This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | /* |
||||
3 | * You may not change or alter any portion of this comment or credits |
||||
4 | * of supporting developers from this source code or any supporting source code |
||||
5 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||||
6 | * |
||||
7 | * This program is distributed in the hope that it will be useful, |
||||
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
10 | */ |
||||
11 | |||||
12 | /** |
||||
13 | * @copyright XOOPS Project (https://xoops.org) |
||||
14 | * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||||
15 | * @author XOOPS Development Team, Kazumi Ono (AKA onokazu) |
||||
16 | */ |
||||
17 | |||||
18 | use Xmf\Request; |
||||
19 | use XoopsModules\Lexikon\{Helper |
||||
20 | }; |
||||
21 | |||||
22 | $moduleDirName = \basename(\dirname(__DIR__)); |
||||
23 | $moduleDirNameUpper = \mb_strtoupper($moduleDirName); |
||||
24 | |||||
25 | $helper = Helper::getInstance(); |
||||
26 | $helper->loadLanguage('admin'); |
||||
27 | |||||
28 | if (!is_object($xoopsUser) || !is_object($xoopsModule) || !$xoopsUser->isAdmin($xoopsModule->mid())) { |
||||
29 | exit('Access Denied'); |
||||
30 | } |
||||
31 | require_once XOOPS_ROOT_PATH . '/kernel/block.php'; |
||||
32 | //mb require_once XOOPS_ROOT_PATH . '/modules/system/admin/blocksadmin/blocksadmin.php'; |
||||
33 | |||||
34 | $op = 'list'; |
||||
35 | |||||
36 | if (!empty($_POST['op'])) { |
||||
37 | $op = $_POST['op']; |
||||
38 | } |
||||
39 | if (!empty($_POST['bid'])) { |
||||
40 | $bid = Request::getInt('bid', 0, 'POST'); |
||||
41 | } |
||||
42 | |||||
43 | if (Request::hasVar('op', 'GET')) { |
||||
44 | if ('edit' === $_GET['op'] || 'delete' === $_GET['op'] || 'delete_ok' === $_GET['op'] |
||||
45 | || 'clone' === $_GET['op'] /* || $_GET['op'] == 'previewpopup'*/) { |
||||
46 | $op = $_GET['op']; |
||||
47 | $bid = Request::getInt('bid', 0, 'GET'); |
||||
48 | } |
||||
49 | } |
||||
50 | |||||
51 | if (Request::hasVar('previewblock', 'POST')) { |
||||
52 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||||
53 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||||
54 | } |
||||
55 | |||||
56 | if (empty($bid)) { |
||||
57 | exit('Invalid bid.'); |
||||
58 | } |
||||
59 | |||||
60 | $bside = Request::getInt('bside', 0, 'POST'); |
||||
61 | $bweight = Request::getInt('bweight', 0, 'POST'); |
||||
62 | $bvisible = Request::getInt('bvisible', 0, 'POST'); |
||||
63 | $bmodule = Request::getArray('bmodule', [], 'POST'); |
||||
64 | $btitle = Request::getString('btitle', '', 'POST'); |
||||
65 | $bcontent = Request::getString('bcontent', '', 'POST'); |
||||
66 | $bctype = Request::getString('bctype', '', 'POST'); |
||||
67 | $bcachetime = Request::getInt('bcachetime', 0, 'POST'); |
||||
68 | |||||
69 | xoops_cp_header(); |
||||
70 | require_once XOOPS_ROOT_PATH . '/class/template.php'; |
||||
71 | $xoopsTpl = new \XoopsTpl(); |
||||
72 | $xoopsTpl->caching = 0; |
||||
73 | $block['bid'] = $bid; |
||||
74 | |||||
75 | if ('clone_ok' === $op) { |
||||
76 | $block['form_title'] = _AM_CLONEBLOCK; |
||||
77 | $block['submit_button'] = _CLONE; |
||||
78 | $myblock = new \XoopsBlock(); |
||||
79 | $myblock->setVar('block_type', 'C'); |
||||
80 | } else { |
||||
81 | $op = 'update'; |
||||
82 | $block['form_title'] = _AM_EDITBLOCK; |
||||
83 | $block['submit_button'] = _SUBMIT; |
||||
84 | $myblock = new \XoopsBlock($bid); |
||||
85 | $block['name'] = $myblock->getVar('name'); |
||||
86 | } |
||||
87 | |||||
88 | $myts = \MyTextSanitizer::getInstance(); |
||||
89 | $myblock->setVar('title', ($btitle)); |
||||
90 | $myblock->setVar('content', ($bcontent)); |
||||
91 | |||||
92 | $block['edit_form'] = false; |
||||
93 | $block['template'] = ''; |
||||
94 | $block['op'] = $op; |
||||
95 | $block['side'] = $bside; |
||||
96 | $block['weight'] = $bweight; |
||||
97 | $block['visible'] = $bvisible; |
||||
98 | $block['title'] = $myblock->getVar('title', 'E'); |
||||
99 | $block['content'] = $myblock->getVar('content', 'n'); |
||||
100 | $block['modules'] = $bmodule; |
||||
101 | $block['ctype'] = $bctype ?? $myblock->getVar('c_type'); |
||||
102 | $block['is_custom'] = true; |
||||
103 | $block['cachetime'] = $bcachetime; |
||||
104 | echo '<a href="myblocksadmin.php">' . constant('CO_' . $moduleDirNameUpper . '_' . 'BADMIN') . '</a> <span style="font-weight:bold;">»»</span> ' . $block['form_title'] . '<br><br>'; |
||||
105 | require_once \dirname(__DIR__) . '/admin/myblockform.php'; //GIJ |
||||
106 | |||||
107 | // $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ |
||||
108 | $form->display(); |
||||
109 | |||||
110 | $original_level = error_reporting(E_ALL); |
||||
111 | echo " |
||||
112 | <table width='100%' class='outer' cellspacing='1'> |
||||
113 | <tr> |
||||
114 | <th>" . $myblock->getVar('title') . "</th> |
||||
115 | </tr> |
||||
116 | <tr> |
||||
117 | <td class='odd'>" . $myblock->getContent('S', $bctype) . '</td> |
||||
118 | </tr> |
||||
119 | </table>'; |
||||
120 | error_reporting($original_level); |
||||
121 | |||||
122 | xoops_cp_footer(); |
||||
123 | /* echo '<script type="text/javascript"> |
||||
124 | preview_window = openWithSelfMain("'.XOOPS_URL.'/modules/system/admin.php?fct=blocksadmin&op=previewpopup&file='.$dummyfile.'", "popup", 250, 200); |
||||
125 | </script>';*/ |
||||
126 | |||||
127 | exit(); |
||||
128 | } |
||||
129 | |||||
130 | /* if ($op == 'previewpopup') { |
||||
131 | if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||||
132 | exit('Invalid Referer'); |
||||
133 | } |
||||
134 | $file = str_replace('..', '', XOOPS_CACHE_PATH.'/'.trim($_GET['file'])); |
||||
135 | if (file_exists($file)) { |
||||
136 | require $file; |
||||
137 | @unlink($file); |
||||
138 | } |
||||
139 | exit(); |
||||
140 | } */ |
||||
141 | |||||
142 | /* if ($op == "list") { |
||||
143 | xoops_cp_header(); |
||||
144 | list_blocks(); |
||||
145 | xoops_cp_footer(); |
||||
146 | exit(); |
||||
147 | } */ |
||||
148 | |||||
149 | if ('order' === $op) { |
||||
150 | //if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||||
151 | // exit('Invalid Referer'); |
||||
152 | //} |
||||
153 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||||
154 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||||
155 | } |
||||
156 | if (Request::hasVar('side', 'POST')) { |
||||
157 | $side = $_POST['side']; |
||||
158 | } |
||||
159 | // if ( !empty($_POST['weight']) ) { $weight = $_POST['weight']; } |
||||
160 | if (Request::hasVar('visible', 'POST')) { |
||||
161 | $visible = $_POST['visible']; |
||||
162 | } |
||||
163 | // if ( !empty($_POST['oldside']) ) { $oldside = $_POST['oldside']; } |
||||
164 | // if ( !empty($_POST['oldweight']) ) { $oldweight = $_POST['oldweight']; } |
||||
165 | // if ( !empty($_POST['oldvisible']) ) { $oldvisible = $_POST['oldvisible']; } |
||||
166 | if (Request::hasVar('bid', 'POST')) { |
||||
167 | $bid = $_POST['bid']; |
||||
168 | } else { |
||||
169 | $bid = []; |
||||
170 | } |
||||
171 | // GIJ start |
||||
172 | foreach (array_keys($bid) as $i) { |
||||
173 | if ($side[$i] < 0) { |
||||
174 | $visible[$i] = 0; |
||||
175 | $side[$i] = -1; |
||||
176 | } else { |
||||
177 | $visible[$i] = 1; |
||||
178 | } |
||||
179 | |||||
180 | $bmodule = (isset($_POST['bmodule'][$i]) |
||||
181 | && is_array($_POST['bmodule'][$i])) ? $_POST['bmodule'][$i] : [-1]; |
||||
182 | |||||
183 | myblocksadmin_update_block($i, $side[$i], $_POST['weight'][$i], $visible[$i], $_POST['title'][$i], null, null, $_POST['bcachetime'][$i], $bmodule, []); |
||||
184 | |||||
185 | // if ( $oldweight[$i] != $weight[$i] || $oldvisible[$i] != $visible[$i] || $oldside[$i] != $side[$i] ) |
||||
186 | // order_block($bid[$i], $weight[$i], $visible[$i], $side[$i]); |
||||
187 | } |
||||
188 | $query4redirect = '?dirname=' . urlencode(strip_tags(mb_substr($_POST['query4redirect'], 9))); |
||||
189 | redirect_header("myblocksadmin.php$query4redirect", 1, _AM_DBUPDATED); |
||||
190 | // GIJ end |
||||
191 | } |
||||
192 | |||||
193 | if ('order2' === $op) { |
||||
194 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||||
195 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||||
196 | } |
||||
197 | |||||
198 | if (Request::hasVar('addblock', 'POST') && is_array($_POST['addblock'])) { |
||||
199 | // addblock |
||||
200 | foreach ($_POST['addblock'] as $bid => $val) { |
||||
201 | myblocksadmin_update_blockinstance(0, 0, 0, 0, '', null, null, 0, [], [], (int)$bid); |
||||
202 | } |
||||
203 | } else { |
||||
204 | // else change order |
||||
205 | if (Request::hasVar('side', 'POST')) { |
||||
206 | $side = $_POST['side']; |
||||
207 | } |
||||
208 | if (Request::hasVar('visible', 'POST')) { |
||||
209 | $visible = $_POST['visible']; |
||||
210 | } |
||||
211 | if (Request::hasVar('id', 'POST')) { |
||||
212 | $id = $_POST['id']; |
||||
213 | } else { |
||||
214 | $id = []; |
||||
215 | } |
||||
216 | |||||
217 | foreach (array_keys($id) as $i) { |
||||
218 | // separate side and visible |
||||
219 | if ($side[$i] < 0) { |
||||
220 | $visible[$i] = 0; |
||||
221 | $side[$i] = -1; // for not to destroy the original position |
||||
222 | } else { |
||||
223 | $visible[$i] = 1; |
||||
224 | } |
||||
225 | |||||
226 | $bmodule = (isset($_POST['bmodule'][$i]) |
||||
227 | && is_array($_POST['bmodule'][$i])) ? $_POST['bmodule'][$i] : [-1]; |
||||
228 | |||||
229 | myblocksadmin_update_blockinstance($i, $side[$i], $_POST['weight'][$i], $visible[$i], $_POST['title'][$i], null, null, $_POST['bcachetime'][$i], $bmodule, []); |
||||
230 | } |
||||
231 | } |
||||
232 | |||||
233 | $query4redirect = '?dirname=' . urlencode(strip_tags(mb_substr($_POST['query4redirect'], 9))); |
||||
234 | redirect_header("myblocksadmin.php$query4redirect", 1, _MD_AM_DBUPDATED); |
||||
235 | } |
||||
236 | |||||
237 | /* if ($op == 'save') { |
||||
238 | if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||||
239 | exit('Invalid Referer'); |
||||
240 | } |
||||
241 | if ( ! $GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin']) ) { |
||||
242 | redirect_header(XOOPS_URL.'/',3,$GLOBALS['xoopsSecurity']->getErrors()); |
||||
243 | } |
||||
244 | if ( !empty($_POST['bside']) ) { $bside = (int)($_POST['bside']); } else { $bside = 0; } |
||||
245 | if ( !empty($_POST['bweight']) ) { $bweight = (int)($_POST['bweight']); } else { $bweight = 0; } |
||||
246 | if ( !empty($_POST['bvisible']) ) { $bvisible = (int)($_POST['bvisible']); } else { $bvisible = 0; } |
||||
247 | if ( !empty($_POST['bmodule']) ) { $bmodule = $_POST['bmodule']; } else { $bmodule = []; } |
||||
248 | if ( !empty($_POST['btitle']) ) { $btitle = $_POST['btitle']; } else { $btitle = ""; } |
||||
249 | if ( !empty($_POST['bcontent']) ) { $bcontent = $_POST['bcontent']; } else { $bcontent = ""; } |
||||
250 | if ( !empty($_POST['bctype']) ) { $bctype = $_POST['bctype']; } else { $bctype = ""; } |
||||
251 | if ( !empty($_POST['bcachetime']) ) { $bcachetime = (int)($_POST['bcachetime']); } else { $bcachetime = 0; } |
||||
252 | save_block($bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bmodule, $bcachetime); |
||||
253 | exit(); |
||||
254 | } */ |
||||
255 | |||||
256 | if ('update' === $op) { |
||||
257 | //if ( !admin_refcheck("/modules/$moduleDirName/admin/") ) { |
||||
258 | // exit('Invalid Referer'); |
||||
259 | //} |
||||
260 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||||
261 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||||
262 | } |
||||
263 | /* if ( !empty($_POST['bside']) ) { $bside = (int)($_POST['bside']); } else { $bside = 0; } |
||||
264 | if ( !empty($_POST['bweight']) ) { $bweight = (int)($_POST['bweight']); } else { $bweight = 0; } |
||||
265 | if ( !empty($_POST['bvisible']) ) { $bvisible = (int)($_POST['bvisible']); } else { $bvisible = 0; } |
||||
266 | if ( !empty($_POST['btitle']) ) { $btitle = $_POST['btitle']; } else { $btitle = ""; } |
||||
267 | if ( !empty($_POST['bcontent']) ) { $bcontent = $_POST['bcontent']; } else { $bcontent = ""; } |
||||
268 | if ( !empty($_POST['bctype']) ) { $bctype = $_POST['bctype']; } else { $bctype = ""; } |
||||
269 | if ( !empty($_POST['bcachetime']) ) { $bcachetime = (int)($_POST['bcachetime']); } else { $bcachetime = 0; } |
||||
270 | if ( !empty($_POST['bmodule']) ) { $bmodule = $_POST['bmodule']; } else { $bmodule = []; } |
||||
271 | if ( !empty($_POST['options']) ) { $options = $_POST['options']; } else { $options = []; } |
||||
272 | update_block($bid, $bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bcachetime, $bmodule, $options);*/ |
||||
273 | |||||
274 | $bcachetime = Request::getInt('bcachetime', 0, 'POST'); |
||||
275 | $options = $_POST['options'] ?? []; |
||||
276 | $bcontent = Request::getString('bcontent', '', 'POST'); |
||||
277 | $bctype = Request::getString('bctype', '', 'POST'); |
||||
278 | $bmodule = (isset($_POST['bmodule']) && is_array($_POST['bmodule'])) ? $_POST['bmodule'] : [-1]; // GIJ + |
||||
279 | $msg = myblocksadmin_update_block($_POST['bid'], $_POST['bside'], $_POST['bweight'], $_POST['bvisible'], $_POST['btitle'], $bcontent, $bctype, $bcachetime, $bmodule, $options); // GIJ ! |
||||
280 | redirect_header('myblocksadmin.php', 1, $msg); |
||||
281 | } |
||||
282 | |||||
283 | if ('delete_ok' === $op) { |
||||
284 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||||
285 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||||
286 | } |
||||
287 | // delete_block_ok($bid); GIJ imported from blocksadmin.php |
||||
288 | $myblock = new \XoopsBlock($bid); |
||||
289 | if ('D' !== $myblock->getVar('block_type') && 'C' !== $myblock->getVar('block_type')) { |
||||
290 | redirect_header('myblocksadmin.php', 4, 'Invalid block'); |
||||
291 | } |
||||
292 | $myblock->delete(); |
||||
0 ignored issues
–
show
Deprecated Code
introduced
by
Loading history...
|
|||||
293 | if ('' != $myblock->getVar('template') && !defined('XOOPS_ORETEKI')) { |
||||
294 | /** @var \XoopsTplfileHandler $tplfileHandler */ |
||||
295 | $tplfileHandler = xoops_getHandler('tplfile'); |
||||
296 | $btemplate = $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid); |
||||
297 | if (count($btemplate) > 0) { |
||||
298 | $tplman->delete($btemplate[0]); |
||||
299 | } |
||||
300 | } |
||||
301 | redirect_header('myblocksadmin.php', 1, _AM_DBUPDATED); |
||||
302 | // end of delete_block_ok() GIJ |
||||
303 | } |
||||
304 | |||||
305 | if ('delete' === $op) { |
||||
306 | xoops_cp_header(); |
||||
307 | // delete_block($bid); GIJ imported from blocksadmin.php |
||||
308 | $myblock = new \XoopsBlock($bid); |
||||
309 | if ('S' === $myblock->getVar('block_type')) { |
||||
310 | $message = _AM_SYSTEMCANT; |
||||
311 | redirect_header('admin.php?fct=blocksadmin', 4, $message); |
||||
312 | } elseif ('M' === $myblock->getVar('block_type')) { |
||||
313 | $message = _AM_MODULECANT; |
||||
314 | redirect_header('admin.php?fct=blocksadmin', 4, $message); |
||||
315 | } else { |
||||
316 | //xoops_confirm(['fct' => 'blocksadmin', 'op' => 'delete_ok', 'bid' => $myblock->getVar('bid')] + $xoopsGTicket->getTicketArray(__LINE__, 1800, 'myblocksadmin'), 'admin.php', sprintf(_AM_RUSUREDEL, $myblock->getVar('title'))); |
||||
317 | xoops_confirm(['fct' => 'blocksadmin', 'op' => 'delete_ok', 'bid' => $myblock->getVar('bid')], 'admin.php', sprintf(_AM_RUSUREDEL, $myblock->getVar('title'))); |
||||
0 ignored issues
–
show
It seems like
$myblock->getVar('title') can also be of type array and array ; however, parameter $values of sprintf() does only seem to accept double|integer|string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
318 | } |
||||
319 | // end of delete_block() GIJ |
||||
320 | xoops_cp_footer(); |
||||
321 | exit(); |
||||
322 | } |
||||
323 | |||||
324 | if ('edit' === $op) { |
||||
325 | xoops_cp_header(); |
||||
326 | // edit_block($bid); GIJ imported from blocksadmin.php |
||||
327 | $myblock = new \XoopsBlock($bid); |
||||
328 | |||||
329 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||||
330 | $sql = 'SELECT module_id FROM ' . $db->prefix('block_module_link') . ' WHERE block_id=' . (int)$bid; |
||||
331 | $result = $db->query($sql); |
||||
332 | $modules = []; |
||||
333 | while (false !== ($row = $db->fetchArray($result))) { |
||||
334 | $modules[] = (int)$row['module_id']; |
||||
335 | } |
||||
336 | $is_custom = 'C' === $myblock->getVar('block_type') || 'E' === $myblock->getVar('block_type'); |
||||
337 | $block = [ |
||||
338 | 'form_title' => _AM_EDITBLOCK, |
||||
339 | 'name' => $myblock->getVar('name'), |
||||
340 | 'side' => $myblock->getVar('side'), |
||||
341 | 'weight' => $myblock->getVar('weight'), |
||||
342 | 'visible' => $myblock->getVar('visible'), |
||||
343 | 'title' => $myblock->getVar('title', 'E'), |
||||
344 | 'content' => $myblock->getVar('content', 'n'), |
||||
345 | 'modules' => $modules, |
||||
346 | 'is_custom' => $is_custom, |
||||
347 | 'ctype' => $myblock->getVar('c_type'), |
||||
348 | 'cachetime' => $myblock->getVar('bcachetime'), |
||||
349 | 'op' => 'update', |
||||
350 | 'bid' => $myblock->getVar('bid'), |
||||
351 | 'edit_form' => $myblock->getOptions(), |
||||
352 | 'template' => $myblock->getVar('template'), |
||||
353 | 'options' => $myblock->getVar('options'), |
||||
354 | 'submit_button' => _SUBMIT, |
||||
355 | ]; |
||||
356 | |||||
357 | echo '<a href="myblocksadmin.php">' . constant('CO_' . $moduleDirNameUpper . '_' . 'BADMIN') . '</a> <span style="font-weight:bold;">»»</span> ' . _AM_EDITBLOCK . '<br><br>'; |
||||
358 | require \dirname(__DIR__) . '/admin/myblockform.php'; //GIJ |
||||
359 | // $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ |
||||
360 | $form->display(); |
||||
361 | // end of edit_block() GIJ |
||||
362 | xoops_cp_footer(); |
||||
363 | exit(); |
||||
364 | } |
||||
365 | |||||
366 | if ('clone' === $op) { |
||||
367 | xoops_cp_header(); |
||||
368 | $myblock = new \XoopsBlock($bid); |
||||
369 | |||||
370 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||||
371 | $sql = 'SELECT module_id FROM ' . $db->prefix('block_module_link') . ' WHERE block_id=' . (int)$bid; |
||||
372 | $result = $db->query($sql); |
||||
373 | $modules = []; |
||||
374 | while (false !== ($row = $db->fetchArray($result))) { |
||||
375 | $modules[] = (int)$row['module_id']; |
||||
376 | } |
||||
377 | $is_custom = 'C' === $myblock->getVar('block_type') || 'E' === $myblock->getVar('block_type'); |
||||
378 | $block = [ |
||||
379 | 'form_title' => _AM_CLONEBLOCK, |
||||
380 | 'name' => $myblock->getVar('name'), |
||||
381 | 'side' => $myblock->getVar('side'), |
||||
382 | 'weight' => $myblock->getVar('weight'), |
||||
383 | 'visible' => $myblock->getVar('visible'), |
||||
384 | 'content' => $myblock->getVar('content', 'N'), |
||||
385 | 'title' => $myblock->getVar('title', 'E'), |
||||
386 | 'modules' => $modules, |
||||
387 | 'is_custom' => $is_custom, |
||||
388 | 'ctype' => $myblock->getVar('c_type'), |
||||
389 | 'cachetime' => $myblock->getVar('bcachetime'), |
||||
390 | 'op' => 'clone_ok', |
||||
391 | 'bid' => $myblock->getVar('bid'), |
||||
392 | 'edit_form' => $myblock->getOptions(), |
||||
393 | 'template' => $myblock->getVar('template'), |
||||
394 | 'options' => $myblock->getVar('options'), |
||||
395 | 'submit_button' => _CLONE, |
||||
396 | ]; |
||||
397 | echo '<a href="myblocksadmin.php">' . _AM_SYSTEM_BLOCKS_ADMIN . '</a> <span style="font-weight:bold;">»»</span> ' . _AM_SYSTEM_BLOCKS_CLONEBLOCK . '<br><br>'; |
||||
398 | require \dirname(__DIR__) . '/admin/myblockform.php'; |
||||
399 | // $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ |
||||
400 | $form->display(); |
||||
401 | xoops_cp_footer(); |
||||
402 | exit(); |
||||
403 | } |
||||
404 | |||||
405 | if ('clone_ok' === $op) { |
||||
406 | // Ticket Check |
||||
407 | if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['myblocksadmin'])) { |
||||
408 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); |
||||
409 | } |
||||
410 | |||||
411 | $block = new \XoopsBlock($bid); |
||||
412 | |||||
413 | // block type check |
||||
414 | $block_type = $block->getVar('block_type'); |
||||
415 | if ('C' !== $block_type && 'M' !== $block_type && 'D' !== $block_type) { |
||||
416 | redirect_header('myblocksadmin.php', 4, 'Invalid block'); |
||||
417 | } |
||||
418 | |||||
419 | if (empty($_POST['options'])) { |
||||
420 | $options = []; |
||||
421 | } elseif (is_array($_POST['options'])) { |
||||
422 | $options = $_POST['options']; |
||||
423 | } else { |
||||
424 | $options = explode('|', $_POST['options']); |
||||
425 | } |
||||
426 | |||||
427 | // for backward compatibility |
||||
428 | // $cblock =& $block->clone(); or $cblock =& $block->xoopsClone(); |
||||
429 | $cblock = new \XoopsBlock(); |
||||
430 | foreach ($block->vars as $k => $v) { |
||||
431 | $cblock->assignVar($k, $v['value']); |
||||
432 | } |
||||
433 | $cblock->setNew(); |
||||
434 | |||||
435 | $myts = \MyTextSanitizer::getInstance(); |
||||
436 | $cblock->setVar('side', $_POST['bside']); |
||||
437 | $cblock->setVar('weight', $_POST['bweight']); |
||||
438 | $cblock->setVar('visible', $_POST['bvisible']); |
||||
439 | $cblock->setVar('title', $_POST['btitle']); |
||||
440 | $cblock->setVar('content', @$_POST['bcontent']); |
||||
441 | $cblock->setVar('c_type', @$_POST['bctype']); |
||||
442 | $cblock->setVar('bcachetime', $_POST['bcachetime']); |
||||
443 | if (isset($options) && (count($options) > 0)) { |
||||
444 | $options = implode('|', $options); |
||||
445 | $cblock->setVar('options', $options); |
||||
446 | } |
||||
447 | $cblock->setVar('bid', 0); |
||||
448 | $cblock->setVar('block_type', 'C' === $block_type ? 'C' : 'D'); |
||||
449 | $cblock->setVar('func_num', 255); |
||||
450 | $newid = $cblock->store(); |
||||
0 ignored issues
–
show
The function
XoopsBlock::store() has been deprecated.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
451 | if (!$newid) { |
||||
452 | xoops_cp_header(); |
||||
453 | $cblock->getHtmlErrors(); |
||||
454 | xoops_cp_footer(); |
||||
455 | exit(); |
||||
456 | } |
||||
457 | /* if ($cblock->getVar('template') != '') { |
||||
458 | $tplfileHandler = xoops_getHandler('tplfile'); |
||||
459 | $btemplate = $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid); |
||||
460 | if (count($btemplate) > 0) { |
||||
461 | $tplclone =& $btemplate[0]->clone(); |
||||
462 | $tplclone->setVar('tpl_id', 0); |
||||
463 | $tplclone->setVar('tpl_refid', $newid); |
||||
464 | $tplman->insert($tplclone); |
||||
465 | } |
||||
466 | } */ |
||||
467 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||||
468 | $bmodule = (isset($_POST['bmodule']) && is_array($_POST['bmodule'])) ? $_POST['bmodule'] : [-1]; // GIJ + |
||||
469 | foreach ($bmodule as $bmid) { |
||||
470 | $sql = 'INSERT INTO ' . $db->prefix('block_module_link') . ' (block_id, module_id) VALUES (' . $newid . ', ' . $bmid . ')'; |
||||
471 | $db->query($sql); |
||||
472 | } |
||||
473 | |||||
474 | /* global $xoopsUser; |
||||
475 | $groups =& $xoopsUser->getGroups(); |
||||
476 | $count = count($groups); |
||||
477 | for ($i = 0; $i < $count; ++$i) { |
||||
478 | $sql = "INSERT INTO ".$db->prefix('group_permission')." (gperm_groupid, gperm_itemid, gperm_modid, gperm_name) VALUES (".$groups[$i].", ".$newid.", 1, 'block_read')"; |
||||
479 | $db->query($sql); |
||||
480 | } |
||||
481 | */ |
||||
482 | |||||
483 | $sql = 'SELECT gperm_groupid FROM ' . $db->prefix('group_permission') . " WHERE gperm_name='block_read' AND gperm_modid='1' AND gperm_itemid='$bid'"; |
||||
484 | $result = $db->query($sql); |
||||
485 | while (list($gid) = $db->fetchRow($result)) { |
||||
486 | $sql = 'INSERT INTO ' . $db->prefix('group_permission') . " (gperm_groupid, gperm_itemid, gperm_modid, gperm_name) VALUES ($gid, $newid, 1, 'block_read')"; |
||||
487 | $db->query($sql); |
||||
488 | } |
||||
489 | |||||
490 | redirect_header('myblocksadmin.php', 1, _AM_DBUPDATED); |
||||
491 | } |
||||
492 | |||||
493 | // import from modules/system/admin/blocksadmin/blocksadmin.php |
||||
494 | /** |
||||
495 | * @param $bid |
||||
496 | * @param $bside |
||||
497 | * @param $bweight |
||||
498 | * @param $bvisible |
||||
499 | * @param $btitle |
||||
500 | * @param $bcontent |
||||
501 | * @param $bctype |
||||
502 | * @param $bcachetime |
||||
503 | * @param $bmodule |
||||
504 | * @param array $options |
||||
505 | * @return string |
||||
506 | */ |
||||
507 | function myblocksadmin_update_block( |
||||
508 | $bid, |
||||
509 | $bside, |
||||
510 | $bweight, |
||||
511 | $bvisible, |
||||
512 | $btitle, |
||||
513 | $bcontent, |
||||
514 | $bctype, |
||||
515 | $bcachetime, |
||||
516 | $bmodule, |
||||
517 | $options = [] |
||||
518 | ) { |
||||
519 | global $xoopsConfig; |
||||
520 | /* if (empty($bmodule)) { |
||||
521 | xoops_cp_header(); |
||||
522 | xoops_error(sprintf(_AM_NOTSELNG, _AM_VISIBLEIN)); |
||||
523 | xoops_cp_footer(); |
||||
524 | exit(); |
||||
525 | } */ |
||||
526 | $myblock = new \XoopsBlock($bid); |
||||
527 | // $myblock->setVar('side', $bside); GIJ - |
||||
528 | if ($bside >= 0) { |
||||
529 | $myblock->setVar('side', $bside); |
||||
530 | } // GIJ + |
||||
531 | $myblock->setVar('weight', $bweight); |
||||
532 | $myblock->setVar('visible', $bvisible); |
||||
533 | $myblock->setVar('title', $btitle); |
||||
534 | if (isset($bcontent)) { |
||||
535 | $myblock->setVar('content', $bcontent); |
||||
536 | } |
||||
537 | if (isset($bctype)) { |
||||
538 | $myblock->setVar('c_type', $bctype); |
||||
539 | } |
||||
540 | $myblock->setVar('bcachetime', $bcachetime); |
||||
541 | if (isset($options) && (count($options) > 0)) { |
||||
542 | $options = implode('|', $options); |
||||
543 | $myblock->setVar('options', $options); |
||||
544 | } |
||||
545 | if ('C' === $myblock->getVar('block_type')) { |
||||
546 | switch ($myblock->getVar('c_type')) { |
||||
547 | case 'H': |
||||
548 | $name = _AM_CUSTOMHTML; |
||||
549 | break; |
||||
550 | case 'P': |
||||
551 | $name = _AM_CUSTOMPHP; |
||||
552 | break; |
||||
553 | case 'S': |
||||
554 | $name = _AM_CUSTOMSMILE; |
||||
555 | break; |
||||
556 | default: |
||||
557 | $name = _AM_CUSTOMNOSMILE; |
||||
558 | break; |
||||
559 | } |
||||
560 | $myblock->setVar('name', $name); |
||||
561 | } |
||||
562 | $msg = _AM_DBUPDATED; |
||||
563 | if (false !== $myblock->store()) { |
||||
0 ignored issues
–
show
The function
XoopsBlock::store() has been deprecated.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
564 | $db = \XoopsDatabaseFactory::getDatabaseConnection(); |
||||
565 | $sql = sprintf('DELETE FROM `%s` WHERE block_id = %u', $db->prefix('block_module_link'), $bid); |
||||
566 | $db->query($sql); |
||||
567 | foreach ($bmodule as $bmid) { |
||||
568 | $sql = sprintf('INSERT INTO `%s` (block_id, module_id) VALUES (%u, %d)', $db->prefix('block_module_link'), $bid, (int)$bmid); |
||||
569 | $db->query($sql); |
||||
570 | } |
||||
571 | require_once XOOPS_ROOT_PATH . '/class/template.php'; |
||||
572 | $xoopsTpl = new \XoopsTpl(); |
||||
573 | $xoopsTpl->caching = 2; |
||||
574 | if ('' != $myblock->getVar('template')) { |
||||
575 | if ($xoopsTpl->is_cached('db:' . $myblock->getVar('template'))) { |
||||
576 | if (!$xoopsTpl->clear_cache('db:' . $myblock->getVar('template'))) { |
||||
577 | $msg = 'Unable to clear cache for block ID' . $bid; |
||||
578 | } |
||||
579 | } |
||||
580 | } else { |
||||
581 | if ($xoopsTpl->is_cached('db:system_dummy.tpl', 'block' . $bid)) { |
||||
582 | if (!$xoopsTpl->clear_cache('db:system_dummy.tpl', 'block' . $bid)) { |
||||
583 | $msg = 'Unable to clear cache for block ID' . $bid; |
||||
584 | } |
||||
585 | } |
||||
586 | } |
||||
587 | } else { |
||||
588 | $msg = 'Failed update of block. ID:' . $bid; |
||||
589 | } |
||||
590 | // redirect_header('admin.php?fct=blocksadmin&t='.time(),1,$msg); |
||||
591 | // exit(); GIJ - |
||||
592 | return $msg; // GIJ + |
||||
593 | } |
||||
594 | |||||
595 | // update block instance for 2.2 |
||||
596 | /** |
||||
597 | * @param $id |
||||
598 | * @param $bside |
||||
599 | * @param $bweight |
||||
600 | * @param $bvisible |
||||
601 | * @param $btitle |
||||
602 | * @param $bcontent |
||||
603 | * @param $bctype |
||||
604 | * @param $bcachetime |
||||
605 | * @param $bmodule |
||||
606 | * @param array $options |
||||
607 | * @param null $bid |
||||
0 ignored issues
–
show
|
|||||
608 | * @return string |
||||
609 | */ |
||||
610 | function myblocksadmin_update_blockinstance( |
||||
611 | $id, |
||||
612 | $bside, |
||||
613 | $bweight, |
||||
614 | $bvisible, |
||||
615 | $btitle, |
||||
616 | $bcontent, |
||||
617 | $bctype, |
||||
618 | $bcachetime, |
||||
619 | $bmodule, |
||||
620 | $options = [], |
||||
621 | $bid = null |
||||
622 | ) { |
||||
623 | global $xoopsDB; |
||||
624 | |||||
625 | $instanceHandler = xoops_getHandler('blockinstance'); |
||||
626 | $blockHandler = xoops_getHandler('block'); |
||||
627 | if ($id > 0) { |
||||
628 | // update |
||||
629 | $instance = $instanceHandler->get($id); |
||||
630 | if ($bside >= 0) { |
||||
631 | $instance->setVar('side', $bside); |
||||
632 | } |
||||
633 | if (!empty($options)) { |
||||
634 | $instance->setVar('options', $options); |
||||
635 | } |
||||
636 | } else { |
||||
637 | // insert |
||||
638 | $instance = $instanceHandler->create(); |
||||
639 | $instance->setVar('bid', $bid); |
||||
640 | $instance->setVar('side', $bside); |
||||
641 | $block = $blockHandler->get($bid); |
||||
642 | $instance->setVar('options', $block->getVar('options')); |
||||
643 | if (empty($btitle)) { |
||||
644 | $btitle = $block->getVar('name'); |
||||
645 | } |
||||
646 | } |
||||
647 | $instance->setVar('weight', $bweight); |
||||
648 | $instance->setVar('visible', $bvisible); |
||||
649 | $instance->setVar('title', $btitle); |
||||
650 | // if( isset( $bcontent ) ) $instance->setVar('content', $bcontent); |
||||
651 | // if( isset( $bctype ) ) $instance->setVar('c_type', $bctype); |
||||
652 | $instance->setVar('bcachetime', $bcachetime); |
||||
653 | |||||
654 | if ($instanceHandler->insert($instance)) { |
||||
0 ignored issues
–
show
Are you sure the usage of
$instanceHandler->insert($instance) targeting XoopsObjectHandler::insert() seems to always return null.
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
655 | $GLOBALS['xoopsDB']->query('DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('block_module_link') . ' WHERE block_id=' . $instance->getVar('instanceid')); |
||||
656 | foreach ($bmodule as $mid) { |
||||
657 | $page = explode('-', $mid); |
||||
658 | $mid = $page[0]; |
||||
659 | $pageid = $page[1]; |
||||
660 | $GLOBALS['xoopsDB']->query('INSERT INTO ' . $GLOBALS['xoopsDB']->prefix('block_module_link') . ' VALUES (' . $instance->getVar('instanceid') . ', ' . (int)$mid . ', ' . (int)$pageid . ')'); |
||||
661 | } |
||||
662 | |||||
663 | return _MD_AM_DBUPDATED; |
||||
664 | } |
||||
665 | |||||
666 | return 'Failed update of block instance. ID:' . $id; |
||||
667 | } |
||||
668 | |||||
669 | // TODO edit2, delete2, customblocks |
||||
670 |