This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * Module: Lexikon |
||
5 | * credits: hsalazar, Smartfactory, Eric Juden & ackbarr ->Project XHelp |
||
6 | * Licence: GNU |
||
7 | */ |
||
8 | defined('XOOPS_ROOT_PATH') || exit('Restricted access'); |
||
9 | |||
10 | /* This function spotlights a category, with a spotlight definition and links to others */ |
||
11 | /** |
||
12 | * @param $options |
||
13 | * @return array |
||
14 | */ |
||
15 | function b_lxspot_show($options) |
||
16 | { |
||
17 | global $xoopsDB, $xoopsUser; |
||
18 | $myts = MyTextSanitizer:: getInstance(); |
||
19 | xoops_load('XoopsUserUtility'); |
||
20 | |||
21 | $module_name = 'lexikon'; |
||
0 ignored issues
–
show
Unused Code
introduced
by
![]() |
|||
22 | /** @var \XoopsModuleHandler $moduleHandler */ |
||
23 | $moduleHandler = xoops_getHandler('module'); |
||
24 | $lexikon = $moduleHandler->getByDirname('lexikon'); |
||
25 | if (!isset($lxConfig)) { |
||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||
26 | /** @var \XoopsConfigHandler $configHandler */ |
||
27 | $configHandler = xoops_getHandler('config'); |
||
28 | $lxConfig = $configHandler->getConfigsByCat(0, $lexikon->getVar('mid')); |
||
29 | } |
||
30 | |||
31 | /** @var \XoopsGroupPermHandler $grouppermHandler */ |
||
32 | $grouppermHandler = xoops_getHandler('groupperm'); |
||
33 | $groups = is_object($xoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS; |
||
34 | $module_id = $lexikon->getVar('mid'); |
||
35 | |||
36 | $block = []; |
||
37 | |||
38 | // To handle options in the template |
||
39 | if (1 == $options[2]) { |
||
40 | $block['showdateask'] = 1; |
||
41 | } else { |
||
42 | $block['showdateask'] = 0; |
||
43 | } |
||
44 | if (1 == $options[3]) { |
||
45 | $block['showbylineask'] = 1; |
||
46 | } else { |
||
47 | $block['showbylineask'] = 0; |
||
48 | } |
||
49 | if (1 == $options[4]) { |
||
50 | $block['showstatsask'] = 1; |
||
51 | } else { |
||
52 | $block['showstatsask'] = 0; |
||
53 | } |
||
54 | if ('ver' === $options[5]) { |
||
55 | $block['verticaltemplate'] = 1; |
||
56 | } else { |
||
57 | $block['verticaltemplate'] = 0; |
||
58 | } |
||
59 | if (1 == $options[6]) { |
||
60 | $block['showpicask'] = 1; |
||
61 | } else { |
||
62 | $block['showpicask'] = 0; |
||
63 | } |
||
64 | |||
65 | // Retrieve the latest terms in the selected category |
||
66 | $resultA = $xoopsDB->query( |
||
67 | 'SELECT entryID, categoryID, term, definition, uid, datesub, counter, html, smiley, xcodes, breaks, comments |
||
68 | FROM ' . $xoopsDB->prefix('lxentries') . ' |
||
69 | WHERE categoryID = ' . $options[0] . " AND submit = '0' AND offline = 0 AND block= 1 |
||
70 | ORDER BY datesub DESC", //ORDER BY " . $options[7] . " DESC ", |
||
71 | 1, |
||
72 | 0 |
||
73 | ); |
||
74 | |||
75 | [$entryID, $categoryID, $term, $definition, $authorID, $datesub, $counter, $html, $smiley, $xcodes, $breaks, $comments] = $xoopsDB->fetchRow($resultA); |
||
76 | $eID = (int)$entryID; |
||
77 | // If there's no result - which means there's no definition yet... |
||
78 | if (0 == $eID) { |
||
79 | $block['display'] = 0; |
||
80 | } else { |
||
81 | $block['display'] = 1; |
||
82 | } |
||
83 | |||
84 | // Retrieve the category name |
||
85 | $resultB = $xoopsDB->query('SELECT name, logourl FROM ' . $xoopsDB->prefix('lxcategories') . ' WHERE categoryID = ' . $options[0] . ' '); |
||
86 | [$name, $logourl] = $xoopsDB->fetchRow($resultB); |
||
87 | $lexikon = $moduleHandler->getByDirname('lexikon'); |
||
88 | if ($lexikon) { |
||
89 | if ($grouppermHandler->checkRight('lexikon_view', $options[0], $groups, $module_id)) { |
||
90 | // get the items |
||
91 | $block['userID'] = ((int)$authorID); |
||
92 | $block['authorname'] = \XoopsUserUtility::getUnameFromId((int)$authorID); |
||
93 | $block['name'] = xoops_substr($name, 0, (int)$options[9]); |
||
94 | $block['catID'] = (int)$options[0]; |
||
95 | $block['catimage'] = stripslashes($logourl); |
||
96 | $block['termID'] = (int)$entryID; |
||
97 | $block['title'] = htmlspecialchars($term, ENT_QUOTES | ENT_HTML5); |
||
98 | $block['introtext'] = xoops_substr($myts->displayTarea($definition, $html, 1, $xcodes, 1, $breaks), 0, (int)$options[8]); |
||
99 | |||
100 | $block['moduledir'] = $lexikon->dirname(); |
||
101 | $block['date'] = formatTimestamp($datesub, 'd M Y'); |
||
102 | //$block['date'] = formatTimestamp( $datesub, $lxConfig['dateformat'] ); |
||
103 | $block['hits'] = (int)$counter; |
||
104 | if ((0 != $lxConfig['com_rule']) || ((0 != $lxConfig['com_rule']) && is_object($xoopsUser))) { |
||
105 | if (0 != $comments) { |
||
106 | $block['comments'] = "<a href='" . XOOPS_URL . '/modules/' . $lexikon->dirname() . '/entry.php?entryID=' . $block['termID'] . "'>" . _COMMENTS . ' : ' . $comments . '</a>'; |
||
107 | } else { |
||
108 | $block['comments'] = "<a href='" . XOOPS_URL . '/modules/' . $lexikon->dirname() . '/entry.php?entryID=' . $block['termID'] . "'>" . _COMMENTS . '?</a>'; |
||
109 | } |
||
110 | } |
||
111 | |||
112 | // get the other terms |
||
113 | $resultC = $xoopsDB->query('SELECT entryID, term, datesub FROM ' . $xoopsDB->prefix('lxentries') . ' WHERE categoryID = ' . $options[0] . ' AND entryID != ' . $block['termID'] . ' AND submit = 0 AND offline = 0 AND block= 1 ORDER BY ' . $options[7] . ' DESC ', $options[1], 0); |
||
114 | |||
115 | $i = 0; |
||
116 | while (false !== ($myrow = $xoopsDB->fetchArray($resultC))) { |
||
117 | if ($i < $options[1]) { |
||
118 | $morelinks = []; |
||
119 | $morelinks['id'] = $myrow['entryID']; |
||
120 | $morelinks['head'] = xoops_substr(htmlspecialchars($myrow['term'], ENT_QUOTES | ENT_HTML5), 0, (int)$options[9]); |
||
121 | |||
122 | $morelinks['subdate'] = formatTimestamp($datesub, 'd M Y'); |
||
123 | ++$i; |
||
124 | $block['links'][] = $morelinks; |
||
125 | } |
||
126 | } |
||
127 | } else { // if permissions are not granted |
||
128 | $block['display'] = 0; |
||
129 | } |
||
130 | } |
||
131 | //------------ |
||
132 | return $block; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * @param $options |
||
137 | * @return string |
||
138 | */ |
||
139 | function b_lxspot_edit($options) |
||
140 | { |
||
141 | global $xoopsDB; |
||
142 | $myts = MyTextSanitizer:: getInstance(); |
||
0 ignored issues
–
show
|
|||
143 | $resultcat = $xoopsDB->query('SELECT categoryID, name FROM ' . $xoopsDB->prefix('lxcategories') . ' ORDER BY categoryID'); |
||
144 | $form = "<table border='0'>"; |
||
145 | $form .= '<tr><td>' . _MB_LEXIKON_SELECTCAT . '</td><td><select name="options[]">'; |
||
146 | while (list($categoryID, $name) = $xoopsDB->fetchRow($resultcat)) { |
||
147 | $form .= '<option value=' . $categoryID . ' ' . (($options[0] == $categoryID) ? ' selected' : '') . ">$categoryID : $name</option>\n"; |
||
148 | } |
||
149 | $form .= "</select><br></td></tr>\n"; |
||
150 | |||
151 | $form .= '<tr><td>' . _MB_LEXIKON_TERMSTOSHOW . "</td><td><input type='text' name='options[]' value='" . $options[1] . "' > " . _MB_LEXIKON_TERMS . '.<br></td></tr>'; |
||
152 | |||
153 | $form .= '<tr><td>' . _MB_LEXIKON_SHOWDATE . '</td><td>'; |
||
154 | $form .= "<input type='radio' name='options[2]' value='1'" . ((1 == $options[2]) ? ' checked' : '') . ' >' . _YES . ' '; |
||
155 | $form .= "<input type='radio' name='options[2]' value='0'" . ((0 == $options[2]) ? ' checked' : '') . ' >' . _NO . '<br></td></tr>'; |
||
156 | |||
157 | $form .= '<tr><td>' . _MB_LEXIKON_SHOWBYLINE . '</td><td>'; |
||
158 | $form .= "<input type='radio' name='options[3]' value='1'" . ((1 == $options[3]) ? ' checked' : '') . ' >' . _YES . ' '; |
||
159 | $form .= "<input type='radio' name='options[3]' value='0'" . ((0 == $options[3]) ? ' checked' : '') . ' >' . _NO . '<br></td></tr>'; |
||
160 | |||
161 | $form .= '<tr><td>' . _MB_LEXIKON_SHOWSTATS . '</td><td>'; |
||
162 | $form .= "<input type='radio' name='options[4]' value='1'" . ((1 == $options[4]) ? ' checked' : '') . ' >' . _YES . ' '; |
||
163 | $form .= "<input type='radio' name='options[4]' value='0'" . ((0 == $options[4]) ? ' checked' : '') . ' >' . _NO . '<br></td></tr>'; |
||
164 | |||
165 | $form .= '<tr><td>' . _MB_LEXIKON_TEMPLATE . "</td><td><select name='options[]'>"; |
||
166 | $form .= "<option value='ver' " . (('ver' === $options[5]) ? ' selected' : '') . '>' . _MB_LEXIKON_VERTICAL . "</option>\n"; |
||
167 | $form .= "<option value='hor' " . (('hor' === $options[5]) ? ' selected' : '') . '>' . _MB_LEXIKON_HORIZONTAL . "</option>\n"; |
||
168 | $form .= '</select><br></td></tr>'; |
||
169 | |||
170 | $form .= '<tr><td>' . _MB_LEXIKON_SHOWPIC . '</td><td>'; |
||
171 | $form .= "<input type='radio' name='options[6]' value='1'" . ((1 == $options[6]) ? ' checked' : '') . ' >' . _YES . ' '; |
||
172 | $form .= "<input type='radio' name='options[6]' value='0'" . ((0 == $options[6]) ? ' checked' : '') . ' >' . _NO . '<br></td></tr>'; |
||
173 | |||
174 | $form .= '<tr><td>' . _MB_LEXIKON_ORDER . "</td><td> <select name='options[7]'>"; |
||
175 | $form .= "<option value='datesub' " . (('datesub' === $options[7]) ? ' selected' : '') . '>' . _MB_LEXIKON_DATE . "</option>\n"; |
||
176 | $form .= "<option value='counter' " . (('counter' === $options[7]) ? ' selected' : '') . '>' . _MB_LEXIKON_HITS . "</option>\n"; |
||
177 | $form .= "<option value='term' " . (('term' === $options[7]) ? ' selected' : '') . '>' . _MB_LEXIKON_NAME . "</option>\n"; |
||
178 | $form .= "</select>\n"; |
||
179 | |||
180 | $form .= " <tr><td style='vertical-align: top;'>" . _MB_LEXIKON_CHARS . "</td><td> <input type='text' name='options[8]' value='" . htmlspecialchars($options[8], ENT_QUOTES | ENT_HTML5) . "' > " . _MB_LEXIKON_LENGTH . ''; |
||
181 | $form .= " <tr><td style='vertical-align: top;'>" . _MB_LEXIKON_CHARSTERM . "</td><td> <input type='text' name='options[9]' value='" . htmlspecialchars($options[9], ENT_QUOTES | ENT_HTML5) . "' > " . _MB_LEXIKON_LENGTH . ''; |
||
182 | |||
183 | $form .= '</td></tr>'; |
||
184 | $form .= '</table>'; |
||
185 | |||
186 | //------------ |
||
187 | return $form; |
||
188 | } |
||
189 |