Issues in download.php - All Issues - Inspection of "remove travis" - XoopsModules25x/oledrion - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (00e474)

by Michael

created 2016-10-10 11:01 UTC

download.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 * oledrion
 *
 * @copyright   The XOOPS Project http://sourceforge.net/projects/xoops/
 * @license     http://www.fsf.org/copyleft/gpl.html GNU public license
 * @author      Hervé Thouzard (http://www.herve-thouzard.com/)
 * @version     $Id: download.php 12290 2014-02-07 11:05:17Z beckmi $
 */

/**
 * Téléchargement de fichier après passage d'une commande (et validation de celle-ci)
 */
require_once 'header.php';
error_reporting(0);
@$xoopsLogger->activated = false;
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

$download_id = isset($_GET['download_id']) ? $_GET['download_id'] : '';

// TODO: Permettre au webmaster de réactiver un téléchargement

if (xoops_trim($download_id) == '') {
    oledrion_utils::redirect(_OLEDRION_ERROR13, OLEDRION_URL, 5);
}

// Recherche dans les caddy du produit associé
$caddy = null;
$caddy = $h_oledrion_caddy->getCaddyFromPassword($download_id);
if (!is_object($caddy)) {
    oledrion_utils::redirect(_OLEDRION_ERROR14, OLEDRION_URL, 5);
}

// Recherche du produit associé
$product = null;
$product = $h_oledrion_products->get($caddy->getVar('caddy_product_id'));
if ($product == null) {
    oledrion_utils::redirect(_OLEDRION_ERROR15, OLEDRION_URL, 5);
}

// On vérifie que la commande associée est payée
$order = null;
$order = $h_oledrion_commands->get($caddy->getVar('caddy_cmd_id'));
if ($order == null) {
    oledrion_utils::redirect(_OLEDRION_ERROR16, OLEDRION_URL, 5);
}

// Tout est bon, on peut envoyer le fichier au navigateur, s'il y a un fichier à télécharger, et s'il existe
$file = '';
$file = $product->getVar('product_download_url');
if (xoops_trim($file) == '') {
    oledrion_utils::redirect(_OLEDRION_ERROR17, OLEDRION_URL, 5);
}
if (!file_exists($file)) {
    oledrion_utils::redirect(_OLEDRION_ERROR18, OLEDRION_URL, 5);
}

// Mise à jour, le fichier n'est plus disponible au téléchargement
$h_oledrion_caddy->markCaddyAsNotDownloadableAnyMore($caddy);

$fileContent = file_get_contents($file);
// Plugins ************************************************
$plugins = oledrion_plugins::getInstance();
$parameters = new oledrion_parameters(array('fileContent' => $fileContent, 'product' => $product, 'order' => $order, 'fullFilename' => $file));
$parameters = $plugins->fireFilter(oledrion_plugins::EVENT_ON_PRODUCT_DOWNLOAD, $parameters);
if (trim($parameters['fileContent']) != '') {
    $fileContent = $parameters['fileContent'];
}
// *********************************************************
// Et affichage du fichier avec le type mime qui va bien
header("Content-Type: " . oledrion_utils::getMimeType($file));
header('Content-disposition: inline; filename="' . basename($file) . '"');
echo $fileContent;


1			<?php
2			/*
3			You may not change or alter any portion of this comment or credits
4			of supporting developers from this source code or any supporting source code
5			which is considered copyrighted (c) material of the original comment or credit authors.
6
7			This program is distributed in the hope that it will be useful,
8			but WITHOUT ANY WARRANTY; without even the implied warranty of
9			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* oledrion
14			*
15			* @copyright The XOOPS Project http://sourceforge.net/projects/xoops/
16			* @license http://www.fsf.org/copyleft/gpl.html GNU public license
17			* @author Hervé Thouzard (http://www.herve-thouzard.com/)
18			* @version $Id: download.php 12290 2014-02-07 11:05:17Z beckmi $
19			*/
20
21			/**
22			* Téléchargement de fichier après passage d'une commande (et validation de celle-ci)
23			*/
24			require_once 'header.php';
25			error_reporting(0);
26			@$xoopsLogger->activated = false;
			0 ignored issues – show Security Best Practice introduced 2016-01-18 10:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
27
28			$download_id = isset($_GET['download_id']) ? $_GET['download_id'] : '';
29
30			// TODO: Permettre au webmaster de réactiver un téléchargement
31
32			if (xoops_trim($download_id) == '') {
33			oledrion_utils::redirect(_OLEDRION_ERROR13, OLEDRION_URL, 5);
34			}
35
36			// Recherche dans les caddy du produit associé
37			$caddy = null;
38			$caddy = $h_oledrion_caddy->getCaddyFromPassword($download_id);
39			if (!is_object($caddy)) {
40			oledrion_utils::redirect(_OLEDRION_ERROR14, OLEDRION_URL, 5);
41			}
42
43			// Recherche du produit associé
44			$product = null;
45			$product = $h_oledrion_products->get($caddy->getVar('caddy_product_id'));
46			if ($product == null) {
47			oledrion_utils::redirect(_OLEDRION_ERROR15, OLEDRION_URL, 5);
48			}
49
50			// On vérifie que la commande associée est payée
51			$order = null;
52			$order = $h_oledrion_commands->get($caddy->getVar('caddy_cmd_id'));
53			if ($order == null) {
54			oledrion_utils::redirect(_OLEDRION_ERROR16, OLEDRION_URL, 5);
55			}
56
57			// Tout est bon, on peut envoyer le fichier au navigateur, s'il y a un fichier à télécharger, et s'il existe
58			$file = '';
59			$file = $product->getVar('product_download_url');
60			if (xoops_trim($file) == '') {
61			oledrion_utils::redirect(_OLEDRION_ERROR17, OLEDRION_URL, 5);
62			}
63			if (!file_exists($file)) {
64			oledrion_utils::redirect(_OLEDRION_ERROR18, OLEDRION_URL, 5);
65			}
66
67			// Mise à jour, le fichier n'est plus disponible au téléchargement
68			$h_oledrion_caddy->markCaddyAsNotDownloadableAnyMore($caddy);
69
70			$fileContent = file_get_contents($file);
71			// Plugins ************************************************
72			$plugins = oledrion_plugins::getInstance();
73			$parameters = new oledrion_parameters(array('fileContent' => $fileContent, 'product' => $product, 'order' => $order, 'fullFilename' => $file));
74			$parameters = $plugins->fireFilter(oledrion_plugins::EVENT_ON_PRODUCT_DOWNLOAD, $parameters);
75			if (trim($parameters['fileContent']) != '') {
76			$fileContent = $parameters['fileContent'];
77			}
78			// *********************************************************
79			// Et affichage du fichier avec le type mime qui va bien
80			header("Content-Type: " . oledrion_utils::getMimeType($file));
81			header('Content-disposition: inline; filename="' . basename($file) . '"');
82			echo $fileContent;
83

XoopsModules25x / oledrion

Branch — master (00e474)

download.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like