Issues (733)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/blocksadmin.inc.php (12 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
// 
3
//  ------------------------------------------------------------------------ //
4
//                XOOPS - PHP Content Management System                      //
5
//                  Copyright (c) 2000-2016 XOOPS.org                        //
6
//                       <http://xoops.org/>                             //
7
//  ------------------------------------------------------------------------ //
8
//  This program is free software; you can redistribute it and/or modify     //
9
//  it under the terms of the GNU General Public License as published by     //
10
//  the Free Software Foundation; either version 2 of the License, or        //
11
//  (at your option) any later version.                                      //
12
//                                                                           //
13
//  You may not change or alter any portion of this comment or credits       //
14
//  of supporting developers from this source code or any supporting         //
15
//  source code which is considered copyrighted (c) material of the          //
16
//  original comment or credit authors.                                      //
17
//                                                                           //
18
//  This program is distributed in the hope that it will be useful,          //
19
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
20
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
21
//  GNU General Public License for more details.                             //
22
//                                                                           //
23
//  You should have received a copy of the GNU General Public License        //
24
//  along with this program; if not, write to the Free Software              //
25
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
26
//  ------------------------------------------------------------------------ //
27
// Author: Kazumi Ono (AKA onokazu)                                          //
28
// URL: http://www.myweb.ne.jp/, http://xoops.org/, http://jp.xoops.org/ //
29
// Project: XOOPS Project                                                    //
30
// ------------------------------------------------------------------------- //
31
32
if (!is_object($xoopsUser) || !is_object($xoopsModule) || !$xoopsUser->isAdmin($xoopsModule->mid())) {
33
    exit('Access Denied');
34
}
35
include_once XOOPS_ROOT_PATH . '/class/xoopsblock.php';
36
include XOOPS_ROOT_PATH . '/modules/system/admin/blocksadmin/blocksadmin.php';
37
38
$op = 'list';
39
40
if (!empty($_POST['op'])) {
41
    $op = $_POST['op'];
42
}
43
if (!empty($_POST['bid'])) {
44
    $bid = (int)$_POST['bid'];
45
}
46
47
if (isset($_GET['op'])) {
48
    if ($_GET['op'] === 'edit' || $_GET['op'] === 'delete' || $_GET['op'] === 'delete_ok' || $_GET['op'] === 'clone' /* || $_GET['op'] === 'previewpopup'*/) {
49
        $op  = $_GET['op'];
50
        $bid = isset($_GET['bid']) ? (int)$_GET['bid'] : 0;
51
    }
52
}
53
54
if (isset($_POST['previewblock'])) {
55
    //if ( !admin_refcheck("/modules/$admin_mydirname/admin/") ) {
56
    //  exit('Invalid Referer');
57
    //}
58 View Code Duplication
    if (!$xoopsGTicket->check(true, 'myblocksadmin')) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
59
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
60
    }
61
62
    if (empty($bid)) {
63
        die('Invalid bid.');
64
    }
65
66
    if (!empty($_POST['bside'])) {
67
        $bside = (int)$_POST['bside'];
68
    } else {
69
        $bside = 0;
70
    }
71
    if (!empty($_POST['bweight'])) {
72
        $bweight = (int)$_POST['bweight'];
73
    } else {
74
        $bweight = 0;
75
    }
76
    if (!empty($_POST['bvisible'])) {
77
        $bvisible = (int)$_POST['bvisible'];
78
    } else {
79
        $bvisible = 0;
80
    }
81
    if (!empty($_POST['bmodule'])) {
82
        $bmodule = $_POST['bmodule'];
83
    } else {
84
        $bmodule = array();
85
    }
86
    if (!empty($_POST['btitle'])) {
87
        $btitle = $_POST['btitle'];
88
    } else {
89
        $btitle = '';
90
    }
91
    if (!empty($_POST['bcontent'])) {
92
        $bcontent = $_POST['bcontent'];
93
    } else {
94
        $bcontent = '';
95
    }
96
    if (!empty($_POST['bctype'])) {
97
        $bctype = $_POST['bctype'];
98
    } else {
99
        $bctype = '';
100
    }
101
    if (!empty($_POST['bcachetime'])) {
102
        $bcachetime = (int)$_POST['bcachetime'];
103
    } else {
104
        $bcachetime = 0;
105
    }
106
107
    xoops_cp_header();
108
    include_once XOOPS_ROOT_PATH . '/class/template.php';
109
    $xoopsTpl = new XoopsTpl();
110
    $xoopsTpl->xoops_setCaching(0);
111
    $block['bid'] = $bid;
112
113
    if ($op === 'clone_ok') {
114
        $block['form_title']    = _AM_CLONEBLOCK;
115
        $block['submit_button'] = _CLONE;
116
        $myblock                = new XoopsBlock();
117
        $myblock->setVar('block_type', 'C');
118
    } else {
119
        $op                     = 'update';
120
        $block['form_title']    = _AM_EDITBLOCK;
121
        $block['submit_button'] = _SUBMIT;
122
        $myblock                = new XoopsBlock($bid);
123
        $block['name']          = $myblock->getVar('name');
124
    }
125
126
    $myts = MyTextSanitizer::getInstance();
127
    $myblock->setVar('title', $myts->stripSlashesGPC($btitle));
128
    $myblock->setVar('content', $myts->stripSlashesGPC($bcontent));
129
    //  $dummyhtml = '<html><head><meta http-equiv="content-type" content="text/html; charset='._CHARSET.'" /><meta http-equiv="content-language" content="'._LANGCODE.'" /><title>'.$xoopsConfig['sitename'].'</title><link rel="stylesheet" type="text/css" media="all" href="'.getcss($xoopsConfig['theme_set']).'" /></head><body><table><tr><th>'.$myblock->getVar('title').'</th></tr><tr><td>'.$myblock->getContent('S', $bctype).'</td></tr></table></body></html>';
130
131
    /* $dummyfile = '_dummyfile_'.time().'.html';
132
    $fp = fopen(XOOPS_CACHE_PATH.'/'.$dummyfile, 'w');
133
    fwrite($fp, $dummyhtml);
134
    fclose($fp);*/
135
    $block['edit_form'] = false;
136
    $block['template']  = '';
137
    $block['op']        = $op;
138
    $block['side']      = $bside;
139
    $block['weight']    = $bweight;
140
    $block['visible']   = $bvisible;
141
    $block['title']     = $myblock->getVar('title', 'E');
142
    $block['content']   = $myblock->getVar('content', 'n');
143
    $block['modules']   =& $bmodule;
144
    $block['ctype']     = isset($bctype) ? $bctype : $myblock->getVar('c_type');
145
    $block['is_custom'] = true;
146
    $block['cachetime'] = (int)$bcachetime;
147
    echo '<a href="myblocksadmin.php">' . _AM_BADMIN . '</a>&nbsp;<span style="font-weight:bold;">&raquo;&raquo;</span>&nbsp;' . $block['form_title'] . '<br><br>';
148
    include __DIR__ . '/../admin/myblockform.php'; //GIJ
149
    //echo '<a href="admin.php?fct=blocksadmin">'. _AM_BADMIN .'</a>&nbsp;<span style="font-weight:bold;">&raquo;&raquo;</span>&nbsp;'.$block['form_title'].'<br><br>';
150
    //include XOOPS_ROOT_PATH.'/modules/system/admin/blocksadmin/blockform.php';
151
    $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ
152
    $form->display();
153
154
    $original_level = error_reporting(E_ALL);
155
    echo "
156
    <table width='100%' class='outer' cellspacing='1'>
157
      <tr>
158
        <th>" . $myblock->getVar('title') . "</th>
159
      </tr>
160
      <tr>
161
        <td class='odd'>" . $myblock->getContent('S', $bctype) . "</td>
162
      </tr>
163
    </table>\n";
164
    error_reporting($original_level);
165
166
    xoops_cp_footer();
167
    /* echo '<script type="text/javascript">
168
    preview_window = openWithSelfMain("'.XOOPS_URL.'/modules/system/admin.php?fct=blocksadmin&op=previewpopup&file='.$dummyfile.'", "popup", 250, 200);
169
    </script>';*/
170
171
    exit();
172
}
173
174
/* if ($op == 'previewpopup') {
175
  if ( !admin_refcheck("/modules/$admin_mydirname/admin/") ) {
176
    exit('Invalid Referer');
177
  }
178
  $file = str_replace('..', '', XOOPS_CACHE_PATH.'/'.trim($_GET['file']));
179
  if (file_exists($file)) {
180
    include $file;
181
    @unlink($file);
182
  }
183
  exit();
184
} */
185
186
/* if ($op == "list") {
187
  xoops_cp_header();
188
  list_blocks();
189
  xoops_cp_footer();
190
  exit();
191
} */
192
193
if ($op === 'order') {
194
    //if ( !admin_refcheck("/modules/$admin_mydirname/admin/") ) {
195
    //  exit('Invalid Referer');
196
    //}
197 View Code Duplication
    if (!$xoopsGTicket->check(true, 'myblocksadmin')) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
198
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
199
    }
200
    if (!empty($_POST['side'])) {
201
        $side = $_POST['side'];
202
    }
203
    //  if ( !empty($_POST['weight']) ) { $weight = $_POST['weight']; }
204
    if (!empty($_POST['visible'])) {
205
        $visible = $_POST['visible'];
206
    }
207
    //  if ( !empty($_POST['oldside']) ) { $oldside = $_POST['oldside']; }
208
    //  if ( !empty($_POST['oldweight']) ) { $oldweight = $_POST['oldweight']; }
209
    //  if ( !empty($_POST['oldvisible']) ) { $oldvisible = $_POST['oldvisible']; }
210
    if (!empty($_POST['bid'])) {
211
        $bid = $_POST['bid'];
212
    } else {
213
        $bid = array();
214
    }
215
    // GIJ start
216 View Code Duplication
    foreach (array_keys($bid) as $i) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
217
        if ($side[$i] < 0) {
218
            $visible[$i] = 0;
219
            $side[$i]    = -1;
220
        } else {
221
            $visible[$i] = 1;
222
        }
223
224
        $bmodule = (isset($_POST['bmodule'][$i]) && is_array($_POST['bmodule'][$i])) ? $_POST['bmodule'][$i] : array(-1);
225
226
        myblocksadmin_update_block($i, $side[$i], $_POST['weight'][$i], $visible[$i], $_POST['title'][$i], null, null, $_POST['bcachetime'][$i], $bmodule, array());
227
228
        //    if ( $oldweight[$i] != $weight[$i] || $oldvisible[$i] != $visible[$i] || $oldside[$i] != $side[$i] )
229
        //    order_block($bid[$i], $weight[$i], $visible[$i], $side[$i]);
230
    }
231
    $query4redirect = '?dirname=' . urlencode(strip_tags(substr($_POST['query4redirect'], 9)));
232
    redirect_header("myblocksadmin.php$query4redirect", 1, _AM_DBUPDATED);
233
    // GIJ end
234
}
235
236
if ($op === 'order2') {
237 View Code Duplication
    if (!$xoopsGTicket->check(true, 'myblocksadmin')) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
238
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
239
    }
240
241
    if (isset($_POST['addblock']) && is_array($_POST['addblock'])) {
242
243
        // addblock
244
        foreach ($_POST['addblock'] as $bid => $val) {
245
            myblocksadmin_update_blockinstance(0, 0, 0, 0, '', null, null, 0, array(), array(), (int)$bid);
246
        }
247
    } else {
248
249
        // else change order
250
        if (!empty($_POST['side'])) {
251
            $side = $_POST['side'];
252
        }
253
        if (!empty($_POST['visible'])) {
254
            $visible = $_POST['visible'];
255
        }
256
        if (!empty($_POST['id'])) {
257
            $id = $_POST['id'];
258
        } else {
259
            $id = array();
260
        }
261
262 View Code Duplication
        foreach (array_keys($id) as $i) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
263
            // separate side and visible
264
            if ($side[$i] < 0) {
265
                $visible[$i] = 0;
266
                $side[$i]    = -1; // for not to destroy the original position
267
            } else {
268
                $visible[$i] = 1;
269
            }
270
271
            $bmodule = (isset($_POST['bmodule'][$i]) && is_array($_POST['bmodule'][$i])) ? $_POST['bmodule'][$i] : array(-1);
272
273
            myblocksadmin_update_blockinstance($i, $side[$i], $_POST['weight'][$i], $visible[$i], $_POST['title'][$i], null, null, $_POST['bcachetime'][$i], $bmodule, array());
274
        }
275
    }
276
277
    $query4redirect = '?dirname=' . urlencode(strip_tags(substr($_POST['query4redirect'], 9)));
278
    redirect_header("myblocksadmin.php$query4redirect", 1, _MD_AM_DBUPDATED);
279
    exit;
280
}
281
282
/* if ($op == 'save') {
283
  if ( !admin_refcheck("/modules/$admin_mydirname/admin/") ) {
284
    exit('Invalid Referer');
285
  }
286
  if ( ! $xoopsGTicket->check( true , 'myblocksadmin' ) ) {
287
    redirect_header(XOOPS_URL.'/',3,$xoopsGTicket->getErrors());
288
  }
289
  if ( !empty($_POST['bside']) ) { $bside = (int)($_POST['bside']); } else { $bside = 0; }
290
  if ( !empty($_POST['bweight']) ) { $bweight = (int)($_POST['bweight']); } else { $bweight = 0; }
291
  if ( !empty($_POST['bvisible']) ) { $bvisible = (int)($_POST['bvisible']); } else { $bvisible = 0; }
292
  if ( !empty($_POST['bmodule']) ) { $bmodule = $_POST['bmodule']; } else { $bmodule = array(); }
293
  if ( !empty($_POST['btitle']) ) { $btitle = $_POST['btitle']; } else { $btitle = ""; }
294
  if ( !empty($_POST['bcontent']) ) { $bcontent = $_POST['bcontent']; } else { $bcontent = ""; }
295
  if ( !empty($_POST['bctype']) ) { $bctype = $_POST['bctype']; } else { $bctype = ""; }
296
  if ( !empty($_POST['bcachetime']) ) { $bcachetime = (int)($_POST['bcachetime']); } else { $bcachetime = 0; }
297
  save_block($bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bmodule, $bcachetime);
298
  exit();
299
} */
300
301
if ($op === 'update') {
302
    //if ( !admin_refcheck("/modules/$admin_mydirname/admin/") ) {
303
    //  exit('Invalid Referer');
304
    //}
305 View Code Duplication
    if (!$xoopsGTicket->check(true, 'myblocksadmin')) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
306
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
307
    }
308
    /*  if ( !empty($_POST['bside']) ) { $bside = (int)($_POST['bside']); } else { $bside = 0; }
309
      if ( !empty($_POST['bweight']) ) { $bweight = (int)($_POST['bweight']); } else { $bweight = 0; }
310
      if ( !empty($_POST['bvisible']) ) { $bvisible = (int)($_POST['bvisible']); } else { $bvisible = 0; }
311
      if ( !empty($_POST['btitle']) ) { $btitle = $_POST['btitle']; } else { $btitle = ""; }
312
      if ( !empty($_POST['bcontent']) ) { $bcontent = $_POST['bcontent']; } else { $bcontent = ""; }
313
      if ( !empty($_POST['bctype']) ) { $bctype = $_POST['bctype']; } else { $bctype = ""; }
314
      if ( !empty($_POST['bcachetime']) ) { $bcachetime = (int)($_POST['bcachetime']); } else { $bcachetime = 0; }
315
      if ( !empty($_POST['bmodule']) ) { $bmodule = $_POST['bmodule']; } else { $bmodule = array(); }
316
      if ( !empty($_POST['options']) ) { $options = $_POST['options']; } else { $options = array(); }
317
      update_block($bid, $bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bcachetime, $bmodule, $options);*/
318
319
    $bcachetime = isset($_POST['bcachetime']) ? (int)$_POST['bcachetime'] : 0;
320
    $options    = isset($_POST['options']) ? $_POST['options'] : array();
321
    $bcontent   = isset($_POST['bcontent']) ? $_POST['bcontent'] : '';
322
    $bctype     = isset($_POST['bctype']) ? $_POST['bctype'] : '';
323
    $bmodule    = (isset($_POST['bmodule']) && is_array($_POST['bmodule'])) ? $_POST['bmodule'] : array(-1); // GIJ +
324
    $msg        = myblocksadmin_update_block($_POST['bid'], $_POST['bside'], $_POST['bweight'], $_POST['bvisible'], $_POST['btitle'], $bcontent, $bctype, $bcachetime, $bmodule, $options); // GIJ !
325
    redirect_header('myblocksadmin.php', 1, $msg);
326
}
327
328
if ($op === 'delete_ok') {
329
    //if ( !admin_refcheck("/modules/$admin_mydirname/admin/") ) {
330
    //  exit('Invalid Referer');
331
    //}
332 View Code Duplication
    if (!$xoopsGTicket->check(true, 'myblocksadmin')) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
333
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
334
    }
335
    // delete_block_ok($bid); GIJ imported from blocksadmin.php
336
    $myblock = new XoopsBlock($bid);
337
    if ($myblock->getVar('block_type') !== 'D' && $myblock->getVar('block_type') !== 'C') {
338
        redirect_header('myblocksadmin.php', 4, 'Invalid block');
339
    }
340
    $myblock->delete();
341
    if ($myblock->getVar('template') != '' && !defined('XOOPS_ORETEKI')) {
342
        $tplfileHandler = xoops_getHandler('tplfile');
343
        $btemplate      =& $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid);
344
        if (count($btemplate) > 0) {
345
            $tplman->delete($btemplate[0]);
346
        }
347
    }
348
    redirect_header('myblocksadmin.php', 1, _AM_DBUPDATED);
349
350
    // end of delete_block_ok() GIJ
351
}
352
353
if ($op === 'delete') {
354
    xoops_cp_header();
355
    // delete_block($bid); GIJ imported from blocksadmin.php
356
    $myblock = new XoopsBlock($bid);
357
    if ($myblock->getVar('block_type') === 'S') {
358
        $message = _AM_SYSTEMCANT;
359
        redirect_header('admin.php?fct=blocksadmin', 4, $message);
360
    } elseif ($myblock->getVar('block_type') === 'M') {
361
        $message = _AM_MODULECANT;
362
        redirect_header('admin.php?fct=blocksadmin', 4, $message);
363
    } else {
364
        xoops_confirm(array('fct' => 'blocksadmin', 'op' => 'delete_ok', 'bid' => $myblock->getVar('bid')) + $xoopsGTicket->getTicketArray(__LINE__, 1800, 'myblocksadmin'), 'admin.php',
365
                      sprintf(_AM_RUSUREDEL, $myblock->getVar('title')));
366
    }
367
    // end of delete_block() GIJ
368
    xoops_cp_footer();
369
    exit();
370
}
371
372 View Code Duplication
if ($op === 'edit') {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
373
    xoops_cp_header();
374
    // edit_block($bid); GIJ imported from blocksadmin.php
375
    $myblock = new XoopsBlock($bid);
376
377
    $db      = XoopsDatabaseFactory::getDatabaseConnection();
378
    $sql     = 'SELECT module_id FROM ' . $db->prefix('block_module_link') . ' WHERE block_id=' . (int)$bid;
379
    $result  = $db->query($sql);
380
    $modules = array();
381
    while ($row = $db->fetchArray($result)) {
382
        $modules[] = (int)$row['module_id'];
383
    }
384
    $is_custom = ($myblock->getVar('block_type') === 'C' || $myblock->getVar('block_type') === 'E') ? true : false;
385
    $block     = array(
386
        'form_title'    => _AM_EDITBLOCK,
387
        'name'          => $myblock->getVar('name'),
388
        'side'          => $myblock->getVar('side'),
389
        'weight'        => $myblock->getVar('weight'),
390
        'visible'       => $myblock->getVar('visible'),
391
        'title'         => $myblock->getVar('title', 'E'),
392
        'content'       => $myblock->getVar('content', 'n'),
393
        'modules'       => $modules,
394
        'is_custom'     => $is_custom,
395
        'ctype'         => $myblock->getVar('c_type'),
396
        'cachetime'     => $myblock->getVar('bcachetime'),
397
        'op'            => 'update',
398
        'bid'           => $myblock->getVar('bid'),
399
        'edit_form'     => $myblock->getOptions(),
400
        'template'      => $myblock->getVar('template'),
401
        'options'       => $myblock->getVar('options'),
402
        'submit_button' => _SUBMIT
403
    );
404
405
    echo '<a href="myblocksadmin.php">' . _AM_BADMIN . '</a>&nbsp;<span style="font-weight:bold;">&raquo;&raquo;</span>&nbsp;' . _AM_EDITBLOCK . '<br><br>';
406
    include __DIR__ . '/../admin/myblockform.php'; //GIJ
407
    $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ
408
    $form->display();
409
    // end of edit_block() GIJ
410
    xoops_cp_footer();
411
    exit();
412
}
413
414 View Code Duplication
if ($op === 'clone') {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
415
    xoops_cp_header();
416
    $myblock = new XoopsBlock($bid);
417
418
    $db      = XoopsDatabaseFactory::getDatabaseConnection();
419
    $sql     = 'SELECT module_id FROM ' . $db->prefix('block_module_link') . ' WHERE block_id=' . (int)$bid;
420
    $result  = $db->query($sql);
421
    $modules = array();
422
    while ($row = $db->fetchArray($result)) {
423
        $modules[] = (int)$row['module_id'];
424
    }
425
    $is_custom = ($myblock->getVar('block_type') === 'C' || $myblock->getVar('block_type') === 'E') ? true : false;
426
    $block     = array(
427
        'form_title'    => _AM_CLONEBLOCK,
428
        'name'          => $myblock->getVar('name'),
429
        'side'          => $myblock->getVar('side'),
430
        'weight'        => $myblock->getVar('weight'),
431
        'visible'       => $myblock->getVar('visible'),
432
        'content'       => $myblock->getVar('content', 'N'),
433
        'title'         => $myblock->getVar('title', 'E'),
434
        'modules'       => $modules,
435
        'is_custom'     => $is_custom,
436
        'ctype'         => $myblock->getVar('c_type'),
437
        'cachetime'     => $myblock->getVar('bcachetime'),
438
        'op'            => 'clone_ok',
439
        'bid'           => $myblock->getVar('bid'),
440
        'edit_form'     => $myblock->getOptions(),
441
        'template'      => $myblock->getVar('template'),
442
        'options'       => $myblock->getVar('options'),
443
        'submit_button' => _CLONE
444
    );
445
    echo '<a href="myblocksadmin.php">' . _AM_BADMIN . '</a>&nbsp;<span style="font-weight:bold;">&raquo;&raquo;</span>&nbsp;' . _AM_CLONEBLOCK . '<br><br>';
446
    include __DIR__ . '/../admin/myblockform.php';
447
    $xoopsGTicket->addTicketXoopsFormElement($form, __LINE__, 1800, 'myblocksadmin'); //GIJ
448
    $form->display();
449
    xoops_cp_footer();
450
    exit();
451
}
452
453
if ($op === 'clone_ok') {
454
    // Ticket Check
455 View Code Duplication
    if (!$xoopsGTicket->check(true, 'myblocksadmin')) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
456
        redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
457
    }
458
459
    $block = new XoopsBlock($bid);
460
461
    // block type check
462
    $block_type = $block->getVar('block_type');
463
    if ($block_type !== 'C' && $block_type !== 'M' && $block_type !== 'D') {
464
        redirect_header('myblocksadmin.php', 4, 'Invalid block');
465
    }
466
467
    if (empty($_POST['options'])) {
468
        $options = array();
469
    } elseif (is_array($_POST['options'])) {
470
        $options = $_POST['options'];
471
    } else {
472
        $options = explode('|', $_POST['options']);
473
    }
474
475
    // for backward compatibility
476
    // $cblock =& $block->clone(); or $cblock =& $block->xoopsClone();
477
    $cblock = new XoopsBlock();
478
    foreach ($block->vars as $k => $v) {
479
        $cblock->assignVar($k, $v['value']);
480
    }
481
    $cblock->setNew();
482
483
    $myts = MyTextSanitizer::getInstance();
484
    $cblock->setVar('side', $_POST['bside']);
485
    $cblock->setVar('weight', $_POST['bweight']);
486
    $cblock->setVar('visible', $_POST['bvisible']);
487
    $cblock->setVar('title', $_POST['btitle']);
488
    $cblock->setVar('content', @$_POST['bcontent']);
489
    $cblock->setVar('c_type', @$_POST['bctype']);
490
    $cblock->setVar('bcachetime', $_POST['bcachetime']);
491 View Code Duplication
    if (isset($options) && (count($options) > 0)) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
492
        $options = implode('|', $options);
493
        $cblock->setVar('options', $options);
494
    }
495
    $cblock->setVar('bid', 0);
496
    $cblock->setVar('block_type', $block_type === 'C' ? 'C' : 'D');
497
    $cblock->setVar('func_num', 255);
498
    $newid = $cblock->store();
499
    if (!$newid) {
500
        xoops_cp_header();
501
        $cblock->getHtmlErrors();
502
        xoops_cp_footer();
503
        exit();
504
    }
505
    /*  if ($cblock->getVar('template') != '') {
506
            $tplfileHandler = xoops_getHandler('tplfile');
507
            $btemplate =& $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid);
508
            if (count($btemplate) > 0) {
509
                $tplclone =& $btemplate[0]->clone();
510
                $tplclone->setVar('tpl_id', 0);
511
                $tplclone->setVar('tpl_refid', $newid);
512
                $tplman->insert($tplclone);
513
            }
514
        } */
515
    $db      = XoopsDatabaseFactory::getDatabaseConnection();
516
    $bmodule = (isset($_POST['bmodule']) && is_array($_POST['bmodule'])) ? $_POST['bmodule'] : array(-1); // GIJ +
517
    foreach ($bmodule as $bmid) {
518
        $sql = 'INSERT INTO ' . $db->prefix('block_module_link') . ' (block_id, module_id) VALUES (' . $newid . ', ' . $bmid . ')';
519
        $db->query($sql);
520
    }
521
522
    /*  global $xoopsUser;
523
        $groups =& $xoopsUser->getGroups();
524
        $count = count($groups);
525
        for ($i = 0; $i < $count; ++$i) {
526
            $sql = "INSERT INTO ".$db->prefix('group_permission')." (gperm_groupid, gperm_itemid, gperm_modid, gperm_name) VALUES (".$groups[$i].", ".$newid.", 1, 'block_read')";
527
            $db->query($sql);
528
        }
529
    */
530
531
    $sql    = 'SELECT gperm_groupid FROM ' . $db->prefix('group_permission') . " WHERE gperm_name='block_read' AND gperm_modid='1' AND gperm_itemid='$bid'";
532
    $result = $db->query($sql);
533
    while (list($gid) = $db->fetchRow($result)) {
534
        $sql = 'INSERT INTO ' . $db->prefix('group_permission') . " (gperm_groupid, gperm_itemid, gperm_modid, gperm_name) VALUES ($gid, $newid, 1, 'block_read')";
535
        $db->query($sql);
536
    }
537
538
    redirect_header('myblocksadmin.php', 1, _AM_DBUPDATED);
539
}
540
541
// import from modules/system/admin/blocksadmin/blocksadmin.php
542
/**
543
 * @param         $bid
544
 * @param         $bside
545
 * @param         $bweight
546
 * @param         $bvisible
547
 * @param         $btitle
548
 * @param         $bcontent
549
 * @param         $bctype
550
 * @param         $bcachetime
551
 * @param         $bmodule
552
 * @param  array  $options
553
 * @return string
554
 */
555
function myblocksadmin_update_block($bid, $bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bcachetime, $bmodule, $options = array())
556
{
557
    global $xoopsConfig;
558
    /* if (empty($bmodule)) {
559
             xoops_cp_header();
560
             xoops_error(sprintf(_AM_NOTSELNG, _AM_VISIBLEIN));
561
             xoops_cp_footer();
562
             exit();
563
         } */
564
    $myblock = new XoopsBlock($bid);
565
    // $myblock->setVar('side', $bside); GIJ -
566
    if ($bside >= 0) {
567
        $myblock->setVar('side', $bside);
568
    } // GIJ +
569
    $myblock->setVar('weight', $bweight);
570
    $myblock->setVar('visible', $bvisible);
571
    $myblock->setVar('title', $btitle);
572
    if (isset($bcontent)) {
573
        $myblock->setVar('content', $bcontent);
574
    }
575
    if (isset($bctype)) {
576
        $myblock->setVar('c_type', $bctype);
577
    }
578
    $myblock->setVar('bcachetime', $bcachetime);
579 View Code Duplication
    if (isset($options) && (count($options) > 0)) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
580
        $options = implode('|', $options);
581
        $myblock->setVar('options', $options);
582
    }
583
    if ($myblock->getVar('block_type') === 'C') {
584
        switch ($myblock->getVar('c_type')) {
585
            case 'H':
586
                $name = _AM_CUSTOMHTML;
587
                break;
588
            case 'P':
589
                $name = _AM_CUSTOMPHP;
590
                break;
591
            case 'S':
592
                $name = _AM_CUSTOMSMILE;
593
                break;
594
            default:
595
                $name = _AM_CUSTOMNOSMILE;
596
                break;
597
        }
598
        $myblock->setVar('name', $name);
599
    }
600
    $msg = _AM_DBUPDATED;
601
    if ($myblock->store() != false) {
602
        $db  = XoopsDatabaseFactory::getDatabaseConnection();
603
        $sql = sprintf('DELETE FROM %s WHERE block_id = %u', $db->prefix('block_module_link'), $bid);
604
        $db->query($sql);
605
        foreach ($bmodule as $bmid) {
606
            $sql = sprintf('INSERT INTO %s (block_id, module_id) VALUES (%u, %d)', $db->prefix('block_module_link'), $bid, (int)$bmid);
607
            $db->query($sql);
608
        }
609
        include_once XOOPS_ROOT_PATH . '/class/template.php';
610
        $xoopsTpl = new XoopsTpl();
611
        $xoopsTpl->xoops_setCaching(2);
612
        if ($myblock->getVar('template') != '') {
613
            if ($xoopsTpl->is_cached('db:' . $myblock->getVar('template'))) {
614
                if (!$xoopsTpl->clear_cache('db:' . $myblock->getVar('template'))) {
615
                    $msg = 'Unable to clear cache for block ID' . $bid;
616
                }
617
            }
618
        } else {
619
            if ($xoopsTpl->is_cached('db:system_dummy.html', 'block' . $bid)) {
620
                if (!$xoopsTpl->clear_cache('db:system_dummy.html', 'block' . $bid)) {
621
                    $msg = 'Unable to clear cache for block ID' . $bid;
622
                }
623
            }
624
        }
625
    } else {
626
        $msg = 'Failed update of block. ID:' . $bid;
627
    }
628
    // redirect_header('admin.php?fct=blocksadmin&amp;t='.time(),1,$msg);
629
    // exit(); GIJ -
630
    return $msg; // GIJ +
631
}
632
633
// update block instance for 2.2
634
/**
635
 * @param         $id
636
 * @param         $bside
637
 * @param         $bweight
638
 * @param         $bvisible
639
 * @param         $btitle
640
 * @param         $bcontent
641
 * @param         $bctype
642
 * @param         $bcachetime
643
 * @param         $bmodule
644
 * @param  array  $options
645
 * @param  null   $bid
646
 * @return string
647
 */
648
function myblocksadmin_update_blockinstance($id, $bside, $bweight, $bvisible, $btitle, $bcontent, $bctype, $bcachetime, $bmodule, $options = array(), $bid = null)
649
{
650
    global $xoopsDB;
651
652
    $instanceHandler = xoops_getHandler('blockinstance');
653
    $blockHandler    = xoops_getHandler('block');
654
    if ($id > 0) {
655
        // update
656
        $instance =& $instanceHandler->get($id);
657
        if ($bside >= 0) {
658
            $instance->setVar('side', $bside);
659
        }
660
        if (!empty($options)) {
661
            $instance->setVar('options', $options);
662
        }
663
    } else {
664
        // insert
665
        $instance =& $instanceHandler->create();
666
        $instance->setVar('bid', $bid);
667
        $instance->setVar('side', $bside);
668
        $block = $blockHandler->get($bid);
669
        $instance->setVar('options', $block->getVar('options'));
670
        if (empty($btitle)) {
671
            $btitle = $block->getVar('name');
672
        }
673
    }
674
    $instance->setVar('weight', $bweight);
675
    $instance->setVar('visible', $bvisible);
676
    $instance->setVar('title', $btitle);
677
    // if( isset( $bcontent ) ) $instance->setVar('content', $bcontent);
678
    // if( isset( $bctype ) ) $instance->setVar('c_type', $bctype);
679
    $instance->setVar('bcachetime', $bcachetime);
680
681
    if ($instanceHandler->insert($instance)) {
682
        $GLOBALS['xoopsDB']->query('DELETE FROM ' . $GLOBALS['xoopsDB']->prefix('block_module_link') . ' WHERE block_id=' . $instance->getVar('instanceid'));
683
        foreach ($bmodule as $mid) {
684
            $page   = explode('-', $mid);
685
            $mid    = $page[0];
686
            $pageid = $page[1];
687
            $GLOBALS['xoopsDB']->query('INSERT INTO '
688
                                       . $GLOBALS['xoopsDB']->prefix('block_module_link')
689
                                       . ' VALUES ('
690
                                       . $instance->getVar('instanceid')
691
                                       . ', '
692
                                       . (int)$mid
693
                                       . ', '
694
                                       . (int)$pageid
695
                                       . ')');
696
        }
697
698
        return _MD_AM_DBUPDATED;
699
    }
700
701
    return 'Failed update of block instance. ID:' . $id;
702
703
    /*      // NAME for CUSTOM BLOCK
704
            if ( $instance->getVar('block_type') == 'C') {
705
                switch ( $instance->getVar('c_type') ) {
706
                case 'H':
707
                    $name = _AM_CUSTOMHTML;
708
                    break;
709
                case 'P':
710
                    $name = _AM_CUSTOMPHP;
711
                    break;
712
                case 'S':
713
                    $name = _AM_CUSTOMSMILE;
714
                    break;
715
                default:
716
                    $name = _AM_CUSTOMNOSMILE;
717
                    break;
718
                }
719
                $instance->setVar('name', $name);
720
            }
721
    */
722
    /*          // CLEAR TEMPLATE CACHE
723
                include_once XOOPS_ROOT_PATH.'/class/template.php';
724
                $xoopsTpl = new XoopsTpl();
725
                $xoopsTpl->xoops_setCaching(2);
726
                if ($instance->getVar('template') != '') {
727
                    if ($xoopsTpl->is_cached('db:'.$instance->getVar('template'))) {
728
                        if (!$xoopsTpl->clear_cache('db:'.$instance->getVar('template'))) {
729
                            $msg = 'Unable to clear cache for block ID'.$bid;
730
                        }
731
                    }
732
                } else {
733
                    if ($xoopsTpl->is_cached('db:system_dummy.html', 'block'.$bid)) {
734
                        if (!$xoopsTpl->clear_cache('db:system_dummy.html', 'block'.$bid)) {
735
                            $msg = 'Unable to clear cache for block ID'.$bid;
736
                        }
737
                    }
738
                }
739
    */
740
}
741
742
// TODO  edit2, delete2, customblocks
743
744