This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | /** |
||||
3 | * Module: Lexikon - glossary module |
||||
4 | * Author: hsalazar |
||||
5 | * Modifs: Yerres |
||||
6 | * Licence: GNU |
||||
7 | */ |
||||
8 | |||||
9 | use Xmf\Module\Admin; |
||||
10 | use Xmf\Request; |
||||
11 | //use XoopsModules\Tag; |
||||
12 | use XoopsModules\Lexikon\{ |
||||
13 | Helper, |
||||
14 | Utility, |
||||
15 | LexikonTree |
||||
16 | }; |
||||
17 | /** @var Helper $helper */ |
||||
18 | |||||
19 | require_once __DIR__ . '/admin_header.php'; |
||||
20 | $myts = \MyTextSanitizer::getInstance(); |
||||
21 | |||||
22 | $helper = Helper::getInstance(); |
||||
23 | |||||
24 | xoops_cp_header(); |
||||
25 | $adminObject = Admin::getInstance(); |
||||
26 | $adminObject->displayNavigation(basename(__FILE__)); |
||||
27 | $adminObject->addItemButton(_AM_LEXIKON_CREATEENTRY, 'entry.php?op=add', 'add'); |
||||
28 | $adminObject->displayButton('left'); |
||||
29 | |||||
30 | $op = ''; |
||||
31 | error_reporting(E_ALL); |
||||
32 | error_reporting(E_ERROR | E_WARNING | E_PARSE); |
||||
33 | /* -- Available operations -- */ |
||||
34 | /** |
||||
35 | * |
||||
36 | */ |
||||
37 | function entryDefault() |
||||
38 | { |
||||
39 | global $xoopsUser, $xoopsConfig, $xoopsDB, $xoopsModule, $entryID, $pathIcon16; |
||||
40 | $helper = Helper::getInstance(); |
||||
41 | require_once XOOPS_ROOT_PATH . '/class/xoopslists.php'; |
||||
42 | require_once XOOPS_ROOT_PATH . '/class/pagenav.php'; |
||||
43 | xoops_load('XoopsUserUtility'); |
||||
44 | // lx_adminMenu(2, _AM_LEXIKON_ENTRIES); |
||||
45 | |||||
46 | $startentry = \Xmf\Request::getInt('startentry', 0, 'GET'); |
||||
47 | $startcat = \Xmf\Request::getInt('startcat', 0, 'GET'); |
||||
0 ignored issues
–
show
Unused Code
introduced
by
Loading history...
|
|||||
48 | $startsub = \Xmf\Request::getInt('startsub', 0, 'GET'); |
||||
0 ignored issues
–
show
|
|||||
49 | $datesub = \Xmf\Request::getInt('datesub', 0, 'GET'); |
||||
0 ignored issues
–
show
|
|||||
50 | |||||
51 | $myts = \MyTextSanitizer::getInstance(); |
||||
0 ignored issues
–
show
|
|||||
52 | |||||
53 | $result01 = $xoopsDB->query( |
||||
54 | 'SELECT COUNT(*) |
||||
55 | FROM ' . $xoopsDB->prefix('lxcategories') . ' ' |
||||
56 | ); |
||||
57 | [$totalcategories] = $xoopsDB->fetchRow($result01); |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
58 | |||||
59 | $result02 = $xoopsDB->query( |
||||
60 | 'SELECT COUNT(*) |
||||
61 | FROM ' . $xoopsDB->prefix('lxentries') . ' |
||||
62 | WHERE submit = 0' |
||||
63 | ); |
||||
64 | [$totalpublished] = $xoopsDB->fetchRow($result02); |
||||
65 | |||||
66 | $result03 = $xoopsDB->query( |
||||
67 | 'SELECT COUNT(*) |
||||
68 | FROM ' . $xoopsDB->prefix('lxentries') . " |
||||
69 | WHERE submit = '1' AND request = '0' " |
||||
70 | ); |
||||
71 | [$totalsubmitted] = $xoopsDB->fetchRow($result03); |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
72 | |||||
73 | $result04 = $xoopsDB->query( |
||||
74 | 'SELECT COUNT(*) |
||||
75 | FROM ' . $xoopsDB->prefix('lxentries') . " |
||||
76 | WHERE submit = '1' AND request = '1' " |
||||
77 | ); |
||||
78 | [$totalrequested] = $xoopsDB->fetchRow($result04); |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
79 | |||||
80 | /** |
||||
81 | * Code to show existing terms |
||||
82 | **/ |
||||
83 | |||||
84 | // create existing terms table |
||||
85 | $resultA1 = $xoopsDB->query( |
||||
86 | 'SELECT COUNT(*) |
||||
87 | FROM ' . $xoopsDB->prefix('lxentries') . ' |
||||
88 | WHERE submit = 0' |
||||
89 | ); |
||||
90 | [$numrows] = $xoopsDB->fetchRow($resultA1); |
||||
91 | |||||
92 | $sql = 'SELECT entryID, categoryID, term, uid, datesub, offline |
||||
93 | FROM ' . $xoopsDB->prefix('lxentries') . ' |
||||
94 | WHERE submit = 0 |
||||
95 | ORDER BY entryID DESC'; |
||||
96 | $resultA2 = $xoopsDB->query($sql, $helper->getConfig('perpage'), $startentry); |
||||
97 | $result = $xoopsDB->query($sql, $helper->getConfig('perpage')); |
||||
0 ignored issues
–
show
|
|||||
98 | |||||
99 | echo " <table class='outer' width='100%' border='0'> |
||||
100 | <tr> |
||||
101 | <td colspan='7' class='odd'> |
||||
102 | <strong>" . _AM_LEXIKON_SHOWENTRIES . ' (' . $totalpublished . ')' . '</strong></td></tr>'; |
||||
103 | echo '<tr>'; |
||||
104 | |||||
105 | echo "<th style='width:40px; text-align:center;'>" . _AM_LEXIKON_ENTRYID . '</td>'; |
||||
106 | if (1 == $helper->getConfig('multicats')) { |
||||
107 | echo "<th style='width:20%; text-align:center;'>" . _AM_LEXIKON_ENTRYCATNAME . '</td>'; |
||||
108 | } |
||||
109 | echo "<th style='width:*; text-align:center;'>" . _AM_LEXIKON_ENTRYTERM . "</td> |
||||
110 | <th style='width:90px; text-align:center;'>" . _AM_LEXIKON_SUBMITTER . "</td> |
||||
111 | <th style='width:90px; text-align:center;'>" . _AM_LEXIKON_ENTRYCREATED . "</td> |
||||
112 | <th style='width:30px; text-align:center;'>" . _AM_LEXIKON_STATUS . "</td> |
||||
113 | <th style='width:60px; text-align:center;'>" . _AM_LEXIKON_ACTION . '</td> |
||||
114 | </tr>'; |
||||
115 | $class = 'odd'; |
||||
116 | if ($numrows > 0) { |
||||
117 | // That is, if there ARE entries in the system |
||||
118 | |||||
119 | while (list($entryID, $categoryID, $term, $uid, $created, $offline) = $xoopsDB->fetchRow($resultA2)) { |
||||
120 | $resultA3 = $xoopsDB->query( |
||||
121 | 'SELECT name |
||||
122 | FROM ' . $xoopsDB->prefix('lxcategories') . " |
||||
123 | WHERE categoryID = '$categoryID'" |
||||
124 | ); |
||||
125 | [$name] = $xoopsDB->fetchRow($resultA3); |
||||
126 | |||||
127 | $sentby = \XoopsUserUtility::getUnameFromId($uid); |
||||
128 | $catname = htmlspecialchars($name, ENT_QUOTES | ENT_HTML5); |
||||
129 | $term = htmlspecialchars($term, ENT_QUOTES | ENT_HTML5); |
||||
130 | $created = formatTimestamp($created, 's'); |
||||
131 | $modify = "<a href='entry.php?op=mod&entryID=" . $entryID . "'><img src=" . $pathIcon16 . "/edit.png alt='" . _AM_LEXIKON_EDITENTRY . "'></a>"; |
||||
132 | $delete = "<a href='entry.php?op=del&entryID=" . $entryID . "'><img src=" . $pathIcon16 . "/delete.png alt='" . _AM_LEXIKON_DELETEENTRY . "'></a>"; |
||||
133 | |||||
134 | if (0 == $offline) { |
||||
135 | $status = '<img src=' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/assets/images/icon/on.gif alt='" . _AM_LEXIKON_ENTRYISON . "'>"; |
||||
136 | } else { |
||||
137 | $status = '<img src=' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/assets/images/icon/off.gif alt='" . _AM_LEXIKON_ENTRYISOFF . "'>"; |
||||
138 | } |
||||
139 | echo "<div><tr class='" . $class . "'>"; |
||||
140 | $class = ('even' === $class) ? 'odd' : 'even'; |
||||
141 | |||||
142 | echo "<td align='center'>" . $entryID . '</td>'; |
||||
143 | |||||
144 | if (1 == $helper->getConfig('multicats')) { |
||||
145 | echo "<td class='odd' style='text-align:left;'>" . $catname . '</td>'; |
||||
146 | } |
||||
147 | echo "<td class='odd' style='text-align:left;'><a href='../entry.php?entryID=" . $entryID . "'>" . $term . "</a></td> |
||||
148 | <td class='odd' style='text-align:center;'>" . $sentby . "</td> |
||||
149 | <td class='odd' style='text-align:center;'>" . $created . "</td> |
||||
150 | <td class='odd' style='text-align:center;'>" . $status . "</td> |
||||
151 | <td class='even' style='text-align:center;'>" . $modify . '-' . $delete . '</td> |
||||
152 | </tr></div>'; |
||||
153 | } |
||||
154 | } else { // that is, $numrows = 0, there's no entries yet |
||||
155 | echo '<div><tr>'; |
||||
156 | echo "<td class='odd' align='center' colspan= '7'>" . _AM_LEXIKON_NOTERMS . '</td>'; |
||||
157 | echo '</tr></div>'; |
||||
158 | } |
||||
159 | echo "</table>\n"; |
||||
160 | $pagenav = new \XoopsPageNav($numrows, $helper->getConfig('perpage'), $startentry, 'startentry'); |
||||
161 | echo '<div style="text-align:right;">' . $pagenav->renderNav(8) . '</div>'; |
||||
162 | echo "<br>\n"; |
||||
163 | echo '</div>'; |
||||
164 | } |
||||
165 | |||||
166 | // -- Edit function -- |
||||
167 | /** |
||||
168 | * @param string $entryID |
||||
169 | */ |
||||
170 | function entryEdit($entryID = '') |
||||
171 | { |
||||
172 | global $xoopsUser, $xoopsConfig, $xoopsDB, $xoopsModule, $init; |
||||
173 | $helper = Helper::getInstance(); |
||||
174 | |||||
175 | $myts = \MyTextSanitizer::getInstance(); |
||||
0 ignored issues
–
show
|
|||||
176 | $utility = new Utility(); |
||||
177 | /** |
||||
178 | * Clear all variables before we start |
||||
179 | */ |
||||
180 | if (!isset($block)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
181 | $block = 1; |
||||
182 | } |
||||
183 | if (!isset($html)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
184 | $html = 1; |
||||
185 | } |
||||
186 | if (!isset($smiley)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
187 | $smiley = 1; |
||||
188 | } |
||||
189 | if (!isset($xcodes)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
190 | $xcodes = 1; |
||||
191 | } |
||||
192 | if (!isset($breaks)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
193 | $breaks = 1; |
||||
194 | } |
||||
195 | if (!isset($offline)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
196 | $offline = 0; |
||||
197 | } |
||||
198 | if (!isset($submit)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
199 | $submit = 0; |
||||
200 | } |
||||
201 | if (!isset($request)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
202 | $request = 0; |
||||
0 ignored issues
–
show
|
|||||
203 | } |
||||
204 | if (!isset($notifypub)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
205 | $notifypub = 1; |
||||
206 | } |
||||
207 | if (!isset($categoryID)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
208 | $categoryID = 1; |
||||
209 | } |
||||
210 | if (!isset($term)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
211 | $term = ''; |
||||
212 | } |
||||
213 | if (!isset($init)) { |
||||
214 | $init = ''; |
||||
215 | } |
||||
216 | if (!isset($definition)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
217 | $definition = _AM_LEXIKON_WRITEHERE; |
||||
218 | } |
||||
219 | if (!isset($ref)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
220 | $ref = ''; |
||||
221 | } |
||||
222 | if (!isset($url)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
223 | $url = ''; |
||||
224 | } |
||||
225 | if (!isset($datesub)) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
226 | $datesub = 0; |
||||
0 ignored issues
–
show
|
|||||
227 | } |
||||
228 | |||||
229 | // If there is a parameter, and the id exists, retrieve data: we're editing an entry |
||||
230 | if ($entryID) { |
||||
231 | $result = $xoopsDB->query( |
||||
232 | ' |
||||
233 | SELECT categoryID, term, init, definition, ref, url, uid, submit, datesub, html, smiley, xcodes, breaks, block, offline, notifypub, request |
||||
234 | FROM ' . $xoopsDB->prefix('lxentries') . " |
||||
235 | WHERE entryID = '$entryID'" |
||||
236 | ); |
||||
237 | [$categoryID, $term, $init, $definition, $ref, $url, $uid, $submit, $datesub, $html, $smiley, $xcodes, $breaks, $block, $offline, $notifypub, $request] = $xoopsDB->fetchRow($result); |
||||
238 | |||||
239 | if (!$xoopsDB->getRowsNum($result)) { |
||||
240 | redirect_header('index.php', 1, _AM_LEXIKON_NOENTRYTOEDIT); |
||||
241 | } |
||||
242 | $term = (htmlspecialchars($term, ENT_QUOTES | ENT_HTML5)); |
||||
243 | |||||
244 | echo "<strong style='color: #2F5376; margin-top:6px; font-size:medium'>" . _AM_LEXIKON_ADMINENTRYMNGMT . '</strong>'; |
||||
245 | $sform = new \XoopsThemeForm(_AM_LEXIKON_MODENTRY . ": $term", 'op', xoops_getenv('SCRIPT_NAME'), 'post', true); |
||||
246 | } else { // there's no parameter, so we're adding an entry |
||||
247 | $result01 = $xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('lxcategories') . ' '); |
||||
248 | [$totalcats] = $xoopsDB->fetchRow($result01); |
||||
249 | if (0 == $totalcats && 1 == $helper->getConfig('multicats')) { |
||||
250 | redirect_header('index.php', 1, _AM_LEXIKON_NEEDONECOLUMN); |
||||
251 | } |
||||
252 | $uid = $xoopsUser->getVar('uid'); |
||||
253 | echo "<strong style='color: #2F5376; margin-top:6px; font-size:medium'>" . _AM_LEXIKON_ADMINENTRYMNGMT . '</strong>'; |
||||
254 | $sform = new \XoopsThemeForm(_AM_LEXIKON_NEWENTRY, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true); |
||||
255 | } |
||||
256 | |||||
257 | $sform->setExtra('enctype="multipart/form-data"'); |
||||
258 | // Category selector |
||||
259 | if (1 == $helper->getConfig('multicats')) { |
||||
260 | $mytree = new LexikonTree($xoopsDB->prefix('lxcategories'), 'categoryID', '0'); |
||||
261 | $categoryselect = new \XoopsFormSelect(_AM_LEXIKON_CATNAME, 'categoryID', $categoryID); |
||||
262 | $tbl = []; |
||||
0 ignored issues
–
show
|
|||||
263 | $tbl = $mytree->getChildTreeArray(0, 'name'); |
||||
264 | foreach ($tbl as $oneline) { |
||||
265 | if ('.' === $oneline['prefix']) { |
||||
266 | $oneline['prefix'] = ''; |
||||
267 | } |
||||
268 | $oneline['prefix'] = str_replace('.', '-', $oneline['prefix']); |
||||
269 | $categoryselect->addOption($oneline['categoryID'], $oneline['prefix'] . ' ' . $oneline['name']); |
||||
270 | } |
||||
271 | $sform->addElement($categoryselect, true); |
||||
272 | } |
||||
273 | |||||
274 | // Author selector |
||||
275 | ob_start(); |
||||
276 | $utility::getUserForm((int)$uid); |
||||
277 | $sform->addElement(new \XoopsFormLabel(_AM_LEXIKON_AUTHOR, ob_get_clean())); |
||||
278 | |||||
279 | // Initial selector |
||||
280 | ob_start(); |
||||
281 | lx_getinit((int)$init); |
||||
282 | $sform->addElement(new \XoopsFormLabel(_AM_LEXIKON_INIT, ob_get_clean())); |
||||
283 | |||||
284 | // Term, definition, reference and related URL |
||||
285 | $sform->addElement(new \XoopsFormText(_AM_LEXIKON_ENTRYTERM, 'term', 50, 80, $term), true); |
||||
286 | |||||
287 | // set editor according to the module's option "form_options" |
||||
288 | $editor = $utility::getWysiwygForm(_AM_LEXIKON_ENTRYDEF, 'definition', $definition, 15, 60); |
||||
289 | if (_MD_LEXIKON_WRITEHERE == $definition) { |
||||
290 | $editor->setExtra('onfocus="this.select()"'); |
||||
291 | } |
||||
292 | $sform->addElement($editor, true); |
||||
293 | unset($editor); |
||||
294 | |||||
295 | $sform->addElement(new \XoopsFormTextArea(_AM_LEXIKON_ENTRYREFERENCE, 'ref', $ref, 5, 60), false); |
||||
296 | $sform->addElement(new \XoopsFormText(_AM_LEXIKON_ENTRYURL, 'url', 50, 80, $url), false); |
||||
297 | |||||
298 | // tags of this term - for module 'Tag' |
||||
299 | /** @var \XoopsModuleHandler $moduleHandler */ |
||||
300 | $moduleHandler = xoops_getHandler('module'); |
||||
301 | $tagsModule = $moduleHandler->getByDirname('tag'); |
||||
0 ignored issues
–
show
|
|||||
302 | // if (is_object($tagsModule)) { |
||||
303 | // require_once XOOPS_ROOT_PATH . '/modules/tag/include/formtag.php'; |
||||
304 | // $sform->addElement(new \TagFormTag('item_tag', 60, 255, $entryID, $catid = 0)); |
||||
305 | // } |
||||
306 | |||||
307 | // if (class_exists('TagFormTag')) { |
||||
308 | // $formobj['tags'] = new FormTag('tags', 60, 255, $xcontent['xcontent']->getVar('storyid'), $xcontent['xcontent']->getVar('catid')); |
||||
309 | // } else { |
||||
310 | // $formobj['tags'] = new \XoopsFormHidden('tags', $xcontent['xcontent']->getVar('tags')); |
||||
311 | // } |
||||
312 | |||||
313 | |||||
314 | // Code to take entry offline, for maintenance purposes |
||||
315 | $offline_radio = new \XoopsFormRadioYN(_AM_LEXIKON_SWITCHOFFLINE, 'offline', $offline, ' ' . _AM_LEXIKON_YES . '', ' ' . _AM_LEXIKON_NO . ''); |
||||
316 | $sform->addElement($offline_radio); |
||||
317 | |||||
318 | // Code to put entry in block |
||||
319 | $block_radio = new \XoopsFormRadioYN(_AM_LEXIKON_BLOCK, 'block', $block, ' ' . _AM_LEXIKON_YES . '', ' ' . _AM_LEXIKON_NO . ''); |
||||
320 | $sform->addElement($block_radio); |
||||
321 | |||||
322 | // VARIOUS OPTIONS |
||||
323 | $options_tray = new \XoopsFormElementTray(_AM_LEXIKON_OPTIONS, '<br>'); |
||||
324 | if ($submit) { |
||||
325 | $notify_checkbox = new \XoopsFormCheckBox('', 'notifypub', $notifypub); |
||||
326 | $notify_checkbox->addOption(1, _AM_LEXIKON_NOTIFYPUBLISH); |
||||
327 | $options_tray->addElement($notify_checkbox); |
||||
328 | } else { |
||||
329 | $notifypub = 0; |
||||
0 ignored issues
–
show
|
|||||
330 | } |
||||
331 | $html_checkbox = new \XoopsFormCheckBox('', 'html', $html); |
||||
332 | $html_checkbox->addOption(1, _AM_LEXIKON_DOHTML); |
||||
333 | $options_tray->addElement($html_checkbox); |
||||
334 | |||||
335 | $smiley_checkbox = new \XoopsFormCheckBox('', 'smiley', $smiley); |
||||
336 | $smiley_checkbox->addOption(1, _AM_LEXIKON_DOSMILEY); |
||||
337 | $options_tray->addElement($smiley_checkbox); |
||||
338 | |||||
339 | $xcodes_checkbox = new \XoopsFormCheckBox('', 'xcodes', $xcodes); |
||||
340 | $xcodes_checkbox->addOption(1, _AM_LEXIKON_DOXCODE); |
||||
341 | $options_tray->addElement($xcodes_checkbox); |
||||
342 | |||||
343 | $breaks_checkbox = new \XoopsFormCheckBox('', 'breaks', $breaks); |
||||
344 | $breaks_checkbox->addOption(1, _AM_LEXIKON_BREAKS); |
||||
345 | $options_tray->addElement($breaks_checkbox); |
||||
346 | |||||
347 | $sform->addElement($options_tray); |
||||
348 | |||||
349 | $sform->addElement(new \XoopsFormHidden('entryID', $entryID)); |
||||
350 | |||||
351 | $buttonTray = new \XoopsFormElementTray('', ''); |
||||
352 | $hidden = new \XoopsFormHidden('op', 'addentry'); |
||||
353 | $buttonTray->addElement($hidden); |
||||
354 | |||||
355 | if (!$entryID) { // there's no entryID? Then it's a new entry |
||||
356 | $butt_create = new \XoopsFormButton('', '', _AM_LEXIKON_CREATE, 'submit'); |
||||
357 | $butt_create->setExtra('onclick="this.form.elements.op.value=\'addentry\'"'); |
||||
358 | $buttonTray->addElement($butt_create); |
||||
359 | |||||
360 | $butt_clear = new \XoopsFormButton('', '', _AM_LEXIKON_CLEAR, 'reset'); |
||||
361 | $buttonTray->addElement($butt_clear); |
||||
362 | |||||
363 | $butt_cancel = new \XoopsFormButton('', '', _AM_LEXIKON_CANCEL, 'button'); |
||||
364 | $butt_cancel->setExtra('onclick="history.go(-1)"'); |
||||
365 | $buttonTray->addElement($butt_cancel); |
||||
366 | } else { // else, we're editing an existing entry |
||||
367 | $butt_create = new \XoopsFormButton('', '', _AM_LEXIKON_MODIFY, 'submit'); |
||||
368 | $butt_create->setExtra('onclick="this.form.elements.op.value=\'addentry\'"'); |
||||
369 | $buttonTray->addElement($butt_create); |
||||
370 | |||||
371 | $butt_cancel = new \XoopsFormButton('', '', _AM_LEXIKON_CANCEL, 'button'); |
||||
372 | $butt_cancel->setExtra('onclick="history.go(-1)"'); |
||||
373 | $buttonTray->addElement($butt_cancel); |
||||
374 | } |
||||
375 | |||||
376 | $sform->addElement($buttonTray); |
||||
377 | $sform->display(); |
||||
378 | unset($hidden); |
||||
379 | } |
||||
380 | |||||
381 | /* Save */ |
||||
382 | /** |
||||
383 | * @param string $entryID |
||||
384 | */ |
||||
385 | function entrySave($entryID = '') |
||||
0 ignored issues
–
show
The parameter
$entryID is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||
386 | { |
||||
387 | global $xoopsUser, $xoopsConfig, $xoopsModule, $xoopsDB; |
||||
388 | $helper = Helper::getInstance(); |
||||
389 | $utility = new Utility(); |
||||
390 | $myts = \MyTextSanitizer::getInstance(); |
||||
391 | $entryID = \Xmf\Request::getInt('entryID', \Xmf\Request::getInt('entryID', 0, 'GET'), 'POST'); |
||||
392 | if (1 == $helper->getConfig('multicats')) { |
||||
393 | $categoryID = Request::getInt('categoryID', 0); |
||||
394 | } else { |
||||
395 | $categoryID = 1; |
||||
396 | } |
||||
397 | $block = \Xmf\Request::getInt('block', \Xmf\Request::getInt('block', 0, 'GET'), 'POST'); |
||||
398 | $breaks = \Xmf\Request::getInt('breaks', \Xmf\Request::getInt('breaks', 0, 'GET'), 'POST'); |
||||
399 | |||||
400 | $html = \Xmf\Request::getInt('html', \Xmf\Request::getInt('html', 0, 'GET'), 'POST'); |
||||
401 | $smiley = \Xmf\Request::getInt('smiley', \Xmf\Request::getInt('smiley', 0, 'GET'), 'POST'); |
||||
402 | $xcodes = \Xmf\Request::getInt('xcodes', \Xmf\Request::getInt('xcodes', 0, 'GET'), 'POST'); |
||||
403 | $offline = \Xmf\Request::getInt('offline', \Xmf\Request::getInt('offline', 0, 'GET'), 'POST'); |
||||
404 | $term = $myts->addSlashes(xoops_trim($_POST['term'])); |
||||
405 | // LionHell pour initiale automatique |
||||
406 | $init = mb_substr($term, 0, 1); |
||||
407 | $init = preg_match('/[a-zA-Zа-яА-Я0-9]/', $init) ? mb_strtoupper($init) : '#'; |
||||
408 | // Fin LionHell |
||||
409 | |||||
410 | $definition = $myts->xoopsCodeDecode($myts->censorString($_POST['definition']), $allowimage = 1); |
||||
0 ignored issues
–
show
The function
MyTextSanitizer::censorString() has been deprecated.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
411 | $ref = isset($_POST['ref']) ? $myts->addSlashes($myts->censorString($_POST['ref'])) : ''; |
||||
0 ignored issues
–
show
The function
MyTextSanitizer::censorString() has been deprecated.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
412 | $url = isset($_POST['url']) ? $myts->addSlashes($_POST['url']) : ''; |
||||
413 | |||||
414 | $date = time(); |
||||
415 | $submit = 0; |
||||
416 | $notifypub = \Xmf\Request::getInt('notifypub', \Xmf\Request::getInt('notifypub', 0, 'GET'), 'POST'); |
||||
417 | $request = 0; |
||||
418 | $uid = \Xmf\Request::getInt('author', $xoopsUser->uid(), 'POST'); |
||||
419 | |||||
420 | //-- module Tag |
||||
421 | /** @var \XoopsModuleHandler $moduleHandler */ |
||||
422 | $moduleHandler = xoops_getHandler('module'); |
||||
0 ignored issues
–
show
|
|||||
423 | // $tagsModule = $moduleHandler->getByDirname('tag'); |
||||
424 | // if (is_object($tagsModule)) { |
||||
425 | // $tagHandler = Tag\Helper::getInstance()->getHandler('Tag'); // xoops_getModuleHandler('tag', 'tag'); |
||||
426 | // $tagHandler->updateByItem($_POST['item_tag'], $entryID, $xoopsModule->getVar('dirname'), $catid = 0); |
||||
427 | // } |
||||
428 | // Save to database |
||||
429 | if (!$entryID) { |
||||
430 | // verify that the term does not exists |
||||
431 | if ($utility::isTermPresent($term, $xoopsDB->prefix('lxentries'))) { |
||||
432 | redirect_header('<script>javascript:history.go(-1)</script>', 2, _AM_LEXIKON_ITEMEXISTS . '<br>' . $term); |
||||
433 | } |
||||
434 | if ($xoopsDB->query( |
||||
435 | 'INSERT INTO ' |
||||
436 | . $xoopsDB->prefix('lxentries') |
||||
437 | . " (entryID, categoryID, term, init, definition, ref, url, uid, submit, datesub, html, smiley, xcodes, breaks, block, offline, notifypub, request ) VALUES (0, '$categoryID', '$term', '$init', '$definition', '$ref', '$url', '$uid', '$submit', '$date', '$html', '$smiley', '$xcodes', '$breaks', '$block', '$offline', '$notifypub', '$request' )" |
||||
438 | )) { |
||||
439 | $newid = $xoopsDB->getInsertId(); |
||||
440 | // Increment author's posts count (only if it's a new definition) |
||||
441 | if (is_object($xoopsUser) && empty($entryID)) { |
||||
442 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
443 | $memberHandler = xoops_getHandler('member'); |
||||
444 | $submitter = $memberHandler->getUser($uid); |
||||
445 | if (is_object($submitter)) { |
||||
446 | $submitter->setVar('posts', $submitter->getVar('posts') + 1); |
||||
447 | $res = $memberHandler->insertUser($submitter, true); |
||||
0 ignored issues
–
show
|
|||||
448 | unset($submitter); |
||||
449 | } |
||||
450 | } |
||||
451 | // trigger Notification only if its a new definition |
||||
452 | if (!empty($helper->getConfig('notification_enabled'))) { |
||||
453 | global $xoopsModule; |
||||
454 | if (0 == $newid) { |
||||
455 | $newid = $xoopsDB->getInsertId(); |
||||
456 | } |
||||
457 | /** @var XoopsNotificationHandler $notificationHandler */ |
||||
458 | $notificationHandler = xoops_getHandler('notification'); |
||||
459 | $tags = []; |
||||
460 | $shortdefinition = htmlspecialchars(xoops_substr(strip_tags($definition), 0, 45), ENT_QUOTES | ENT_HTML5); |
||||
461 | $tags['ITEM_NAME'] = $term; |
||||
462 | $tags['ITEM_BODY'] = $shortdefinition; |
||||
463 | $tags['DATESUB'] = formatTimestamp($date, 'd M Y'); |
||||
464 | $tags['ITEM_URL'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/entry.php?entryID=' . $newid; |
||||
465 | $sql = 'SELECT name FROM ' . $xoopsDB->prefix('lxcategories') . ' WHERE categoryID=' . $categoryID; |
||||
466 | $result = $xoopsDB->query($sql); |
||||
467 | $row = $xoopsDB->fetchArray($result); |
||||
468 | $tags['CATEGORY_NAME'] = $row['name']; |
||||
469 | $tags['CATEGORY_URL'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/category.php?categoryID=' . $categoryID; |
||||
470 | $notificationHandler->triggerEvent('global', 0, 'new_post', $tags); |
||||
471 | $notificationHandler->triggerEvent('category', $categoryID, 'new_post', $tags); |
||||
472 | } |
||||
473 | $utility::calculateTotals(); |
||||
474 | redirect_header('entry.php', 1, _AM_LEXIKON_ENTRYCREATEDOK); |
||||
475 | } else { |
||||
476 | redirect_header('index.php', 1, _AM_LEXIKON_ENTRYNOTCREATED); |
||||
477 | } |
||||
478 | } else { // That is, $entryID exists, thus we're editing an entry |
||||
479 | if ($xoopsDB->query( |
||||
480 | 'UPDATE ' |
||||
481 | . $xoopsDB->prefix('lxentries') |
||||
482 | . " SET term = '$term', categoryID = '$categoryID', init = '$init', definition = '$definition', ref = '$ref', url = '$url', uid = '$uid', submit = '$submit', datesub = '$date', html = '$html', smiley = '$smiley', xcodes = '$xcodes', breaks = '$breaks', block = '$block', offline = '$offline', notifypub = '$notifypub', request = '$request' WHERE entryID = '$entryID'" |
||||
483 | )) { |
||||
484 | // trigger Notification only if its a new submission |
||||
485 | if (!empty($helper->getConfig('notification_enabled'))) { |
||||
486 | global $xoopsModule; |
||||
487 | /** @var \XoopsNotificationHandler $notificationHandler */ |
||||
488 | $notificationHandler = xoops_getHandler('notification'); |
||||
489 | $tags = []; |
||||
490 | $shortdefinition = htmlspecialchars(xoops_substr(strip_tags($definition), 0, 45), ENT_QUOTES | ENT_HTML5); |
||||
491 | $tags['ITEM_NAME'] = $term; |
||||
492 | $tags['ITEM_BODY'] = $shortdefinition; |
||||
493 | $tags['DATESUB'] = formatTimestamp($date, 'd M Y'); |
||||
494 | $tags['ITEM_URL'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/entry.php?entryID=' . $entryID; |
||||
495 | $sql = 'SELECT name FROM ' . $xoopsDB->prefix('lxcategories') . ' WHERE categoryID=' . $categoryID; |
||||
496 | $result = $xoopsDB->query($sql); |
||||
497 | $row = $xoopsDB->fetchArray($result); |
||||
498 | $tags['CATEGORY_NAME'] = $row['name']; |
||||
499 | $tags['CATEGORY_URL'] = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/category.php?categoryID=' . $categoryID; |
||||
500 | $notificationHandler->triggerEvent('global', 0, 'new_post', $tags); |
||||
501 | $notificationHandler->triggerEvent('category', $categoryID, 'new_post', $tags); |
||||
502 | $notificationHandler->triggerEvent('term', $entryID, 'approve', $tags); |
||||
503 | } |
||||
504 | |||||
505 | $utility::calculateTotals(); |
||||
506 | if ('0' == $notifypub) { |
||||
507 | redirect_header('entry.php', 1, _AM_LEXIKON_ENTRYMODIFIED); |
||||
508 | } else { |
||||
509 | $user = new \XoopsUser($uid); |
||||
0 ignored issues
–
show
$uid of type integer is incompatible with the type array|null expected by parameter $id of XoopsUser::__construct() .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
510 | $userMessage = sprintf(_MD_LEXIKON_GOODDAY2, $user->getVar('uname')); |
||||
0 ignored issues
–
show
It seems like
$user->getVar('uname') can also be of type array and array ; however, parameter $values of sprintf() does only seem to accept double|integer|string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
511 | $userMessage .= "\n\n"; |
||||
512 | if ('1' == $request) { |
||||
513 | $userMessage .= sprintf(_MD_LEXIKON_CONFREQ, $xoopsConfig['sitename']); |
||||
514 | } else { |
||||
515 | $userMessage .= sprintf(_MD_LEXIKON_CONFSUB); |
||||
516 | } |
||||
517 | $userMessage .= "\n"; |
||||
518 | $userMessage .= sprintf(_MD_LEXIKON_APPROVED, $xoopsConfig['sitename']); |
||||
519 | $userMessage .= "\n\n"; |
||||
520 | $userMessage .= sprintf(_MD_LEXIKON_REGARDS); |
||||
521 | $userMessage .= "\n"; |
||||
522 | $userMessage .= "__________________\n"; |
||||
523 | $userMessage .= '' . $xoopsConfig['sitename'] . ' ' . _MD_LEXIKON_WEBMASTER . "\n"; |
||||
524 | $userMessage .= '' . $xoopsConfig['adminmail'] . ''; |
||||
525 | $xoopsMailer = xoops_getMailer(); |
||||
526 | $xoopsMailer->useMail(); |
||||
527 | $xoopsMailer->setToEmails($user->getVar('email')); |
||||
528 | $xoopsMailer->setFromEmail($xoopsConfig['adminmail']); |
||||
529 | $xoopsMailer->setFromName($xoopsConfig['sitename'] . ' - ' . $xoopsModule->name()); |
||||
530 | if ('1' == $request) { |
||||
531 | $conf_subject = sprintf(_MD_LEXIKON_SUBJECTREQ, $xoopsConfig['sitename']); |
||||
532 | } else { |
||||
533 | $conf_subject = sprintf(_MD_LEXIKON_SUBJECTSUB, $xoopsConfig['sitename']); |
||||
534 | } |
||||
535 | $xoopsMailer->setSubject($conf_subject); |
||||
536 | $xoopsMailer->setBody($userMessage); |
||||
537 | $xoopsMailer->send(); |
||||
538 | $messagesent = sprintf(_AM_LEXIKON_SENTCONFIRMMAIL, $user->getVar('uname')); |
||||
539 | |||||
540 | redirect_header('entry.php', 1, $messagesent); |
||||
541 | } |
||||
542 | redirect_header('entry.php', 1, _AM_LEXIKON_ENTRYMODIFIED); |
||||
543 | } else { |
||||
544 | redirect_header('index.php', 1, _AM_LEXIKON_ENTRYNOTUPDATED); |
||||
545 | } |
||||
546 | } |
||||
547 | } |
||||
548 | |||||
549 | /** |
||||
550 | * @param string $entryID |
||||
551 | */ |
||||
552 | function entryDelete($entryID = '') |
||||
0 ignored issues
–
show
The parameter
$entryID is not used and could be removed.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.
Loading history...
|
|||||
553 | { |
||||
554 | global $xoopsDB, $xoopsModule; |
||||
555 | $entryID = \Xmf\Request::getInt('entryID', \Xmf\Request::getInt('entryID', 0, 'GET'), 'POST'); |
||||
556 | $ok = \Xmf\Request::getInt('ok', 0, 'POST'); |
||||
557 | $result = $xoopsDB->query('SELECT entryID, term, uid FROM ' . $xoopsDB->prefix('lxentries') . " WHERE entryID = $entryID"); |
||||
558 | [$entryID, $term, $uid] = $xoopsDB->fetchRow($result); |
||||
559 | |||||
560 | // confirmed, so delete |
||||
561 | if (1 == $ok) { |
||||
562 | $result = $xoopsDB->query('DELETE FROM ' . $xoopsDB->prefix('lxentries') . " WHERE entryID = $entryID"); |
||||
0 ignored issues
–
show
|
|||||
563 | xoops_comment_delete($xoopsModule->getVar('mid'), $entryID); |
||||
564 | // delete notifications |
||||
565 | xoops_notification_deletebyitem($xoopsModule->getVar('mid'), 'term', $entryID); |
||||
566 | // update user posts |
||||
567 | if (!empty($uid)) { |
||||
568 | $submitter = new \XoopsUser($uid); |
||||
569 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
570 | $memberHandler = xoops_getHandler('member'); |
||||
571 | $memberHandler->updateUserByField($submitter, 'posts', $submitter->getVar('posts') - 1); |
||||
572 | } |
||||
573 | redirect_header('entry.php', 1, sprintf(_AM_LEXIKON_ENTRYISDELETED, $term)); |
||||
574 | } else { |
||||
575 | xoops_confirm(['op' => 'del', 'entryID' => $entryID, 'ok' => 1, 'term' => $term], 'entry.php', _AM_LEXIKON_DELETETHISENTRY . '<br>' . $term, _AM_LEXIKON_DELETE); |
||||
576 | require_once __DIR__ . '/admin_footer.php'; |
||||
577 | } |
||||
578 | exit(); |
||||
0 ignored issues
–
show
|
|||||
579 | } |
||||
580 | |||||
581 | /* -- Available operations -- */ |
||||
582 | $op = 'default'; |
||||
583 | if (\Xmf\Request::hasVar('op', 'POST')) { |
||||
584 | $op = $_POST['op']; |
||||
585 | } else { |
||||
586 | if (\Xmf\Request::hasVar('op', 'GET')) { |
||||
587 | $op = $_GET['op']; |
||||
588 | } |
||||
589 | } |
||||
590 | switch ($op) { |
||||
591 | case 'mod': |
||||
592 | $entryID = \Xmf\Request::getInt('entryID', \Xmf\Request::getInt('entryID', 0, 'POST'), 'GET'); |
||||
593 | entryEdit($entryID); |
||||
594 | break; |
||||
595 | case 'add': |
||||
596 | entryEdit(); |
||||
597 | break; |
||||
598 | case 'addentry': |
||||
599 | entrySave(); |
||||
600 | break; |
||||
601 | case 'del': |
||||
602 | entryDelete(); |
||||
603 | break; |
||||
604 | case 'default': |
||||
605 | default: |
||||
606 | entryDefault(); |
||||
607 | break; |
||||
608 | } |
||||
609 | require_once __DIR__ . '/admin_footer.php'; |
||||
610 |