This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | /* |
||
5 | * You may not change or alter any portion of this comment or credits |
||
6 | * of supporting developers from this source code or any supporting source code |
||
7 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
8 | * |
||
9 | * This program is distributed in the hope that it will be useful, |
||
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
12 | */ |
||
13 | |||
14 | /** |
||
15 | * @copyright XOOPS Project (https://xoops.org) |
||
16 | * @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html) |
||
17 | * @package RSSFit - Extendable XML news feed generator |
||
18 | * @author NS Tai (aka tuff) <http://www.brandycoke.com> |
||
19 | * @author XOOPS Development Team |
||
20 | */ |
||
21 | |||
22 | use Xmf\Request; |
||
23 | use XoopsModules\Rssfit\{ |
||
24 | Helper, |
||
25 | PluginHandler |
||
26 | }; |
||
27 | |||
28 | /** @var PluginHandler $pluginHandler */ |
||
29 | |||
30 | if (!preg_match('#/rssfit/admin/#', $_SERVER['SCRIPT_NAME'])) { |
||
31 | redirect_header('index.php'); |
||
32 | } |
||
33 | |||
34 | /** @varHelper $helper */ |
||
35 | $helper = Helper::getInstance(); |
||
36 | |||
37 | switch ($op) { |
||
38 | default: |
||
39 | $ret = ''; |
||
40 | // activated plugins |
||
41 | $criteria = new \Criteria('rssf_activated', '1'); |
||
42 | $plugins = $pluginHandler->getObjects2($criteria, 'p_activated'); |
||
43 | if ($plugins) { |
||
44 | $ret .= "<table cellspacing='1' class='outer' width='100%'>\n" |
||
45 | . "<tr><th colspan='5'>" |
||
46 | . _AM_RSSFIT_PLUGIN_ACTIVATED |
||
47 | . "</th></tr>\n" |
||
48 | . "<tr>\n<td class='head' align='center' width='30%'>" |
||
49 | . _AM_RSSFIT_PLUGIN_FILENAME |
||
50 | . "</td>\n" |
||
51 | . "<td class='head' align='center'>" |
||
52 | . _AM_RSSFIT_PLUGIN_MODNAME |
||
53 | . "</td>\n" |
||
54 | . "<td class='head' align='center'>" |
||
55 | . _AM_RSSFIT_PLUGIN_SHOWXENTRIES |
||
56 | . "</td>\n" |
||
57 | . "<td class='head' align='center'>" |
||
58 | . _AM_RSSFIT_PLUGIN_ORDER |
||
59 | . "</td>\n" |
||
60 | . "<td class='head' align='center' width='20%'>" |
||
61 | . _AM_RSSFIT_ACTION |
||
62 | . "</td>\n" |
||
63 | . "</tr>\n"; |
||
64 | foreach ($plugins as $p) { |
||
65 | $handler = $pluginHandler->checkPlugin($p); |
||
66 | if ($handler) { |
||
67 | $id = $p->getVar('rssf_conf_id'); |
||
68 | $entries = new \XoopsFormText('', 'rssf_grab[' . $id . ']', 3, 2, $p->getVar('rssf_grab')); |
||
69 | $order = new \XoopsFormText('', 'rssf_order[' . $id . ']', 3, 2, $p->getVar('rssf_order')); |
||
70 | $action = new \XoopsFormSelect('', 'action[' . $id . ']', ''); |
||
71 | $action->addOption('', _SELECT); |
||
72 | $action->addOption('d', _AM_RSSFIT_PLUGIN_DEACTIVATE); |
||
73 | $action->addOption('u', _AM_RSSFIT_PLUGIN_UNINSTALL); |
||
74 | $ret .= "<tr>\n" |
||
75 | . "<td class='odd' align='center'>" |
||
76 | . $p->getVar('rssf_filename') |
||
77 | . "</td>\n" |
||
78 | . "<td class='even' align='center'>" |
||
79 | . $handler->modname |
||
80 | . "</td>\n" |
||
81 | . "<td class='odd' align='center'>" |
||
82 | . $entries->render() |
||
83 | . "</td>\n" |
||
84 | . "<td class='odd' align='center'>" |
||
85 | . $order->render() |
||
86 | . "</td>\n" |
||
87 | . "<td class='odd' align='center'>" |
||
88 | . $action->render() |
||
89 | . "</td>\n"; |
||
90 | $ret .= "</tr>\n"; |
||
91 | } else { |
||
92 | $pluginHandler->forceDeactivate($p); |
||
93 | } |
||
94 | } |
||
95 | $ret .= "</table>\n"; |
||
96 | } |
||
97 | |||
98 | // inactive plugins |
||
99 | $plugins = $pluginHandler->getObjects2(new \Criteria('rssf_activated', '0'), 'p_inactive'); |
||
100 | if ($plugins) { |
||
101 | $ret .= "<br>\n<table cellspacing='1' class='outer' width='100%'>\n" |
||
102 | . "<tr><th colspan='3'>" |
||
103 | . _AM_RSSFIT_PLUGIN_INACTIVE |
||
104 | . "</th></tr>\n" |
||
105 | . "<tr>\n<td class='head' align='center' width='30%'>" |
||
106 | . _AM_RSSFIT_PLUGIN_FILENAME |
||
107 | . "</td>\n" |
||
108 | . "<td class='head' align='center'>" |
||
109 | . _AM_RSSFIT_PLUGIN_MODNAME |
||
110 | . "</td>\n" |
||
111 | . "<td class='head' align='center' width='20%'>" |
||
112 | . _AM_RSSFIT_ACTION |
||
113 | . "</td>\n" |
||
114 | . "</tr>\n"; |
||
115 | foreach ($plugins as $p) { |
||
116 | $id = $p->getVar('rssf_conf_id'); |
||
117 | $action = new \XoopsFormSelect('', 'action[' . $id . ']', ''); |
||
118 | $action->addOption('', _SELECT); |
||
119 | $ret .= "<tr>\n" . "<td class='odd' align='center'>" . $p->getVar('rssf_filename') . "</td>\n" . "<td class='even' align='center'>"; |
||
120 | $handler = $pluginHandler->checkPlugin($p); |
||
121 | if ($handler) { |
||
122 | $ret .= $handler->modname; |
||
123 | $action->addOption('a', _AM_RSSFIT_PLUGIN_ACTIVATE); |
||
124 | } elseif (count($p->getErrors()) > 0) { |
||
125 | $ret .= '<b>' . _ERRORS . "</b>\n"; |
||
126 | foreach ($p->getErrors() as $e) { |
||
127 | $ret .= '<br>' . $e; |
||
128 | } |
||
129 | } else { |
||
130 | $ret .= '<b>' . _AM_RSSFIT_PLUGIN_UNKNOWNERROR . '</b>'; |
||
131 | } |
||
132 | |||
133 | $ret .= "</td>\n"; |
||
134 | $action->addOption('u', _AM_RSSFIT_PLUGIN_UNINSTALL); |
||
135 | $ret .= "<td class='odd' align='center'>" . $action->render() . "</td>\n"; |
||
136 | } |
||
137 | $ret .= "</table>\n"; |
||
138 | } |
||
139 | |||
140 | // Non-installed plugins |
||
141 | if (!$filelist = &$pluginHandler->getPluginFileList()) { |
||
142 | $filelist = []; |
||
143 | } |
||
144 | $list = \XoopsLists::getFileListAsArray($helper->path('class/Plugins')); |
||
145 | $installable = []; |
||
146 | foreach ($list as $f) { |
||
147 | if (preg_match('/\w+\.php$/', $f) && !in_array($f, $filelist)) { |
||
148 | $installable[] = $f; |
||
149 | } |
||
150 | } |
||
151 | if (count($installable) > 0) { |
||
152 | $ret .= "<br>\n<table cellspacing='1' class='outer' width='100%'>\n" |
||
153 | . "<tr><th colspan='3'>" |
||
154 | . _AM_RSSFIT_PLUGIN_NONINSTALLED |
||
155 | . "</th></tr>\n" |
||
156 | . "<tr>\n<td class='head' align='center' width='30%'>" |
||
157 | . _AM_RSSFIT_PLUGIN_FILENAME |
||
158 | . "</td>\n" |
||
159 | . "<td class='head' align='center'>" |
||
160 | . _AM_RSSFIT_PLUGIN_MODNAME |
||
161 | . "</td>\n" |
||
162 | . "<td class='head' align='center' width='20%'>" |
||
163 | . _AM_RSSFIT_PLUGIN_INSTALL |
||
164 | . "</td>\n" |
||
165 | . "</tr>\n"; |
||
166 | foreach ($installable as $i) { |
||
167 | $action = new \XoopsFormCheckBox('', 'install[' . $i . ']'); |
||
168 | $action->addOption('i', ' '); |
||
169 | $ret .= "<tr>\n" . "<td class='odd' align='center'>" . $i . "</td>\n" . "<td class='even' align='center'>"; |
||
170 | $p = $pluginHandler->create(); |
||
171 | |||
172 | if (null !== $p) { |
||
173 | $p->setVar('rssf_filename', $i); |
||
174 | $handler = $pluginHandler->checkPlugin($p); |
||
175 | if ($handler) { |
||
176 | $ret .= $handler->modname; |
||
177 | } else { |
||
178 | if (count($p->getErrors()) > 0) { |
||
179 | $ret .= '<b>' . _ERRORS . "</b>\n"; |
||
180 | foreach ($p->getErrors() as $e) { |
||
181 | $ret .= '<br>' . $e; |
||
182 | } |
||
183 | } else { |
||
184 | $ret .= '<b>' . _AM_RSSFIT_PLUGIN_UNKNOWNERROR . '</b>'; |
||
185 | } |
||
186 | $action->setExtra('disabled="disabled"'); |
||
187 | } |
||
188 | } |
||
189 | |||
190 | $ret .= "</td>\n"; |
||
191 | $ret .= "<td class='odd' align='center'>" . $action->render() . "</td>\n"; |
||
192 | } |
||
193 | $ret .= "</table>\n"; |
||
194 | } |
||
195 | |||
196 | if (!empty($ret)) { |
||
197 | $hidden = new \XoopsFormHidden('op', 'save'); |
||
198 | $ret = "<form action='" |
||
199 | . RSSFIT_ADMIN_URL |
||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||
200 | . "' method='post'>\n" |
||
201 | . $ret |
||
202 | . "<br><table cellspacing='1' class='outer' width='100%'><tr><td class='foot' align='center'>\n" |
||
203 | . $saveCancelTray->render() |
||
204 | . "\n" |
||
205 | . $hidden->render() |
||
206 | . "\n" |
||
207 | . $hiddenDo->render() |
||
208 | . "\n</td></tr></table></form>"; |
||
209 | echo $ret; |
||
210 | } |
||
211 | break; |
||
212 | case 'save': |
||
213 | $rssfGrab = Request::getArray('rssf_grab', [], 'POST'); |
||
214 | $rssf_order = Request::getArray('rssf_order', [], 'POST'); |
||
215 | $action = Request::getArray('action', null, 'POST'); |
||
216 | $install = Request::getArray('install', [], 'POST'); |
||
217 | $err = ''; |
||
218 | if (isset($action)) { |
||
219 | $keys = array_keys($action); |
||
220 | foreach ($keys as $k) { |
||
221 | $plugin = $pluginHandler->get($k); |
||
222 | if ($plugin) { |
||
223 | if (isset($rssfGrab[$k])) { |
||
224 | $plugin->setVar('rssf_grab', $rssfGrab[$k]); |
||
225 | $plugin->setVar('rssf_order', $rssf_order[$k]); |
||
226 | } |
||
227 | switch ($action[$k]) { |
||
228 | default: |
||
229 | $result = $pluginHandler->insert($plugin); |
||
230 | break; |
||
231 | case 'u': // uninstall |
||
232 | $result = $pluginHandler->delete($plugin); |
||
233 | break; |
||
234 | case 'd': // deactivate |
||
235 | $plugin->setVar('rssf_activated', 0); |
||
236 | $result = $pluginHandler->insert($plugin); |
||
237 | break; |
||
238 | case 'a': // activate |
||
239 | $plugin->setVar('rssf_activated', 1); |
||
240 | $result = $pluginHandler->insert($plugin); |
||
241 | break; |
||
242 | } |
||
243 | if (!$result) { |
||
244 | $err .= $plugin->getHtmlErrors(); |
||
245 | } |
||
246 | } |
||
247 | } |
||
248 | } |
||
249 | if (!empty($install)) { |
||
250 | $files = array_keys($install); |
||
251 | foreach ($files as $f) { |
||
252 | $p = $pluginHandler->create(); |
||
253 | if (null !== $p) { |
||
254 | $p->setVar('rssf_filename', $f); |
||
255 | $handler = $pluginHandler->checkPlugin($p); |
||
256 | if ($handler) { |
||
257 | $p->setVar('rssf_activated', 1); |
||
258 | $p->setVar('rssf_grab', $helper->getConfig('plugin_entries')); |
||
259 | $p->setVar('sub_entries', $helper->getConfig('plugin_entries')); |
||
260 | $p->setVar('sub_link', XOOPS_URL . '/modules/' . $handler->dirname); |
||
261 | $p->setVar('sub_title', $xoopsConfig['sitename'] . ' - ' . $handler->modname); |
||
262 | $p->setVar('sub_desc', $xoopsConfig['slogan']); |
||
263 | if (!$result = $pluginHandler->insert($p)) { |
||
264 | $err .= $p->getHtmlErrors(); |
||
265 | } |
||
266 | } |
||
267 | } |
||
268 | } |
||
269 | } |
||
270 | if (!empty($err)) { |
||
271 | echo $err; |
||
272 | } else { |
||
273 | redirect_header(RSSFIT_ADMIN_URL . '?do=' . $do, 0, _AM_RSSFIT_DBUPDATED); |
||
274 | } |
||
275 | break; |
||
276 | } |
||
277 | |||
278 | require_once __DIR__ . '/admin_footer.php'; |
||
279 |