This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * |
||
5 | * Module: SmartPartner |
||
6 | * Author: The SmartFactory <www.smartfactory.ca> |
||
7 | * Licence: GNU |
||
8 | */ |
||
9 | |||
10 | // defined('XOOPS_ROOT_PATH') || exit('XOOPS root path not defined'); |
||
11 | |||
12 | include_once XOOPS_ROOT_PATH . '/modules/smartpartner/include/common.php'; |
||
13 | |||
14 | // File status |
||
15 | define('_SPARTNER_STATUS_FILE_NOTSET', -1); |
||
16 | define('_SPARTNER_STATUS_FILE_ACTIVE', 1); |
||
17 | define('_SPARTNER_STATUS_FILE_INACTIVE', 2); |
||
18 | |||
19 | /** |
||
20 | * Class SmartpartnerFile |
||
21 | */ |
||
22 | class SmartpartnerFile extends XoopsObject |
||
23 | { |
||
24 | /** |
||
25 | * constructor |
||
26 | * @param null $id |
||
27 | */ |
||
28 | public function __construct($id = null) |
||
29 | { |
||
30 | $this->db = XoopsDatabaseFactory::getDatabaseConnection(); |
||
31 | $this->initVar('fileid', XOBJ_DTYPE_INT, 0, false); |
||
32 | $this->initVar('id', XOBJ_DTYPE_INT, null, true); |
||
33 | $this->initVar('name', XOBJ_DTYPE_TXTBOX, null, true, 255); |
||
34 | $this->initVar('description', XOBJ_DTYPE_TXTBOX, null, false, 255); |
||
35 | $this->initVar('filename', XOBJ_DTYPE_TXTBOX, null, true, 255); |
||
36 | $this->initVar('mimetype', XOBJ_DTYPE_TXTBOX, null, true, 64); |
||
37 | $this->initVar('uid', XOBJ_DTYPE_INT, 0, false); |
||
38 | $this->initVar('datesub', XOBJ_DTYPE_INT, null, false); |
||
39 | $this->initVar('status', XOBJ_DTYPE_INT, 1, false); |
||
40 | $this->initVar('notifypub', XOBJ_DTYPE_INT, 0, false); |
||
41 | $this->initVar('counter', XOBJ_DTYPE_INT, null, false); |
||
42 | |||
43 | if (isset($id)) { |
||
44 | global $smartPartnerFileHandler; |
||
45 | $file = $smartPartnerFileHandler->get($id); |
||
46 | foreach ($file->vars as $k => $v) { |
||
47 | $this->assignVar($k, $v['value']); |
||
48 | } |
||
49 | } |
||
50 | } |
||
51 | |||
52 | /** |
||
53 | * @param $post_field |
||
54 | * @param $allowed_mimetypes |
||
55 | * @param $errors |
||
56 | * @return bool |
||
57 | */ |
||
58 | public function checkUpload($post_field, &$allowed_mimetypes, &$errors) |
||
59 | { |
||
60 | include_once(SMARTPARTNER_ROOT_PATH . 'class/uploader.php'); |
||
61 | $config = smartpartner_getModuleConfig(); |
||
62 | |||
63 | $maxfilesize = $config['maximum_filesize']; |
||
64 | $maxfilewidth = 100000; //$config['maximum_image_width']; |
||
65 | $maxfileheight = 100000; //$config['maximum_image_height']; |
||
66 | |||
67 | $errors = array(); |
||
68 | |||
69 | if (!isset($allowed_mimetypes)) { |
||
70 | $hMime = xoops_getModuleHandler('mimetype'); |
||
71 | $allowed_mimetypes = $hMime->checkMimeTypes($post_field); |
||
72 | if (!$allowed_mimetypes) { |
||
73 | $errors[] = _SMARTPARTNER_MESSAGE_WRONG_MIMETYPE; |
||
74 | |||
75 | return false; |
||
76 | } |
||
77 | } |
||
78 | $uploader = new XoopsMediaUploader(smartpartner_getUploadDir(), $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight); |
||
79 | |||
80 | if ($uploader->fetchMedia($post_field)) { |
||
81 | return true; |
||
82 | } else { |
||
83 | $errors = array_merge($errors, $uploader->getErrors(false)); |
||
84 | |||
85 | return false; |
||
86 | } |
||
87 | } |
||
88 | |||
89 | /** |
||
90 | * @param $text |
||
91 | * @return mixed |
||
92 | */ |
||
93 | public function purifyText($text) |
||
94 | { |
||
95 | global $myts; |
||
96 | $text = str_replace(' ', ' ', $text); |
||
97 | $text = str_replace('<br />', ' ', $text); |
||
98 | $text = str_replace('. ', ' ', $text); |
||
99 | $text = str_replace(', ', ' ', $text); |
||
100 | $text = str_replace(')', '', $text); |
||
101 | $text = str_replace('(', '', $text); |
||
102 | $text = str_replace(':', '', $text); |
||
103 | $text = str_replace('&euro', '', $text); |
||
104 | $text = str_replace(';', '', $text); |
||
105 | $text = str_replace('!', ' ', $text); |
||
106 | $text = str_replace('?', ' ', $text); |
||
107 | $text = str_replace('é', 'e', $text); |
||
108 | $text = str_replace('è', 'e', $text); |
||
109 | $text = str_replace('ê', 'e', $text); |
||
110 | $text = str_replace('â', 'a', $text); |
||
111 | $text = str_replace('Ã ', 'a', $text); |
||
112 | $text = str_replace('ù', 'u', $text); |
||
113 | $text = str_replace('û', 'u', $text); |
||
114 | $text = str_replace('ô', 'o', $text); |
||
115 | $text = str_replace('ñ', 'n', $text); |
||
116 | $text = str_replace('É', 'e', $text); |
||
117 | $text = str_replace('È', 'e', $text); |
||
118 | $text = str_replace('Ê', 'e', $text); |
||
119 | $text = str_replace('Â', 'A', $text); |
||
120 | $text = str_replace('À', 'A', $text); |
||
121 | $text = str_replace('Ù', 'U', $text); |
||
122 | $text = str_replace('Û', 'U', $text); |
||
123 | $text = str_replace('Ô', 'O', $text); |
||
124 | $text = str_replace('Ñ', 'N', $text); |
||
125 | $text = str_replace("'", '', $text); |
||
126 | $text = str_replace("\\", '', $text); |
||
127 | $text = strip_tags($text); |
||
128 | $text = html_entity_decode($text); |
||
129 | $text = $myts->undoHtmlSpecialChars($text); |
||
130 | |||
131 | return $text; |
||
132 | } |
||
133 | |||
134 | /** |
||
135 | * @param $post_field |
||
136 | * @param null $allowed_mimetypes |
||
137 | * @param $errors |
||
138 | * @return bool |
||
139 | * @throws |
||
140 | */ |
||
141 | public function storeUpload($post_field, $allowed_mimetypes = null, &$errors) |
||
142 | { |
||
143 | global $xoopsUser, $xoopsDB, $xoopsModule; |
||
144 | include_once(SMARTPARTNER_ROOT_PATH . 'class/uploader.php'); |
||
145 | |||
146 | $config = smartpartner_getModuleConfig(); |
||
147 | |||
148 | $id = $this->getVar('id'); |
||
149 | |||
150 | if (!isset($allowed_mimetypes)) { |
||
151 | $hMime = xoops_getModuleHandler('mimetype'); |
||
152 | $allowed_mimetypes = $hMime->checkMimeTypes($post_field); |
||
153 | if (!$allowed_mimetypes) { |
||
154 | return false; |
||
155 | } |
||
156 | } |
||
157 | |||
158 | /*$maxfilesize = $config['xhelp_uploadSize']; |
||
159 | $maxfilewidth = $config['xhelp_uploadWidth']; |
||
160 | $maxfileheight = $config['xhelp_uploadHeight'];*/ |
||
161 | |||
162 | $maxfilesize = $config['maximum_filesize']; |
||
163 | $maxfilewidth = 100000; //$config['maximum_image_width']; |
||
164 | $maxfileheight = 100000; //$config['maximum_image_height']; |
||
165 | |||
166 | if (!is_dir(smartpartner_getUploadDir())) { |
||
167 | // mkdir(smartpartner_getUploadDir(), 0757); |
||
168 | if (!@mkdir(smartpartner_getUploadDir(), 0757) && !is_dir(smartpartner_getUploadDir())) { |
||
169 | throw Exception("Couldn't create this directory: " . smartpartner_getUploadDir()); |
||
170 | } |
||
171 | } |
||
172 | |||
173 | $uploader = new XoopsMediaUploader(smartpartner_getUploadDir() . '/', $allowed_mimetypes, $maxfilesize, $maxfilewidth, $maxfileheight); |
||
174 | if ($uploader->fetchMedia($post_field)) { |
||
175 | $file_title = $this->purifyText($uploader->getMediaName()); |
||
176 | $uploader->setTargetFileName($id . '_' . $file_title); |
||
177 | if ($uploader->upload()) { |
||
178 | $this->setVar('filename', $uploader->getSavedFileName()); |
||
179 | if ($this->getVar('name') == '') { |
||
180 | $this->setVar('name', $this->getNameFromFilename()); |
||
181 | } |
||
182 | $this->setVar('mimetype', $uploader->getMediaType()); |
||
183 | |||
184 | return true; |
||
185 | } else { |
||
186 | $errors = array_merge($errors, $uploader->getErrors(false)); |
||
187 | |||
188 | return false; |
||
189 | } |
||
190 | } else { |
||
191 | $errors = array_merge($errors, $uploader->getErrors(false)); |
||
192 | |||
193 | return false; |
||
194 | } |
||
195 | } |
||
196 | |||
197 | /** |
||
198 | * @param $allowed_mimetypes |
||
199 | * @param bool $force |
||
200 | * @param bool $doupload |
||
201 | * @return bool |
||
202 | */ |
||
203 | public function store(&$allowed_mimetypes, $force = true, $doupload = true) |
||
204 | { |
||
205 | if ($this->isNew()) { |
||
206 | $errors = array(); |
||
207 | if ($doupload) { |
||
208 | $ret = $this->storeUpload('userfile', $allowed_mimetypes, $errors); |
||
209 | } else { |
||
210 | $ret = true; |
||
211 | } |
||
212 | if (!$ret) { |
||
213 | foreach ($errors as $error) { |
||
214 | $this->setErrors($error); |
||
215 | } |
||
216 | |||
217 | return false; |
||
218 | } |
||
219 | } |
||
220 | |||
221 | global $smartPartnerFileHandler; |
||
222 | |||
223 | return $smartPartnerFileHandler->insert($this, $force); |
||
224 | } |
||
225 | |||
226 | /** |
||
227 | * @return mixed |
||
228 | */ |
||
229 | public function fileid() |
||
230 | { |
||
231 | return $this->getVar('fileid'); |
||
232 | } |
||
233 | |||
234 | /** |
||
235 | * @return mixed |
||
236 | */ |
||
237 | public function id() |
||
238 | { |
||
239 | return $this->getVar('id'); |
||
240 | } |
||
241 | |||
242 | /** |
||
243 | * @param string $format |
||
244 | * @return mixed |
||
245 | */ |
||
246 | public function name($format = 'S') |
||
247 | { |
||
248 | return $this->getVar('name', $format); |
||
249 | } |
||
250 | |||
251 | /** |
||
252 | * @param string $format |
||
253 | * @return mixed |
||
254 | */ |
||
255 | public function description($format = 'S') |
||
256 | { |
||
257 | return $this->getVar('description', $format); |
||
258 | } |
||
259 | |||
260 | /** |
||
261 | * @param string $format |
||
262 | * @return mixed |
||
263 | */ |
||
264 | public function filename($format = 'S') |
||
265 | { |
||
266 | return $this->getVar('filename', $format); |
||
267 | } |
||
268 | |||
269 | /** |
||
270 | * @param string $format |
||
271 | * @return mixed |
||
272 | */ |
||
273 | public function mimetype($format = 'S') |
||
274 | { |
||
275 | return $this->getVar('mimetype', $format); |
||
276 | } |
||
277 | |||
278 | /** |
||
279 | * @return mixed |
||
280 | */ |
||
281 | public function uid() |
||
282 | { |
||
283 | return $this->getVar('uid'); |
||
284 | } |
||
285 | |||
286 | /** |
||
287 | * @param string $dateFormat |
||
288 | * @param string $format |
||
289 | * @return string |
||
290 | */ |
||
291 | public function datesub($dateFormat = 's', $format = 'S') |
||
292 | { |
||
293 | return formatTimestamp($this->getVar('datesub', $format), $dateFormat); |
||
294 | } |
||
295 | |||
296 | /** |
||
297 | * @return mixed |
||
298 | */ |
||
299 | public function status() |
||
300 | { |
||
301 | return $this->getVar('status'); |
||
302 | } |
||
303 | |||
304 | /** |
||
305 | * @return mixed |
||
306 | */ |
||
307 | public function notifypub() |
||
308 | { |
||
309 | return $this->getVar('notifypub'); |
||
310 | } |
||
311 | |||
312 | /** |
||
313 | * @return mixed |
||
314 | */ |
||
315 | public function counter() |
||
316 | { |
||
317 | return $this->getVar('counter'); |
||
318 | } |
||
319 | |||
320 | /** |
||
321 | * @return bool |
||
322 | */ |
||
323 | public function notLoaded() |
||
324 | { |
||
325 | return ($this->getVar('id') == 0); |
||
326 | } |
||
327 | |||
328 | /** |
||
329 | * @return string |
||
330 | */ |
||
331 | View Code Duplication | public function getFileUrl() |
|
332 | { |
||
333 | $hModule = xoops_getHandler('module'); |
||
334 | $hModConfig = xoops_getHandler('config'); |
||
335 | $smartPartnerModule =& $hModule->getByDirname('smartpartner'); |
||
336 | $smartPartnerConfig = &$hModConfig->getConfigsByCat(0, $smartPartnerModule->getVar('mid')); |
||
337 | |||
338 | return smartpartner_getUploadDir(false) . $this->filename(); |
||
339 | } |
||
340 | |||
341 | /** |
||
342 | * @return string |
||
343 | */ |
||
344 | View Code Duplication | public function getFilePath() |
|
345 | { |
||
346 | $hModule = xoops_getHandler('module'); |
||
347 | $hModConfig = xoops_getHandler('config'); |
||
348 | $smartPartnerModule =& $hModule->getByDirname('smartpartner'); |
||
349 | $smartPartnerConfig = &$hModConfig->getConfigsByCat(0, $smartPartnerModule->getVar('mid')); |
||
350 | |||
351 | return smartpartner_getUploadDir() . $this->filename(); |
||
352 | } |
||
353 | |||
354 | /** |
||
355 | * @return string |
||
356 | */ |
||
357 | public function getFileLink() |
||
358 | { |
||
359 | return "<a href='" . XOOPS_URL . '/modules/smartpartner/visit.php?fileid=' . $this->fileid() . "'>" . $this->name() . '</a>'; |
||
360 | } |
||
361 | |||
362 | /** |
||
363 | * @return string |
||
364 | */ |
||
365 | public function getItemLink() |
||
366 | { |
||
367 | return "<a href='" . XOOPS_URL . '/modules/smartpartner/partner.php?id=' . $this->id() . "'>" . $this->name() . '</a>'; |
||
368 | } |
||
369 | |||
370 | public function updateCounter() |
||
371 | { |
||
372 | $this->setVar('counter', $this->counter() + 1); |
||
373 | $this->store(); |
||
374 | } |
||
375 | |||
376 | /** |
||
377 | * @return mixed |
||
378 | */ |
||
379 | public function displayFlash() |
||
380 | { |
||
381 | if (!defined('MYTEXTSANITIZER_EXTENDED_MEDIA')) { |
||
382 | include_once(SMARTPARTNER_ROOT_PATH . 'include/media.textsanitizer.php'); |
||
383 | } |
||
384 | $media_ts = MyTextSanitizerExtension::getInstance(); |
||
385 | |||
386 | return $media_ts->_displayFlash($this->getFileUrl()); |
||
387 | } |
||
388 | |||
389 | /** |
||
390 | * @return mixed|string |
||
391 | */ |
||
392 | public function getNameFromFilename() |
||
393 | { |
||
394 | $ret = $this->filename(); |
||
395 | $sep_pos = strpos($ret, '_'); |
||
396 | $ret = substr($ret, $sep_pos + 1, -$sep_pos); |
||
397 | |||
398 | return $ret; |
||
399 | } |
||
400 | } |
||
401 | |||
402 | /** |
||
403 | * Files handler class. |
||
404 | * This class is responsible for providing data access mechanisms to the data source |
||
405 | * of File class objects. |
||
406 | * |
||
407 | * @author marcan <[email protected]> |
||
408 | * @package SmartPartner |
||
409 | */ |
||
410 | class SmartpartnerFileHandler extends XoopsObjectHandler |
||
411 | { |
||
412 | /** |
||
413 | * create a new file |
||
414 | * |
||
415 | * @param bool $isNew flag the new objects as "new"? |
||
416 | * @return object SmartpartnerFile |
||
417 | */ |
||
418 | public function create($isNew = true) |
||
419 | { |
||
420 | $file = new SmartpartnerFile(); |
||
421 | if ($isNew) { |
||
422 | $file->setNew(); |
||
423 | } |
||
424 | |||
425 | return $file; |
||
426 | } |
||
427 | |||
428 | /** |
||
429 | * retrieve an file |
||
430 | * |
||
431 | * @param int $id fileid of the file |
||
432 | * @return mixed reference to the {@link SmartpartnerFile} object, FALSE if failed |
||
433 | */ |
||
434 | public function get($id) |
||
435 | { |
||
436 | if ((int)$id > 0) { |
||
437 | $sql = 'SELECT * FROM ' . $this->db->prefix('smartpartner_files') . ' WHERE fileid=' . $id; |
||
438 | if (!$result = $this->db->query($sql)) { |
||
439 | return false; |
||
440 | } |
||
441 | |||
442 | $numrows = $this->db->getRowsNum($result); |
||
443 | if ($numrows == 1) { |
||
444 | $file = new SmartpartnerFile(); |
||
445 | $file->assignVars($this->db->fetchArray($result)); |
||
446 | |||
447 | return $file; |
||
448 | } |
||
449 | } |
||
450 | |||
451 | return false; |
||
452 | } |
||
453 | |||
454 | /** |
||
455 | * insert a new file in the database |
||
456 | * |
||
457 | * @param XoopsObject $fileObj |
||
458 | * @param bool $force |
||
459 | * @return bool FALSE if failed, TRUE if already present and unchanged or successful |
||
460 | * @internal param object $file reference to the <a href='psi_element://SmartpartnerFile'>SmartpartnerFile</a> object object |
||
461 | */ |
||
462 | public function insert(XoopsObject $fileObj, $force = false) |
||
463 | { |
||
464 | if (strtolower(get_class($fileObj)) !== 'smartpartnerfile') { |
||
465 | return false; |
||
466 | } |
||
467 | if (!$fileObj->isDirty()) { |
||
468 | return true; |
||
469 | } |
||
470 | if (!$fileObj->cleanVars()) { |
||
471 | return false; |
||
472 | } |
||
473 | |||
474 | foreach ($fileObj->cleanVars as $k => $v) { |
||
475 | ${$k} = $v; |
||
476 | } |
||
477 | |||
478 | if ($fileObj->isNew()) { |
||
479 | $sql = sprintf('INSERT INTO %s (fileid, id, name, description, filename, mimetype, uid, datesub, `status`, notifypub, counter) VALUES (NULL, %u, %s, %s, %s, %s, %u, %u, %u, %u, %u)', |
||
480 | $this->db->prefix('smartpartner_files'), $id, $this->db->quoteString($name), $this->db->quoteString($description), $this->db->quoteString($filename), |
||
0 ignored issues
–
show
The variable
$description does not exist. Did you forget to declare it?
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. ![]() |
|||
481 | $this->db->quoteString($mimetype), $uid, time(), $status, $notifypub, $counter); |
||
0 ignored issues
–
show
|
|||
482 | } else { |
||
483 | $sql = sprintf('UPDATE %s SET id = %u, name = %s, description = %s, filename = %s, mimetype = %s, uid = %u, datesub = %u, status = %u, notifypub = %u, counter = %u WHERE fileid = %u', |
||
484 | $this->db->prefix('smartpartner_files'), $id, $this->db->quoteString($name), $this->db->quoteString($description), $this->db->quoteString($filename), |
||
485 | $this->db->quoteString($mimetype), $uid, $datesub, $status, $notifypub, $counter, $fileid); |
||
0 ignored issues
–
show
|
|||
486 | } |
||
487 | |||
488 | //echo "<br>$sql<br>"; |
||
489 | |||
490 | View Code Duplication | if (false != $force) { |
|
491 | $result = $this->db->queryF($sql); |
||
492 | } else { |
||
493 | $result = $this->db->query($sql); |
||
494 | } |
||
495 | |||
496 | if (!$result) { |
||
497 | $fileObj->setErrors('The query returned an error. ' . $this->db->error()); |
||
498 | |||
499 | return false; |
||
500 | } |
||
501 | |||
502 | if ($fileObj->isNew()) { |
||
503 | $fileObj->assignVar('fileid', $this->db->getInsertId()); |
||
504 | } |
||
505 | |||
506 | $fileObj->assignVar('fileid', $fileid); |
||
507 | |||
508 | return true; |
||
509 | } |
||
510 | |||
511 | /** |
||
512 | * delete a file from the database |
||
513 | * |
||
514 | * @param XoopsObject $file reference to the file to delete |
||
515 | * @param bool $force |
||
516 | * @return bool FALSE if failed. |
||
517 | */ |
||
518 | public function delete(XoopsObject $file, $force = false) |
||
519 | { |
||
520 | if (strtolower(get_class($file)) !== 'smartpartnerfile') { |
||
521 | return false; |
||
522 | } |
||
523 | // Delete the actual file |
||
524 | if (!smartpartner_deleteFile($file->getFilePath())) { |
||
525 | return false; |
||
526 | } |
||
527 | // Delete the record in the table |
||
528 | $sql = sprintf('DELETE FROM %s WHERE fileid = %u', $this->db->prefix('smartpartner_files'), $file->getVar('fileid')); |
||
529 | |||
530 | View Code Duplication | if (false != $force) { |
|
531 | $result = $this->db->queryF($sql); |
||
532 | } else { |
||
533 | $result = $this->db->query($sql); |
||
534 | } |
||
535 | if (!$result) { |
||
536 | return false; |
||
537 | } |
||
538 | |||
539 | return true; |
||
540 | } |
||
541 | |||
542 | /** |
||
543 | * delete files related to an item from the database |
||
544 | * |
||
545 | * @param object $itemObj reference to the item which files to delete |
||
546 | * @return bool |
||
547 | */ |
||
548 | public function deleteItemFiles(&$itemObj) |
||
549 | { |
||
550 | if (strtolower(get_class($itemObj)) !== 'smartpartneritem') { |
||
551 | return false; |
||
552 | } |
||
553 | $files = $this->getAllFiles($itemObj->id()); |
||
554 | $result = true; |
||
555 | foreach ($files as $file) { |
||
556 | if (!$this->delete($file)) { |
||
557 | $result = false; |
||
558 | } |
||
559 | } |
||
560 | |||
561 | return $result; |
||
562 | } |
||
563 | |||
564 | /** |
||
565 | * retrieve files from the database |
||
566 | * |
||
567 | * @param object $criteria {@link CriteriaElement} conditions to be met |
||
568 | * @param bool $id_as_key use the fileid as key for the array? |
||
569 | * @return array array of {@link SmartpartnerFile} objects |
||
570 | */ |
||
571 | public function getObjects($criteria = null, $id_as_key = false) |
||
572 | { |
||
573 | $ret = array(); |
||
574 | $limit = $start = 0; |
||
575 | $sql = 'SELECT * FROM ' . $this->db->prefix('smartpartner_files'); |
||
576 | View Code Duplication | if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) { |
|
0 ignored issues
–
show
|
|||
577 | $sql .= ' ' . $criteria->renderWhere(); |
||
578 | if ($criteria->getSort() != '') { |
||
579 | $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder(); |
||
580 | } |
||
581 | $limit = $criteria->getLimit(); |
||
582 | $start = $criteria->getStart(); |
||
583 | } |
||
584 | //echo "<br>" . $sql . "<br>"; |
||
585 | $result = $this->db->query($sql, $limit, $start); |
||
586 | if (!$result) { |
||
587 | return $ret; |
||
588 | } |
||
589 | while ($myrow = $this->db->fetchArray($result)) { |
||
590 | $file = new SmartpartnerFile(); |
||
591 | $file->assignVars($myrow); |
||
592 | if (!$id_as_key) { |
||
593 | $ret[] =& $file; |
||
594 | } else { |
||
595 | $ret[$myrow['fileid']] =& $file; |
||
596 | } |
||
597 | unset($file); |
||
598 | } |
||
599 | |||
600 | return $ret; |
||
601 | } |
||
602 | |||
603 | /** |
||
604 | * retrieve all files |
||
605 | * |
||
606 | * @param int $id |
||
607 | * @param int $status |
||
608 | * @param int $limit |
||
609 | * @param int $start |
||
610 | * @param string $sort |
||
611 | * @param string $order |
||
612 | * @return array array of <a href='psi_element://SmartpartnerFile'>SmartpartnerFile</a> objects |
||
613 | * objects |
||
614 | * @internal param object $criteria <a href='psi_element://CriteriaElement'>CriteriaElement</a> conditions to be met conditions to be met |
||
615 | */ |
||
616 | public function getAllFiles($id = 0, $status = -1, $limit = 0, $start = 0, $sort = 'datesub', $order = 'DESC') |
||
617 | { |
||
618 | $hasStatusCriteria = false; |
||
619 | $criteriaStatus = new CriteriaCompo(); |
||
620 | if (is_array($status)) { |
||
621 | $hasStatusCriteria = true; |
||
622 | foreach ($status as $v) { |
||
623 | $criteriaStatus->add(new Criteria('status', $v), 'OR'); |
||
624 | } |
||
625 | } elseif ($status != -1) { |
||
626 | $hasStatusCriteria = true; |
||
627 | $criteriaStatus->add(new Criteria('status', $status), 'OR'); |
||
628 | } |
||
629 | $criteriaItemid = new Criteria('id', $id); |
||
630 | |||
631 | $criteria = new CriteriaCompo(); |
||
632 | |||
633 | if ($id != 0) { |
||
634 | $criteria->add($criteriaItemid); |
||
635 | } |
||
636 | |||
637 | if ($hasStatusCriteria) { |
||
638 | $criteria->add($criteriaStatus); |
||
639 | } |
||
640 | |||
641 | $criteria->setSort($sort); |
||
642 | $criteria->setOrder($order); |
||
643 | $criteria->setLimit($limit); |
||
644 | $criteria->setStart($start); |
||
645 | $files = $this->getObjects($criteria); |
||
646 | |||
647 | return $files; |
||
648 | } |
||
649 | |||
650 | /** |
||
651 | * count files matching a condition |
||
652 | * |
||
653 | * @param object $criteria {@link CriteriaElement} to match |
||
654 | * @return int count of files |
||
655 | */ |
||
656 | View Code Duplication | public function getCount($criteria = null) |
|
657 | { |
||
658 | $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('smartpartner_files'); |
||
659 | if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) { |
||
0 ignored issues
–
show
|
|||
660 | $sql .= ' ' . $criteria->renderWhere(); |
||
661 | } |
||
662 | $result = $this->db->query($sql); |
||
663 | if (!$result) { |
||
664 | return 0; |
||
665 | } |
||
666 | list($count) = $this->db->fetchRow($result); |
||
667 | |||
668 | return $count; |
||
669 | } |
||
670 | |||
671 | /** |
||
672 | * delete files matching a set of conditions |
||
673 | * |
||
674 | * @param object $criteria {@link CriteriaElement} |
||
675 | * @return bool FALSE if deletion failed |
||
676 | */ |
||
677 | View Code Duplication | public function deleteAll($criteria = null) |
|
678 | { |
||
679 | $sql = 'DELETE FROM ' . $this->db->prefix('smartpartner_files'); |
||
680 | if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) { |
||
0 ignored issues
–
show
|
|||
681 | $sql .= ' ' . $criteria->renderWhere(); |
||
682 | } |
||
683 | if (!$result = $this->db->query($sql)) { |
||
684 | return false; |
||
685 | } |
||
686 | |||
687 | return true; |
||
688 | } |
||
689 | |||
690 | /** |
||
691 | * Change a value for files with a certain criteria |
||
692 | * |
||
693 | * @param string $fieldname Name of the field |
||
694 | * @param string $fieldvalue Value to write |
||
695 | * @param object $criteria {@link CriteriaElement} |
||
696 | * |
||
697 | * @return bool |
||
698 | **/ |
||
699 | View Code Duplication | public function updateAll($fieldname, $fieldvalue, $criteria = null) |
|
700 | { |
||
701 | $set_clause = is_numeric($fieldvalue) ? $fieldname . ' = ' . $fieldvalue : $fieldname . ' = ' . $this->db->quoteString($fieldvalue); |
||
702 | $sql = 'UPDATE ' . $this->db->prefix('smartpartner_files') . ' SET ' . $set_clause; |
||
703 | if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) { |
||
0 ignored issues
–
show
|
|||
704 | $sql .= ' ' . $criteria->renderWhere(); |
||
705 | } |
||
706 | //echo "<br>" . $sql . "<br>"; |
||
707 | if (!$result = $this->db->queryF($sql)) { |
||
708 | return false; |
||
709 | } |
||
710 | |||
711 | return true; |
||
712 | } |
||
713 | } |
||
714 |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.