Issues in download.php - All Issues - Inspection of "Merge pull request #6 from mambax7/master" - XoopsModules25x/oledrion - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 00e474...9d3fbd )

by Michael

created 2017-05-24 21:17 UTC

download.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 * oledrion
 *
 * @copyright   {@link http://xoops.org/ XOOPS Project}
 * @license     {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
 * @author      Hervé Thouzard (http://www.herve-thouzard.com/)
 */

/**
 * Téléchargement de fichier après passage d'une commande (et validation de celle-ci)
 */
require_once __DIR__ . '/header.php';
error_reporting(0);
@$xoopsLogger->activated = false;
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

$download_id = isset($_GET['download_id']) ? $_GET['download_id'] : '';

// TODO: Permettre au webmaster de réactiver un téléchargement

if (xoops_trim($download_id) == '') {
    Oledrion_utils::redirect(_OLEDRION_ERROR13, OLEDRION_URL, 5);
}

// Recherche dans les caddy du produit associé
$caddy = null;
$caddy = $h_oledrion_caddy->getCaddyFromPassword($download_id);
if (!is_object($caddy)) {
    Oledrion_utils::redirect(_OLEDRION_ERROR14, OLEDRION_URL, 5);
}

// Recherche du produit associé
$product = null;
$product = $h_oledrion_products->get($caddy->getVar('caddy_product_id'));
if (null === $product) {
    Oledrion_utils::redirect(_OLEDRION_ERROR15, OLEDRION_URL, 5);
}

// On vérifie que la commande associée est payée
$order = null;
$order = $h_oledrion_commands->get($caddy->getVar('caddy_cmd_id'));
if (null === $order) {
    Oledrion_utils::redirect(_OLEDRION_ERROR16, OLEDRION_URL, 5);
}

// Tout est bon, on peut envoyer le fichier au navigateur, s'il y a un fichier à télécharger, et s'il existe
$file = '';
$file = $product->getVar('product_download_url');
if (xoops_trim($file) == '') {
    Oledrion_utils::redirect(_OLEDRION_ERROR17, OLEDRION_URL, 5);
}
if (!file_exists($file)) {
    Oledrion_utils::redirect(_OLEDRION_ERROR18, OLEDRION_URL, 5);
}

// Mise à jour, le fichier n'est plus disponible au téléchargement
$h_oledrion_caddy->markCaddyAsNotDownloadableAnyMore($caddy);

$fileContent = file_get_contents($file);
// Plugins ************************************************
$plugins    = Oledrion_plugins::getInstance();
$parameters = new Oledrion_parameters(array(
                                          'fileContent'  => $fileContent,
                                          'product'      => $product,
                                          'order'        => $order,
                                          'fullFilename' => $file
                                      ));
$parameters = $plugins->fireFilter(Oledrion_plugins::EVENT_ON_PRODUCT_DOWNLOAD, $parameters);
if (trim($parameters['fileContent']) != '') {
    $fileContent = $parameters['fileContent'];
}
// *********************************************************
// Et affichage du fichier avec le type mime qui va bien
header('Content-Type: ' . Oledrion_utils::getMimeType($file));
header('Content-disposition: inline; filename="' . basename($file) . '"');
echo $fileContent;


1			<?php
2			/*
3			You may not change or alter any portion of this comment or credits
4			of supporting developers from this source code or any supporting source code
5			which is considered copyrighted (c) material of the original comment or credit authors.
6
7			This program is distributed in the hope that it will be useful,
8			but WITHOUT ANY WARRANTY; without even the implied warranty of
9			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* oledrion
14			*
15			* @copyright {@link http://xoops.org/ XOOPS Project}
16			* @license {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
17			* @author Hervé Thouzard (http://www.herve-thouzard.com/)
18			*/
19
20			/**
21			* Téléchargement de fichier après passage d'une commande (et validation de celle-ci)
22			*/
23			require_once __DIR__ . '/header.php';
24			error_reporting(0);
25			@$xoopsLogger->activated = false;
			0 ignored issues – show Security Best Practice introduced 2016-01-18 10:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
26
27			$download_id = isset($_GET['download_id']) ? $_GET['download_id'] : '';
28
29			// TODO: Permettre au webmaster de réactiver un téléchargement
30
31			if (xoops_trim($download_id) == '') {
32			Oledrion_utils::redirect(_OLEDRION_ERROR13, OLEDRION_URL, 5);
33			}
34
35			// Recherche dans les caddy du produit associé
36			$caddy = null;
37			$caddy = $h_oledrion_caddy->getCaddyFromPassword($download_id);
38			if (!is_object($caddy)) {
39			Oledrion_utils::redirect(_OLEDRION_ERROR14, OLEDRION_URL, 5);
40			}
41
42			// Recherche du produit associé
43			$product = null;
44			$product = $h_oledrion_products->get($caddy->getVar('caddy_product_id'));
45			if (null === $product) {
46			Oledrion_utils::redirect(_OLEDRION_ERROR15, OLEDRION_URL, 5);
47			}
48
49			// On vérifie que la commande associée est payée
50			$order = null;
51			$order = $h_oledrion_commands->get($caddy->getVar('caddy_cmd_id'));
52			if (null === $order) {
53			Oledrion_utils::redirect(_OLEDRION_ERROR16, OLEDRION_URL, 5);
54			}
55
56			// Tout est bon, on peut envoyer le fichier au navigateur, s'il y a un fichier à télécharger, et s'il existe
57			$file = '';
58			$file = $product->getVar('product_download_url');
59			if (xoops_trim($file) == '') {
60			Oledrion_utils::redirect(_OLEDRION_ERROR17, OLEDRION_URL, 5);
61			}
62			if (!file_exists($file)) {
63			Oledrion_utils::redirect(_OLEDRION_ERROR18, OLEDRION_URL, 5);
64			}
65
66			// Mise à jour, le fichier n'est plus disponible au téléchargement
67			$h_oledrion_caddy->markCaddyAsNotDownloadableAnyMore($caddy);
68
69			$fileContent = file_get_contents($file);
70			// Plugins ************************************************
71			$plugins = Oledrion_plugins::getInstance();
72			$parameters = new Oledrion_parameters(array(
73			'fileContent' => $fileContent,
74			'product' => $product,
75			'order' => $order,
76			'fullFilename' => $file
77			));
78			$parameters = $plugins->fireFilter(Oledrion_plugins::EVENT_ON_PRODUCT_DOWNLOAD, $parameters);
79			if (trim($parameters['fileContent']) != '') {
80			$fileContent = $parameters['fileContent'];
81			}
82			// *********************************************************
83			// Et affichage du fichier avec le type mime qui va bien
84			header('Content-Type: ' . Oledrion_utils::getMimeType($file));
85			header('Content-disposition: inline; filename="' . basename($file) . '"');
86			echo $fileContent;
87

XoopsModules25x / oledrion

Push — master ( 00e474...9d3fbd )

download.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like