Issues in functions.php (master) - Issues in master - XoopsModules25x/smartpartner - Measure and Improve Code Quality continuously with Scrutinizer

Issues (733)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/functions.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 *
 * Module: SmartPartner
 * Author: The SmartFactory <www.smartfactory.ca>
 * Licence: GNU
 */
// defined('XOOPS_ROOT_PATH') || exit('XOOPS root path not defined');

function smartpartner_xoops_cp_header()
{
    xoops_cp_header();

    ?>
    <script type='text/javascript' src='funcs.js'></script>
    <script type='text/javascript' src='cookies.js'></script>
    <?php

}

/**
 * Detemines if a table exists in the current db
 *
 * @param  string $table the table name (without XOOPS prefix)
 * @return bool   True if table exists, false if not
 *
 * @access public
 * @author xhelp development team
 */
function smartpartner_TableExists($table)
{
    $bRetVal = false;
    //Verifies that a MySQL table exists
    $xoopsDB  = XoopsDatabaseFactory::getDatabaseConnection();
    $realname = $xoopsDB->prefix($table);
    $sql      = 'SHOW TABLES FROM ' . XOOPS_DB_NAME;
    $ret      = $xoopsDB->queryF($sql);
    while (list($m_table) = $xoopsDB->fetchRow($ret)) {
        if ($m_table == $realname) {
            $bRetVal = true;
            break;
        }
    }
    $xoopsDB->freeRecordSet($ret);

    return $bRetVal;
}

/**
 * Gets a value from a key in the xhelp_meta table
 *
 * @param  string $key
 * @return string $value
 *
 * @access public
 * @author xhelp development team
 */
function smartpartner_GetMeta($key)
{
    $xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
    $sql     = sprintf('SELECT metavalue FROM %s WHERE metakey=%s', $xoopsDB->prefix('smartpartner_meta'), $xoopsDB->quoteString($key));
    $ret     = $xoopsDB->query($sql);
    if (!$ret) {
        $value = false;
    } else {
        list($value) = $xoopsDB->fetchRow($ret);
    }

    return $value;
}

/**
 * Sets a value for a key in the xhelp_meta table
 *
 * @param  string $key
 * @param  string $value
 * @return bool   TRUE if success, FALSE if failure
 *
 * @access public
 * @author xhelp development team
 */
function smartpartner_SetMeta($key, $value)
{
    $xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
    if ($ret = smartpartner_GetMeta($key)) {
        $sql = sprintf('UPDATE %s SET metavalue = %s WHERE metakey = %s', $xoopsDB->prefix('smartpartner_meta'), $xoopsDB->quoteString($value), $xoopsDB->quoteString($key));
    } else {
        $sql = sprintf('INSERT INTO %s (metakey, metavalue) VALUES (%s, %s)', $xoopsDB->prefix('smartpartner_meta'), $xoopsDB->quoteString($key), $xoopsDB->quoteString($value));
    }
    $ret = $xoopsDB->queryF($sql);
    if (!$ret) {
        return false;
    }

    return true;
}

/**
 * @param $matches
 * @return string
 */
function smartpartner_highlighter($matches)
{
    //$color=getmoduleoption('highlightcolor');
    $smartConfig = smartpartner_getModuleConfig();
    $color       = $smartConfig['highlight_color'];
    if (0 !== strpos($color, '#')) {
        $color = '#' . $color;
    }

    return '<span style="font-weight: bolder; background-color: ' . $color . ';">' . $matches[0] . '</span>';
}

/**
 * @return array
 */
function smartpartner_getAllowedImagesTypes()
{
    return array('jpg/jpeg', 'image/bmp', 'image/gif', 'image/jpeg', 'image/jpg', 'image/x-png', 'image/png', 'image/pjpeg');
}

/**
 * Copy a file, or a folder and its contents
 *
 * @author      Aidan Lister <[email protected]>
 * @param  string $source The source
 * @param  string $dest   The destination
 * @return bool   Returns true on success, false on failure
 * @throws
 */
function smartpartner_copyr($source, $dest)
{
    // Simple copy for a file
    if (is_file($source)) {
        return copy($source, $dest);
    }

    // Make destination directory
    if (!is_dir($dest)) {
        //        mkdir($dest);
        if (!@mkdir($dest) && !is_dir($dest)) {
            throw Exception("Couldn't create this directory: " . $dest);
        }
    }

    // Loop through the folder
    $dir = dir($source);
    while (false !== $entry = $dir->read()) {
        // Skip pointers
        if ($entry === '.' || $entry === '..') {
            continue;
        }

        // Deep copy directories
        if (is_dir("$source/$entry") && ($dest !== "$source/$entry")) {
            copyr("$source/$entry", "$dest/$entry");
        } else {
            copy("$source/$entry", "$dest/$entry");
        }
    }

    // Clean up
    $dir->close();

    return true;
}

/**
 * @return string
 */
function smartpartner_getHelpPath()
{
    $smartConfig = smartpartner_getModuleConfig();
    switch ($smartConfig['helppath_select']) {
        case 'docs.xoops.org':
            return 'http://docs.xoops.org/help/spartnerh/index.htm';
            break;

        case 'inside':
            return SMARTPARTNER_URL . 'doc/';
            break;

        case 'custom':
            return $smartConfig['helppath_custom'];
            break;
    }
}

/**
 * @return mixed|null
 */
function smartpartner_getModuleInfo()
{
    static $smartModule;
    if (!isset($smartModule)) {
        global $xoopsModule;
        if (isset($xoopsModule) && is_object($xoopsModule) && $xoopsModule->getVar('dirname') == SMARTPARTNER_DIRNAME) {
            $smartModule = $xoopsModule;
        } else {
            $hModule     = xoops_getHandler('module');
            $smartModule = $hModule->getByDirname(SMARTPARTNER_DIRNAME);
        }
    }

    return $smartModule;
}

/**
 * @return mixed
 */
function smartpartner_getModuleConfig()
{
    static $smartConfig;
    if (!$smartConfig) {
        global $xoopsModule;
        if (isset($xoopsModule) && is_object($xoopsModule) && $xoopsModule->getVar('dirname') == SMARTPARTNER_DIRNAME) {
            global $xoopsModuleConfig;
            $smartConfig = $xoopsModuleConfig;
        } else {
            $smartModule =& smartpartner_getModuleInfo();
            $hModConfig  = xoops_getHandler('config');
            $smartConfig = $hModConfig->getConfigsByCat(0, $smartModule->getVar('mid'));
        }
    }

    return $smartConfig;
}

/**
 * @param $src
 * @param $maxWidth
 * @param $maxHeight
 * @return array
 */
function smartpartner_imageResize($src, $maxWidth, $maxHeight)
{
    $width  = '';
    $height = '';
    $type   = '';
    $attr   = '';

    if (file_exists($src)) {
        list($width, $height, $type, $attr) = getimagesize($src);
        if ($width > $maxWidth) {
            $originalWidth = $width;
            $width         = $maxWidth;
            $height        = $width * $height / $originalWidth;
        }

        if ($height > $maxHeight) {
            $originalHeight = $height;
            $height         = $maxHeight;
            $width          = $height * $width / $originalHeight;
        }

        $attr = " width='$width' height='$height'";
    }

    return array($width, $height, $type, $attr);
}

/**
 * @param       $name
 * @param  bool $optional
 * @return bool
 */
function smartpartner_gethandler($name, $optional = false)
{
    static $handlers;
    $name = strtolower(trim($name));
    if (!isset($handlers[$name])) {
        if (file_exists($hnd_file = SMARTPARTNER_ROOT_PATH . 'class/' . $name . '.php')) {
            require_once $hnd_file;
        }
        $class = 'Smartpartner' . ucfirst($name) . 'Handler';
        if (class_exists($class)) {
            $handlers[$name] = new $class($GLOBALS['xoopsDB']);
        }
    }
    if (!isset($handlers[$name]) && !$optional) {
        trigger_error('Class <b>' . $class . '</b> does not exist<br>Handler Name: ' . $name . ' | Module path: ' . SMARTPARTNER_ROOT_PATH, E_USER_ERROR);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
    }
    $ret = isset($handlers[$name]) ? $handlers[$name] : false;

    return $ret;
}

/**
 * Checks if a user is admin of SmartPartner
 *
 * smartpartner_userIsAdmin()
 *
 * @return boolean: array with userids and uname
 */
function smartpartner_userIsAdmin()
{
    global $xoopsUser;

    $result      = false;
    $smartModule = smartpartner_getModuleInfo();
    $module_id   = $smartModule->getVar('mid');

    if (!empty($xoopsUser)) {
        $groups = $xoopsUser->getGroups();
        $result = in_array(XOOPS_GROUP_ADMIN, $groups) || $xoopsUser->isAdmin($module_id);
    }

    return $result;
}

/**
 * @param string $tablename
 * @param string $iconname
 * @param string $tabletitle
 * @param string $tabledsc
 */
function smartpartner_collapsableBar($tablename = '', $iconname = '', $tabletitle = '', $tabledsc = '')
{
    global $xoopsModule;
    echo "<h3 style=\"color: #2F5376; font-weight: bold; font-size: 14px; margin: 6px 0 0 0; \"><a href='javascript:;' onclick=\"toggle('" . $tablename . "'); toggleIcon('" . $iconname . "')\";>";
    echo "<img id='$iconname' src=" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/assets/images/icon/close12.gif alt='' /></a>&nbsp;" . $tabletitle . '</h3>';
    echo "<div id='$tablename'>";
    if ($tabledsc != '') {
        echo "<span style=\"color: #567; margin: 3px 0 12px 0; font-size: small; display: block; \">" . $tabledsc . '</span>';
    }
}

/**
 * @param $name
 * @param $icon
 */
function smartpartner_openclose_collapsable($name, $icon)
{
    $urls = smartpartner_getCurrentUrls();
    $path = $urls['phpself'];

    $cookie_name = $path . '_smartpartner_collaps_' . $name;
    $cookie_name = str_replace('.', '_', $cookie_name);
    $cookie      = smartpartner_getCookieVar($cookie_name, '');

    if ($cookie === 'none') {
        echo '
        <script type="text/javascript"><!--
        toggle("' . $name . '"); toggleIcon("' . $icon . '");
            //-->
        </script>
        ';
    }
}

/**
 * @param $name
 * @param $icon
 */
function smartpartner_close_collapsable($name, $icon)
{
    echo '</div>';
    smartpartner_openclose_collapsable($name, $icon);
}

/**
 * @param     $name
 * @param     $value
 * @param int $time
 */
function smartpartner_setCookieVar($name, $value, $time = 0)
{
    if ($time == 0) {
        $time = time() + 3600 * 24 * 365;
        //$time = '';
    }
    setcookie($name, $value, $time, '/');
}

/**
 * @param         $name
 * @param  string $default
 * @return string
 */
function smartpartner_getCookieVar($name, $default = '')
{
    if (isset($_COOKIE[$name]) && ($_COOKIE[$name] > '')) {
        return $_COOKIE[$name];
    } else {
        return $default;
    }
}

/**
 * @return array
 */
function smartpartner_getCurrentUrls()
{
    $http        = (strpos(XOOPS_URL, 'https://') === false) ? 'http://' : 'https://';
    $phpself     = $_SERVER['PHP_SELF'];
    $httphost    = $_SERVER['HTTP_HOST'];
    $querystring = $_SERVER['QUERY_STRING'];

    if ($querystring != '') {
        $querystring = '?' . $querystring;
    }

    $currenturl = $http . $httphost . $phpself . $querystring;

    $urls                = array();
    $urls['http']        = $http;
    $urls['httphost']    = $httphost;
    $urls['phpself']     = $phpself;
    $urls['querystring'] = $querystring;
    $urls['full']        = $currenturl;

    return $urls;
}

/**
 * @return mixed
 */
function smartpartner_getCurrentPage()
{
    $urls = smartpartner_getCurrentUrls();

    return $urls['full'];
}

function smartpartner_modFooter()
{
    global $xoopsUser, $xoopsDB, $xoopsConfig;

    $hModule    = xoops_getHandler('module');
    $hModConfig = xoops_getHandler('config');

    $smartModule = &$hModule->getByDirname('smartpartner');
    $module_id   = $smartModule->getVar('mid');

    $module_name = $smartModule->getVar('dirname');
    $smartConfig = &$hModConfig->getConfigsByCat(0, $smartModule->getVar('mid'));

    $module_id = $smartModule->getVar('mid');

    $versioninfo  = &$hModule->get($smartModule->getVar('mid'));
    $modfootertxt = 'Module ' . $versioninfo->getInfo('name') . ' - Version ' . $versioninfo->getInfo('version') . '';
    if (!defined('_AM_SPARTNER_XOOPS_PRO')) {
        define('_AM_SPARTNER_XOOPS_PRO', 'Do you need help with this module ?<br>Do you need new features not yet availale?');
    }

    echo "<div style='padding-top: 8px; padding-bottom: 10px; text-align: center;'><a href='"
         . $versioninfo->getInfo('support_site_url')
         . "' target='_blank'><img src='"
         . XOOPS_URL
         . "/modules/smartpartner/assets/images/spcssbutton.gif' title='"
         . $modfootertxt
         . "' alt='"
         . $modfootertxt
         . "'/></a></div>";
    echo '<div style="border: 2px solid #C2CDD6;">';
    echo '<div style="font-weight:bold; padding-top: 5px; text-align: center;">' . _AM_SPARTNER_XOOPS_PRO . '<br><a href="http://inboxinternational.com/modules/smartcontent/page.php?pageid=10"><img src="http://inboxinternational.com/images/INBOXsign150_noslogan.gif" alt="Need XOOPS Professional Services?" title="Need XOOPS Professional Services?"></a>
<a href="http://inboxinternational.com/modules/smartcontent/page.php?pageid=10"><img src="http://inboxinternational.com/images/xoops_services_pro_english.gif" alt="Need XOOPS Professional Services?" title="Need XOOPS Professional Services?"></a>
</div>';
    echo '</div>';
}

/**
 * Thanks to the NewBB2 Development Team
 * @param             $item
 * @param  bool       $getStatus
 * @return int|string
 */
function smartpartner_admin_getPathStatus($item, $getStatus = false)
{
    if ($item === 'root') {
        $path = '';
    } else {
        $path = $item;
    }

    $thePath = smartpartner_getUploadDir(true, $path);

    if (empty($thePath)) {
        return false;
    }
    if (@is_writable($thePath)) {
        $pathCheckResult = 1;
        $path_status     = _AM_SPARTNER_AVAILABLE;
    } elseif (!@is_dir($thePath)) {
        $pathCheckResult = -1;
        $path_status     = _AM_SPARTNER_NOTAVAILABLE . " <a href=index.php?op=createdir&amp;path=$item>" . _AM_SPARTNER_CREATETHEDIR . '</a>';
    } else {
        $pathCheckResult = -2;
        $path_status     = _AM_SPARTNER_NOTWRITABLE . " <a href=index.php?op=setperm&amp;path=$item>" . _AM_SCS_SETMPERM . '</a>';
    }
    if (!$getStatus) {
        return $path_status;
    } else {
        return $pathCheckResult;
    }
}

/**
 * Thanks to the NewBB2 Development Team
 * @param $target
 * @return bool
 */
function smartpartner_admin_mkdir($target)
{
    // http://www.php.net/manual/en/function.mkdir.php
    // saint at corenova.com
    // bart at cdasites dot com
    if (is_dir($target) || empty($target)) {
        return true;
    } // best case check first
    if (file_exists($target) && !is_dir($target)) {
        return false;
    }
    if (smartpartner_admin_mkdir(substr($target, 0, strrpos($target, '/')))) {
        if (!file_exists($target)) {
            return mkdir($target);
        }
    } // crawl back up & create dir tree

    return true;
}

/**
 * Thanks to the NewBB2 Development Team
 * @param       $target
 * @param  int  $mode
 * @return bool
 */
function smartpartner_admin_chmod($target, $mode = 0777)
{
    return @chmod($target, $mode);
}

/**
 * @param  bool $local
 * @param  bool $item
 * @return string
 */
function smartpartner_getUploadDir($local = true, $item = false)
{
    if ($item) {
        if ($item === 'root') {
            $item = '';
        } else {
            $item .= '/';
        }
    } else {
        $item = '';
    }

    if ($local) {
        return XOOPS_ROOT_PATH . "/uploads/smartpartner/$item";
    } else {
        return XOOPS_URL . "/uploads/smartpartner/$item";
    }
}

/**
 * @param  string $item
 * @param  bool   $local
 * @return string
 */
function smartpartner_getImageDir($item = '', $local = true)
{
    if ($item) {
        $item = "images/$item";
    } else {
        $item = 'images';
    }

    return smartpartner_getUploadDir($local, $item);
}

/**
 * @param  array $errors
 * @return string
 */
function smartpartner_formatErrors($errors = array())
{
    $ret = '';
    foreach ($errors as $key => $value) {
        $ret .= '<br> - ' . $value;
    }

    return $ret;
}

/**
 * @param  bool   $another
 * @param  bool   $withRedirect
 * @param  object $itemObj
 * @return bool|string
 */
function smartpartner_upload_file($another = false, $withRedirect = true, $itemObj)
{
    include_once(SMARTPARTNER_ROOT_PATH . 'class/uploader.php');

    global $smartPartnerIsAdmin, $xoopsModuleConfig, $smartPartnerPartnerHandler, $smartPartnerFileHandler, $xoopsUser;

    $id      = isset($_POST['id']) ? (int)$_POST['id'] : 0;
    $uid     = is_object($xoopsUser) ? $xoopsUser->uid() : 0;
    $session = SmartpartnerSession::getInstance();
    $session->set('smartpartner_file_filename', isset($_POST['name']) ? $_POST['name'] : '');
    $session->set('smartpartner_file_description', isset($_POST['description']) ? $_POST['description'] : '');
    $session->set('smartpartner_file_status', $_POST['file_status']);
    $session->set('smartpartner_file_uid', $uid);
    $session->set('smartpartner_file_id', $id);

    if (!is_object($itemObj)) {
        $itemObj = $smartPartnerPartnerHandler->get($id);
    }

    $max_size = $xoopsModuleConfig['maximum_filesize'];

    $fileObj = $smartPartnerFileHandler->create();
    $fileObj->setVar('name', isset($_POST['name']) ? $_POST['name'] : '');
    $fileObj->setVar('description', isset($_POST['description']) ? $_POST['description'] : '');
    $fileObj->setVar('status', isset($_POST['file_status']) ? (int)$_POST['file_status'] : 1);
    $fileObj->setVar('uid', $uid);
    $fileObj->setVar('id', $itemObj->getVar('id'));
    $allowed_mimetypes = '';
    $errors            = '';
    // Get available mimetypes for file uploading
    /*    $hMime = xoops_getModuleHandler('mimetype');
        if ($smartPartnerIsAdmin) {
            $crit = new Criteria('mime_admin', 1);
        } else {
            $crit = new Criteria('mime_user', 1);
        }
        $mimetypes = $hMime->getObjects($crit);
        // TODO: display the available mimetypes to the user
        */
    if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
        if (!$ret = $fileObj->checkUpload('userfile', $allowed_mimetypes, $errors)) {
            $errorstxt = implode('<br>', $errors);

            $message = sprintf(_SMARTPARTNER_MESSAGE_FILE_ERROR, $errorstxt);
            if ($withRedirect) {
                redirect_header('file.php?op=mod&id=' . $id, 5, $message);
            } else {
                return $message;
            }
        }
    }

    // Storing the file
    if (!$fileObj->store($allowed_mimetypes)) {
        if ($withRedirect) {
            redirect_header('file.php?op=mod&id=' . $fileObj->id(), 3, _AM_SPARTNER_FILEUPLOAD_ERROR . smartpartner_formatErrors($fileObj->getErrors()));
            exit;
        } else {
            return _AM_SPARTNER_FILEUPLOAD_ERROR . smartpartner_formatErrors($fileObj->getErrors());
        }
    }
    if ($withRedirect) {
        $redirect_page = $another ? 'file.php' : 'partner.php';
        redirect_header($redirect_page . '?op=mod&id=' . $fileObj->id(), 2, _AM_SPARTNER_FILEUPLOAD_SUCCESS);
    } else {
        return true;
    }
}

/**
 * @param $dirname
 * @return bool
 */
function smartpartner_deleteFile($dirname)
{
    // Simple delete for a file
    if (is_file($dirname)) {
        return unlink($dirname);
    }
}

function smartpartner_create_upload_folders()
{
    $handler = xoops_getModuleHandler('offer', 'smartpartner');
    smart_admin_mkdir($handler->getImagePath());

    smart_admin_mkdir(XOOPS_ROOT_PATH . '/uploads/smartpartner/images/category');
}


Issues (733)

Security Analysis not enabled

include/functions.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2
3		/**
4		*
5		* Module: SmartPartner
6		* Author: The SmartFactory <www.smartfactory.ca>
7		* Licence: GNU
8		*/
9		// defined('XOOPS_ROOT_PATH') \|\| exit('XOOPS root path not defined');
10
11		function smartpartner_xoops_cp_header()
12		{
13		xoops_cp_header();
14
15		?>
16		<script type='text/javascript' src='funcs.js'></script>
17		<script type='text/javascript' src='cookies.js'></script>
18		<?php
19
20		}
21
22		/**
23		* Detemines if a table exists in the current db
24		*
25		* @param string $table the table name (without XOOPS prefix)
26		* @return bool True if table exists, false if not
27		*
28		* @access public
29		* @author xhelp development team
30		*/
31	View Code Duplication	function smartpartner_TableExists($table)
32		{
33		$bRetVal = false;
34		//Verifies that a MySQL table exists
35		$xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
36		$realname = $xoopsDB->prefix($table);
37		$sql = 'SHOW TABLES FROM ' . XOOPS_DB_NAME;
38		$ret = $xoopsDB->queryF($sql);
39		while (list($m_table) = $xoopsDB->fetchRow($ret)) {
40		if ($m_table == $realname) {
41		$bRetVal = true;
42		break;
43		}
44		}
45		$xoopsDB->freeRecordSet($ret);
46
47		return $bRetVal;
48		}
49
50		/**
51		* Gets a value from a key in the xhelp_meta table
52		*
53		* @param string $key
54		* @return string $value
55		*
56		* @access public
57		* @author xhelp development team
58		*/
59		function smartpartner_GetMeta($key)
60		{
61		$xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
62		$sql = sprintf('SELECT metavalue FROM %s WHERE metakey=%s', $xoopsDB->prefix('smartpartner_meta'), $xoopsDB->quoteString($key));
63		$ret = $xoopsDB->query($sql);
64		if (!$ret) {
65		$value = false;
66		} else {
67		list($value) = $xoopsDB->fetchRow($ret);
68		}
69
70		return $value;
71		}
72
73		/**
74		* Sets a value for a key in the xhelp_meta table
75		*
76		* @param string $key
77		* @param string $value
78		* @return bool TRUE if success, FALSE if failure
79		*
80		* @access public
81		* @author xhelp development team
82		*/
83		function smartpartner_SetMeta($key, $value)
84		{
85		$xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
86		if ($ret = smartpartner_GetMeta($key)) {
87		$sql = sprintf('UPDATE %s SET metavalue = %s WHERE metakey = %s', $xoopsDB->prefix('smartpartner_meta'), $xoopsDB->quoteString($value), $xoopsDB->quoteString($key));
88		} else {
89		$sql = sprintf('INSERT INTO %s (metakey, metavalue) VALUES (%s, %s)', $xoopsDB->prefix('smartpartner_meta'), $xoopsDB->quoteString($key), $xoopsDB->quoteString($value));
90		}
91		$ret = $xoopsDB->queryF($sql);
92		if (!$ret) {
93		return false;
94		}
95
96		return true;
97		}
98
99		/**
100		* @param $matches
101		* @return string
102		*/
103		function smartpartner_highlighter($matches)
104		{
105		//$color=getmoduleoption('highlightcolor');
106		$smartConfig = smartpartner_getModuleConfig();
107		$color = $smartConfig['highlight_color'];
108		if (0 !== strpos($color, '#')) {
109		$color = '#' . $color;
110		}
111
112		return '<span style="font-weight: bolder; background-color: ' . $color . ';">' . $matches[0] . '</span>';
113		}
114
115		/**
116		* @return array
117		*/
118		function smartpartner_getAllowedImagesTypes()
119		{
120		return array('jpg/jpeg', 'image/bmp', 'image/gif', 'image/jpeg', 'image/jpg', 'image/x-png', 'image/png', 'image/pjpeg');
121		}
122
123		/**
124		* Copy a file, or a folder and its contents
125		*
126		* @author Aidan Lister <[email protected]>
127		* @param string $source The source
128		* @param string $dest The destination
129		* @return bool Returns true on success, false on failure
130		* @throws
131		*/
132		function smartpartner_copyr($source, $dest)
133		{
134		// Simple copy for a file
135		if (is_file($source)) {
136		return copy($source, $dest);
137		}
138
139		// Make destination directory
140	View Code Duplication	if (!is_dir($dest)) {
141		// mkdir($dest);
142		if (!@mkdir($dest) && !is_dir($dest)) {
143		throw Exception("Couldn't create this directory: " . $dest);
144		}
145		}
146
147		// Loop through the folder
148		$dir = dir($source);
149		while (false !== $entry = $dir->read()) {
150		// Skip pointers
151		if ($entry === '.' \|\| $entry === '..') {
152		continue;
153		}
154
155		// Deep copy directories
156		if (is_dir("$source/$entry") && ($dest !== "$source/$entry")) {
157		copyr("$source/$entry", "$dest/$entry");
158		} else {
159		copy("$source/$entry", "$dest/$entry");
160		}
161		}
162
163		// Clean up
164		$dir->close();
165
166		return true;
167		}
168
169		/**
170		* @return string
171		*/
172		function smartpartner_getHelpPath()
173		{
174		$smartConfig = smartpartner_getModuleConfig();
175		switch ($smartConfig['helppath_select']) {
176		case 'docs.xoops.org':
177		return 'http://docs.xoops.org/help/spartnerh/index.htm';
178		break;
179
180		case 'inside':
181		return SMARTPARTNER_URL . 'doc/';
182		break;
183
184		case 'custom':
185		return $smartConfig['helppath_custom'];
186		break;
187		}
188		}
189
190		/**
191		* @return mixed\|null
192		*/
193		function smartpartner_getModuleInfo()
194		{
195		static $smartModule;
196		if (!isset($smartModule)) {
197		global $xoopsModule;
198		if (isset($xoopsModule) && is_object($xoopsModule) && $xoopsModule->getVar('dirname') == SMARTPARTNER_DIRNAME) {
199		$smartModule = $xoopsModule;
200		} else {
201		$hModule = xoops_getHandler('module');
202		$smartModule = $hModule->getByDirname(SMARTPARTNER_DIRNAME);
203		}
204		}
205
206		return $smartModule;
207		}
208
209		/**
210		* @return mixed
211		*/
212		function smartpartner_getModuleConfig()
213		{
214		static $smartConfig;
215		if (!$smartConfig) {
216		global $xoopsModule;
217		if (isset($xoopsModule) && is_object($xoopsModule) && $xoopsModule->getVar('dirname') == SMARTPARTNER_DIRNAME) {
218		global $xoopsModuleConfig;
219		$smartConfig = $xoopsModuleConfig;
220		} else {
221		$smartModule =& smartpartner_getModuleInfo();
222		$hModConfig = xoops_getHandler('config');
223		$smartConfig = $hModConfig->getConfigsByCat(0, $smartModule->getVar('mid'));
224		}
225		}
226
227		return $smartConfig;
228		}
229
230		/**
231		* @param $src
232		* @param $maxWidth
233		* @param $maxHeight
234		* @return array
235		*/
236		function smartpartner_imageResize($src, $maxWidth, $maxHeight)
237		{
238		$width = '';
239		$height = '';
240		$type = '';
241		$attr = '';
242
243		if (file_exists($src)) {
244		list($width, $height, $type, $attr) = getimagesize($src);
245		if ($width > $maxWidth) {
246		$originalWidth = $width;
247		$width = $maxWidth;
248		$height = $width * $height / $originalWidth;
249		}
250
251		if ($height > $maxHeight) {
252		$originalHeight = $height;
253		$height = $maxHeight;
254		$width = $height * $width / $originalHeight;
255		}
256
257		$attr = " width='$width' height='$height'";
258		}
259
260		return array($width, $height, $type, $attr);
261		}
262
263		/**
264		* @param $name
265		* @param bool $optional
266		* @return bool
267		*/
268		function smartpartner_gethandler($name, $optional = false)
269		{
270		static $handlers;
271		$name = strtolower(trim($name));
272		if (!isset($handlers[$name])) {
273		if (file_exists($hnd_file = SMARTPARTNER_ROOT_PATH . 'class/' . $name . '.php')) {
274		require_once $hnd_file;
275		}
276		$class = 'Smartpartner' . ucfirst($name) . 'Handler';
277		if (class_exists($class)) {
278		$handlers[$name] = new $class($GLOBALS['xoopsDB']);
279		}
280		}
281		if (!isset($handlers[$name]) && !$optional) {
282		trigger_error('Class <b>' . $class . '</b> does not exist<br>Handler Name: ' . $name . ' \| Module path: ' . SMARTPARTNER_ROOT_PATH, E_USER_ERROR);
		0 ignored issues – show Bug introduced 2016-05-31 10:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$class` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
283		}
284		$ret = isset($handlers[$name]) ? $handlers[$name] : false;
285
286		return $ret;
287		}
288
289		/**
290		* Checks if a user is admin of SmartPartner
291		*
292		* smartpartner_userIsAdmin()
293		*
294		* @return boolean: array with userids and uname
295		*/
296		function smartpartner_userIsAdmin()
297		{
298		global $xoopsUser;
299
300		$result = false;
301		$smartModule = smartpartner_getModuleInfo();
302		$module_id = $smartModule->getVar('mid');
303
304		if (!empty($xoopsUser)) {
305		$groups = $xoopsUser->getGroups();
306		$result = in_array(XOOPS_GROUP_ADMIN, $groups) \|\| $xoopsUser->isAdmin($module_id);
307		}
308
309		return $result;
310		}
311
312		/**
313		* @param string $tablename
314		* @param string $iconname
315		* @param string $tabletitle
316		* @param string $tabledsc
317		*/
318		function smartpartner_collapsableBar($tablename = '', $iconname = '', $tabletitle = '', $tabledsc = '')
319		{
320		global $xoopsModule;
321		echo "<h3 style=\"color: #2F5376; font-weight: bold; font-size: 14px; margin: 6px 0 0 0; \"><a href='javascript:;' onclick=\"toggle('" . $tablename . "'); toggleIcon('" . $iconname . "')\";>";
322		echo "<img id='$iconname' src=" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/assets/images/icon/close12.gif alt='' /></a> " . $tabletitle . '</h3>';
323		echo "<div id='$tablename'>";
324		if ($tabledsc != '') {
325		echo "<span style=\"color: #567; margin: 3px 0 12px 0; font-size: small; display: block; \">" . $tabledsc . '</span>';
326		}
327		}
328
329		/**
330		* @param $name
331		* @param $icon
332		*/
333		function smartpartner_openclose_collapsable($name, $icon)
334		{
335		$urls = smartpartner_getCurrentUrls();
336		$path = $urls['phpself'];
337
338		$cookie_name = $path . '_smartpartner_collaps_' . $name;
339		$cookie_name = str_replace('.', '_', $cookie_name);
340		$cookie = smartpartner_getCookieVar($cookie_name, '');
341
342		if ($cookie === 'none') {
343		echo '
344		<script type="text/javascript"><!--
345		toggle("' . $name . '"); toggleIcon("' . $icon . '");
346		//-->
347		</script>
348		';
349		}
350		}
351
352		/**
353		* @param $name
354		* @param $icon
355		*/
356		function smartpartner_close_collapsable($name, $icon)
357		{
358		echo '</div>';
359		smartpartner_openclose_collapsable($name, $icon);
360		}
361
362		/**
363		* @param $name
364		* @param $value
365		* @param int $time
366		*/
367		function smartpartner_setCookieVar($name, $value, $time = 0)
368		{
369		if ($time == 0) {
370		$time = time() + 3600 * 24 * 365;
371		//$time = '';
372		}
373		setcookie($name, $value, $time, '/');
374		}
375
376		/**
377		* @param $name
378		* @param string $default
379		* @return string
380		*/
381		function smartpartner_getCookieVar($name, $default = '')
382		{
383		if (isset($_COOKIE[$name]) && ($_COOKIE[$name] > '')) {
384		return $_COOKIE[$name];
385		} else {
386		return $default;
387		}
388		}
389
390		/**
391		* @return array
392		*/
393		function smartpartner_getCurrentUrls()
394		{
395		$http = (strpos(XOOPS_URL, 'https://') === false) ? 'http://' : 'https://';
396		$phpself = $_SERVER['PHP_SELF'];
397		$httphost = $_SERVER['HTTP_HOST'];
398		$querystring = $_SERVER['QUERY_STRING'];
399
400		if ($querystring != '') {
401		$querystring = '?' . $querystring;
402		}
403
404		$currenturl = $http . $httphost . $phpself . $querystring;
405
406		$urls = array();
407		$urls['http'] = $http;
408		$urls['httphost'] = $httphost;
409		$urls['phpself'] = $phpself;
410		$urls['querystring'] = $querystring;
411		$urls['full'] = $currenturl;
412
413		return $urls;
414		}
415
416		/**
417		* @return mixed
418		*/
419		function smartpartner_getCurrentPage()
420		{
421		$urls = smartpartner_getCurrentUrls();
422
423		return $urls['full'];
424		}
425
426		function smartpartner_modFooter()
427		{
428		global $xoopsUser, $xoopsDB, $xoopsConfig;
429
430		$hModule = xoops_getHandler('module');
431		$hModConfig = xoops_getHandler('config');
432
433		$smartModule = &$hModule->getByDirname('smartpartner');
434		$module_id = $smartModule->getVar('mid');
435
436		$module_name = $smartModule->getVar('dirname');
437		$smartConfig = &$hModConfig->getConfigsByCat(0, $smartModule->getVar('mid'));
438
439		$module_id = $smartModule->getVar('mid');
440
441		$versioninfo = &$hModule->get($smartModule->getVar('mid'));
442		$modfootertxt = 'Module ' . $versioninfo->getInfo('name') . ' - Version ' . $versioninfo->getInfo('version') . '';
443		if (!defined('_AM_SPARTNER_XOOPS_PRO')) {
444		define('_AM_SPARTNER_XOOPS_PRO', 'Do you need help with this module ?<br>Do you need new features not yet availale?');
445		}
446
447		echo "<div style='padding-top: 8px; padding-bottom: 10px; text-align: center;'><a href='"
448		. $versioninfo->getInfo('support_site_url')
449		. "' target='_blank'><img src='"
450		. XOOPS_URL
451		. "/modules/smartpartner/assets/images/spcssbutton.gif' title='"
452		. $modfootertxt
453		. "' alt='"
454		. $modfootertxt
455		. "'/></a></div>";
456		echo '<div style="border: 2px solid #C2CDD6;">';
457		echo '<div style="font-weight:bold; padding-top: 5px; text-align: center;">' . _AM_SPARTNER_XOOPS_PRO . '<br><a href="http://inboxinternational.com/modules/smartcontent/page.php?pageid=10"><img src="http://inboxinternational.com/images/INBOXsign150_noslogan.gif" alt="Need XOOPS Professional Services?" title="Need XOOPS Professional Services?"></a>
458		<a href="http://inboxinternational.com/modules/smartcontent/page.php?pageid=10"><img src="http://inboxinternational.com/images/xoops_services_pro_english.gif" alt="Need XOOPS Professional Services?" title="Need XOOPS Professional Services?"></a>
459		</div>';
460		echo '</div>';
461		}
462
463		/**
464		* Thanks to the NewBB2 Development Team
465		* @param $item
466		* @param bool $getStatus
467		* @return int\|string
468		*/
469		function smartpartner_admin_getPathStatus($item, $getStatus = false)
470		{
471		if ($item === 'root') {
472		$path = '';
473		} else {
474		$path = $item;
475		}
476
477		$thePath = smartpartner_getUploadDir(true, $path);
478
479		if (empty($thePath)) {
480		return false;
481		}
482		if (@is_writable($thePath)) {
483		$pathCheckResult = 1;
484		$path_status = _AM_SPARTNER_AVAILABLE;
485		} elseif (!@is_dir($thePath)) {
486		$pathCheckResult = -1;
487		$path_status = _AM_SPARTNER_NOTAVAILABLE . " <a href=index.php?op=createdir&path=$item>" . _AM_SPARTNER_CREATETHEDIR . '</a>';
488		} else {
489		$pathCheckResult = -2;
490		$path_status = _AM_SPARTNER_NOTWRITABLE . " <a href=index.php?op=setperm&path=$item>" . _AM_SCS_SETMPERM . '</a>';
491		}
492		if (!$getStatus) {
493		return $path_status;
494		} else {
495		return $pathCheckResult;
496		}
497		}
498
499		/**
500		* Thanks to the NewBB2 Development Team
501		* @param $target
502		* @return bool
503		*/
504		function smartpartner_admin_mkdir($target)
505		{
506		// http://www.php.net/manual/en/function.mkdir.php
507		// saint at corenova.com
508		// bart at cdasites dot com
509		if (is_dir($target) \|\| empty($target)) {
510		return true;
511		} // best case check first
512		if (file_exists($target) && !is_dir($target)) {
513		return false;
514		}
515		if (smartpartner_admin_mkdir(substr($target, 0, strrpos($target, '/')))) {
516		if (!file_exists($target)) {
517		return mkdir($target);
518		}
519		} // crawl back up & create dir tree
520
521		return true;
522		}
523
524		/**
525		* Thanks to the NewBB2 Development Team
526		* @param $target
527		* @param int $mode
528		* @return bool
529		*/
530		function smartpartner_admin_chmod($target, $mode = 0777)
531		{
532		return @chmod($target, $mode);
533		}
534
535		/**
536		* @param bool $local
537		* @param bool $item
538		* @return string
539		*/
540		function smartpartner_getUploadDir($local = true, $item = false)
541		{
542		if ($item) {
543		if ($item === 'root') {
544		$item = '';
545		} else {
546		$item .= '/';
547		}
548		} else {
549		$item = '';
550		}
551
552		if ($local) {
553		return XOOPS_ROOT_PATH . "/uploads/smartpartner/$item";
554		} else {
555		return XOOPS_URL . "/uploads/smartpartner/$item";
556		}
557		}
558
559		/**
560		* @param string $item
561		* @param bool $local
562		* @return string
563		*/
564		function smartpartner_getImageDir($item = '', $local = true)
565		{
566		if ($item) {
567		$item = "images/$item";
568		} else {
569		$item = 'images';
570		}
571
572		return smartpartner_getUploadDir($local, $item);
573		}
574
575		/**
576		* @param array $errors
577		* @return string
578		*/
579		function smartpartner_formatErrors($errors = array())
580		{
581		$ret = '';
582		foreach ($errors as $key => $value) {
583		$ret .= '<br> - ' . $value;
584		}
585
586		return $ret;
587		}
588
589		/**
590		* @param bool $another
591		* @param bool $withRedirect
592		* @param object $itemObj
593		* @return bool\|string
594		*/
595		function smartpartner_upload_file($another = false, $withRedirect = true, $itemObj)
596		{
597		include_once(SMARTPARTNER_ROOT_PATH . 'class/uploader.php');
598
599		global $smartPartnerIsAdmin, $xoopsModuleConfig, $smartPartnerPartnerHandler, $smartPartnerFileHandler, $xoopsUser;
600
601		$id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
602		$uid = is_object($xoopsUser) ? $xoopsUser->uid() : 0;
603		$session = SmartpartnerSession::getInstance();
604		$session->set('smartpartner_file_filename', isset($_POST['name']) ? $_POST['name'] : '');
605		$session->set('smartpartner_file_description', isset($_POST['description']) ? $_POST['description'] : '');
606		$session->set('smartpartner_file_status', $_POST['file_status']);
607		$session->set('smartpartner_file_uid', $uid);
608		$session->set('smartpartner_file_id', $id);
609
610		if (!is_object($itemObj)) {
611		$itemObj = $smartPartnerPartnerHandler->get($id);
612		}
613
614		$max_size = $xoopsModuleConfig['maximum_filesize'];
615
616		$fileObj = $smartPartnerFileHandler->create();
617		$fileObj->setVar('name', isset($_POST['name']) ? $_POST['name'] : '');
618		$fileObj->setVar('description', isset($_POST['description']) ? $_POST['description'] : '');
619		$fileObj->setVar('status', isset($_POST['file_status']) ? (int)$_POST['file_status'] : 1);
620		$fileObj->setVar('uid', $uid);
621		$fileObj->setVar('id', $itemObj->getVar('id'));
622		$allowed_mimetypes = '';
623		$errors = '';
624		// Get available mimetypes for file uploading
625		/* $hMime = xoops_getModuleHandler('mimetype');
626		if ($smartPartnerIsAdmin) {
627		$crit = new Criteria('mime_admin', 1);
628		} else {
629		$crit = new Criteria('mime_user', 1);
630		}
631		$mimetypes = $hMime->getObjects($crit);
632		// TODO: display the available mimetypes to the user
633		*/
634		if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
635		if (!$ret = $fileObj->checkUpload('userfile', $allowed_mimetypes, $errors)) {
636		$errorstxt = implode('<br>', $errors);
637
638		$message = sprintf(_SMARTPARTNER_MESSAGE_FILE_ERROR, $errorstxt);
639		if ($withRedirect) {
640		redirect_header('file.php?op=mod&id=' . $id, 5, $message);
641		} else {
642		return $message;
643		}
644		}
645		}
646
647		// Storing the file
648		if (!$fileObj->store($allowed_mimetypes)) {
649		if ($withRedirect) {
650		redirect_header('file.php?op=mod&id=' . $fileObj->id(), 3, _AM_SPARTNER_FILEUPLOAD_ERROR . smartpartner_formatErrors($fileObj->getErrors()));
651		exit;
652		} else {
653		return _AM_SPARTNER_FILEUPLOAD_ERROR . smartpartner_formatErrors($fileObj->getErrors());
654		}
655		}
656		if ($withRedirect) {
657		$redirect_page = $another ? 'file.php' : 'partner.php';
658		redirect_header($redirect_page . '?op=mod&id=' . $fileObj->id(), 2, _AM_SPARTNER_FILEUPLOAD_SUCCESS);
659		} else {
660		return true;
661		}
662		}
663
664		/**
665		* @param $dirname
666		* @return bool
667		*/
668		function smartpartner_deleteFile($dirname)
669		{
670		// Simple delete for a file
671		if (is_file($dirname)) {
672		return unlink($dirname);
673		}
674		}
675
676		function smartpartner_create_upload_folders()
677		{
678		$handler = xoops_getModuleHandler('offer', 'smartpartner');
679		smart_admin_mkdir($handler->getImagePath());
680
681		smart_admin_mkdir(XOOPS_ROOT_PATH . '/uploads/smartpartner/images/category');
682		}
683

XoopsModules25x / smartpartner

Issues (733)

Security Analysis not enabled

include/functions.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like