This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | |||||
3 | declare(strict_types=1); |
||||
4 | |||||
5 | namespace XoopsModules\Countdown\Common; |
||||
6 | |||||
7 | /* |
||||
8 | You may not change or alter any portion of this comment or credits |
||||
9 | of supporting developers from this source code or any supporting source code |
||||
10 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||
11 | |||||
12 | This program is distributed in the hope that it will be useful, |
||||
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
15 | */ |
||||
16 | |||||
17 | /** |
||||
18 | * Module: Countdown |
||||
19 | * |
||||
20 | * @category Module |
||||
21 | * @package countdown |
||||
22 | * @author XOOPS Development Team <https://xoops.org> |
||||
23 | * @copyright {@link https://xoops.org/ XOOPS Project} |
||||
24 | * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||||
25 | */ |
||||
26 | |||||
27 | use Xmf\Request; |
||||
28 | use XoopsModules\Countdown; |
||||
29 | |||||
30 | /** |
||||
31 | * Class SysUtility |
||||
32 | */ |
||||
33 | class SysUtility |
||||
34 | { |
||||
35 | use VersionChecks; |
||||
36 | use ServerStats; |
||||
37 | use FilesManagement; |
||||
38 | |||||
39 | //--------------- Common module methods ----------------------------- |
||||
40 | |||||
41 | /** |
||||
42 | * @param $text |
||||
43 | * @param $form_sort |
||||
44 | * @return string |
||||
45 | */ |
||||
46 | public static function selectSorting($text, $form_sort) |
||||
47 | { |
||||
48 | global $start, $order, $file_cat, $sort, $xoopsModule; |
||||
49 | |||||
50 | $select_view = ''; |
||||
0 ignored issues
–
show
Unused Code
introduced
by
![]() |
|||||
51 | $moduleDirName = basename(dirname(__DIR__)); |
||||
0 ignored issues
–
show
|
|||||
52 | /** @var Countdown\Helper $helper */ |
||||
53 | $helper = Countdown\Helper::getInstance(); |
||||
54 | |||||
55 | //$pathModIcon16 = XOOPS_URL . '/modules/' . $moduleDirName . '/' . $helper->getConfig('modicons16'); |
||||
56 | $pathModIcon16 = $helper->url($helper->getModule()->getInfo('modicons16')); |
||||
0 ignored issues
–
show
It seems like
$helper->getModule()->getInfo('modicons16') can also be of type array ; however, parameter $url of Xmf\Module\Helper\GenericHelper::url() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
57 | |||||
58 | $select_view = '<form name="form_switch" id="form_switch" action="' . Request::getString('REQUEST_URI', '', 'SERVER') . '" method="post"><span style="font-weight: bold;">' . $text . '</span>'; |
||||
59 | //$sorts = $sort == 'asc' ? 'desc' : 'asc'; |
||||
60 | if ($form_sort == $sort) { |
||||
61 | $sel1 = 'asc' === $order ? 'selasc.png' : 'asc.png'; |
||||
62 | $sel2 = 'desc' === $order ? 'seldesc.png' : 'desc.png'; |
||||
63 | } else { |
||||
64 | $sel1 = 'asc.png'; |
||||
65 | $sel2 = 'desc.png'; |
||||
66 | } |
||||
67 | $select_view .= ' <a href="' . Request::getString('SCRIPT_NAME', '', 'SERVER') . '?start=' . $start . '&sort=' . $form_sort . '&order=asc"><img src="' . $pathModIcon16 . '/' . $sel1 . '" title="ASC" alt="ASC"></a>'; |
||||
68 | $select_view .= '<a href="' . Request::getString('SCRIPT_NAME', '', 'SERVER') . '?start=' . $start . '&sort=' . $form_sort . '&order=desc"><img src="' . $pathModIcon16 . '/' . $sel2 . '" title="DESC" alt="DESC"></a>'; |
||||
69 | $select_view .= '</form>'; |
||||
70 | |||||
71 | return $select_view; |
||||
72 | } |
||||
73 | |||||
74 | /***************Blocks***************/ |
||||
75 | /** |
||||
76 | * @param array $cats |
||||
77 | * @return string |
||||
78 | */ |
||||
79 | public static function blockAddCatSelect($cats) |
||||
80 | { |
||||
81 | $cat_sql = ''; |
||||
82 | if (is_array($cats) && !empty($cats)) { |
||||
83 | $cat_sql = '(' . current($cats); |
||||
84 | array_shift($cats); |
||||
85 | foreach ($cats as $cat) { |
||||
86 | $cat_sql .= ',' . $cat; |
||||
87 | } |
||||
88 | $cat_sql .= ')'; |
||||
89 | } |
||||
90 | |||||
91 | return $cat_sql; |
||||
92 | } |
||||
93 | |||||
94 | /** |
||||
95 | * @param $content |
||||
96 | */ |
||||
97 | public static function metaKeywords($content) |
||||
98 | { |
||||
99 | global $xoopsTpl, $xoTheme; |
||||
100 | $myts = \MyTextSanitizer::getInstance(); |
||||
101 | $content = $myts->undoHtmlSpecialChars($myts->displayTarea($content)); |
||||
102 | if (null !== $xoTheme && is_object($xoTheme)) { |
||||
103 | $xoTheme->addMeta('meta', 'keywords', strip_tags($content)); |
||||
104 | } else { // Compatibility for old Xoops versions |
||||
105 | $xoopsTpl->assign('xoops_metaKeywords', strip_tags($content)); |
||||
106 | } |
||||
107 | } |
||||
108 | |||||
109 | /** |
||||
110 | * @param $content |
||||
111 | */ |
||||
112 | public static function metaDescription($content) |
||||
113 | { |
||||
114 | global $xoopsTpl, $xoTheme; |
||||
115 | $myts = \MyTextSanitizer::getInstance(); |
||||
116 | $content = $myts->undoHtmlSpecialChars($myts->displayTarea($content)); |
||||
117 | if (null !== $xoTheme && is_object($xoTheme)) { |
||||
118 | $xoTheme->addMeta('meta', 'description', strip_tags($content)); |
||||
119 | } else { // Compatibility for old Xoops versions |
||||
120 | $xoopsTpl->assign('xoops_metaDescription', strip_tags($content)); |
||||
121 | } |
||||
122 | } |
||||
123 | |||||
124 | /** |
||||
125 | * @param $tableName |
||||
126 | * @param $columnName |
||||
127 | * |
||||
128 | * @return array |
||||
129 | */ |
||||
130 | public static function enumerate($tableName, $columnName) |
||||
131 | { |
||||
132 | $table = $GLOBALS['xoopsDB']->prefix($tableName); |
||||
133 | |||||
134 | // $result = $GLOBALS['xoopsDB']->query("SELECT COLUMN_TYPE FROM INFORMATION_SCHEMA.COLUMNS |
||||
135 | // WHERE TABLE_NAME = '" . $table . "' AND COLUMN_NAME = '" . $columnName . "'") |
||||
136 | // || exit ($GLOBALS['xoopsDB']->error()); |
||||
137 | |||||
138 | $sql = 'SELECT COLUMN_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = "' . $table . '" AND COLUMN_NAME = "' . $columnName . '"'; |
||||
139 | $result = $GLOBALS['xoopsDB']->query($sql); |
||||
140 | if (!$result) { |
||||
141 | exit($GLOBALS['xoopsDB']->error()); |
||||
0 ignored issues
–
show
|
|||||
142 | } |
||||
143 | |||||
144 | $row = $GLOBALS['xoopsDB']->fetchBoth($result); |
||||
145 | $enumList = explode(',', str_replace("'", '', substr($row['COLUMN_TYPE'], 5, -6))); |
||||
146 | return $enumList; |
||||
147 | } |
||||
148 | |||||
149 | /** |
||||
150 | * @param array|string $tableName |
||||
151 | * @param int $id_field |
||||
152 | * @param int $id |
||||
153 | * |
||||
154 | * @return mixed |
||||
155 | */ |
||||
156 | public static function cloneRecord($tableName, $id_field, $id) |
||||
157 | { |
||||
158 | $new_id = false; |
||||
0 ignored issues
–
show
|
|||||
159 | $table = $GLOBALS['xoopsDB']->prefix($tableName); |
||||
160 | // copy content of the record you wish to clone |
||||
161 | $sql = "SELECT * FROM $table WHERE $id_field='$id' "; |
||||
162 | $tempTable = $GLOBALS['xoopsDB']->fetchArray($GLOBALS['xoopsDB']->query($sql), MYSQLI_ASSOC); |
||||
163 | if (!$tempTable) { |
||||
164 | exit($GLOBALS['xoopsDB']->error()); |
||||
0 ignored issues
–
show
|
|||||
165 | } |
||||
166 | // set the auto-incremented id's value to blank. |
||||
167 | unset($tempTable[$id_field]); |
||||
168 | // insert cloned copy of the original record |
||||
169 | $sql = "INSERT INTO $table (" . implode(', ', array_keys($tempTable)) . ") VALUES ('" . implode("', '", array_values($tempTable)) . "')"; |
||||
170 | $result = $GLOBALS['xoopsDB']->queryF($sql); |
||||
171 | if (!$result) { |
||||
172 | exit($GLOBALS['xoopsDB']->error()); |
||||
0 ignored issues
–
show
|
|||||
173 | } |
||||
174 | // Return the new id |
||||
175 | $new_id = $GLOBALS['xoopsDB']->getInsertId(); |
||||
176 | |||||
177 | return $new_id; |
||||
178 | } |
||||
179 | |||||
180 | /** |
||||
181 | * truncateHtml can truncate a string up to a number of characters while preserving whole words and HTML tags |
||||
182 | * www.gsdesign.ro/blog/cut-html-string-without-breaking-the-tags |
||||
183 | * www.cakephp.org |
||||
184 | * |
||||
185 | * @param string $text String to truncate. |
||||
186 | * @param int $length Length of returned string, including ellipsis. |
||||
187 | * @param string $ending Ending to be appended to the trimmed string. |
||||
188 | * @param bool $exact If false, $text will not be cut mid-word |
||||
189 | * @param bool $considerHtml If true, HTML tags would be handled correctly |
||||
190 | * |
||||
191 | * @return string Trimmed string. |
||||
192 | */ |
||||
193 | public static function truncateHtml($text, $length = 100, $ending = '...', $exact = false, $considerHtml = true) |
||||
194 | { |
||||
195 | $openTags = []; |
||||
196 | if ($considerHtml) { |
||||
197 | // if the plain text is shorter than the maximum length, return the whole text |
||||
198 | if (strlen(preg_replace('/<.*?' . '>/', '', $text)) <= $length) { |
||||
199 | return $text; |
||||
200 | } |
||||
201 | // splits all html-tags to scanable lines |
||||
202 | preg_match_all('/(<.+?' . '>)?([^<>]*)/s', $text, $lines, PREG_SET_ORDER); |
||||
203 | $total_length = strlen($ending); |
||||
204 | //$openTags = []; |
||||
205 | $truncate = ''; |
||||
206 | foreach ($lines as $line_matchings) { |
||||
207 | // if there is any html-tag in this line, handle it and add it (uncounted) to the output |
||||
208 | if (!empty($line_matchings[1])) { |
||||
209 | // if it's an "empty element" with or without xhtml-conform closing slash |
||||
210 | if (preg_match('/^<(\s*.+?\/\s*|\s*(img|br|input|hr|area|base|basefont|col|frame|isindex|link|meta|param)(\s.+?)?)>$/is', $line_matchings[1])) { |
||||
211 | // do nothing |
||||
212 | // if tag is a closing tag |
||||
213 | } elseif (preg_match('/^<\s*\/([^\s]+?)\s*>$/s', $line_matchings[1], $tag_matchings)) { |
||||
214 | // delete tag from $openTags list |
||||
215 | $pos = array_search($tag_matchings[1], $openTags); |
||||
216 | if (false !== $pos) { |
||||
217 | unset($openTags[$pos]); |
||||
218 | } |
||||
219 | // if tag is an opening tag |
||||
220 | } elseif (preg_match('/^<\s*([^\s>!]+).*?' . '>$/s', $line_matchings[1], $tag_matchings)) { |
||||
221 | // add tag to the beginning of $openTags list |
||||
222 | array_unshift($openTags, strtolower($tag_matchings[1])); |
||||
223 | } |
||||
224 | // add html-tag to $truncate'd text |
||||
225 | $truncate .= $line_matchings[1]; |
||||
226 | } |
||||
227 | // calculate the length of the plain text part of the line; handle entities as one character |
||||
228 | $content_length = strlen(preg_replace('/&[0-9a-z]{2,8};|&#[0-9]{1,7};|[0-9a-f]{1,6};/i', ' ', $line_matchings[2])); |
||||
229 | if ($total_length + $content_length > $length) { |
||||
230 | // the number of characters which are left |
||||
231 | $left = $length - $total_length; |
||||
232 | $entities_length = 0; |
||||
233 | // search for html entities |
||||
234 | if (preg_match_all('/&[0-9a-z]{2,8};|&#[0-9]{1,7};|[0-9a-f]{1,6};/i', $line_matchings[2], $entities, PREG_OFFSET_CAPTURE)) { |
||||
235 | // calculate the real length of all entities in the legal range |
||||
236 | foreach ($entities[0] as $entity) { |
||||
237 | if ($entity[1] + 1 - $entities_length <= $left) { |
||||
238 | $left--; |
||||
239 | $entities_length += strlen($entity[0]); |
||||
240 | } else { |
||||
241 | // no more characters left |
||||
242 | break; |
||||
243 | } |
||||
244 | } |
||||
245 | } |
||||
246 | $truncate .= substr($line_matchings[2], 0, $left + $entities_length); |
||||
247 | // maximum lenght is reached, so get off the loop |
||||
248 | break; |
||||
249 | } else { |
||||
250 | $truncate .= $line_matchings[2]; |
||||
251 | $total_length += $content_length; |
||||
252 | } |
||||
253 | // if the maximum length is reached, get off the loop |
||||
254 | if ($total_length >= $length) { |
||||
255 | break; |
||||
256 | } |
||||
257 | } |
||||
258 | } else { |
||||
259 | if (strlen($text) <= $length) { |
||||
260 | return $text; |
||||
261 | } else { |
||||
262 | $truncate = substr($text, 0, $length - strlen($ending)); |
||||
263 | } |
||||
264 | } |
||||
265 | // if the words shouldn't be cut in the middle... |
||||
266 | if (!$exact) { |
||||
267 | // ...search the last occurance of a space... |
||||
268 | $spacepos = mb_strrpos($truncate, ' '); |
||||
269 | if (isset($spacepos)) { |
||||
270 | // ...and cut the text in this position |
||||
271 | $truncate = substr($truncate, 0, $spacepos); |
||||
272 | } |
||||
273 | } |
||||
274 | // add the defined ending to the text |
||||
275 | $truncate .= $ending; |
||||
276 | if ($considerHtml) { |
||||
277 | // close all unclosed html-tags |
||||
278 | foreach ($openTags as $tag) { |
||||
279 | $truncate .= '</' . $tag . '>'; |
||||
280 | } |
||||
281 | } |
||||
282 | |||||
283 | return $truncate; |
||||
284 | } |
||||
285 | |||||
286 | /** |
||||
287 | * Function responsible for checking if a directory exists, we can also write in and create an index.html file |
||||
288 | * |
||||
289 | * @param string $folder The full path of the directory to check |
||||
290 | */ |
||||
291 | public static function prepareFolder($folder) |
||||
292 | { |
||||
293 | try { |
||||
294 | if (!@mkdir($folder) && !is_dir($folder)) { |
||||
295 | throw new \RuntimeException(sprintf('Unable to create the %s directory', $folder)); |
||||
296 | } |
||||
297 | file_put_contents($folder . '/index.html', '<script>history.go(-1);</script>'); |
||||
298 | } catch (\Exception $e) { |
||||
299 | echo 'Caught exception: ', $e->getMessage(), "\n", '<br>'; |
||||
300 | } |
||||
301 | } |
||||
302 | } |
||||
303 |