Issues in XoopsTopic.php (master) - Issues in master - XoopsModules25x/news - Measure and Improve Code Quality continuously with Scrutinizer

Issues (384)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/XoopsTopic.php (2 issues)

Labels

Severity

Minor 2

<?php declare(strict_types=1);

namespace XoopsModules\News;

/**
 * XOOPS news topic
 *
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 * @copyright       XOOPS Project (https://xoops.org)
 * @license         GNU GPL 2 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
 * @since           2.0.0
 * @author          Kazumi Ono (AKA onokazu) http://www.myweb.ne.jp/, http://jp.xoops.org/
 * @deprecated
 */

//$GLOBALS['xoopsLogger']->addDeprecated("'/class/xoopstopic.php' is deprecated since XOOPS 2.5.4, please create your own class instead.");

// require_once XOOPS_ROOT_PATH . '/modules/news/class/xoopstree.php';

use MyTextSanitizer;
use XoopsDatabaseFactory;
use XoopsPerms;

/**
 * Class XoopsTopic
 */
class XoopsTopic
{
    public $db;
    public $table;
    public $topic_id;
    public $topic_pid;
    public $topic_title;
    public $topic_imgurl;
    public $prefix; // only used in topic tree
    public $use_permission = false;
    public $mid; // module id used for setting permission

    public $menu;
    public $topic_color;
    public $topic_description;
    public $topic_frontpage;
    public $topic_rssurl;

    /**
     * @param     $table
     * @param int $topicid
     */
    public function __construct($table, $topicid = 0)
    {
        /** @var \XoopsMySQLDatabase $db */
        $this->db    = XoopsDatabaseFactory::getDatabaseConnection();
        $this->table = $table;
        if (\is_array($topicid)) {
            $this->makeTopic($topicid);
        } elseif (0 != $topicid) {
            $this->getTopic((int)$topicid);
        } else {
            $this->topic_id = $topicid;
        }
    }

    /**
     * @param $value
     */
    public function setTopicTitle($value): void
    {
        $this->topic_title = $value;
    }

    /**
     * @param $value
     */
    public function setTopicImgurl($value): void
    {
        $this->topic_imgurl = $value;
    }

    /**
     * @param $value
     */
    public function setTopicPid($value): void
    {
        $this->topic_pid = $value;
    }

    /**
     * @param $topicid
     */
    public function getTopic($topicid): void
    {
        $topicid = (int)$topicid;
        $sql     = 'SELECT * FROM ' . $this->table . ' WHERE topic_id=' . $topicid;
        $array   = $this->db->fetchArray($this->db->query($sql));
        $this->makeTopic($array);
    }

    /**
     * @param $array
     */
    public function makeTopic($array): void
    {
        foreach ($array as $key => $value) {
            $this->$key = $value;
        }
    }

    /**
     * @param $mid
     */
    public function usePermission($mid): void
    {
        $this->mid            = $mid;
        $this->use_permission = true;
    }

    /**
     * @return bool
     */
    public function store()
    {
        $myts   = MyTextSanitizer::getInstance();
        $title  = '';
        $imgurl = '';
        if (isset($this->topic_title) && '' !== $this->topic_title) {
            $title = $GLOBALS['xoopsDB']->escape($this->topic_title);
        }
        if (isset($this->topic_imgurl) && '' !== $this->topic_imgurl) {
            $imgurl = $GLOBALS['xoopsDB']->escape($this->topic_imgurl);
        }
        if (!isset($this->topic_pid) || !\is_numeric($this->topic_pid)) {
            $this->topic_pid = 0;
        }
        if (empty($this->topic_id)) {
            $this->topic_id = $this->db->genId($this->table . '_topic_id_seq');
            $sql            = \sprintf("INSERT INTO `%s` (topic_id, topic_pid, topic_imgurl, topic_title) VALUES (%u, %u, '%s', '%s')", $this->table, $this->topic_id, $this->topic_pid, $imgurl, $title);
        } else {
            $sql = \sprintf("UPDATE `%s` SET topic_pid = %u, topic_imgurl = '%s', topic_title = '%s' WHERE topic_id = %u", $this->table, $this->topic_pid, $imgurl, $title, $this->topic_id);
        }
        if (!$result = $this->db->query($sql)) {
            \trigger_error("Query Failed! SQL: $sql- Error: " . $this->db->error(), E_USER_ERROR);
        }
        if ($this->use_permission) {
            if (empty($this->topic_id)) {
                $this->topic_id = $this->db->getInsertId();
            }
            $xt            = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
            $parent_topics = $xt->getAllParentId($this->topic_id);
            if (!empty($this->m_groups) && \is_array($this->m_groups)) {
                foreach ($this->m_groups as $m_g) {
                    $moderate_topics = XoopsPerms::getPermitted($this->mid, 'ModInTopic', $m_g);
                    $add             = true;
                    // only grant this permission when the group has this permission in all parent topics of the created topic
                    foreach ($parent_topics as $p_topic) {
                        if (!\in_array($p_topic, $moderate_topics, true)) {
                            $add = false;
                            continue;
                        }
                    }
                    if ($add) {
                        $xp = new XoopsPerms();
                        $xp->setModuleId($this->mid);
                        $xp->setName('ModInTopic');
                        $xp->setItemId($this->topic_id);
                        $xp->store();
                        $xp->addGroup($m_g);
                    }
                }
            }
            if (!empty($this->s_groups) && \is_array($this->s_groups)) {
                foreach ($this->s_groups as $s_g) {
                    $submit_topics = XoopsPerms::getPermitted($this->mid, 'SubmitInTopic', $s_g);
                    $add           = true;
                    foreach ($parent_topics as $p_topic) {
                        if (!\in_array($p_topic, $submit_topics, true)) {
                            $add = false;
                            continue;
                        }
                    }
                    if ($add) {
                        $xp = new XoopsPerms();
                        $xp->setModuleId($this->mid);
                        $xp->setName('SubmitInTopic');
                        $xp->setItemId($this->topic_id);
                        $xp->store();
                        $xp->addGroup($s_g);
                    }
                }
            }
            if (!empty($this->r_groups) && \is_array($this->r_groups)) {
                foreach ($this->r_groups as $r_g) {
                    $read_topics = XoopsPerms::getPermitted($this->mid, 'ReadInTopic', $r_g);
                    $add         = true;
                    foreach ($parent_topics as $p_topic) {
                        if (!\in_array($p_topic, $read_topics, true)) {
                            $add = false;
                            continue;
                        }
                    }
                    if ($add) {
                        $xp = new XoopsPerms();
                        $xp->setModuleId($this->mid);
                        $xp->setName('ReadInTopic');
                        $xp->setItemId($this->topic_id);
                        $xp->store();
                        $xp->addGroup($r_g);
                    }
                }
            }
        }

        return true;
    }

    public function delete(): void
    {
        $sql = \sprintf('DELETE FROM `%s` WHERE topic_id = %u', $this->table, $this->topic_id);
        $this->db->query($sql);
    }

    /**
     * @return int
     */
    public function topic_id()
    {
        return $this->topic_id;
    }

    public function topic_pid()
    {
        return $this->topic_pid;
    }

    /**
     * @param string $format
     *
     * @return mixed
     */
    public function topic_title($format = 'S')
    {
        $myts = MyTextSanitizer::getInstance();
        switch ($format) {
            case 'S':
            case 'E':
                $title = \htmlspecialchars($this->topic_title, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'P':
            case 'F':
                $title = \htmlspecialchars($this->topic_title, \ENT_QUOTES | \ENT_HTML5);
                break;
        }

        return $title;

    }

    /**
     * @param string $format
     *
     * @return mixed
     */
    public function topic_imgurl($format = 'S')
    {
        $myts = MyTextSanitizer::getInstance();
        switch ($format) {
            case 'S':
            case 'E':
                $imgurl = \htmlspecialchars($this->topic_imgurl, \ENT_QUOTES | \ENT_HTML5);
                break;
            case 'P':
            case 'F':
                $imgurl = \htmlspecialchars($this->topic_imgurl, \ENT_QUOTES | \ENT_HTML5);
                break;
        }

        return $imgurl;

    }

    /**
     * @return null
     */
    public function prefix()
    {
        return $this->prefix ?? null;
    }

    /**
     * @return array
     */
    public function getFirstChildTopics()
    {
        $ret       = [];
        $xt        = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
        $topic_arr = $xt->getFirstChild($this->topic_id, 'topic_title');
        if (\is_array($topic_arr) && \count($topic_arr)) {
            foreach ($topic_arr as $topic) {
                $ret[] = new self($this->table, $topic);
            }
        }

        return $ret;
    }

    /**
     * @return array
     */
    public function getAllChildTopics()
    {
        $ret       = [];
        $xt        = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
        $topic_arr = $xt->getAllChild($this->topic_id, 'topic_title');
        if (\is_array($topic_arr) && \count($topic_arr)) {
            foreach ($topic_arr as $topic) {
                $ret[] = new self($this->table, $topic);
            }
        }

        return $ret;
    }

    /**
     * @return array
     */
    public function getChildTopicsTreeArray()
    {
        $ret       = [];
        $xt        = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
        $topic_arr = $xt->getChildTreeArray($this->topic_id, 'topic_title');
        if (\is_array($topic_arr) && \count($topic_arr)) {
            foreach ($topic_arr as $topic) {
                $ret[] = new self($this->table, $topic);
            }
        }

        return $ret;
    }

    /**
     * @param int    $none
     * @param        $seltopic
     * @param string $selname
     * @param string $onchange
     */
    public function makeTopicSelBox($none = 0, $seltopic = -1, $selname = '', $onchange = ''): void
    {
        $xt = new XoopsTree($this->table, 'topic_id', 'topic_pid');
        if (-1 != $seltopic) {
            $xt->makeMySelBox('topic_title', 'topic_title', $seltopic, $none, $selname, $onchange);
        } elseif (!empty($this->topic_id)) {
            $xt->makeMySelBox('topic_title', 'topic_title', $this->topic_id, $none, $selname, $onchange);
        } else {
            $xt->makeMySelBox('topic_title', 'topic_title', 0, $none, $selname, $onchange);
        }
    }

    //generates nicely formatted linked path from the root id to a given id

    /**
     * @param $funcURL
     *
     * @return mixed
     */
    public function getNiceTopicPathFromId($funcURL)
    {
        $xt  = new XoopsTree($this->table, 'topic_id', 'topic_pid');
        $ret = $xt->getNicePathFromId($this->topic_id, 'topic_title', $funcURL);

        return $ret;
    }

    /**
     * @return mixed
     */
    public function getAllChildTopicsId()
    {
        $xt  = new XoopsTree($this->table, 'topic_id', 'topic_pid');
        $ret = $xt->getAllChildId($this->topic_id, 'topic_title');

        return $ret;
    }

    /**
     * @return array
     */
    public function getTopicsList()
    {
        $ret    = [];
        $result = $this->db->query('SELECT topic_id, topic_pid, topic_title FROM ' . $this->table);
        if ($result) {
            $myts = MyTextSanitizer::getInstance();
            while (false !== ($myrow = $this->db->fetchArray($result))) {
                $ret[$myrow['topic_id']] = [
                    'title' => \htmlspecialchars($myrow['topic_title'], \ENT_QUOTES | \ENT_HTML5),
                    'pid'   => $myrow['topic_pid'],
                ];
            }
        }

        return $ret;
    }

    /**
     * @param $pid
     * @param $title
     *
     * @return bool
     */
    public function topicExists($pid, $title)
    {
        $sql = 'SELECT COUNT(*) FROM ' . $this->table . ' WHERE topic_pid = ' . (int)$pid . " AND topic_title = '" . \trim($title) . "'";
        $rs  = $this->db->query($sql);
        [$count] = $this->db->fetchRow($rs);
        if ($count > 0) {
            return true;
        }

        return false;
    }
}


1			<?php declare(strict_types=1);
2
3			namespace XoopsModules\News;
4
5			/**
6			* XOOPS news topic
7			*
8			* You may not change or alter any portion of this comment or credits
9			* of supporting developers from this source code or any supporting source code
10			* which is considered copyrighted (c) material of the original comment or credit authors.
11			* This program is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14			*
15			* @copyright XOOPS Project (https://xoops.org)
16			* @license GNU GPL 2 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
17			* @since 2.0.0
18			* @author Kazumi Ono (AKA onokazu) http://www.myweb.ne.jp/, http://jp.xoops.org/
19			* @deprecated
20			*/
21
22			//$GLOBALS['xoopsLogger']->addDeprecated("'/class/xoopstopic.php' is deprecated since XOOPS 2.5.4, please create your own class instead.");
23
24			// require_once XOOPS_ROOT_PATH . '/modules/news/class/xoopstree.php';
25
26			use MyTextSanitizer;
27			use XoopsDatabaseFactory;
28			use XoopsPerms;
29
30			/**
31			* Class XoopsTopic
32			*/
33			class XoopsTopic
34			{
35			public $db;
36			public $table;
37			public $topic_id;
38			public $topic_pid;
39			public $topic_title;
40			public $topic_imgurl;
41			public $prefix; // only used in topic tree
42			public $use_permission = false;
43			public $mid; // module id used for setting permission
44
45			public $menu;
46			public $topic_color;
47			public $topic_description;
48			public $topic_frontpage;
49			public $topic_rssurl;
50
51			/**
52			* @param $table
53			* @param int $topicid
54			*/
55			public function __construct($table, $topicid = 0)
56			{
57			/** @var \XoopsMySQLDatabase $db */
58			$this->db = XoopsDatabaseFactory::getDatabaseConnection();
59			$this->table = $table;
60			if (\is_array($topicid)) {
61			$this->makeTopic($topicid);
62			} elseif (0 != $topicid) {
63			$this->getTopic((int)$topicid);
64			} else {
65			$this->topic_id = $topicid;
66			}
67			}
68
69			/**
70			* @param $value
71			*/
72			public function setTopicTitle($value): void
73			{
74			$this->topic_title = $value;
75			}
76
77			/**
78			* @param $value
79			*/
80			public function setTopicImgurl($value): void
81			{
82			$this->topic_imgurl = $value;
83			}
84
85			/**
86			* @param $value
87			*/
88			public function setTopicPid($value): void
89			{
90			$this->topic_pid = $value;
91			}
92
93			/**
94			* @param $topicid
95			*/
96			public function getTopic($topicid): void
97			{
98			$topicid = (int)$topicid;
99			$sql = 'SELECT * FROM ' . $this->table . ' WHERE topic_id=' . $topicid;
100			$array = $this->db->fetchArray($this->db->query($sql));
101			$this->makeTopic($array);
102			}
103
104			/**
105			* @param $array
106			*/
107			public function makeTopic($array): void
108			{
109			foreach ($array as $key => $value) {
110			$this->$key = $value;
111			}
112			}
113
114			/**
115			* @param $mid
116			*/
117			public function usePermission($mid): void
118			{
119			$this->mid = $mid;
120			$this->use_permission = true;
121			}
122
123			/**
124			* @return bool
125			*/
126			public function store()
127			{
128			$myts = MyTextSanitizer::getInstance();
129			$title = '';
130			$imgurl = '';
131			if (isset($this->topic_title) && '' !== $this->topic_title) {
132			$title = $GLOBALS['xoopsDB']->escape($this->topic_title);
133			}
134			if (isset($this->topic_imgurl) && '' !== $this->topic_imgurl) {
135			$imgurl = $GLOBALS['xoopsDB']->escape($this->topic_imgurl);
136			}
137			if (!isset($this->topic_pid) \|\| !\is_numeric($this->topic_pid)) {
138			$this->topic_pid = 0;
139			}
140			if (empty($this->topic_id)) {
141			$this->topic_id = $this->db->genId($this->table . '_topic_id_seq');
142			$sql = \sprintf("INSERT INTO `%s` (topic_id, topic_pid, topic_imgurl, topic_title) VALUES (%u, %u, '%s', '%s')", $this->table, $this->topic_id, $this->topic_pid, $imgurl, $title);
143			} else {
144			$sql = \sprintf("UPDATE `%s` SET topic_pid = %u, topic_imgurl = '%s', topic_title = '%s' WHERE topic_id = %u", $this->table, $this->topic_pid, $imgurl, $title, $this->topic_id);
145			}
146			if (!$result = $this->db->query($sql)) {
147			\trigger_error("Query Failed! SQL: $sql- Error: " . $this->db->error(), E_USER_ERROR);
148			}
149			if ($this->use_permission) {
150			if (empty($this->topic_id)) {
151			$this->topic_id = $this->db->getInsertId();
152			}
153			$xt = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
154			$parent_topics = $xt->getAllParentId($this->topic_id);
155			if (!empty($this->m_groups) && \is_array($this->m_groups)) {
156			foreach ($this->m_groups as $m_g) {
157			$moderate_topics = XoopsPerms::getPermitted($this->mid, 'ModInTopic', $m_g);
158			$add = true;
159			// only grant this permission when the group has this permission in all parent topics of the created topic
160			foreach ($parent_topics as $p_topic) {
161			if (!\in_array($p_topic, $moderate_topics, true)) {
162			$add = false;
163			continue;
164			}
165			}
166			if ($add) {
167			$xp = new XoopsPerms();
168			$xp->setModuleId($this->mid);
169			$xp->setName('ModInTopic');
170			$xp->setItemId($this->topic_id);
171			$xp->store();
172			$xp->addGroup($m_g);
173			}
174			}
175			}
176			if (!empty($this->s_groups) && \is_array($this->s_groups)) {
177			foreach ($this->s_groups as $s_g) {
178			$submit_topics = XoopsPerms::getPermitted($this->mid, 'SubmitInTopic', $s_g);
179			$add = true;
180			foreach ($parent_topics as $p_topic) {
181			if (!\in_array($p_topic, $submit_topics, true)) {
182			$add = false;
183			continue;
184			}
185			}
186			if ($add) {
187			$xp = new XoopsPerms();
188			$xp->setModuleId($this->mid);
189			$xp->setName('SubmitInTopic');
190			$xp->setItemId($this->topic_id);
191			$xp->store();
192			$xp->addGroup($s_g);
193			}
194			}
195			}
196			if (!empty($this->r_groups) && \is_array($this->r_groups)) {
197			foreach ($this->r_groups as $r_g) {
198			$read_topics = XoopsPerms::getPermitted($this->mid, 'ReadInTopic', $r_g);
199			$add = true;
200			foreach ($parent_topics as $p_topic) {
201			if (!\in_array($p_topic, $read_topics, true)) {
202			$add = false;
203			continue;
204			}
205			}
206			if ($add) {
207			$xp = new XoopsPerms();
208			$xp->setModuleId($this->mid);
209			$xp->setName('ReadInTopic');
210			$xp->setItemId($this->topic_id);
211			$xp->store();
212			$xp->addGroup($r_g);
213			}
214			}
215			}
216			}
217
218			return true;
219			}
220
221			public function delete(): void
222			{
223			$sql = \sprintf('DELETE FROM `%s` WHERE topic_id = %u', $this->table, $this->topic_id);
224			$this->db->query($sql);
225			}
226
227			/**
228			* @return int
229			*/
230			public function topic_id()
231			{
232			return $this->topic_id;
233			}
234
235			public function topic_pid()
236			{
237			return $this->topic_pid;
238			}
239
240			/**
241			* @param string $format
242			*
243			* @return mixed
244			*/
245			public function topic_title($format = 'S')
246			{
247			$myts = MyTextSanitizer::getInstance();
248			switch ($format) {
249			case 'S':
250			case 'E':
251			$title = \htmlspecialchars($this->topic_title, \ENT_QUOTES \| \ENT_HTML5);
252			break;
253			case 'P':
254			case 'F':
255			$title = \htmlspecialchars($this->topic_title, \ENT_QUOTES \| \ENT_HTML5);
256			break;
257			}
258
259			return $title;
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$title` does not seem to be defined for all execution paths leading up to this point. Loading history...
260			}
261
262			/**
263			* @param string $format
264			*
265			* @return mixed
266			*/
267			public function topic_imgurl($format = 'S')
268			{
269			$myts = MyTextSanitizer::getInstance();
270			switch ($format) {
271			case 'S':
272			case 'E':
273			$imgurl = \htmlspecialchars($this->topic_imgurl, \ENT_QUOTES \| \ENT_HTML5);
274			break;
275			case 'P':
276			case 'F':
277			$imgurl = \htmlspecialchars($this->topic_imgurl, \ENT_QUOTES \| \ENT_HTML5);
278			break;
279			}
280
281			return $imgurl;
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-11-09 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$imgurl` does not seem to be defined for all execution paths leading up to this point. Loading history...
282			}
283
284			/**
285			* @return null
286			*/
287			public function prefix()
288			{
289			return $this->prefix ?? null;
290			}
291
292			/**
293			* @return array
294			*/
295			public function getFirstChildTopics()
296			{
297			$ret = [];
298			$xt = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
299			$topic_arr = $xt->getFirstChild($this->topic_id, 'topic_title');
300			if (\is_array($topic_arr) && \count($topic_arr)) {
301			foreach ($topic_arr as $topic) {
302			$ret[] = new self($this->table, $topic);
303			}
304			}
305
306			return $ret;
307			}
308
309			/**
310			* @return array
311			*/
312			public function getAllChildTopics()
313			{
314			$ret = [];
315			$xt = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
316			$topic_arr = $xt->getAllChild($this->topic_id, 'topic_title');
317			if (\is_array($topic_arr) && \count($topic_arr)) {
318			foreach ($topic_arr as $topic) {
319			$ret[] = new self($this->table, $topic);
320			}
321			}
322
323			return $ret;
324			}
325
326			/**
327			* @return array
328			*/
329			public function getChildTopicsTreeArray()
330			{
331			$ret = [];
332			$xt = new \XoopsTree($this->table, 'topic_id', 'topic_pid');
333			$topic_arr = $xt->getChildTreeArray($this->topic_id, 'topic_title');
334			if (\is_array($topic_arr) && \count($topic_arr)) {
335			foreach ($topic_arr as $topic) {
336			$ret[] = new self($this->table, $topic);
337			}
338			}
339
340			return $ret;
341			}
342
343			/**
344			* @param int $none
345			* @param $seltopic
346			* @param string $selname
347			* @param string $onchange
348			*/
349			public function makeTopicSelBox($none = 0, $seltopic = -1, $selname = '', $onchange = ''): void
350			{
351			$xt = new XoopsTree($this->table, 'topic_id', 'topic_pid');
352			if (-1 != $seltopic) {
353			$xt->makeMySelBox('topic_title', 'topic_title', $seltopic, $none, $selname, $onchange);
354			} elseif (!empty($this->topic_id)) {
355			$xt->makeMySelBox('topic_title', 'topic_title', $this->topic_id, $none, $selname, $onchange);
356			} else {
357			$xt->makeMySelBox('topic_title', 'topic_title', 0, $none, $selname, $onchange);
358			}
359			}
360
361			//generates nicely formatted linked path from the root id to a given id
362
363			/**
364			* @param $funcURL
365			*
366			* @return mixed
367			*/
368			public function getNiceTopicPathFromId($funcURL)
369			{
370			$xt = new XoopsTree($this->table, 'topic_id', 'topic_pid');
371			$ret = $xt->getNicePathFromId($this->topic_id, 'topic_title', $funcURL);
372
373			return $ret;
374			}
375
376			/**
377			* @return mixed
378			*/
379			public function getAllChildTopicsId()
380			{
381			$xt = new XoopsTree($this->table, 'topic_id', 'topic_pid');
382			$ret = $xt->getAllChildId($this->topic_id, 'topic_title');
383
384			return $ret;
385			}
386
387			/**
388			* @return array
389			*/
390			public function getTopicsList()
391			{
392			$ret = [];
393			$result = $this->db->query('SELECT topic_id, topic_pid, topic_title FROM ' . $this->table);
394			if ($result) {
395			$myts = MyTextSanitizer::getInstance();
396			while (false !== ($myrow = $this->db->fetchArray($result))) {
397			$ret[$myrow['topic_id']] = [
398			'title' => \htmlspecialchars($myrow['topic_title'], \ENT_QUOTES \| \ENT_HTML5),
399			'pid' => $myrow['topic_pid'],
400			];
401			}
402			}
403
404			return $ret;
405			}
406
407			/**
408			* @param $pid
409			* @param $title
410			*
411			* @return bool
412			*/
413			public function topicExists($pid, $title)
414			{
415			$sql = 'SELECT COUNT(*) FROM ' . $this->table . ' WHERE topic_pid = ' . (int)$pid . " AND topic_title = '" . \trim($title) . "'";
416			$rs = $this->db->query($sql);
417			[$count] = $this->db->fetchRow($rs);
418			if ($count > 0) {
419			return true;
420			}
421
422			return false;
423			}
424			}
425

XoopsModules25x / news

Issues (384)

Security Analysis not enabled

class/XoopsTopic.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like