This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace XoopsModules\Smallworld\Common; |
||
4 | |||
5 | /* |
||
6 | Utility Class Definition |
||
7 | |||
8 | You may not change or alter any portion of this comment or credits of |
||
9 | supporting developers from this source code or any supporting source code |
||
10 | which is considered copyrighted (c) material of the original comment or credit |
||
11 | authors. |
||
12 | |||
13 | This program is distributed in the hope that it will be useful, but |
||
14 | WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
16 | */ |
||
17 | |||
18 | /** |
||
19 | * @license https://www.fsf.org/copyleft/gpl.html GNU public license |
||
20 | * @copyright https://xoops.org 2000-2020 © XOOPS Project |
||
21 | * @author ZySpec <[email protected]> |
||
22 | * @author Mamba <[email protected]> |
||
23 | */ |
||
24 | |||
25 | use XoopsModules\Smallworld\Helper; |
||
26 | |||
27 | /** |
||
28 | * Class Utility |
||
29 | */ |
||
30 | class SysUtility |
||
31 | { |
||
32 | use VersionChecks; |
||
33 | |||
34 | //checkVerXoops, checkVerPhp Traits |
||
35 | |||
36 | use ServerStats; |
||
37 | |||
38 | // getServerStats Trait |
||
39 | |||
40 | use FilesManagement; |
||
41 | |||
42 | // Files Management Trait |
||
43 | |||
44 | /** |
||
45 | * truncateHtml can truncate a string up to a number of characters while preserving whole words and HTML tags |
||
46 | * www.gsdesign.ro/blog/cut-html-string-without-breaking-the-tags |
||
47 | * www.cakephp.org |
||
48 | * |
||
49 | * @param string $text String to truncate. |
||
50 | * @param int $length Length of returned string, including ellipsis. |
||
51 | * @param string $ending Ending to be appended to the trimmed string. |
||
52 | * @param bool $exact If false, $text will not be cut mid-word |
||
53 | * @param bool $considerHtml If true, HTML tags would be handled correctly |
||
54 | * |
||
55 | * @return string Trimmed string. |
||
56 | */ |
||
57 | public static function truncateHtml($text, $length = 100, $ending = '...', $exact = false, $considerHtml = true) |
||
58 | { |
||
59 | if ($considerHtml) { |
||
60 | // if the plain text is shorter than the maximum length, return the whole text |
||
61 | if (mb_strlen(preg_replace('/<.*?' . '>/', '', $text)) <= $length) { |
||
62 | return $text; |
||
63 | } |
||
64 | // splits all html-tags to scanable lines |
||
65 | preg_match_all('/(<.+?' . '>)?([^<>]*)/s', $text, $lines, PREG_SET_ORDER); |
||
66 | $total_length = mb_strlen($ending); |
||
67 | $open_tags = []; |
||
68 | $truncate = ''; |
||
69 | foreach ($lines as $line_matchings) { |
||
70 | // if there is any html-tag in this line, handle it and add it (uncounted) to the output |
||
71 | if (!empty($line_matchings[1])) { |
||
72 | // if it's an "empty element" with or without xhtml-conform closing slash |
||
73 | if (preg_match('/^<(\s*.+?\/\s*|\s*(img|br|input|hr|area|base|basefont|col|frame|isindex|link|meta|param)(\s.+?)?)>$/is', $line_matchings[1])) { |
||
74 | // do nothing |
||
75 | // if tag is a closing tag |
||
76 | } elseif (preg_match('/^<\s*\/([^\s]+?)\s*>$/s', $line_matchings[1], $tag_matchings)) { |
||
77 | // delete tag from $open_tags list |
||
78 | $pos = array_search($tag_matchings[1], $open_tags, true); |
||
79 | if (false !== $pos) { |
||
80 | unset($open_tags[$pos]); |
||
81 | } |
||
82 | // if tag is an opening tag |
||
83 | } elseif (preg_match('/^<\s*([^\s>!]+).*?' . '>$/s', $line_matchings[1], $tag_matchings)) { |
||
84 | // add tag to the beginning of $open_tags list |
||
85 | array_unshift($open_tags, mb_strtolower($tag_matchings[1])); |
||
86 | } |
||
87 | // add html-tag to $truncate'd text |
||
88 | $truncate .= $line_matchings[1]; |
||
89 | } |
||
90 | // calculate the length of the plain text part of the line; handle entities as one character |
||
91 | $content_length = mb_strlen(preg_replace('/&[0-9a-z]{2,8};|&#[0-9]{1,7};|[0-9a-f]{1,6};/i', ' ', $line_matchings[2])); |
||
92 | if ($total_length + $content_length > $length) { |
||
93 | // the number of characters which are left |
||
94 | $left = $length - $total_length; |
||
95 | $entities_length = 0; |
||
96 | // search for html entities |
||
97 | if (preg_match_all('/&[0-9a-z]{2,8};|&#[0-9]{1,7};|[0-9a-f]{1,6};/i', $line_matchings[2], $entities, PREG_OFFSET_CAPTURE)) { |
||
98 | // calculate the real length of all entities in the legal range |
||
99 | foreach ($entities[0] as $entity) { |
||
100 | if ($left >= $entity[1] + 1 - $entities_length) { |
||
101 | $left--; |
||
102 | $entities_length += mb_strlen($entity[0]); |
||
103 | } else { |
||
104 | // no more characters left |
||
105 | break; |
||
106 | } |
||
107 | } |
||
108 | } |
||
109 | $truncate .= mb_substr($line_matchings[2], 0, $left + $entities_length); |
||
110 | // maximum lenght is reached, so get off the loop |
||
111 | break; |
||
112 | } |
||
113 | $truncate .= $line_matchings[2]; |
||
114 | $total_length += $content_length; |
||
115 | |||
116 | // if the maximum length is reached, get off the loop |
||
117 | if ($total_length >= $length) { |
||
118 | break; |
||
119 | } |
||
120 | } |
||
121 | } else { |
||
122 | if (mb_strlen($text) <= $length) { |
||
123 | return $text; |
||
124 | } |
||
125 | $truncate = mb_substr($text, 0, $length - mb_strlen($ending)); |
||
126 | } |
||
127 | // if the words shouldn't be cut in the middle... |
||
128 | if (!$exact) { |
||
129 | // ...search the last occurance of a space... |
||
130 | $spacepos = mb_strrpos($truncate, ' '); |
||
131 | if (isset($spacepos)) { |
||
132 | // ...and cut the text in this position |
||
133 | $truncate = mb_substr($truncate, 0, $spacepos); |
||
134 | } |
||
135 | } |
||
136 | // add the defined ending to the text |
||
137 | $truncate .= $ending; |
||
138 | if ($considerHtml) { |
||
139 | // close all unclosed html-tags |
||
140 | foreach ($open_tags as $tag) { |
||
0 ignored issues
–
show
|
|||
141 | $truncate .= '</' . $tag . '>'; |
||
142 | } |
||
143 | } |
||
144 | |||
145 | return $truncate; |
||
146 | } |
||
147 | |||
148 | /** |
||
149 | * @param \Xmf\Module\Helper $helper |
||
150 | * @param array|null $options |
||
151 | * @return \XoopsFormDhtmlTextArea|\XoopsFormEditor |
||
152 | */ |
||
153 | public static function getEditor($helper = null, $options = null) |
||
154 | { |
||
155 | /** @var Helper $helper */ |
||
156 | if (null === $options) { |
||
157 | $options = []; |
||
158 | $options['name'] = 'Editor'; |
||
159 | $options['value'] = 'Editor'; |
||
160 | $options['rows'] = 10; |
||
161 | $options['cols'] = '100%'; |
||
162 | $options['width'] = '100%'; |
||
163 | $options['height'] = '400px'; |
||
164 | } |
||
165 | |||
166 | if (null === $helper) { |
||
167 | $helper = Helper::getInstance(); |
||
168 | } |
||
169 | |||
170 | $isAdmin = $helper->isUserAdmin(); |
||
171 | |||
172 | if (class_exists('XoopsFormEditor')) { |
||
173 | if ($isAdmin) { |
||
174 | $descEditor = new \XoopsFormEditor(ucfirst($options['name']), $helper->getConfig('editorAdmin'), $options, $nohtml = false, $onfailure = 'textarea'); |
||
175 | } else { |
||
176 | $descEditor = new \XoopsFormEditor(ucfirst($options['name']), $helper->getConfig('editorUser'), $options, $nohtml = false, $onfailure = 'textarea'); |
||
177 | } |
||
178 | } else { |
||
179 | $descEditor = new \XoopsFormDhtmlTextArea(ucfirst($options['name']), $options['name'], $options['value'], '100%', '100%'); |
||
180 | } |
||
181 | |||
182 | // $form->addElement($descEditor); |
||
183 | |||
184 | return $descEditor; |
||
185 | } |
||
186 | |||
187 | /** |
||
188 | * @param $fieldname |
||
189 | * @param $table |
||
190 | * |
||
191 | * @return bool |
||
192 | */ |
||
193 | public function fieldExists($fieldname, $table) |
||
194 | { |
||
195 | $result = $GLOBALS['xoopsDB']->queryF("SHOW COLUMNS FROM $table LIKE '$fieldname'"); |
||
196 | |||
197 | return ($GLOBALS['xoopsDB']->getRowsNum($result) > 0); |
||
198 | } |
||
199 | } |
||
200 |
If you define a variable conditionally, it can happen that it is not defined for all execution paths.
Let’s take a look at an example:
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.
Available Fixes
Check for existence of the variable explicitly:
Define a default value for the variable:
Add a value for the missing path: