Issues in mygrouppermform.php (master) - Issues in master - XoopsModules25x/blocksadmin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (62)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/mygrouppermform.php (3 issues)

Labels

Severity

Minor 3

<?php

/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright     {@link https://xoops.org/ XOOPS Project}
 * @license       {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @author        Kazumi Ono (AKA onokazu) http://www.myweb.ne.jp/, https://xoops.org/, http://jp.xoops.org/
 * @author        XOOPS Development Team
 */

if (!defined('XOOPS_ROOT_PATH')) {
    exit;
}

require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelement.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhidden.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formbutton.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelementtray.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/form.php';

/**
 * Renders a form for setting module specific group permissions
 *
 * @author       Kazumi Ono    <[email protected]>
 * @copyright    copyright (c) 2000-2003 XOOPS.org
 *
 * @package      kernel
 * @subpackage   form
 */
class MyXoopsGroupPermForm extends XoopsForm
{
    /**
     * Module ID
     * @var int
     */
    public $_modid;
    /**
     * Tree structure of items
     * @var array
     */
    public $_itemTree = [];
    /**
     * Name of permission
     * @var string
     */
    public $_permName;
    /**
     * Description of permission
     * @var string
     */
    public $_permDesc;
    /**
     * Appendix
     * @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
     */
    public $_appendix = [];

    /**
     * Constructor
     * @param $title
     * @param $modid
     * @param $permname
     * @param $permdesc
     */
    public function __construct($title, $modid, $permname, $permdesc)
    {
        //      $this->XoopsForm($title, 'groupperm_form', XOOPS_URL.'/modules/system/admin/groupperm.php', 'post'); GIJ
        parent::__construct($title, 'groupperm_form', '', 'post');
        $this->_modid    = (int)$modid;
        $this->_permName = $permname;
        $this->_permDesc = $permdesc;
        $this->addElement(new XoopsFormHidden('modid', $this->_modid));
    }

    /**
     * Adds an item to which permission will be assigned
     *
     * @param string $itemName
     * @param int    $itemId
     * @param int    $itemParent
     * @access public
     */
    public function addItem($itemId, $itemName, $itemParent = 0)
    {
        $this->_itemTree[$itemParent]['children'][] = $itemId;
        $this->_itemTree[$itemId]['parent']         = $itemParent;
        $this->_itemTree[$itemId]['name']           = $itemName;
        $this->_itemTree[$itemId]['id']             = $itemId;
    }

    /**
     * Add appendix
     *
     * @access public
     * @param $permName
     * @param $itemId
     * @param $itemName
     */
    public function addAppendix($permName, $itemId, $itemName)
    {
        $this->_appendix[] = ['permname' => $permName, 'itemid' => $itemId, 'itemname' => $itemName, 'selected' => false];
    }

    /**
     * Loads all child ids for an item to be used in javascript
     *
     * @param int   $itemId
     * @param array $childIds
     * @access private
     */
    public function _loadAllChildItemIds($itemId, &$childIds)
    {
        if (!empty($this->_itemTree[$itemId]['children'])) {
            $first_child = $this->_itemTree[$itemId]['children'];
            foreach ($first_child as $fcid) {
                $childIds[] = $fcid;
                if (!empty($this->_itemTree[$fcid]['children'])) {
                    foreach ($this->_itemTree[$fcid]['children'] as $_fcid) {
                        $childIds[] = $_fcid;
                        $this->_loadAllChildItemIds($_fcid, $childIds);
                    }
                }
            }
        }
    }

    /**
     * Renders the form
     *
     * @return string
     * @access public
     */
    public function render()
    {
        // load all child ids for javascript codes
        foreach (array_keys($this->_itemTree) as $item_id) {
            $this->_itemTree[$item_id]['allchild'] = [];
            $this->_loadAllChildItemIds($item_id, $this->_itemTree[$item_id]['allchild']);
        }
        /** @var \XoopsGroupPermHandler $grouppermHandler */
        $grouppermHandler = xoops_getHandler('groupperm');
        /** @var \XoopsMemberHandler $memberHandler */
        $memberHandler = xoops_getHandler('member');
        $glist         = $memberHandler->getGroupList();
        foreach (array_keys($glist) as $i) {
            // get selected item id(s) for each group
            $selected = $grouppermHandler->getItemIds($this->_permName, $i, $this->_modid);
            $ele      = new MyXoopsGroupFormCheckBox($glist[$i], 'perms[' . $this->_permName . ']', $i, $selected);
            $ele->setOptionTree($this->_itemTree);

            foreach ($this->_appendix as $key => $append) {
                $this->_appendix[$key]['selected'] = $grouppermHandler->checkRight($append['permname'], $append['itemid'], $i, $this->_modid);
            }
            $ele->setAppendix($this->_appendix);
            $this->addElement($ele);
            unset($ele);
        }

        // GIJ start
        $jstray          = new XoopsFormElementTray(' &nbsp; ');
        $jsuncheckbutton = new XoopsFormButton('', 'none', _NONE, 'button');
        $jsuncheckbutton->setExtra("onclick=\"with(document.groupperm_form){for(i=0;i<length;i++){if(elements[i].type=='checkbox'){elements[i].checked=false;}}}\"");
        $jscheckbutton = new XoopsFormButton('', 'all', _ALL, 'button');
        $jscheckbutton->setExtra("onclick=\"with(document.groupperm_form){for(i=0;i<length;i++){if(elements[i].type=='checkbox' && (elements[i].name.indexOf('module_admin')<0 || elements[i].name.indexOf('[groups][1]')>=0)){elements[i].checked=true;}}}\"");
        $jstray->addElement($jsuncheckbutton);
        $jstray->addElement($jscheckbutton);
        $this->addElement($jstray);
        // GIJ end

        $tray = new XoopsFormElementTray('');
        $tray->addElement(new XoopsFormButton('', 'reset', _CANCEL, 'reset'));
        $tray->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
        $this->addElement($tray);

        $ret      = '<h4>' . $this->getTitle() . '</h4>' . $this->_permDesc . '<br>';
        $ret      .= "<form name='" . $this->getName() . "' id='" . $this->getName() . "' action='" . $this->getAction() . "' method='" . $this->getMethod() . "'" . $this->getExtra() . ">\n<table width='100%' class='outer' cellspacing='1'>\n";
        $elements = &$this->getElements();
        foreach (array_keys($elements) as $i) {
            if (!is_object($elements[$i])) {
                $ret .= $elements[$i];
            } elseif ($elements[$i]->isHidden()) {
                $ret .= $elements[$i]->render();
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            } else {
                $ret .= "<tr valign='top' align='left'><td class='head'>" . $elements[$i]->getCaption();
                if ('' != $elements[$i]->getDescription()) {
                    $ret .= '<br><br><span style="font-weight: normal;">' . $elements[$i]->getDescription() . '</span>';
                }
                $ret .= "</td>\n<td class='even'>\n" . $elements[$i]->render() . "\n</td></tr>\n";
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            }
        }
        $ret .= '</table>' . $GLOBALS['xoopsSecurity']->getTokenHTML() . '</form>';

        return $ret;
    }
}

/**
 * Renders checkbox options for a group permission form
 *
 * @author       Kazumi Ono    <[email protected]>
 * @copyright    copyright (c) 2000-2003 XOOPS.org
 *
 * @package      kernel
 * @subpackage   form
 */
class MyXoopsGroupFormCheckBox extends XoopsFormElement
{
    /**
     * Pre-selected value(s)
     * @var array;
     */
    public $_value;
    /**
     * Group ID
     * @var int
     */
    public $_groupId;
    /**
     * Option tree
     * @var array
     */
    public $_optionTree;
    /**
     * Appendix
     * @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
     */
    public $_appendix = [];

    /**
     * Constructor
     * @param      $caption
     * @param      $name
     * @param      $groupId
     * @param null $values

     */
    public function __construct($caption, $name, $groupId, $values = null)
    {
        $this->setCaption($caption);
        $this->setName($name);
        if (isset($values)) {
            $this->setValue($values);
        }
        $this->_groupId = $groupId;
    }

    /**
     * Sets pre-selected values
     *
     * @param mixed $value A group ID or an array of group IDs
     * @access public
     */
    public function setValue($value)
    {
        if (is_array($value)) {
            foreach ($value as $v) {
                $this->setValue($v);
            }
        } else {
            $this->_value[] = $value;
        }
    }

    /**
     * Sets the tree structure of items
     *
     * @param array $optionTree
     * @access public
     */
    public function setOptionTree(&$optionTree)
    {
        $this->_optionTree = &$optionTree;
    }

    /**
     * Sets appendix of checkboxes
     *
     * @access public
     * @param $appendix
     */
    public function setAppendix($appendix)
    {
        $this->_appendix = $appendix;
    }

    /**
     * Renders checkbox options for this group
     *
     * @return string
     * @access public
     */
    public function render()
    {
        $ret = '';

        if (count($this->_appendix) > 0) {
            $ret  .= '<table class="outer"><tr>';
            $cols = 1;
            foreach ($this->_appendix as $append) {
                if ($cols > 4) {
                    $ret  .= '</tr><tr>';
                    $cols = 1;
                }
                $checked = $append['selected'] ? 'checked' : '';
                $name    = 'perms[' . $append['permname'] . ']';
//                $itemid  = $append['itemid'];
                $itemid  = $append['itemid'];
                $ret     .= "<td class=\"odd\"><input type=\"checkbox\" name=\"{$name}[groups][$this->_groupId][$itemid]\" id=\"{$name}[groups][$this->_groupId][$itemid]\" value=\"1\" $checked>{$append['itemname']}<input type=\"hidden\" name=\"{$name}[parents][$itemid]\" value=\"\"><input type=\"hidden\" name=\"{$name}[itemname][$itemid]\" value=\"{$append['itemname']}\"><br></td>";
                $cols++;
            }
            $ret .= '</tr></table>';
        }

        $ret  .= '<table class="outer"><tr>';
        $cols = 1;
        if (!empty($this->_optionTree[0]['children'])) {
            foreach ($this->_optionTree[0]['children'] as $topitem) {
                if ($cols > 4) {
                    $ret  .= '</tr><tr>';
                    $cols = 1;
                }
                $tree   = '<td class="odd">';
                $prefix = '';
                $this->_renderOptionTree($tree, $this->_optionTree[$topitem], $prefix);
                $ret .= $tree . '</td>';
                $cols++;
            }
        }
        $ret .= '</tr></table>';

        return $ret;
    }

    /**
     * Renders checkbox options for an item tree
     *
     * @param string $tree
     * @param array  $option
     * @param string $prefix
     * @param array  $parentIds
     * @access private
     */
    public function _renderOptionTree(&$tree, $option, $prefix, $parentIds = [])
    {
        $tree .= $prefix . '<input type="checkbox" name="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" id="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" onclick="';
        // If there are parent elements, add javascript that will
        // make them selecteded when this element is checked to make
        // sure permissions to parent items are added as well.
        foreach ($parentIds as $pid) {
            $parent_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $pid . ']';
            $tree       .= "var ele = xoopsGetElementById('" . $parent_ele . "'); if(ele.checked !== true) {ele.checked = this.checked;}";
        }
        // If there are child elements, add javascript that will
        // make them unchecked when this element is unchecked to make
        // sure permissions to child items are not added when there
        // is no permission to this item.
        foreach ($option['allchild'] as $cid) {
            $child_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $cid . ']';
            $tree      .= "var ele = xoopsGetElementById('" . $child_ele . "'); if(this.checked !== true) {ele.checked = false;}";
        }
        $tree .= '" value="1"';
        if (isset($this->_value) && in_array($option['id'], $this->_value)) {
            $tree .= ' checked';
        }
        $tree .= '>' . $option['name'] . '<input type="hidden" name="' . $this->getName() . '[parents][' . $option['id'] . ']" value="' . implode(':', $parentIds) . '"><input type="hidden" name="' . $this->getName() . '[itemname][' . $option['id'] . ']" value="' . htmlspecialchars(
                $option['name'],
                ENT_QUOTES | ENT_HTML5
            ) . "\"><br>\n";
        if (isset($option['children'])) {
            foreach ($option['children'] as $child) {
                $parentIds[] = $option['id'];
                $this->_renderOptionTree($tree, $this->_optionTree[$child], $prefix . '&nbsp;-', $parentIds);
            }
        }
    }
}


1			<?php
2
3			/*
4			* You may not change or alter any portion of this comment or credits
5			* of supporting developers from this source code or any supporting source code
6			* which is considered copyrighted (c) material of the original comment or credit authors.
7			*
8			* This program is distributed in the hope that it will be useful,
9			* but WITHOUT ANY WARRANTY; without even the implied warranty of
10			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11			*/
12
13			/**
14			* @copyright {@link https://xoops.org/ XOOPS Project}
15			* @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
16			* @author Kazumi Ono (AKA onokazu) http://www.myweb.ne.jp/, https://xoops.org/, http://jp.xoops.org/
17			* @author XOOPS Development Team
18			*/
19
20			if (!defined('XOOPS_ROOT_PATH')) {
21			exit;
22			}
23
24			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelement.php';
25			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhidden.php';
26			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formbutton.php';
27			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelementtray.php';
28			require_once XOOPS_ROOT_PATH . '/class/xoopsform/form.php';
29
30			/**
31			* Renders a form for setting module specific group permissions
32			*
33			* @author Kazumi Ono <[email protected]>
34			* @copyright copyright (c) 2000-2003 XOOPS.org
35			*
36			* @package kernel
37			* @subpackage form
38			*/
39			class MyXoopsGroupPermForm extends XoopsForm
40			{
41			/**
42			* Module ID
43			* @var int
44			*/
45			public $_modid;
46			/**
47			* Tree structure of items
48			* @var array
49			*/
50			public $_itemTree = [];
51			/**
52			* Name of permission
53			* @var string
54			*/
55			public $_permName;
56			/**
57			* Description of permission
58			* @var string
59			*/
60			public $_permDesc;
61			/**
62			* Appendix
63			* @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
64			*/
65			public $_appendix = [];
66
67			/**
68			* Constructor
69			* @param $title
70			* @param $modid
71			* @param $permname
72			* @param $permdesc
73			*/
74			public function __construct($title, $modid, $permname, $permdesc)
75			{
76			// $this->XoopsForm($title, 'groupperm_form', XOOPS_URL.'/modules/system/admin/groupperm.php', 'post'); GIJ
77			parent::__construct($title, 'groupperm_form', '', 'post');
78			$this->_modid = (int)$modid;
79			$this->_permName = $permname;
80			$this->_permDesc = $permdesc;
81			$this->addElement(new XoopsFormHidden('modid', $this->_modid));
82			}
83
84			/**
85			* Adds an item to which permission will be assigned
86			*
87			* @param string $itemName
88			* @param int $itemId
89			* @param int $itemParent
90			* @access public
91			*/
92			public function addItem($itemId, $itemName, $itemParent = 0)
93			{
94			$this->_itemTree[$itemParent]['children'][] = $itemId;
95			$this->_itemTree[$itemId]['parent'] = $itemParent;
96			$this->_itemTree[$itemId]['name'] = $itemName;
97			$this->_itemTree[$itemId]['id'] = $itemId;
98			}
99
100			/**
101			* Add appendix
102			*
103			* @access public
104			* @param $permName
105			* @param $itemId
106			* @param $itemName
107			*/
108			public function addAppendix($permName, $itemId, $itemName)
109			{
110			$this->_appendix[] = ['permname' => $permName, 'itemid' => $itemId, 'itemname' => $itemName, 'selected' => false];
111			}
112
113			/**
114			* Loads all child ids for an item to be used in javascript
115			*
116			* @param int $itemId
117			* @param array $childIds
118			* @access private
119			*/
120			public function _loadAllChildItemIds($itemId, &$childIds)
121			{
122			if (!empty($this->_itemTree[$itemId]['children'])) {
123			$first_child = $this->_itemTree[$itemId]['children'];
124			foreach ($first_child as $fcid) {
125			$childIds[] = $fcid;
126			if (!empty($this->_itemTree[$fcid]['children'])) {
127			foreach ($this->_itemTree[$fcid]['children'] as $_fcid) {
128			$childIds[] = $_fcid;
129			$this->_loadAllChildItemIds($_fcid, $childIds);
130			}
131			}
132			}
133			}
134			}
135
136			/**
137			* Renders the form
138			*
139			* @return string
140			* @access public
141			*/
142			public function render()
143			{
144			// load all child ids for javascript codes
145			foreach (array_keys($this->_itemTree) as $item_id) {
146			$this->_itemTree[$item_id]['allchild'] = [];
147			$this->_loadAllChildItemIds($item_id, $this->_itemTree[$item_id]['allchild']);
148			}
149			/** @var \XoopsGroupPermHandler $grouppermHandler */
150			$grouppermHandler = xoops_getHandler('groupperm');
151			/** @var \XoopsMemberHandler $memberHandler */
152			$memberHandler = xoops_getHandler('member');
153			$glist = $memberHandler->getGroupList();
154			foreach (array_keys($glist) as $i) {
155			// get selected item id(s) for each group
156			$selected = $grouppermHandler->getItemIds($this->_permName, $i, $this->_modid);
157			$ele = new MyXoopsGroupFormCheckBox($glist[$i], 'perms[' . $this->_permName . ']', $i, $selected);
158			$ele->setOptionTree($this->_itemTree);
159
160			foreach ($this->_appendix as $key => $append) {
161			$this->_appendix[$key]['selected'] = $grouppermHandler->checkRight($append['permname'], $append['itemid'], $i, $this->_modid);
162			}
163			$ele->setAppendix($this->_appendix);
164			$this->addElement($ele);
165			unset($ele);
166			}
167
168			// GIJ start
169			$jstray = new XoopsFormElementTray('   ');
170			$jsuncheckbutton = new XoopsFormButton('', 'none', _NONE, 'button');
171			$jsuncheckbutton->setExtra("onclick=\"with(document.groupperm_form){for(i=0;i<length;i++){if(elements[i].type=='checkbox'){elements[i].checked=false;}}}\"");
172			$jscheckbutton = new XoopsFormButton('', 'all', _ALL, 'button');
173			$jscheckbutton->setExtra("onclick=\"with(document.groupperm_form){for(i=0;i<length;i++){if(elements[i].type=='checkbox' && (elements[i].name.indexOf('module_admin')<0 \|\| elements[i].name.indexOf('[groups][1]')>=0)){elements[i].checked=true;}}}\"");
174			$jstray->addElement($jsuncheckbutton);
175			$jstray->addElement($jscheckbutton);
176			$this->addElement($jstray);
177			// GIJ end
178
179			$tray = new XoopsFormElementTray('');
180			$tray->addElement(new XoopsFormButton('', 'reset', _CANCEL, 'reset'));
181			$tray->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
182			$this->addElement($tray);
183
184			$ret = '<h4>' . $this->getTitle() . '</h4>' . $this->_permDesc . '<br>';
185			$ret .= "<form name='" . $this->getName() . "' id='" . $this->getName() . "' action='" . $this->getAction() . "' method='" . $this->getMethod() . "'" . $this->getExtra() . ">\n<table width='100%' class='outer' cellspacing='1'>\n";
186			$elements = &$this->getElements();
187			foreach (array_keys($elements) as $i) {
188			if (!is_object($elements[$i])) {
189			$ret .= $elements[$i];
190			} elseif ($elements[$i]->isHidden()) {
191			$ret .= $elements[$i]->render();
			0 ignored issues – show Bug introduced 2019-01-20 06:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$elements[$i]->render()` targeting `XoopsFormElement::render()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
192			} else {
193			$ret .= "<tr valign='top' align='left'><td class='head'>" . $elements[$i]->getCaption();
194			if ('' != $elements[$i]->getDescription()) {
195			$ret .= '<br><br><span style="font-weight: normal;">' . $elements[$i]->getDescription() . '</span>';
196			}
197			$ret .= "</td>\n<td class='even'>\n" . $elements[$i]->render() . "\n</td></tr>\n";
			0 ignored issues – show Bug introduced 2019-01-20 06:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$elements[$i]->render()` targeting `XoopsFormElement::render()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
198			}
199			}
200			$ret .= '</table>' . $GLOBALS['xoopsSecurity']->getTokenHTML() . '</form>';
201
202			return $ret;
203			}
204			}
205
206			/**
207			* Renders checkbox options for a group permission form
208			*
209			* @author Kazumi Ono <[email protected]>
210			* @copyright copyright (c) 2000-2003 XOOPS.org
211			*
212			* @package kernel
213			* @subpackage form
214			*/
215			class MyXoopsGroupFormCheckBox extends XoopsFormElement
216			{
217			/**
218			* Pre-selected value(s)
219			* @var array;
220			*/
221			public $_value;
222			/**
223			* Group ID
224			* @var int
225			*/
226			public $_groupId;
227			/**
228			* Option tree
229			* @var array
230			*/
231			public $_optionTree;
232			/**
233			* Appendix
234			* @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
235			*/
236			public $_appendix = [];
237
238			/**
239			* Constructor
240			* @param $caption
241			* @param $name
242			* @param $groupId
243			* @param null $values
			0 ignored issues – show Documentation Bug introduced 2019-01-20 06:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$values` is correct as it would always require `null` to be passed? Loading history...
244			*/
245			public function __construct($caption, $name, $groupId, $values = null)
246			{
247			$this->setCaption($caption);
248			$this->setName($name);
249			if (isset($values)) {
250			$this->setValue($values);
251			}
252			$this->_groupId = $groupId;
253			}
254
255			/**
256			* Sets pre-selected values
257			*
258			* @param mixed $value A group ID or an array of group IDs
259			* @access public
260			*/
261			public function setValue($value)
262			{
263			if (is_array($value)) {
264			foreach ($value as $v) {
265			$this->setValue($v);
266			}
267			} else {
268			$this->_value[] = $value;
269			}
270			}
271
272			/**
273			* Sets the tree structure of items
274			*
275			* @param array $optionTree
276			* @access public
277			*/
278			public function setOptionTree(&$optionTree)
279			{
280			$this->_optionTree = &$optionTree;
281			}
282
283			/**
284			* Sets appendix of checkboxes
285			*
286			* @access public
287			* @param $appendix
288			*/
289			public function setAppendix($appendix)
290			{
291			$this->_appendix = $appendix;
292			}
293
294			/**
295			* Renders checkbox options for this group
296			*
297			* @return string
298			* @access public
299			*/
300			public function render()
301			{
302			$ret = '';
303
304			if (count($this->_appendix) > 0) {
305			$ret .= '<table class="outer"><tr>';
306			$cols = 1;
307			foreach ($this->_appendix as $append) {
308			if ($cols > 4) {
309			$ret .= '</tr><tr>';
310			$cols = 1;
311			}
312			$checked = $append['selected'] ? 'checked' : '';
313			$name = 'perms[' . $append['permname'] . ']';
314			// $itemid = $append['itemid'];
315			$itemid = $append['itemid'];
316			$ret .= "<td class=\"odd\"><input type=\"checkbox\" name=\"{$name}[groups][$this->_groupId][$itemid]\" id=\"{$name}[groups][$this->_groupId][$itemid]\" value=\"1\" $checked>{$append['itemname']}<input type=\"hidden\" name=\"{$name}[parents][$itemid]\" value=\"\"><input type=\"hidden\" name=\"{$name}[itemname][$itemid]\" value=\"{$append['itemname']}\"><br></td>";
317			$cols++;
318			}
319			$ret .= '</tr></table>';
320			}
321
322			$ret .= '<table class="outer"><tr>';
323			$cols = 1;
324			if (!empty($this->_optionTree[0]['children'])) {
325			foreach ($this->_optionTree[0]['children'] as $topitem) {
326			if ($cols > 4) {
327			$ret .= '</tr><tr>';
328			$cols = 1;
329			}
330			$tree = '<td class="odd">';
331			$prefix = '';
332			$this->_renderOptionTree($tree, $this->_optionTree[$topitem], $prefix);
333			$ret .= $tree . '</td>';
334			$cols++;
335			}
336			}
337			$ret .= '</tr></table>';
338
339			return $ret;
340			}
341
342			/**
343			* Renders checkbox options for an item tree
344			*
345			* @param string $tree
346			* @param array $option
347			* @param string $prefix
348			* @param array $parentIds
349			* @access private
350			*/
351			public function _renderOptionTree(&$tree, $option, $prefix, $parentIds = [])
352			{
353			$tree .= $prefix . '<input type="checkbox" name="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" id="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" onclick="';
354			// If there are parent elements, add javascript that will
355			// make them selecteded when this element is checked to make
356			// sure permissions to parent items are added as well.
357			foreach ($parentIds as $pid) {
358			$parent_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $pid . ']';
359			$tree .= "var ele = xoopsGetElementById('" . $parent_ele . "'); if(ele.checked !== true) {ele.checked = this.checked;}";
360			}
361			// If there are child elements, add javascript that will
362			// make them unchecked when this element is unchecked to make
363			// sure permissions to child items are not added when there
364			// is no permission to this item.
365			foreach ($option['allchild'] as $cid) {
366			$child_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $cid . ']';
367			$tree .= "var ele = xoopsGetElementById('" . $child_ele . "'); if(this.checked !== true) {ele.checked = false;}";
368			}
369			$tree .= '" value="1"';
370			if (isset($this->_value) && in_array($option['id'], $this->_value)) {
371			$tree .= ' checked';
372			}
373			$tree .= '>' . $option['name'] . '<input type="hidden" name="' . $this->getName() . '[parents][' . $option['id'] . ']" value="' . implode(':', $parentIds) . '"><input type="hidden" name="' . $this->getName() . '[itemname][' . $option['id'] . ']" value="' . htmlspecialchars(
374			$option['name'],
375			ENT_QUOTES \| ENT_HTML5
376			) . "\"><br>\n";
377			if (isset($option['children'])) {
378			foreach ($option['children'] as $child) {
379			$parentIds[] = $option['id'];
380			$this->_renderOptionTree($tree, $this->_optionTree[$child], $prefix . ' -', $parentIds);
381			}
382			}
383			}
384			}
385

XoopsModules25x / blocksadmin

Issues (62)

Security Analysis not enabled

admin/mygrouppermform.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like