This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | /* |
||
4 | You may not change or alter any portion of this comment or credits |
||
5 | of supporting developers from this source code or any supporting source code |
||
6 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
7 | |||
8 | This program is distributed in the hope that it will be useful, |
||
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
11 | */ |
||
12 | |||
13 | /** |
||
14 | * Module: lexikon |
||
15 | * |
||
16 | * @category Module |
||
17 | * @package lexikon |
||
18 | * @author XOOPS Development Team <[email protected]> - <https://xoops.org> |
||
19 | * @copyright {@link https://xoops.org/ XOOPS Project} |
||
20 | * @license GPL 2.0 or later |
||
21 | * @link https://xoops.org/ |
||
22 | * @since 1.0.0 |
||
23 | */ |
||
24 | |||
25 | use Xmf\Module\Helper\Permission; |
||
26 | use Xmf\Request; |
||
27 | use XoopsModules\Lexikon\{ |
||
28 | Form, |
||
29 | Helper, |
||
30 | Utility |
||
31 | }; |
||
32 | /** @var Helper $helper */ |
||
33 | /** @var Admin $adminObject */ |
||
34 | |||
35 | require_once __DIR__ . '/admin_header.php'; |
||
36 | xoops_cp_header(); |
||
37 | //It recovered the value of argument op in URL$ |
||
38 | $op = Request::getString('op', 'list'); |
||
39 | $order = Request::getString('order', 'desc'); |
||
40 | $sort = Request::getString('sort', ''); |
||
41 | |||
42 | $adminObject->displayNavigation(basename(__FILE__)); |
||
43 | $permHelper = new Permission($moduleDirName); |
||
44 | $uploadDir = XOOPS_UPLOAD_PATH . '/lexikon/images/'; |
||
45 | $uploadUrl = XOOPS_UPLOAD_URL . '/lexikon/images/'; |
||
46 | |||
47 | switch ($op) { |
||
48 | case 'list': |
||
49 | default: |
||
50 | $adminObject->addItemButton(_AM_LEXIKON_ADD_CATEGORIES, 'categories.php?op=new', 'add'); |
||
51 | echo $adminObject->displayButton('left'); |
||
52 | $start = Request::getInt('start', 0); |
||
53 | $categoriesPaginationLimit = $GLOBALS['xoopsModuleConfig']['perpage']; |
||
54 | |||
55 | $criteria = new \CriteriaCompo(); |
||
56 | $criteria->setSort('categoryID ASC, categoryID'); |
||
57 | $criteria->setOrder('ASC'); |
||
58 | $criteria->setLimit($categoriesPaginationLimit); |
||
59 | $criteria->setStart($start); |
||
60 | $categoriesTempRows = $categoriesHandler->getCount(); |
||
61 | $categoriesTempArray = $categoriesHandler->getAll($criteria); /* |
||
62 | // |
||
63 | // |
||
64 | <th class='center width5'>".AM_LEXIKON_FORM_ACTION."</th> |
||
65 | // </tr>"; |
||
66 | // $class = "odd"; |
||
67 | */ |
||
68 | |||
69 | // Display Page Navigation |
||
70 | if ($categoriesTempRows > $categoriesPaginationLimit) { |
||
71 | require_once XOOPS_ROOT_PATH . '/class/pagenav.php'; |
||
72 | |||
73 | $pagenav = new \XoopsPageNav($categoriesTempRows, $categoriesPaginationLimit, $start, 'start', 'op=list' . '&sort=' . $sort . '&order=' . $order . ''); |
||
74 | $GLOBALS['xoopsTpl']->assign('pagenav', null === $pagenav ? $pagenav->renderNav() : ''); |
||
75 | } |
||
76 | |||
77 | $GLOBALS['xoopsTpl']->assign('categoriesRows', $categoriesTempRows); |
||
78 | $categoriesArray = []; |
||
79 | |||
80 | // $fields = explode('|', categoryID:tinyint:4::NOT NULL::primary:ID|name:varchar:100::NOT NULL:::Category|description:text:0::NOT NULL:::Description|total:int:11::NOT NULL:0::Total|weight:int:11::NOT NULL:1::Weight|logourl:varchar:150::NOT NULL:::Logo URL); |
||
81 | // $fieldsCount = count($fields); |
||
82 | |||
83 | $criteria = new \CriteriaCompo(); |
||
84 | |||
85 | //$criteria->setOrder('DESC'); |
||
86 | $criteria->setSort($sort); |
||
87 | $criteria->setOrder($order); |
||
88 | $criteria->setLimit($categoriesPaginationLimit); |
||
89 | $criteria->setStart($start); |
||
90 | |||
91 | $categoriesCount = $categoriesHandler->getCount($criteria); |
||
92 | $categoriesTempArray = $categoriesHandler->getAll($criteria); |
||
93 | |||
94 | // for ($i = 0; $i < $fieldsCount; ++$i) { |
||
95 | if ($categoriesCount > 0) { |
||
96 | foreach (array_keys($categoriesTempArray) as $i) { |
||
97 | // $field = explode(':', $fields[$i]); |
||
98 | |||
99 | $selectorcategoryID = Utility::selectSorting(_AM_LEXIKON_CATEGORIES_CATEGORYID, 'categoryID'); |
||
100 | $GLOBALS['xoopsTpl']->assign('selectorcategoryID', $selectorcategoryID); |
||
101 | $categoryID = $categoriesTempArray[$i]->getVar('categoryID'); |
||
102 | $categoriesArray['categoryID'] = $categoryID; |
||
103 | |||
104 | $selectorname = Utility::selectSorting(_AM_LEXIKON_CATEGORIES_NAME, 'name'); |
||
105 | $GLOBALS['xoopsTpl']->assign('selectorname', $selectorname); |
||
106 | // $categoriesArray['name'] = $categoriesTempArray[$i]->getVar('name'); |
||
107 | |||
108 | $categoriesArray['name'] = "<a href='../category.php?categoryID=" . $categoryID . "'>" . $categoriesTempArray[$i]->getVar('name') . '</a>'; |
||
109 | |||
110 | |||
111 | |||
112 | |||
113 | $selectordescription = Utility::selectSorting(_AM_LEXIKON_CATEGORIES_DESCRIPTION, 'description'); |
||
114 | $GLOBALS['xoopsTpl']->assign('selectordescription', $selectordescription); |
||
115 | $categoriesArray['description'] = $categoriesTempArray[$i]->getVar('description'); |
||
116 | |||
117 | $selectortotal = Utility::selectSorting(_AM_LEXIKON_CATEGORIES_TOTAL, 'total'); |
||
118 | $GLOBALS['xoopsTpl']->assign('selectortotal', $selectortotal); |
||
119 | $categoriesArray['total'] = $categoriesTempArray[$i]->getVar('total'); |
||
120 | |||
121 | $selectorweight = Utility::selectSorting(_AM_LEXIKON_CATEGORIES_WEIGHT, 'weight'); |
||
122 | $GLOBALS['xoopsTpl']->assign('selectorweight', $selectorweight); |
||
123 | $categoriesArray['weight'] = $categoriesTempArray[$i]->getVar('weight'); |
||
124 | |||
125 | $selectorlogourl = Utility::selectSorting(_AM_LEXIKON_CATEGORIES_LOGOURL, 'logourl'); |
||
126 | $GLOBALS['xoopsTpl']->assign('selectorlogourl', $selectorlogourl); |
||
127 | $categoriesArray['logourl'] = $categoriesTempArray[$i]->getVar('logourl'); |
||
128 | $categoriesArray['edit_delete'] = "<a href='categories.php?op=edit&categoryID=" . $i . "'><img src=" . $pathIcon16 . "/edit.png alt='" . _EDIT . "' title='" . _EDIT . "'></a> |
||
129 | <a href='categories.php?op=delete&categoryID=" . $i . "'><img src=" . $pathIcon16 . "/delete.png alt='" . _DELETE . "' title='" . _DELETE . "'></a> |
||
130 | <a href='categories.php?op=clone&categoryID=" . $i . "'><img src=" . $pathIcon16 . "/editcopy.png alt='" . _CLONE . "' title='" . _CLONE . "'></a>"; |
||
131 | |||
132 | $GLOBALS['xoopsTpl']->append_by_ref('categoriesArrays', $categoriesArray); |
||
133 | unset($categoriesArray); |
||
134 | } |
||
135 | unset($categoriesTempArray); |
||
136 | // Display Navigation |
||
137 | if ($categoriesCount > $categoriesPaginationLimit) { |
||
138 | require_once XOOPS_ROOT_PATH . '/class/pagenav.php'; |
||
139 | $pagenav = new \XoopsPageNav($categoriesCount, $categoriesPaginationLimit, $start, 'start', 'op=list' . '&sort=' . $sort . '&order=' . $order . ''); |
||
140 | $GLOBALS['xoopsTpl']->assign('pagenav', $pagenav->renderNav(4)); |
||
141 | } |
||
142 | |||
143 | // echo "<td class='center width5'> |
||
144 | |||
145 | // <a href='categories.php?op=edit&categoryID=".$i."'><img src=".$pathIcon16."/edit.png alt='"._EDIT."' title='"._EDIT."'></a> |
||
146 | // <a href='categories.php?op=delete&categoryID=".$i."'><img src=".$pathIcon16."/delete.png alt='"._DELETE."' title='"._DELETE."'></a> |
||
147 | // </td>"; |
||
148 | |||
149 | // echo "</tr>"; |
||
150 | |||
151 | // } |
||
152 | |||
153 | // echo "</table><br><br>"; |
||
154 | |||
155 | // } else { |
||
156 | |||
157 | // echo "<table width='100%' cellspacing='1' class='outer'> |
||
158 | |||
159 | // <tr> |
||
160 | |||
161 | // <th class='center width5'>".AM_LEXIKON_FORM_ACTION."XXX</th> |
||
162 | // </tr><tr><td class='errorMsg' colspan='7'>There are noXXX categories</td></tr>"; |
||
163 | // echo "</table><br><br>"; |
||
164 | |||
165 | //------------------------------------------- |
||
166 | |||
167 | echo $GLOBALS['xoopsTpl']->fetch(XOOPS_ROOT_PATH . '/modules/' . $GLOBALS['xoopsModule']->getVar('dirname') . '/templates/admin/lexikon_admin_categories.tpl'); |
||
168 | } |
||
169 | |||
170 | break; |
||
171 | case 'new': |
||
172 | $adminObject->addItemButton(_AM_LEXIKON_CATEGORIES_LIST, 'categories.php', 'list'); |
||
173 | echo $adminObject->displayButton('left'); |
||
174 | |||
175 | $categoriesObject = $categoriesHandler->create(); |
||
176 | $form = $categoriesObject->getForm(); |
||
177 | $form->display(); |
||
178 | break; |
||
179 | case 'save': |
||
180 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
181 | redirect_header('categories.php', 3, implode(',', $GLOBALS['xoopsSecurity']->getErrors())); |
||
182 | } |
||
183 | if (0 != Request::getInt('categoryID', 0)) { |
||
184 | $categoriesObject = $categoriesHandler->get(Request::getInt('categoryID', 0)); |
||
185 | } else { |
||
186 | $categoriesObject = $categoriesHandler->create(); |
||
187 | } |
||
188 | // Form save fields |
||
189 | $categoriesObject->setVar('name', Request::getVar('name', '')); |
||
190 | $categoriesObject->setVar('description', Request::getText('description', '')); |
||
191 | $categoriesObject->setVar('total', Request::getVar('total', '')); |
||
192 | $categoriesObject->setVar('weight', Request::getVar('weight', '')); |
||
193 | $categoriesObject->setVar('logourl', Request::getVar('logourl', '')); |
||
194 | //Permissions |
||
195 | //=============================================================== |
||
196 | |||
197 | $mid = $GLOBALS['xoopsModule']->mid(); |
||
198 | /** @var \XoopsGroupPermHandler $grouppermHandler */ |
||
199 | $grouppermHandler = xoops_getHandler('groupperm'); |
||
200 | $categoryID = Request::getInt('categoryID', 0); |
||
201 | |||
202 | /** |
||
203 | * @param $myArray |
||
204 | * @param $permissionGroup |
||
205 | * @param $categoryID |
||
206 | * @param $grouppermHandler |
||
207 | * @param $permissionName |
||
208 | * @param $mid |
||
209 | */ |
||
210 | function setPermissions($myArray, $permissionGroup, $categoryID, $grouppermHandler, $permissionName, $mid) |
||
211 | { |
||
212 | $permissionArray = $myArray; |
||
213 | if ($categoryID > 0) { |
||
214 | $sql = 'DELETE FROM `' . $GLOBALS['xoopsDB']->prefix('group_permission') . "` WHERE `gperm_name` = '" . $permissionName . "' AND `gperm_itemid`= $categoryID;"; |
||
215 | $GLOBALS['xoopsDB']->query($sql); |
||
216 | } |
||
217 | //admin |
||
218 | $gperm = $grouppermHandler->create(); |
||
219 | $gperm->setVar('gperm_groupid', XOOPS_GROUP_ADMIN); |
||
220 | $gperm->setVar('gperm_name', $permissionName); |
||
221 | $gperm->setVar('gperm_modid', $mid); |
||
222 | $gperm->setVar('gperm_itemid', $categoryID); |
||
223 | $grouppermHandler->insert($gperm); |
||
224 | unset($gperm); |
||
225 | //non-Admin groups |
||
226 | if (is_array($permissionArray)) { |
||
227 | foreach ($permissionArray as $key => $cat_groupperm) { |
||
228 | if ($cat_groupperm > 0) { |
||
229 | $gperm = $grouppermHandler->create(); |
||
230 | $gperm->setVar('gperm_groupid', $cat_groupperm); |
||
231 | $gperm->setVar('gperm_name', $permissionName); |
||
232 | $gperm->setVar('gperm_modid', $mid); |
||
233 | $gperm->setVar('gperm_itemid', $categoryID); |
||
234 | $grouppermHandler->insert($gperm); |
||
235 | unset($gperm); |
||
236 | } |
||
237 | } |
||
238 | } elseif ($permissionArray > 0) { |
||
239 | $gperm = $grouppermHandler->create(); |
||
240 | $gperm->setVar('gperm_groupid', $permissionArray); |
||
241 | $gperm->setVar('gperm_name', $permissionName); |
||
242 | $gperm->setVar('gperm_modid', $mid); |
||
243 | $gperm->setVar('gperm_itemid', $categoryID); |
||
244 | $grouppermHandler->insert($gperm); |
||
245 | unset($gperm); |
||
246 | } |
||
247 | } |
||
248 | |||
249 | //setPermissions for View items |
||
250 | $permissionGroup = 'groupsRead'; |
||
251 | $permissionName = 'lexikon_view'; |
||
252 | $permissionArray = Request::getArray($permissionGroup, ''); |
||
253 | $permissionArray[] = XOOPS_GROUP_ADMIN; |
||
254 | //setPermissions($permissionArray, $permissionGroup, $categoryID, $grouppermHandler, $permissionName, $mid); |
||
255 | $permHelper->savePermissionForItem($permissionName, $categoryID, $permissionArray); |
||
256 | |||
257 | //setPermissions for Submit items |
||
258 | $permissionGroup = 'groupsSubmit'; |
||
259 | $permissionName = 'lexikon_submit'; |
||
260 | $permissionArray = Request::getArray($permissionGroup, ''); |
||
261 | $permissionArray[] = XOOPS_GROUP_ADMIN; |
||
262 | //setPermissions($permissionArray, $permissionGroup, $categoryID, $grouppermHandler, $permissionName, $mid); |
||
263 | $permHelper->savePermissionForItem($permissionName, $categoryID, $permissionArray); |
||
264 | |||
265 | //setPermissions for Approve items |
||
266 | $permissionGroup = 'groupsModeration'; |
||
267 | $permissionName = 'lexikon_approve'; |
||
268 | $permissionArray = Request::getArray($permissionGroup, ''); |
||
269 | $permissionArray[] = XOOPS_GROUP_ADMIN; |
||
270 | //setPermissions($permissionArray, $permissionGroup, $categoryID, $grouppermHandler, $permissionName, $mid); |
||
271 | $permHelper->savePermissionForItem($permissionName, $categoryID, $permissionArray); |
||
272 | |||
273 | /* |
||
274 | //Form lexikon_view |
||
275 | $arr_lexikon_view = Request::getArray('cat_gperms_read'); |
||
276 | if ($categoryID > 0) { |
||
277 | $sql |
||
278 | = |
||
279 | 'DELETE FROM `' . $GLOBALS['xoopsDB']->prefix('group_permission') . "` WHERE `gperm_name`='lexikon_view' AND `gperm_itemid`=$categoryID;"; |
||
280 | $GLOBALS['xoopsDB']->query($sql); |
||
281 | } |
||
282 | //admin |
||
283 | $gperm = $grouppermHandler->create(); |
||
284 | $gperm->setVar('gperm_groupid', XOOPS_GROUP_ADMIN); |
||
285 | $gperm->setVar('gperm_name', 'lexikon_view'); |
||
286 | $gperm->setVar('gperm_modid', $mid); |
||
287 | $gperm->setVar('gperm_itemid', $categoryID); |
||
288 | $grouppermHandler->insert($gperm); |
||
289 | unset($gperm); |
||
290 | if (is_array($arr_lexikon_view)) { |
||
291 | foreach ($arr_lexikon_view as $key => $cat_groupperm) { |
||
292 | $gperm = $grouppermHandler->create(); |
||
293 | $gperm->setVar('gperm_groupid', $cat_groupperm); |
||
294 | $gperm->setVar('gperm_name', 'lexikon_view'); |
||
295 | $gperm->setVar('gperm_modid', $mid); |
||
296 | $gperm->setVar('gperm_itemid', $categoryID); |
||
297 | $grouppermHandler->insert($gperm); |
||
298 | unset($gperm); |
||
299 | } |
||
300 | } else { |
||
301 | $gperm = $grouppermHandler->create(); |
||
302 | $gperm->setVar('gperm_groupid', $arr_lexikon_view); |
||
303 | $gperm->setVar('gperm_name', 'lexikon_view'); |
||
304 | $gperm->setVar('gperm_modid', $mid); |
||
305 | $gperm->setVar('gperm_itemid', $categoryID); |
||
306 | $grouppermHandler->insert($gperm); |
||
307 | unset($gperm); |
||
308 | } |
||
309 | */ |
||
310 | |||
311 | //=============================================================== |
||
312 | |||
313 | if ($categoriesHandler->insert($categoriesObject)) { |
||
314 | redirect_header('categories.php?op=list', 2, _AM_LEXIKON_FORMOK); |
||
315 | } |
||
316 | |||
317 | echo $categoriesObject->getHtmlErrors(); |
||
318 | $form = $categoriesObject->getForm(); |
||
319 | $form->display(); |
||
320 | break; |
||
321 | case 'edit': |
||
322 | $adminObject->addItemButton(_AM_LEXIKON_ADD_CATEGORIES, 'categories.php?op=new', 'add'); |
||
323 | $adminObject->addItemButton(_AM_LEXIKON_CATEGORIES_LIST, 'categories.php', 'list'); |
||
324 | echo $adminObject->displayButton('left'); |
||
325 | $categoriesObject = $categoriesHandler->get(Request::getString('categoryID', '')); |
||
326 | $form = $categoriesObject->getForm(); |
||
327 | $form->display(); |
||
328 | break; |
||
329 | case 'delete': |
||
330 | $categoriesObject = $categoriesHandler->get(Request::getString('categoryID', '')); |
||
331 | if (1 == Request::getInt('ok', 0)) { |
||
332 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
333 | redirect_header('categories.php', 3, implode(', ', $GLOBALS['xoopsSecurity']->getErrors())); |
||
334 | } |
||
335 | if ($categoriesHandler->delete($categoriesObject)) { |
||
336 | redirect_header('categories.php', 3, _AM_LEXIKON_FORMDELOK); |
||
337 | } else { |
||
338 | echo $categoriesObject->getHtmlErrors(); |
||
339 | } |
||
340 | } else { |
||
341 | xoops_confirm(['ok' => 1, 'categoryID' => Request::getString('categoryID', ''), 'op' => 'delete'], Request::getCmd('REQUEST_URI', '', 'SERVER'), sprintf(_AM_LEXIKON_FORMSUREDEL, $categoriesObject->getVar('categoryID'))); |
||
342 | } |
||
343 | break; |
||
344 | case 'clone': |
||
345 | |||
346 | $id_field = Request::getString('categoryID', ''); |
||
347 | |||
348 | if (Utility::cloneRecord('lxcategories', 'categoryID', $id_field)) { |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
349 | redirect_header('categories.php', 3, _AM_LEXIKON_CLONED_OK); |
||
350 | } else { |
||
351 | redirect_header('categories.php', 3, _AM_LEXIKON_CLONED_FAILED); |
||
352 | } |
||
353 | |||
354 | break; |
||
355 | } |
||
356 | require_once __DIR__ . '/admin_footer.php'; |
||
357 |