) as $i) {
        foreach (array_keys($configurator->oldFolders) as $i) {
            $tempFolder = $GLOBALS['xoops']->path('modules/' . $moduleDirName . $configurator->oldFolders[$i]);
            /* @var $folderHandler XoopsObjectHandler */
            $folderHandler = XoopsFile::getHandler('folder', $tempFolder);
            $folderHandler->delete($tempFolder);
        }
    }

    //  ---  CREATE FOLDERS ---------------
    if (count($configurator->uploadFolders) > 0) {
        //    foreach (array_keys($GLOBALS['uploadFolders']) as $i) {
        foreach (array_keys($configurator->uploadFolders) as $i) {
            $classUtility::createFolder($configurator->uploadFolders[$i]);
        }
    }

    //  ---  COPY blank.png FILES ---------------
    if (count($configurator->blankFiles) > 0) {
        $file = __DIR__ . '/../assets/images/blank.png';
        foreach (array_keys($configurator->blankFiles) as $i) {
            $dest = $configurator->blankFiles[$i] . '/blank.png';
            $classUtility::copyFile($file, $dest);
        }
    }

    //delete .html entries from the tpl table
    $sql = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('tplfile') . " WHERE `tpl_module` = '" . $module->getVar('dirname', 'n') . '\' AND `tpl_file` LIKE \'%.html%\'';
    $GLOBALS['xoopsDB']->queryF($sql);

    /** @var XoopsGroupPermHandler $gpermHandler */
    $gpermHandler = xoops_getHandler('groupperm');

    return $gpermHandler->deleteByModule($module->getVar('mid'), 'item_read');

    return true;
}

/**
 * @param $str
 * @return mixed
 */
function makeShort($str)
{
    $replacements = array(
        'Š' => 'S',
        'š' => 's',
        'Ž' => 'Z',
        'ž' => 'z',
        'À' => 'A',
        'Á' => 'A',
        'Â' => 'A',
        'Ã' => 'A',
        'Ä' => 'A',
        'Å' => 'A',
        'Æ' => 'A',
        'Ç' => 'C',
        'È' => 'E',
        'É' => 'E',
        'Ê' => 'E',
        'Ë' => 'E',
        'Ì' => 'I',
        'Í' => 'I',
        'Î' => 'I',
        'Ï' => 'I',
        'Ñ' => 'N',
        'Ò' => 'O',
        'Ó' => 'O',
        'Ô' => 'O',
        'Õ' => 'O',
        'Ö' => 'O',
        'Ø' => 'O',
        'Ù' => 'U',
        'Ú' => 'U',
        'Û' => 'U',
        'Ü' => 'U',
        'Ý' => 'Y',
        'Þ' => 'B',
        'ß' => 'ss',
        'à' => 'a',
        'á' => 'a',
        'â' => 'a',
        'ã' => 'a',
        'ä' => 'a',
        'å' => 'a',
        'æ' => 'a',
        'ç' => 'c',
        'è' => 'e',
        'é' => 'e',
        'ê' => 'e',
        'ë' => 'e',
        'ì' => 'i',
        'í' => 'i',
        'î' => 'i',
        'ï' => 'i',
        'ð' => 'o',
        'ñ' => 'n',
        'ò' => 'o',
        'ó' => 'o',
        'ô' => 'o',
        'õ' => 'o',
        'ö' => 'o',
        'ø' => 'o',
        'ù' => 'u',
        'ú' => 'u',
        'û' => 'u',
        'ý' => 'y',
        'ý' => 'y',
        'þ' => 'b',
        'ÿ' => 'y'
    );

    $str = strip_tags($str);
    $str = strtr($str, $replacements);

    return str_replace(array(' ', '-', '/', "\\", "'", '"', "\r", "\n", '&', '?', '!', '%', ',', '.'), '', $str);
}


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits
4		* of supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or credit authors.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10		*/
11
12		/**
13		* @copyright {@link http://xoops.org/ XOOPS Project}
14		* @license {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
15		* @package
16		* @since
17		* @author XOOPS Development Team,
18		* @author GIJ=CHECKMATE (PEAK Corp. http://www.peak.ne.jp/)
19		* @author Antiques Promotion (http://www.antiquespromotion.ca)
20		* @return bool
21		*/
22
23		if ((!defined('XOOPS_ROOT_PATH')) \|\| !($GLOBALS['xoopsUser'] instanceof XoopsUser)
24		\|\| !$GLOBALS['xoopsUser']->IsAdmin()
25		) {
26		exit('Restricted access' . PHP_EOL);
27		}
28
29		/**
30		* @param string $tablename
31		*
32		* @return bool
33		*/
34		function tableExists($tablename)
35		{
36		$result = $GLOBALS['xoopsDB']->queryF("SHOW TABLES LIKE '$tablename'");
37
38		return $GLOBALS['xoopsDB']->getRowsNum($result) > 0;
39		}
40
41		/**
42		*
43		* Prepares system prior to attempting to install module
44		* @param XoopsModule $module {@link XoopsModule}
45		*
46		* @return bool true if ready to install, false if not
47		*/
48		function xoops_module_pre_update_apcal(XoopsModule $module)
49		{
50		$moduleDirName = basename(dirname(__DIR__));
51		$classUtility = ucfirst($moduleDirName) . 'Utility';
52		if (!class_exists($classUtility)) {
53		xoops_load('utility', $moduleDirName);
54		}
55		//check for minimum XOOPS version
56		if (!$classUtility::checkVerXoops($module)) {
57		return false;
58		}
59
60		// check for minimum PHP version
61		if (!$classUtility::checkVerPhp($module)) {
62		return false;
63		}
64
65		return true;
66		}
67
68		function xoops_module_update_apcal(XoopsModule $module)
		0 ignored issues – show Documentation introduced 2017-03-23 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
69		{
70		// global $xoopsDB;
71		$moduleDirName = basename(dirname(__DIR__));
72		$capsDirName = strtoupper($moduleDirName);
73
74	View Code Duplication	if (!$GLOBALS['xoopsDB']->queryF("SELECT shortsummary FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')}")) {
75		if ($GLOBALS['xoopsDB']->queryF("ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_event')} ADD shortsummary VARCHAR(255) AFTER groupid")) {
76		}
77		}
78		$result = $GLOBALS['xoopsDB']->queryF("SELECT id, summary FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')}");
79		while ($row = $GLOBALS['xoopsDB']->fetchArray($result)) {
80		$shortsummary = makeShort($row['summary']);
81		$GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_event')} SET shortsummary='{$shortsummary}' WHERE id={$row['id']}");
82		}
83
84	View Code Duplication	if (!$GLOBALS['xoopsDB']->queryF("SELECT cat_shorttitle FROM {$GLOBALS['xoopsDB']->prefix('apcal_cat')}")) {
85		if ($GLOBALS['xoopsDB']->queryF("ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_cat')} ADD cat_shorttitle VARCHAR(255) AFTER enabled")) {
86		}
87		}
88		$result = $GLOBALS['xoopsDB']->queryF("SELECT cid, cat_title FROM {$GLOBALS['xoopsDB']->prefix('apcal_cat')}");
89		while ($row = $GLOBALS['xoopsDB']->fetchArray($result)) {
90		$cat_shorttitle = makeShort($row['cat_title']);
91		$GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_cat')} SET cat_shorttitle='{$cat_shorttitle}' WHERE cid={$row['cid']}");
92		}
93
94		if (!$GLOBALS['xoopsDB']->queryF("SELECT email,url,mainCategory, otherHours FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')}")) {
95		$sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_event')} ";
96		$sql .= 'ADD url VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'\' AFTER location,';
97		$sql .= 'ADD email VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'\' AFTER url,';
98		$sql .= 'ADD mainCategory SMALLINT( 5 ) UNSIGNED ZEROFILL NOT NULL DEFAULT \'00000\' AFTER dtstamp,';
99		$sql .= 'ADD otherHours VARCHAR( 255 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'\' AFTER end';
100		$GLOBALS['xoopsDB']->queryF($sql);
101		}
102
103		if (!$GLOBALS['xoopsDB']->queryF("SELECT color,canbemain FROM {$GLOBALS['xoopsDB']->prefix('apcal_cat')}")) {
104		$sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_cat')} ";
105		$sql .= 'ADD color VARCHAR( 7 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT \'#5555AA\' AFTER cat_desc,';
106		$sql .= 'ADD canbemain TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT \'0\' AFTER autocreated';
107		$GLOBALS['xoopsDB']->queryF($sql);
108		}
109
110		$sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_pictures')} ";
111		$sql .= '(id int(10) unsigned NOT NULL AUTO_INCREMENT,';
112		$sql .= 'event_id int(10) unsigned zerofill NOT NULL,';
113		$sql .= 'picture varchar(255) NOT NULL,';
114		$sql .= 'main_pic tinyint(1) unsigned NOT NULL DEFAULT \'0\',';
115		$sql .= 'PRIMARY KEY (id)) ';
116		$sql .= 'ENGINE=MyISAM DEFAULT CHARSET=utf8';
117		$GLOBALS['xoopsDB']->queryF($sql);
118
119		$sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_ro_events')} (
120		roe_id int(10) unsigned NOT NULL AUTO_INCREMENT,
121		roe_eventid mediumint(8) unsigned zerofill NOT NULL DEFAULT '00000000',
122		roe_number int(10) NOT NULL DEFAULT '0',
123		roe_datelimit int(10) NOT NULL DEFAULT '0',
124		roe_needconfirm INT(10) NOT NULL DEFAULT '0',
125		roe_waitinglist INT(10) NOT NULL DEFAULT '0',
126		roe_submitter int(10) NOT NULL DEFAULT '0',
127		roe_date_created int(10) NOT NULL DEFAULT '0',
128		PRIMARY KEY (roe_id),
129		KEY event (roe_eventid))
130		ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1";
131		$GLOBALS['xoopsDB']->queryF($sql);
132
133		$sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_ro_members')} (
134		rom_id int(10) unsigned NOT NULL AUTO_INCREMENT,
135		rom_eventid mediumint(8) unsigned zerofill NOT NULL DEFAULT '00000000',
136		rom_firstname varchar(200) DEFAULT NULL,
137		rom_lastname varchar(200) DEFAULT NULL,
138		rom_email varchar(200) DEFAULT NULL,
139		rom_extrainfo1 varchar(200) DEFAULT NULL,
140		rom_extrainfo2 varchar(200) DEFAULT NULL,
141		rom_extrainfo3 varchar(200) DEFAULT NULL,
142		rom_extrainfo4 varchar(200) DEFAULT NULL,
143		rom_extrainfo5 varchar(200) DEFAULT NULL,
144		rom_poster_ip varchar(200) DEFAULT NULL,
145		rom_status int(10) NOT NULL DEFAULT '0',
146		rom_submitter int(10) NOT NULL DEFAULT '0',
147		rom_date_created int(10) NOT NULL DEFAULT '0',
148		PRIMARY KEY (rom_id),
149		UNIQUE KEY UNQ_EMAIL (rom_eventid, rom_email),
150		KEY event (rom_eventid))
151		ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1";
152		$GLOBALS['xoopsDB']->queryF($sql);
153
154		$sql = "CREATE TABLE IF NOT EXISTS {$GLOBALS['xoopsDB']->prefix('apcal_ro_notify')} (
155		ron_id int(10) unsigned NOT NULL AUTO_INCREMENT,
156		ron_eventid mediumint(8) unsigned zerofill NOT NULL DEFAULT '00000000',
157		ron_email varchar(200) DEFAULT NULL,
158		ron_submitter int(10) DEFAULT NULL,
159		ron_date_created int(11) NOT NULL DEFAULT '0',
160		PRIMARY KEY (ron_id),
161		KEY event (ron_eventid))
162		ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1";
163		$GLOBALS['xoopsDB']->queryF($sql);
164
165		$GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_event')} SET start_date=NULL,end_date=NULL");
166		$GLOBALS['xoopsDB']->queryF("UPDATE {$GLOBALS['xoopsDB']->prefix('apcal_event')} t, (SELECT id, shortsummary FROM {$GLOBALS['xoopsDB']->prefix('apcal_event')} x WHERE x.rrule_pid>0 GROUP BY x.shortsummary ORDER BY start) AS e SET t.rrule_pid=e.id WHERE t.shortsummary=e.shortsummary;");
167
168		// fix problem from removed poster_ip
169		$sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_members')} ADD `rom_status` INT(1) NOT NULL DEFAULT '0' AFTER `rom_extrainfo5`;";
170		$GLOBALS['xoopsDB']->queryF($sql);
171		// fix problem from removed poster_ip
172		$sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_members')} ADD `rom_poster_ip` VARCHAR(200) NULL DEFAULT '' AFTER `rom_extrainfo5`;";
173		$GLOBALS['xoopsDB']->queryF($sql);
174
175		// fix problem from removed roe_waitinglist
176		$sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_events')} ADD `roe_waitinglist` INT(10) NOT NULL DEFAULT '0' AFTER `roe_datelimit`;";
177		$GLOBALS['xoopsDB']->queryF($sql);
178
179		// fix problem from removed roe_waitinglist
180		$sql = "ALTER TABLE {$GLOBALS['xoopsDB']->prefix('apcal_ro_events')} ADD `roe_needconfirm` INT(10) NOT NULL DEFAULT '0' AFTER `roe_datelimit`;";
181		$GLOBALS['xoopsDB']->queryF($sql);
182
183		// if (!is_dir(XOOPS_UPLOAD_PATH . '/apcal/')) {
184		// mkdir(XOOPS_UPLOAD_PATH . '/apcal/', 0755);
185		// }
186		// if (!is_dir(XOOPS_UPLOAD_PATH . '/apcal/thumbs/')) {
187		// mkdir(XOOPS_UPLOAD_PATH . '/apcal/thumbs/', 0755);
188		// }
189
190		require_once __DIR__ . '/config.php';
191		$configurator = new ModuleConfigurator();
192		$classUtility = ucfirst($moduleDirName) . 'Utility';
193		if (!class_exists($classUtility)) {
194		xoops_load('utility', $moduleDirName);
195		}
196
197		//delete old HTML templates
198		if (count($configurator->templateFolders) > 0) {
199		foreach ($configurator->templateFolders as $folder) {
200		$templateFolder = $GLOBALS['xoops']->path('modules/' . $moduleDirName . $folder);
201		if (is_dir($templateFolder)) {
202		$templateList = array_diff(scandir($templateFolder), array('..', '.'));
203		foreach ($templateList as $k => $v) {
204		$fileInfo = new SplFileInfo($templateFolder . $v);
205		if ($fileInfo->getExtension() === 'html' && $fileInfo->getFilename() !== 'index.html') {
206		if (file_exists($templateFolder . $v)) {
207		unlink($templateFolder . $v);
208		}
209		}
210		}
211		}
212		}
213		}
214
215		// --- DELETE OLD FILES ---------------
216		if (count($configurator->oldFiles) > 0) {
217		// foreach (array_keys($GLOBALS['uploadFolders']) as $i) {
218		foreach (array_keys($configurator->oldFiles) as $i) {
219		$tempFile = $GLOBALS['xoops']->path('modules/' . $moduleDirName . $configurator->oldFiles[$i]);
220		if (is_file($tempFile)) {
221		unlink($tempFile);
222		}
223		}
224		}
225
226		// --- DELETE OLD FOLDERS ---------------
227		xoops_load('XoopsFile');
228		if (count($configurator->oldFolders) > 0) {
229		// foreach (array_keys($GLOBALS['uploadFolders']) as $i) {
230		foreach (array_keys($configurator->oldFolders) as $i) {
231		$tempFolder = $GLOBALS['xoops']->path('modules/' . $moduleDirName . $configurator->oldFolders[$i]);
232		/* @var $folderHandler XoopsObjectHandler */
233		$folderHandler = XoopsFile::getHandler('folder', $tempFolder);
234		$folderHandler->delete($tempFolder);
235		}
236		}
237
238		// --- CREATE FOLDERS ---------------
239	View Code Duplication	if (count($configurator->uploadFolders) > 0) {
240		// foreach (array_keys($GLOBALS['uploadFolders']) as $i) {
241		foreach (array_keys($configurator->uploadFolders) as $i) {
242		$classUtility::createFolder($configurator->uploadFolders[$i]);
243		}
244		}
245
246		// --- COPY blank.png FILES ---------------
247	View Code Duplication	if (count($configurator->blankFiles) > 0) {
248		$file = __DIR__ . '/../assets/images/blank.png';
249		foreach (array_keys($configurator->blankFiles) as $i) {
250		$dest = $configurator->blankFiles[$i] . '/blank.png';
251		$classUtility::copyFile($file, $dest);
252		}
253		}
254
255		//delete .html entries from the tpl table
256		$sql = 'DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('tplfile') . " WHERE `tpl_module` = '" . $module->getVar('dirname', 'n') . '\' AND `tpl_file` LIKE \'%.html%\'';
257		$GLOBALS['xoopsDB']->queryF($sql);
258
259		/** @var XoopsGroupPermHandler $gpermHandler */
260		$gpermHandler = xoops_getHandler('groupperm');
261
262		return $gpermHandler->deleteByModule($module->getVar('mid'), 'item_read');
263
264		return true;
265		}
266
267		/**
268		* @param $str
269		* @return mixed
270		*/
271	View Code Duplication	function makeShort($str)
272		{
273		$replacements = array(
274		'Š' => 'S',
275		'š' => 's',
276		'Ž' => 'Z',
277		'ž' => 'z',
278		'À' => 'A',
279		'Á' => 'A',
280		'Â' => 'A',
281		'Ã' => 'A',
282		'Ä' => 'A',
283		'Å' => 'A',
284		'Æ' => 'A',
285		'Ç' => 'C',
286		'È' => 'E',
287		'É' => 'E',
288		'Ê' => 'E',
289		'Ë' => 'E',
290		'Ì' => 'I',
291		'Í' => 'I',
292		'Î' => 'I',
293		'Ï' => 'I',
294		'Ñ' => 'N',
295		'Ò' => 'O',
296		'Ó' => 'O',
297		'Ô' => 'O',
298		'Õ' => 'O',
299		'Ö' => 'O',
300		'Ø' => 'O',
301		'Ù' => 'U',
302		'Ú' => 'U',
303		'Û' => 'U',
304		'Ü' => 'U',
305		'Ý' => 'Y',
306		'Þ' => 'B',
307		'ß' => 'ss',
308		'à' => 'a',
309		'á' => 'a',
310		'â' => 'a',
311		'ã' => 'a',
312		'ä' => 'a',
313		'å' => 'a',
314		'æ' => 'a',
315		'ç' => 'c',
316		'è' => 'e',
317		'é' => 'e',
318		'ê' => 'e',
319		'ë' => 'e',
320		'ì' => 'i',
321		'í' => 'i',
322		'î' => 'i',
323		'ï' => 'i',
324		'ð' => 'o',
325		'ñ' => 'n',
326		'ò' => 'o',
327		'ó' => 'o',
328		'ô' => 'o',
329		'õ' => 'o',
330		'ö' => 'o',
331		'ø' => 'o',
332		'ù' => 'u',
333		'ú' => 'u',
334		'û' => 'u',
335		'ý' => 'y',
336		'ý' => 'y',
337		'þ' => 'b',
338		'ÿ' => 'y'
339		);
340
341		$str = strip_tags($str);
342		$str = strtr($str, $replacements);
343
344		return str_replace(array(' ', '-', '/', "\\", "'", '"', "\r", "\n", '&', '?', '!', '%', ',', '.'), '', $str);
345		}
346

XoopsModules25x / apcal

Issues (1210)

Security Analysis not enabled

include/onupdate.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like