This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | ////////////////////////////////////////////////////////////////////////////// |
||||
3 | // |
||||
4 | // ------------------------------------------------------------------------ // |
||||
5 | // This program is free software; you can redistribute it and/or modify // |
||||
6 | // it under the terms of the GNU General Public License as published by // |
||||
7 | // the Free Software Foundation; either version 2 of the License, or // |
||||
8 | // (at your option) any later version. // |
||||
9 | // // |
||||
10 | // This program is distributed in the hope that it will be useful, but // |
||||
11 | // WITHOUT ANY WARRANTY; without even the implied warranty of // |
||||
12 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // |
||||
13 | // General Public License for more details. // |
||||
14 | // // |
||||
15 | // You should have received a copy of the GNU General Public License // |
||||
16 | // along with this program; if not, write to the // |
||||
17 | // Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, // |
||||
18 | // MA 02111-1307 USA // |
||||
19 | // ------------------------------------------------------------------------ // |
||||
20 | // code partially from Aiba and rmdp // |
||||
21 | // ------------------------------------------------------------------------ // |
||||
22 | // import script wiwimod -> Lexikon // |
||||
23 | // ------------------------------------------------------------------------ // |
||||
24 | ////////////////////////////////////////////////////////////////////////////// |
||||
25 | |||||
26 | use Xmf\Request; |
||||
27 | |||||
28 | require_once __DIR__ . '/admin_header.php'; |
||||
29 | $op = ''; |
||||
30 | |||||
31 | /**** |
||||
32 | * Available operations |
||||
33 | ****/ |
||||
34 | switch ($op) { |
||||
35 | case 'default': |
||||
36 | default: |
||||
37 | xoops_cp_header(); |
||||
38 | global $xoopsUser, $xoopsConfig, $xoopsDB, $xoopsModuleConfig, $xoopsModule; |
||||
39 | $myts = \MyTextSanitizer::getInstance(); |
||||
40 | } |
||||
41 | |||||
42 | /**** |
||||
43 | * Start Import |
||||
44 | *** |
||||
45 | * @param $msg |
||||
46 | */ |
||||
47 | function showerror($msg) |
||||
48 | { |
||||
49 | global $xoopsDB; |
||||
50 | if ('' != $xoopsDB->error()) { |
||||
51 | echo '<br>' . $msg . ' <br><span style="font-size: xx-small; "> - ' . _AM_LEXIKON_IMPORT_ERROR . ': ' . $xoopsDB->error() . '</span>.'; |
||||
52 | } else { |
||||
53 | echo '<br>' . $msg . '' . _AM_LEXIKON_IMPORT_OK; |
||||
54 | } |
||||
55 | } |
||||
56 | |||||
57 | /** |
||||
58 | * @param $text |
||||
59 | * @return array|string|string[]|null |
||||
60 | */ |
||||
61 | function import2db($text) |
||||
62 | { |
||||
63 | return preg_replace(["/'/i"], ["\'"], $text); |
||||
64 | } |
||||
65 | |||||
66 | /** |
||||
67 | * @param $delete |
||||
68 | */ |
||||
69 | function DefinitionImport($delete) |
||||
0 ignored issues
–
show
|
|||||
70 | { |
||||
71 | global $xoopsUser, $xoopsConfig, $xoopsDB, $xoopsModuleConfig, $xoopsModule, $myts; |
||||
72 | $myts = \MyTextSanitizer::getInstance(); |
||||
73 | |||||
74 | $sqlQuery = $xoopsDB->query('SELECT count(id) AS count FROM ' . $xoopsDB->prefix('wiwimod')); |
||||
75 | [$count] = $xoopsDB->fetchRow($sqlQuery); |
||||
76 | if ($count < 1) { |
||||
77 | redirect_header('import.php', 1, _AM_LEXIKON_MODULEIMPORTEMPTY10); |
||||
78 | } |
||||
79 | |||||
80 | $delete = 0; |
||||
81 | $wiwicounter = 0; |
||||
82 | $errorcounter = 0; |
||||
83 | |||||
84 | if (isset($delete)) { |
||||
85 | $delete = \Xmf\Request::getInt('delete', 0, 'POST'); |
||||
86 | } else { |
||||
87 | if (isset($delete)) { |
||||
88 | $delete = \Xmf\Request::getInt('delete', 0, 'POST'); |
||||
89 | } |
||||
90 | } |
||||
91 | |||||
92 | /**** |
||||
93 | * delete all entries and categories + comments |
||||
94 | ****/ |
||||
95 | |||||
96 | if ($delete) { |
||||
97 | // delete notifications |
||||
98 | xoops_notification_deletebymodule($xoopsModule->getVar('mid')); |
||||
99 | //get all entries |
||||
100 | $result3 = $xoopsDB->query('SELECT entryID FROM ' . $xoopsDB->prefix('lxentries') . ''); |
||||
101 | //delete comments for each entry |
||||
102 | while (list($entryID) = $xoopsDB->fetchRow($result3)) { |
||||
103 | xoops_comment_delete($xoopsModule->getVar('mid'), $entryID); |
||||
104 | } |
||||
105 | $resultC = $xoopsDB->query('SELECT categoryID FROM ' . $xoopsDB->prefix('lxcategories') . ''); |
||||
106 | while (list($categoryID) = $xoopsDB->fetchRow($resultC)) { |
||||
107 | // delete permissions |
||||
108 | xoops_groupperm_deletebymoditem($xoopsModule->getVar('mid'), 'lexikon_view', $categoryID); |
||||
109 | xoops_groupperm_deletebymoditem($xoopsModule->getVar('mid'), 'lexikon_submit', $categoryID); |
||||
110 | xoops_groupperm_deletebymoditem($xoopsModule->getVar('mid'), 'lexikon_approve', $categoryID); |
||||
111 | xoops_groupperm_deletebymoditem($xoopsModule->getVar('mid'), 'lexikon_request', $categoryID); |
||||
112 | } |
||||
113 | // delete everything |
||||
114 | $sqlquery1 = $xoopsDB->queryF('TRUNCATE TABLE ' . $xoopsDB->prefix('lxentries')); |
||||
0 ignored issues
–
show
|
|||||
115 | $sqlquery2 = $xoopsDB->queryF('TRUNCATE TABLE ' . $xoopsDB->prefix('lxcategories')); |
||||
0 ignored issues
–
show
|
|||||
116 | } |
||||
117 | |||||
118 | /**** |
||||
119 | * Import ENTRIES |
||||
120 | ****/ |
||||
121 | |||||
122 | $sqlQuery = $xoopsDB->query( |
||||
123 | ' |
||||
124 | SELECT id, title, body, u_id, lastmodified datetime, visible |
||||
125 | FROM ' . $xoopsDB->prefix('wiwimod') |
||||
126 | ); |
||||
127 | |||||
128 | $fecha = time() - 1; |
||||
129 | while (false !== ($sqlfetch = $xoopsDB->fetchArray($sqlQuery))) { |
||||
130 | $wiwi = []; |
||||
131 | $wiwi['id'] = $sqlfetch['id']; |
||||
132 | $wiwi['title'] = $sqlfetch['title']; |
||||
133 | $wiwi['body'] = $myts->addSlashes(import2db($sqlfetch['body'])); |
||||
0 ignored issues
–
show
It seems like
import2db($sqlfetch['body']) can also be of type array and string[] ; however, parameter $text of MyTextSanitizer::addSlashes() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
134 | $wiwi['u_id'] = import2db($sqlfetch['u_id']); |
||||
135 | $wiwi['lastmodified'] = ++$fecha; |
||||
136 | $wiwi['visible'] = $sqlfetch['visible']; |
||||
137 | ++$wiwicounter; |
||||
138 | |||||
139 | if ($delete) { |
||||
140 | $insert = $xoopsDB->queryF( |
||||
141 | ' |
||||
142 | INSERT INTO ' . $xoopsDB->prefix('lxentries') . " (entryID, term, definition, uid, datesub, offline, html) |
||||
143 | VALUES ('" . $wiwi['id'] . "','" . $wiwi['title'] . "','" . $wiwi['body'] . "','" . $wiwi['u_id'] . "','" . $wiwi['lastmodified'] . "','" . $wiwi['visible'] . "','1')" |
||||
144 | ); |
||||
145 | } else { |
||||
146 | $insert = $xoopsDB->queryF( |
||||
147 | ' |
||||
148 | INSERT INTO ' . $xoopsDB->prefix('lxentries') . " (entryID, term, definition, uid, datesub, offline, html) |
||||
149 | VALUES ('','" . $wiwi['title'] . "','" . $wiwi['body'] . "','" . $wiwi['u_id'] . "','" . $wiwi['lastmodified'] . "','" . $wiwi['visible'] . "','1')" |
||||
150 | ); |
||||
151 | } |
||||
152 | if (!$insert) { |
||||
153 | ++$errorcounter; |
||||
154 | showerror('<br>' . _AM_LEXIKON_IMPORT_ERROR_IMPORT_TERM . ': <span style="color:red">ID: ' . $wiwi['id'] . '</span>: ' . $wiwi['title'] . ' ...'); |
||||
155 | } |
||||
156 | // update user posts count |
||||
157 | if ($ret1) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
158 | if ($uid) { |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
159 | /** @var \XoopsMemberHandler $memberHandler */ |
||||
160 | $memberHandler = xoops_getHandler('member'); |
||||
161 | $submitter = $memberHandler->getUser($uid); |
||||
162 | if (is_object($submitter)) { |
||||
163 | $submitter->setVar('posts', $submitter->getVar('posts') + 1); |
||||
164 | $res = $memberHandler->insertUser($submitter, true); |
||||
0 ignored issues
–
show
|
|||||
165 | unset($submitter); |
||||
166 | } |
||||
167 | } |
||||
168 | } |
||||
169 | } |
||||
170 | |||||
171 | $sqlQuery = $xoopsDB->query( |
||||
172 | 'SELECT mid |
||||
173 | FROM ' . $xoopsDB->prefix('modules') . " |
||||
174 | WHERE dirname = 'wiwimod'" |
||||
175 | ); |
||||
176 | [$wiwiID] = $xoopsDB->fetchRow($sqlQuery); |
||||
177 | echo '<p>' . _AM_LEXIKON_IMPORT_MODULE_ID . ': ' . $wiwiID . '</p>'; |
||||
178 | echo '<p>' . _AM_LEXIKON_IMPORT_MODULE_LEX_ID . ': ' . $xoopsModule->getVar('mid') . '</p>'; |
||||
179 | echo '<p>' . _AM_LEXIKON_IMPORT_UPDATE_COUNT . '</p>'; |
||||
180 | echo "<p><span style='color:red'>" . _AM_LEXIKON_IMPORT_INCORRECTLY . ': ' . $errorcounter . '</span></p>'; |
||||
181 | echo '<p>' . _AM_LEXIKON_IMPORT_PROCESSED . ': ' . $glocounter . '</p>'; |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
182 | echo '<h3>' . _AM_LEXIKON_IMPORT_FINISH . '</h3>'; |
||||
183 | echo "<br><b><a href='import.php'>" . _AM_LEXIKON_IMPORT_TO_ADMIN . '</a></b><p>'; |
||||
184 | require_once __DIR__ . '/admin_footer.php'; |
||||
185 | } |
||||
186 | |||||
187 | /**** |
||||
188 | * IMPORT FORM PLAIN HTML |
||||
189 | ****/ |
||||
190 | |||||
191 | function FormImport() |
||||
192 | { |
||||
193 | global $xoopsConfig, $xoopsDB, $xoopsModule; |
||||
194 | //lx_importMenu(9); |
||||
195 | echo "<strong style='color: #2F5376; margin-top:6px; font-size:medium'>" . _AM_LEXIKON_IMPORT_WIWIMOD . '</strong><br><br>'; |
||||
196 | /** @var \XoopsModuleHandler $moduleHandler */ |
||||
197 | $moduleHandler = xoops_getHandler('module'); |
||||
198 | $wiwimodModule = $moduleHandler->getByDirname('wiwimod'); |
||||
199 | $got_options = false; |
||||
0 ignored issues
–
show
|
|||||
200 | if (is_object($wiwimodModule)) { |
||||
201 | echo "<table style='width:100%; border:0;' class='outer'>"; |
||||
202 | echo '<tr>'; |
||||
203 | echo "<td colspan='2' class='bg3' style='text-align:left;'><span style='font-size: x-small; '><b>" . _AM_LEXIKON_MODULEHEADIMPORTWW . '</b></span></td>'; |
||||
204 | echo '</tr>'; |
||||
205 | |||||
206 | echo '<tr>'; |
||||
207 | echo "<td class='head' style='width:200px; text-align:center;'><img src='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/dialog-important.png' . "' alt='' style='margin-right:10px; margin-top:20px; text-align:middle;'></td>"; |
||||
208 | echo "<td class='even' style='text-align:center;'><br><b><span style='font-size:x-small; color:red;'>" . _AM_LEXIKON_IMPORTWARN . '</span></b></td>'; |
||||
209 | echo '</tr>'; |
||||
210 | |||||
211 | echo '<tr>'; |
||||
212 | echo "<td class='head' style='width:200px; text-align:left'><span style='font-size:x-small;'>" . _AM_LEXIKON_IMPORTDELWB . '</span></td>'; |
||||
213 | echo "<td class='even' style='text-align:center;'><form action='importdictionary.php?op=import' method=POST> |
||||
214 | <input type='radio' name='delete' value='1'> " . _YES . " |
||||
215 | <input type='radio' name='delete' value='0' checked> " . _NO . '</td>'; |
||||
216 | echo "</tr><tr><td class='head' style='width:200px; text-align:center;'> </td>"; |
||||
217 | echo "<td class='even' style='text-align:center;'> |
||||
218 | <input type='submit' name='button' id='import' value='" . _AM_LEXIKON_IMPORT . "'> |
||||
219 | <input type='button' name='cancel' value='" . _CANCEL . "' onclick='history.go(-1);'></td>"; |
||||
220 | echo "</tr></table><br>\n"; |
||||
221 | } else { |
||||
222 | echo "<br><b><span style='color:red'>" . _AM_LEXIKON_IMPORT_ERROR_MODULE . "</span></b><br><br><a href='import.php'><button>" . _AM_LEXIKON_BACK . '</button></a>'; |
||||
223 | } |
||||
224 | require_once __DIR__ . '/admin_footer.php'; |
||||
225 | } |
||||
226 | |||||
227 | $op = Request::getCmd('op', ''); |
||||
228 | |||||
229 | switch ($op) { |
||||
230 | case 'import': |
||||
231 | $delete = \Xmf\Request::getInt('delete', \Xmf\Request::getInt('delete', 0, 'POST'), 'GET'); |
||||
232 | DefinitionImport($delete); |
||||
233 | break; |
||||
234 | case 'main': |
||||
235 | default: |
||||
236 | FormImport(); |
||||
237 | break; |
||||
238 | } |
||||
239 |
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.