Issues in Files.php (master) - Issues in master - XoopsModules25x/news - Measure and Improve Code Quality continuously with Scrutinizer

Issues (384)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/Files.php (12 issues)

Labels

Severity

Minor 12

<?php declare(strict_types=1);

namespace XoopsModules\News;

/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright      {@link https://xoops.org/ XOOPS Project}
 * @license        {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @author         XOOPS Development Team
 */

// require_once XOOPS_ROOT_PATH . '/modules/news/class/Mimetype.php';

/**
 * Class Files
 */
class Files
{
    public $db;
    public $table;
    public $fileid;
    public $filerealname;
    public $storyid;
    public $date;
    public $mimetype;
    public $downloadname;
    public $counter;

    /**
     * @param $fileid
     */
    public function __construct($fileid = -1)
    {
        /** @var \XoopsMySQLDatabase $db */
        $this->db           = \XoopsDatabaseFactory::getDatabaseConnection();
        $this->table        = $this->db->prefix('news_stories_files');
        $this->storyid      = 0;
        $this->filerealname = '';
        $this->date         = 0;
        $this->mimetype     = '';
        $this->downloadname = 'downloadfile';
        $this->counter      = 0;
        if (\is_array($fileid)) {
            $this->makeFile($fileid);
        } elseif (-1 != $fileid) {
            $this->getFile((int)$fileid);
        }
    }

    /**
     * @param      $folder
     * @param      $filename
     * @param bool $trimname
     *
     * @return string
     */
    public function createUploadName($folder, $filename, $trimname = false)
    {
        $workingfolder = $folder;
        if ('/' !== \xoops_substr($workingfolder, mb_strlen($workingfolder) - 1, 1)) {
            $workingfolder .= '/';
        }
        $ext  = \basename($filename);
        $ext  = \explode('.', $ext);
        $ext  = '.' . $ext[\count($ext) - 1];
        $true = true;
        while ($true) {
            $ipbits = \explode('.', $_SERVER['REMOTE_ADDR']);
            [$usec, $sec] = \explode(' ', \microtime());

            $usec *= 65536;
            $sec  = ((int)$sec) & 0xFFFF;

            if ($trimname) {
                $uid = \sprintf('%06x%04x%04x', ($ipbits[0] << 24) | ($ipbits[1] << 16) | ($ipbits[2] << 8) | $ipbits[3], $sec, $usec);
            } else {
                $uid = \sprintf('%08x-%04x-%04x', ($ipbits[0] << 24) | ($ipbits[1] << 16) | ($ipbits[2] << 8) | $ipbits[3], $sec, $usec);
            }
            if (!\file_exists($workingfolder . $uid . $ext)) {
                $true = false;
            }
        }

        return $uid . $ext;

    }

    /**
     * @param string $filename
     *
     * @return string
     */
    public function giveMimetype($filename = '')
    {
        $cmimetype   = new Mimetype();
        $workingfile = $this->downloadname;

        if ('' !== \xoops_trim($filename)) {
            $workingfile = $filename;

            return $cmimetype->getType($workingfile);
        }

        return '';
    }

    /**
     * @param $storyid
     *
     * @return array
     */
    public function getAllbyStory($storyid)
    {
        $ret    = [];
        $sql    = 'SELECT * FROM ' . $this->table . ' WHERE storyid=' . (int)$storyid;
        $result = $this->db->query($sql);
        if ($this->db->isResultSet($result)) {
            while (false !== ($myrow = $this->db->fetchArray($result))) {
                $ret[] = new self($myrow);
            }
        }

        return $ret;
    }

    /**
     * @param $id
     */
    public function getFile($id): void
    {
        $sql   = 'SELECT * FROM ' . $this->table . ' WHERE fileid=' . (int)$id;
        $array = $this->db->fetchArray($this->db->query($sql));
        $this->makeFile($array);
    }

    /**
     * @param $array
     */
    public function makeFile($array): void
    {
        foreach ($array as $key => $value) {
            $this->$key = $value;
        }
    }

    /**
     * @return bool
     */
    public function store()
    {
        $myts         = \MyTextSanitizer::getInstance();

        $fileRealName = $GLOBALS['xoopsDB']->escape($this->filerealname);
        $downloadname = $GLOBALS['xoopsDB']->escape($this->downloadname);
        $date         = \time();
        $mimetype     = $GLOBALS['xoopsDB']->escape($this->mimetype);
        $counter      = $this->counter;
        $storyid      = $this->storyid;

        if (!isset($this->fileid)) {
            $newid        = (int)$this->db->genId($this->table . '_fileid_seq');
            $sql          = 'INSERT INTO ' . $this->table . ' (fileid, storyid, filerealname, date, mimetype, downloadname, counter) ' . 'VALUES (' . $newid . ',' . $storyid . ",'" . $fileRealName . "','" . $date . "','" . $mimetype . "','" . $downloadname . "'," . $counter . ')';
            $this->fileid = $newid;
        } else {
            $sql = 'UPDATE ' . $this->table . ' SET storyid=' . $storyid . ",filerealname='" . $fileRealName . "',date=" . $date . ",mimetype='" . $mimetype . "',downloadname='" . $downloadname . "',counter=" . $counter . ' WHERE fileid=' . $this->getFileid();
        }
        if (!$result = $this->db->query($sql)) {

            return false;
        }

        return true;
    }

    /**
     * @param string $workdir
     *
     * @return bool
     */
    public function delete($workdir = XOOPS_UPLOAD_PATH)
    {
        $sql = 'DELETE FROM ' . $this->table . ' WHERE fileid=' . $this->getFileid();
        if (!$result = $this->db->query($sql)) {

            return false;
        }
        if (\is_file($workdir . '/' . $this->downloadname)) {
            \unlink($workdir . '/' . $this->downloadname);
        }

        return true;
    }

    /**
     * @return bool
     */
    public function updateCounter()
    {
        $sql = 'UPDATE ' . $this->table . ' SET counter=counter+1 WHERE fileid=' . $this->getFileid();
        if (!$result = $this->db->queryF($sql)) {

            return false;
        }

        return true;
    }

    // ****************************************************************************************************************
    // All the Sets
    // ****************************************************************************************************************

    /**
     * @param $filename
     */
    public function setFileRealName($filename): void
    {
        $this->filerealname = $filename;
    }

    /**
     * @param $id
     */
    public function setStoryid($id): void
    {
        $this->storyid = (int)$id;
    }

    /**
     * @param $value
     */
    public function setMimetype($value): void
    {
        $this->mimetype = $value;
    }

    /**
     * @param $value
     */
    public function setDownloadname($value): void
    {
        $this->downloadname = $value;
    }

    // ****************************************************************************************************************
    // All the Gets
    // ****************************************************************************************************************

    /**
     * @return int
     */
    public function getFileid()
    {
        return (int)$this->fileid;
    }

    /**
     * @return int
     */
    public function getStoryid()
    {
        return $this->storyid;
    }

    /**
     * @return int
     */
    public function getCounter()
    {
        return $this->counter;
    }

    /**
     * @return int
     */
    public function getDate()
    {
        return $this->date;
    }

    /**
     * @param string $format
     *
     * @return mixed
     */
    public function getFileRealName($format = 'S')
    {
        $myts = \MyTextSanitizer::getInstance();

        switch ($format) {
            case 'S':
            case 'Show':
                $filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'E':
            case 'Edit':
                $filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'P':
            case 'Preview':
                $filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'F':
            case 'InForm':
                $filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES | \ENT_HTML5);
                break;
        }

        return $filerealname;

    }

    /**
     * @param string $format
     *
     * @return mixed
     */
    public function getMimetype($format = 'S')
    {
        $myts = \MyTextSanitizer::getInstance();

        switch ($format) {
            case 'S':
            case 'Show':
                $filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'E':
            case 'Edit':
                $filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'P':
            case 'Preview':
                $filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'F':
            case 'InForm':
                $filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES | \ENT_HTML5);
                break;
        }

        return $filemimetype;

    }

    /**
     * @param string $format
     *
     * @return mixed
     */
    public function getDownloadname($format = 'S')
    {
        $myts = \MyTextSanitizer::getInstance();

        switch ($format) {
            case 'S':
            case 'Show':
                $filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'E':
            case 'Edit':
                $filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'P':
            case 'Preview':
                $filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'F':
            case 'InForm':
                $filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES | \ENT_HTML5);
                break;
        }

        return $filedownname;

    }

    // Deprecated

    /**
     * @param $storyid
     *
     * @return mixed
     */
    public function getCountbyStory($storyid)
    {
        $sql    = 'SELECT count(fileid) AS cnt FROM ' . $this->table . ' WHERE storyid=' . (int)$storyid;
        $result = $this->db->query($sql);
        $myrow  = $this->db->fetchArray($result);

        return $myrow['cnt'];
    }

    /**
     * @param $stories
     *
     * @return array
     */
    public function getCountbyStories($stories)
    {
        $ret = [];
        if (\count($stories) > 0) {
            $sql    = 'SELECT storyid, count(fileid) AS cnt FROM ' . $this->table . ' WHERE storyid IN (';
            $sql    .= \implode(',', $stories) . ') GROUP BY storyid';
            $result = $this->db->query($sql);
            if ($this->db->isResultSet($result)) {
                while (false !== ($myrow = $this->db->fetchArray($result))) {
                    $ret[$myrow['storyid']] = $myrow['cnt'];
                }
            }
        }

        return $ret;
    }
}


1			<?php declare(strict_types=1);
2
3			namespace XoopsModules\News;
4
5			/*
6			* You may not change or alter any portion of this comment or credits
7			* of supporting developers from this source code or any supporting source code
8			* which is considered copyrighted (c) material of the original comment or credit authors.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			/**
16			* @copyright {@link https://xoops.org/ XOOPS Project}
17			* @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
18			* @author XOOPS Development Team
19			*/
20
21			// require_once XOOPS_ROOT_PATH . '/modules/news/class/Mimetype.php';
22
23			/**
24			* Class Files
25			*/
26			class Files
27			{
28			public $db;
29			public $table;
30			public $fileid;
31			public $filerealname;
32			public $storyid;
33			public $date;
34			public $mimetype;
35			public $downloadname;
36			public $counter;
37
38			/**
39			* @param $fileid
40			*/
41			public function __construct($fileid = -1)
42			{
43			/** @var \XoopsMySQLDatabase $db */
44			$this->db = \XoopsDatabaseFactory::getDatabaseConnection();
45			$this->table = $this->db->prefix('news_stories_files');
46			$this->storyid = 0;
47			$this->filerealname = '';
48			$this->date = 0;
49			$this->mimetype = '';
50			$this->downloadname = 'downloadfile';
51			$this->counter = 0;
52			if (\is_array($fileid)) {
53			$this->makeFile($fileid);
54			} elseif (-1 != $fileid) {
55			$this->getFile((int)$fileid);
56			}
57			}
58
59			/**
60			* @param $folder
61			* @param $filename
62			* @param bool $trimname
63			*
64			* @return string
65			*/
66			public function createUploadName($folder, $filename, $trimname = false)
67			{
68			$workingfolder = $folder;
69			if ('/' !== \xoops_substr($workingfolder, mb_strlen($workingfolder) - 1, 1)) {
70			$workingfolder .= '/';
71			}
72			$ext = \basename($filename);
73			$ext = \explode('.', $ext);
74			$ext = '.' . $ext[\count($ext) - 1];
75			$true = true;
76			while ($true) {
77			$ipbits = \explode('.', $_SERVER['REMOTE_ADDR']);
78			[$usec, $sec] = \explode(' ', \microtime());
79
80			$usec *= 65536;
81			$sec = ((int)$sec) & 0xFFFF;
82
83			if ($trimname) {
84			$uid = \sprintf('%06x%04x%04x', ($ipbits[0] << 24) \| ($ipbits[1] << 16) \| ($ipbits[2] << 8) \| $ipbits[3], $sec, $usec);
85			} else {
86			$uid = \sprintf('%08x-%04x-%04x', ($ipbits[0] << 24) \| ($ipbits[1] << 16) \| ($ipbits[2] << 8) \| $ipbits[3], $sec, $usec);
87			}
88			if (!\file_exists($workingfolder . $uid . $ext)) {
89			$true = false;
90			}
91			}
92
93			return $uid . $ext;
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$uid` does not seem to be defined for all execution paths leading up to this point. Loading history...
94			}
95
96			/**
97			* @param string $filename
98			*
99			* @return string
100			*/
101			public function giveMimetype($filename = '')
102			{
103			$cmimetype = new Mimetype();
104			$workingfile = $this->downloadname;
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$workingfile` is dead and can be removed. Loading history...
105			if ('' !== \xoops_trim($filename)) {
106			$workingfile = $filename;
107
108			return $cmimetype->getType($workingfile);
109			}
110
111			return '';
112			}
113
114			/**
115			* @param $storyid
116			*
117			* @return array
118			*/
119			public function getAllbyStory($storyid)
120			{
121			$ret = [];
122			$sql = 'SELECT * FROM ' . $this->table . ' WHERE storyid=' . (int)$storyid;
123			$result = $this->db->query($sql);
124			if ($this->db->isResultSet($result)) {
125			while (false !== ($myrow = $this->db->fetchArray($result))) {
126			$ret[] = new self($myrow);
127			}
128			}
129
130			return $ret;
131			}
132
133			/**
134			* @param $id
135			*/
136			public function getFile($id): void
137			{
138			$sql = 'SELECT * FROM ' . $this->table . ' WHERE fileid=' . (int)$id;
139			$array = $this->db->fetchArray($this->db->query($sql));
140			$this->makeFile($array);
141			}
142
143			/**
144			* @param $array
145			*/
146			public function makeFile($array): void
147			{
148			foreach ($array as $key => $value) {
149			$this->$key = $value;
150			}
151			}
152
153			/**
154			* @return bool
155			*/
156			public function store()
157			{
158			$myts = \MyTextSanitizer::getInstance();
			0 ignored issues – show Unused Code introduced 2022-04-28 09:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
159			$fileRealName = $GLOBALS['xoopsDB']->escape($this->filerealname);
160			$downloadname = $GLOBALS['xoopsDB']->escape($this->downloadname);
161			$date = \time();
162			$mimetype = $GLOBALS['xoopsDB']->escape($this->mimetype);
163			$counter = $this->counter;
164			$storyid = $this->storyid;
165
166			if (!isset($this->fileid)) {
167			$newid = (int)$this->db->genId($this->table . '_fileid_seq');
168			$sql = 'INSERT INTO ' . $this->table . ' (fileid, storyid, filerealname, date, mimetype, downloadname, counter) ' . 'VALUES (' . $newid . ',' . $storyid . ",'" . $fileRealName . "','" . $date . "','" . $mimetype . "','" . $downloadname . "'," . $counter . ')';
169			$this->fileid = $newid;
170			} else {
171			$sql = 'UPDATE ' . $this->table . ' SET storyid=' . $storyid . ",filerealname='" . $fileRealName . "',date=" . $date . ",mimetype='" . $mimetype . "',downloadname='" . $downloadname . "',counter=" . $counter . ' WHERE fileid=' . $this->getFileid();
172			}
173			if (!$result = $this->db->query($sql)) {
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$result` is dead and can be removed. Loading history...
174			return false;
175			}
176
177			return true;
178			}
179
180			/**
181			* @param string $workdir
182			*
183			* @return bool
184			*/
185			public function delete($workdir = XOOPS_UPLOAD_PATH)
186			{
187			$sql = 'DELETE FROM ' . $this->table . ' WHERE fileid=' . $this->getFileid();
188			if (!$result = $this->db->query($sql)) {
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$result` is dead and can be removed. Loading history...
189			return false;
190			}
191			if (\is_file($workdir . '/' . $this->downloadname)) {
192			\unlink($workdir . '/' . $this->downloadname);
193			}
194
195			return true;
196			}
197
198			/**
199			* @return bool
200			*/
201			public function updateCounter()
202			{
203			$sql = 'UPDATE ' . $this->table . ' SET counter=counter+1 WHERE fileid=' . $this->getFileid();
204			if (!$result = $this->db->queryF($sql)) {
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$result` is dead and can be removed. Loading history...
205			return false;
206			}
207
208			return true;
209			}
210
211			// ****************************************************************************************************************
212			// All the Sets
213			// ****************************************************************************************************************
214
215			/**
216			* @param $filename
217			*/
218			public function setFileRealName($filename): void
219			{
220			$this->filerealname = $filename;
221			}
222
223			/**
224			* @param $id
225			*/
226			public function setStoryid($id): void
227			{
228			$this->storyid = (int)$id;
229			}
230
231			/**
232			* @param $value
233			*/
234			public function setMimetype($value): void
235			{
236			$this->mimetype = $value;
237			}
238
239			/**
240			* @param $value
241			*/
242			public function setDownloadname($value): void
243			{
244			$this->downloadname = $value;
245			}
246
247			// ****************************************************************************************************************
248			// All the Gets
249			// ****************************************************************************************************************
250
251			/**
252			* @return int
253			*/
254			public function getFileid()
255			{
256			return (int)$this->fileid;
257			}
258
259			/**
260			* @return int
261			*/
262			public function getStoryid()
263			{
264			return $this->storyid;
265			}
266
267			/**
268			* @return int
269			*/
270			public function getCounter()
271			{
272			return $this->counter;
273			}
274
275			/**
276			* @return int
277			*/
278			public function getDate()
279			{
280			return $this->date;
281			}
282
283			/**
284			* @param string $format
285			*
286			* @return mixed
287			*/
288			public function getFileRealName($format = 'S')
289			{
290			$myts = \MyTextSanitizer::getInstance();
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
291			switch ($format) {
292			case 'S':
293			case 'Show':
294			$filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES \| \ENT_HTML5);
295			break;
296			case 'E':
297			case 'Edit':
298			$filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES \| \ENT_HTML5);
299			break;
300			case 'P':
301			case 'Preview':
302			$filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES \| \ENT_HTML5);
303			break;
304			case 'F':
305			case 'InForm':
306			$filerealname = \htmlspecialchars($this->filerealname, \ENT_QUOTES \| \ENT_HTML5);
307			break;
308			}
309
310			return $filerealname;
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$filerealname` does not seem to be defined for all execution paths leading up to this point. Loading history...
311			}
312
313			/**
314			* @param string $format
315			*
316			* @return mixed
317			*/
318			public function getMimetype($format = 'S')
319			{
320			$myts = \MyTextSanitizer::getInstance();
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
321			switch ($format) {
322			case 'S':
323			case 'Show':
324			$filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES \| \ENT_HTML5);
325			break;
326			case 'E':
327			case 'Edit':
328			$filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES \| \ENT_HTML5);
329			break;
330			case 'P':
331			case 'Preview':
332			$filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES \| \ENT_HTML5);
333			break;
334			case 'F':
335			case 'InForm':
336			$filemimetype = \htmlspecialchars($this->mimetype, \ENT_QUOTES \| \ENT_HTML5);
337			break;
338			}
339
340			return $filemimetype;
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$filemimetype` does not seem to be defined for all execution paths leading up to this point. Loading history...
341			}
342
343			/**
344			* @param string $format
345			*
346			* @return mixed
347			*/
348			public function getDownloadname($format = 'S')
349			{
350			$myts = \MyTextSanitizer::getInstance();
			0 ignored issues – show Unused Code introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
351			switch ($format) {
352			case 'S':
353			case 'Show':
354			$filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES \| \ENT_HTML5);
355			break;
356			case 'E':
357			case 'Edit':
358			$filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES \| \ENT_HTML5);
359			break;
360			case 'P':
361			case 'Preview':
362			$filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES \| \ENT_HTML5);
363			break;
364			case 'F':
365			case 'InForm':
366			$filedownname = \htmlspecialchars($this->downloadname, \ENT_QUOTES \| \ENT_HTML5);
367			break;
368			}
369
370			return $filedownname;
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$filedownname` does not seem to be defined for all execution paths leading up to this point. Loading history...
371			}
372
373			// Deprecated
374
375			/**
376			* @param $storyid
377			*
378			* @return mixed
379			*/
380			public function getCountbyStory($storyid)
381			{
382			$sql = 'SELECT count(fileid) AS cnt FROM ' . $this->table . ' WHERE storyid=' . (int)$storyid;
383			$result = $this->db->query($sql);
384			$myrow = $this->db->fetchArray($result);
385
386			return $myrow['cnt'];
387			}
388
389			/**
390			* @param $stories
391			*
392			* @return array
393			*/
394			public function getCountbyStories($stories)
395			{
396			$ret = [];
397			if (\count($stories) > 0) {
398			$sql = 'SELECT storyid, count(fileid) AS cnt FROM ' . $this->table . ' WHERE storyid IN (';
399			$sql .= \implode(',', $stories) . ') GROUP BY storyid';
400			$result = $this->db->query($sql);
401			if ($this->db->isResultSet($result)) {
402			while (false !== ($myrow = $this->db->fetchArray($result))) {
403			$ret[$myrow['storyid']] = $myrow['cnt'];
404			}
405			}
406			}
407
408			return $ret;
409			}
410			}
411

XoopsModules25x / news

Issues (384)

Security Analysis not enabled

class/Files.php (12 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like