Issues in admin.php (master) - Issues in master - XoopsModules25x/apcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1210)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

language/utf8_tw/admin.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

if( defined( 'FOR_XOOPS_LANG_CHECKER' ) || ! defined( 'APCAL_AM_LOADED' ) ) {


define( 'APCAL_AM_LOADED' , 1 ) ;
define('APCAL_COPYRIGHT' , '<a href="http://xoops.antiquespromotion.ca" title="Calendar for Xoops" target="_blank">APCal</a> by <a href="http://www.antiquespromotion.ca" title="Antiques Promotion Canada" target="_blank">AP</a>');


// titles
define("_AM_ADMISSION","待審事件管理");
define('_AM_MENU_EVENTS','事件管理');
define('_AM_MENU_CATEGORIES','類別管理');
define("_AM_MENU_CAT2GROUP","類別的進入權限");
define("_AM_ICALENDAR_IMPORT","匯入 iCalendar");
define("_AM_GROUPPERM","群組權限管理");
define('_AM_TABLEMAINTAIN','表單維護 (Upgrade)');
define('_AM_MYBLOCKSADMIN','APCal的 區塊與群組管理');

// forms
define("_AM_BUTTON_EXTRACT","提取");
define("_AM_BUTTON_ADMIT","確定");
define('_AM_BUTTON_MOVE','移動');
define('_AM_BUTTON_COPY','複製');
define("_AM_CONFIRM_DELETE","真的要刪除嗎？");
define('_AM_CONFIRM_MOVE','要將舊類別屬性移除，給于新的類別屬性指定嗎？');
define('_AM_CONFIRM_COPY','要新增類別屬性嗎？');
define('_AM_OPT_PAST','過往資料');
define('_AM_OPT_FUTURE','未來資料');
define('_AM_OPT_PASTANDFUTURE','無指定');

// format
define('_AM_DTFMT_LIST_ALLDAY','y-m-d');
define('_AM_DTFMT_LIST_NORMAL','y-m-d<\b\r />H:i');

// timezones
define('_AM_TZOPT_SERVER','伺服器時間');
define('_AM_TZOPT_GMT','GMT代號');
define('_AM_TZOPT_USER','使用者時間');

// admission
define("_AM_LABEL_ADMIT","確定核准已選取的事件");
define("_AM_MES_ADMITTED","事件已經核准了");
define("_AM_ADMIT_TH0","用戶");
define("_AM_ADMIT_TH1","開始時間");
define("_AM_ADMIT_TH2","結束時間");
define("_AM_ADMIT_TH3","主題");
define("_AM_ADMIT_TH4","重複條件");

// iCalendar I/O
define("_AM_LABEL_IMPORTFROMWEB","從網路上匯入 iCalendar 資料 (輸入 URL 請以 'http://' 或 'webcal://' 開頭)");
define("_AM_LABEL_UPLOADFROMFILE","上傳 iCalendar 資料 (從您的本機電腦選擇檔案)");
define("_AM_LABEL_IO_CHECKEDITEMS","選取的事件：");
define("_AM_LABEL_IO_OUTPUT","匯出為 iCalendar形式");
define("_AM_LABEL_IO_DELETE","執行刪除");
define('_AM_MES_EVENTLINKTOCAT','個別的事件已經登記到類別裡。');
define('_AM_MES_EVENTUNLINKED','個別的事件以從舊類別裡移除');
define('_AM_FMT_IMPORTED','個別的事件已由 %s 匯入');
define("_AM_MES_DELETED","事件已刪除了");
define("_AM_IO_TH0","用戶");
define("_AM_IO_TH1","開始日期時間");
define("_AM_IO_TH2","結束日期時間");
define("_AM_IO_TH3","主題");
define("_AM_IO_TH4","重複");
define("_AM_IO_TH5","已審核");

// Group's Permissions
define( '_AM_GPERM_G_INSERTABLE' , "新增事件") ;
define( '_AM_GPERM_G_SUPERINSERT' , "新增事件(不需審核)") ;
define( '_AM_GPERM_G_EDITABLE' , "編輯事件") ;
define( '_AM_GPERM_G_SUPEREDIT' , "編輯事件(不需審核)") ;
define( '_AM_GPERM_G_DELETABLE' , "刪除事件") ;
define( '_AM_GPERM_G_SUPERDELETE' , "刪除事件(不需審核)") ;
define( '_AM_GPERM_G_TOUCHOTHERS' , "管理他人事件") ;
define('_AM_CAT2GROUPDESC','針對各群組，請點選每個可以訪問的類別權限');
define( '_AM_GROUPPERMDESC' , "選擇每一個群組所能做的權限<br />假如您需要這功能, 必須先設定 '用戶權限' 為 '依照群組權限設定'<br />這權限設定在管理員與訪客這兩個群組中會被忽略") ;

// Table Maintenance
define('_AM_MB_SUCCESSUPDATETABLE','表單結構升級成功！');
define('_AM_MB_FAILUPDATETABLE','表單結構升級失敗！');
define('_AM_NOTICE_NOERRORS','已升級成功並且無發現任何錯誤。');
define('_AM_ALRT_CATTABLENOTEXIST','無此類別表單。<br />是否要自動生成這個表單？');
define('_AM_ALRT_OLDTABLE','事件表單的結構較舊。<br />是否要執行升級？');
define('_AM_ALRT_TOOOLDTABLE','表單錯誤！<br />預估可能是V0.3或之前的版本，<br />請您先升級到 V0.4x 或 0.5x的版本！');
define('_AM_FMT_SERVER_TZ_ALL','本伺服器的冬季時區： %+2.1f<br />本伺服器的夏季時區： %+2.1f<br />伺服器時區設定定義： %s (此處伺服器預設語系跟您網站預設語系衝突會產生亂碼，不用在意)<br />本XOOPS裡伺服器所在地預設的設定值： %+2.1f<br />行事曆APCal採用值： %+2.1f<br />');
define('_AM_TH_SERVER_TZ_COUNT','總事件數');
define('_AM_TH_SERVER_TZ_VALUE','時區');
define('_AM_TH_SERVER_TZ_VALUE_TO','變更值 (-14.0℅14.0)');
define('_AM_JSALRT_SERVER_TZ','在設定此動作之前建議您事先將資料庫做備份。');
define('_AM_NOTICE_SERVER_TZ','如果您的伺服器架設於日光節約時區 (Day Light Saving) 將造成 APCal 0.8以前所登記的資料出現一個小時左右的誤差，如有那種情形請勿按此按鈕。');
define('_AM_MB_SUCCESSTZUPDATE','所有資料都已按照此伺服器所預設之時區設定完成。');

// Categories
define('_AM_CAT_TH_TITLE','類別名稱');
define('_AM_CAT_TH_DESC','類別說明');
define('_AM_CAT_TH_PARENT','主類別');
define('_AM_CAT_TH_OPTIONS','選項');
define('_AM_CAT_TH_LASTMODIFY','最後更新日');
define('_AM_CAT_TH_OPERATION','操作');
define('_AM_CAT_TH_ENABLED','有效');
define('_AM_CAT_TH_WEIGHT','排序');
define('_AM_CAT_TH_SUBMENU','顯示子類別');
define('_AM_BTN_UPDATE','更新');
define('_AM_MENU_CAT_EDIT','編輯類別');
define('_AM_MENU_CAT_NEW','新增類別');
define('_AM_MB_MAKESUBCAT','子類別');
define('_AM_MB_MAKETOPCAT','在最上層新增類別');
define('_AM_MB_CAT_INSERTED','新類別已經增加了');
define('_AM_MB_CAT_UPDATED','類別已更新！');
define('_AM_FMT_CAT_DELETED','已刪除了 %s 類別！');
define('_AM_FMT_CAT_BATCHUPDATED','%s 類別已經被更新了！');
define('_AM_FMT_CATDELCONFIRM','您確定要刪除 %s 這個類別嗎？');

// Plugins
define('_AM_PI_UPDATED','已經完成更新了！');
define('_AM_PI_TH_TYPE','適用於');
define('_AM_PI_TH_OPTIONS','選項 (一般為置空)');
define('_AM_PI_TH_TITLE','顯示標題');
define('_AM_PI_TH_DIRNAME','目標模組');
define('_AM_PI_TH_FILE','Plugin檔案');
define('_AM_PI_TH_DOTGIF','代表點圖');
define('_AM_PI_TH_OPERATION','操作');
define('_AM_PI_ENABLED','有效');
define('_AM_PI_DELETE','刪除');
define('_AM_PI_NEW','新設定');
define('_AM_PI_VIEWYEARLY','顯示於整年曆');
define('_AM_PI_VIEWMONTHLY','顯示於大月曆');
define('_AM_PI_VIEWWEEKLY','顯示於週曆');
define('_AM_PI_VIEWDAILY','顯示於每日');

}

?>


1		<?php
2
3	View Code Duplication	if( defined( 'FOR_XOOPS_LANG_CHECKER' ) \|\| ! defined( 'APCAL_AM_LOADED' ) ) {
		0 ignored issues – show Duplication introduced 2019-09-08 09:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
4
5		define( 'APCAL_AM_LOADED' , 1 ) ;
6		define('APCAL_COPYRIGHT' , '<a href="http://xoops.antiquespromotion.ca" title="Calendar for Xoops" target="_blank">APCal</a> by <a href="http://www.antiquespromotion.ca" title="Antiques Promotion Canada" target="_blank">AP</a>');
7
8
9		// titles
10		define("_AM_ADMISSION","待審事件管理");
11		define('_AM_MENU_EVENTS','事件管理');
12		define('_AM_MENU_CATEGORIES','類別管理');
13		define("_AM_MENU_CAT2GROUP","類別的進入權限");
14		define("_AM_ICALENDAR_IMPORT","匯入 iCalendar");
15		define("_AM_GROUPPERM","群組權限管理");
16		define('_AM_TABLEMAINTAIN','表單維護 (Upgrade)');
17		define('_AM_MYBLOCKSADMIN','APCal的區塊與群組管理');
18
19		// forms
20		define("_AM_BUTTON_EXTRACT","提取");
21		define("_AM_BUTTON_ADMIT","確定");
22		define('_AM_BUTTON_MOVE','移動');
23		define('_AM_BUTTON_COPY','複製');
24		define("_AM_CONFIRM_DELETE","真的要刪除嗎？");
25		define('_AM_CONFIRM_MOVE','要將舊類別屬性移除，給于新的類別屬性指定嗎？');
26		define('_AM_CONFIRM_COPY','要新增類別屬性嗎？');
27		define('_AM_OPT_PAST','過往資料');
28		define('_AM_OPT_FUTURE','未來資料');
29		define('_AM_OPT_PASTANDFUTURE','無指定');
30
31		// format
32		define('_AM_DTFMT_LIST_ALLDAY','y-m-d');
33		define('_AM_DTFMT_LIST_NORMAL','y-m-d<\b\r />H:i');
34
35		// timezones
36		define('_AM_TZOPT_SERVER','伺服器時間');
37		define('_AM_TZOPT_GMT','GMT代號');
38		define('_AM_TZOPT_USER','使用者時間');
39
40		// admission
41		define("_AM_LABEL_ADMIT","確定核准已選取的事件");
42		define("_AM_MES_ADMITTED","事件已經核准了");
43		define("_AM_ADMIT_TH0","用戶");
44		define("_AM_ADMIT_TH1","開始時間");
45		define("_AM_ADMIT_TH2","結束時間");
46		define("_AM_ADMIT_TH3","主題");
47		define("_AM_ADMIT_TH4","重複條件");
48
49		// iCalendar I/O
50		define("_AM_LABEL_IMPORTFROMWEB","從網路上匯入 iCalendar 資料 (輸入 URL 請以 'http://' 或 'webcal://' 開頭)");
51		define("_AM_LABEL_UPLOADFROMFILE","上傳 iCalendar 資料 (從您的本機電腦選擇檔案)");
52		define("_AM_LABEL_IO_CHECKEDITEMS","選取的事件：");
53		define("_AM_LABEL_IO_OUTPUT","匯出為 iCalendar形式");
54		define("_AM_LABEL_IO_DELETE","執行刪除");
55		define('_AM_MES_EVENTLINKTOCAT','個別的事件已經登記到類別裡。');
56		define('_AM_MES_EVENTUNLINKED','個別的事件以從舊類別裡移除');
57		define('_AM_FMT_IMPORTED','個別的事件已由 %s 匯入');
58		define("_AM_MES_DELETED","事件已刪除了");
59		define("_AM_IO_TH0","用戶");
60		define("_AM_IO_TH1","開始日期時間");
61		define("_AM_IO_TH2","結束日期時間");
62		define("_AM_IO_TH3","主題");
63		define("_AM_IO_TH4","重複");
64		define("_AM_IO_TH5","已審核");
65
66		// Group's Permissions
67		define( '_AM_GPERM_G_INSERTABLE' , "新增事件") ;
68		define( '_AM_GPERM_G_SUPERINSERT' , "新增事件(不需審核)") ;
69		define( '_AM_GPERM_G_EDITABLE' , "編輯事件") ;
70		define( '_AM_GPERM_G_SUPEREDIT' , "編輯事件(不需審核)") ;
71		define( '_AM_GPERM_G_DELETABLE' , "刪除事件") ;
72		define( '_AM_GPERM_G_SUPERDELETE' , "刪除事件(不需審核)") ;
73		define( '_AM_GPERM_G_TOUCHOTHERS' , "管理他人事件") ;
74		define('_AM_CAT2GROUPDESC','針對各群組，請點選每個可以訪問的類別權限');
75		define( '_AM_GROUPPERMDESC' , "選擇每一個群組所能做的權限<br />假如您需要這功能, 必須先設定 '用戶權限' 為 '依照群組權限設定'<br />這權限設定在管理員與訪客這兩個群組中會被忽略") ;
76
77		// Table Maintenance
78		define('_AM_MB_SUCCESSUPDATETABLE','表單結構升級成功！');
79		define('_AM_MB_FAILUPDATETABLE','表單結構升級失敗！');
80		define('_AM_NOTICE_NOERRORS','已升級成功並且無發現任何錯誤。');
81		define('_AM_ALRT_CATTABLENOTEXIST','無此類別表單。<br />是否要自動生成這個表單？');
82		define('_AM_ALRT_OLDTABLE','事件表單的結構較舊。<br />是否要執行升級？');
83		define('_AM_ALRT_TOOOLDTABLE','表單錯誤！<br />預估可能是V0.3或之前的版本，<br />請您先升級到 V0.4x 或 0.5x的版本！');
84		define('_AM_FMT_SERVER_TZ_ALL','本伺服器的冬季時區： %+2.1f<br />本伺服器的夏季時區： %+2.1f<br />伺服器時區設定定義： %s (此處伺服器預設語系跟您網站預設語系衝突會產生亂碼，不用在意)<br />本XOOPS裡伺服器所在地預設的設定值： %+2.1f<br />行事曆APCal採用值： %+2.1f<br />');
85		define('_AM_TH_SERVER_TZ_COUNT','總事件數');
86		define('_AM_TH_SERVER_TZ_VALUE','時區');
87		define('_AM_TH_SERVER_TZ_VALUE_TO','變更值 (-14.0℅14.0)');
88		define('_AM_JSALRT_SERVER_TZ','在設定此動作之前建議您事先將資料庫做備份。');
89		define('_AM_NOTICE_SERVER_TZ','如果您的伺服器架設於日光節約時區 (Day Light Saving) 將造成 APCal 0.8以前所登記的資料出現一個小時左右的誤差，如有那種情形請勿按此按鈕。');
90		define('_AM_MB_SUCCESSTZUPDATE','所有資料都已按照此伺服器所預設之時區設定完成。');
91
92		// Categories
93		define('_AM_CAT_TH_TITLE','類別名稱');
94		define('_AM_CAT_TH_DESC','類別說明');
95		define('_AM_CAT_TH_PARENT','主類別');
96		define('_AM_CAT_TH_OPTIONS','選項');
97		define('_AM_CAT_TH_LASTMODIFY','最後更新日');
98		define('_AM_CAT_TH_OPERATION','操作');
99		define('_AM_CAT_TH_ENABLED','有效');
100		define('_AM_CAT_TH_WEIGHT','排序');
101		define('_AM_CAT_TH_SUBMENU','顯示子類別');
102		define('_AM_BTN_UPDATE','更新');
103		define('_AM_MENU_CAT_EDIT','編輯類別');
104		define('_AM_MENU_CAT_NEW','新增類別');
105		define('_AM_MB_MAKESUBCAT','子類別');
106		define('_AM_MB_MAKETOPCAT','在最上層新增類別');
107		define('_AM_MB_CAT_INSERTED','新類別已經增加了');
108		define('_AM_MB_CAT_UPDATED','類別已更新！');
109		define('_AM_FMT_CAT_DELETED','已刪除了 %s 類別！');
110		define('_AM_FMT_CAT_BATCHUPDATED','%s 類別已經被更新了！');
111		define('_AM_FMT_CATDELCONFIRM','您確定要刪除 %s 這個類別嗎？');
112
113		// Plugins
114		define('_AM_PI_UPDATED','已經完成更新了！');
115		define('_AM_PI_TH_TYPE','適用於');
116		define('_AM_PI_TH_OPTIONS','選項 (一般為置空)');
117		define('_AM_PI_TH_TITLE','顯示標題');
118		define('_AM_PI_TH_DIRNAME','目標模組');
119		define('_AM_PI_TH_FILE','Plugin檔案');
120		define('_AM_PI_TH_DOTGIF','代表點圖');
121		define('_AM_PI_TH_OPERATION','操作');
122		define('_AM_PI_ENABLED','有效');
123		define('_AM_PI_DELETE','刪除');
124		define('_AM_PI_NEW','新設定');
125		define('_AM_PI_VIEWYEARLY','顯示於整年曆');
126		define('_AM_PI_VIEWMONTHLY','顯示於大月曆');
127		define('_AM_PI_VIEWWEEKLY','顯示於週曆');
128		define('_AM_PI_VIEWDAILY','顯示於每日');
129
130		}
131
132		?>
		0 ignored issues – show Best Practice introduced 2019-09-08 09:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...

XoopsModules25x / apcal

Issues (1210)

Security Analysis not enabled

language/utf8_tw/admin.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like