View GitHub Repository songlist

Schedule Inspection
Subscribe
Passed
Push — master ( 84c1d9...4b5f27 )
by Michael
15:53 queued 12:17
created

htdocs/modules/songlist/admin/albums.php (1 issue)

← previous file next file →
Showing only issues like (Show All)

errors are not suppressed.

Best Practice Security Major
Introduced By
1 
<?php
2
3 
	include('header.php');
4
5 
	xoops_loadLanguage('admin', 'songlist');
6
7 
	xoops_cp_header();
8
9 
	$op = isset($_REQUEST['op'])?$_REQUEST['op']:"albums";
10 
	$fct = isset($_REQUEST['fct'])?$_REQUEST['fct']:"list";
11 
	$limit = !empty($_REQUEST['limit'])?intval($_REQUEST['limit']):30;
12 
	$start = !empty($_REQUEST['start'])?intval($_REQUEST['start']):0;
13 
	$order = !empty($_REQUEST['order'])?$_REQUEST['order']:'DESC';
14 
	$sort = !empty($_REQUEST['sort'])?''.$_REQUEST['sort'].'':'created';
15 
	$filter = !empty($_REQUEST['filter'])?''.$_REQUEST['filter'].'':'1,1';
16
17 
	switch($op) {
18 
	default:
19 
	case "albums":
20 
		switch ($fct)
21 
		{
22 
			default:
23 
			case "list":
24 
				$indexAdmin = new ModuleAdmin();
25 
				echo $indexAdmin->addNavigation(basename(__FILE__));
26
27 
				$albums_handler =& xoops_getmodulehandler('albums', 'songlist');
28
29 
				$criteria = $albums_handler->getFilterCriteria($GLOBALS['filter']);
30 
				$ttl = $albums_handler->getCount($criteria);
31 
				$GLOBALS['sort'] = !empty($_REQUEST['sort'])?''.$_REQUEST['sort'].'':'created';
32
33 
				$pagenav = new XoopsPageNav($ttl, $GLOBALS['limit'], $GLOBALS['start'], 'start', 'limit='.$GLOBALS['limit'].'&sort='.$GLOBALS['sort'].'&order='.$GLOBALS['order'].'&op='.$GLOBALS['op'].'&fct='.$GLOBALS['fct'].'&filter='.$GLOBALS['filter']);
34 
				$GLOBALS['xoopsTpl']->assign('pagenav', $pagenav->renderNav());
35
36 
				foreach ($albums_handler->filterFields() as $id => $key) {
37 
					$GLOBALS['xoopsTpl']->assign(strtolower(str_replace('-','_',$key).'_th'), '<a href="'.$_SERVER['PHP_SELF'].'?start='.$GLOBALS['start'].'&limit='.$GLOBALS['limit'].'&sort='.$key.'&order='.(($key==$GLOBALS['sort'])?($GLOBALS['order']=='DESC'?'ASC':'DESC'):$GLOBALS['order']).'&op='.$GLOBALS['op'].'&filter='.$GLOBALS['filter'].'">'.(defined('_AM_SONGLIST_TH_'.strtoupper(str_replace('-','_',$key)))?constant('_AM_SONGLIST_TH_'.strtoupper(str_replace('-','_',$key))):'_AM_SONGLIST_TH_'.strtoupper(str_replace('-','_',$key))).'</a>');
38 
					$GLOBALS['xoopsTpl']->assign('filter_'.strtolower(str_replace('-','_',$key)).'_th', $albums_handler->getFilterForm($GLOBALS['filter'], $key, $GLOBALS['sort'], $GLOBALS['op'], $GLOBALS['fct']));
39 
				}
40
41 
				$GLOBALS['xoopsTpl']->assign('limit', $GLOBALS['limit']);
42 
				$GLOBALS['xoopsTpl']->assign('start', $GLOBALS['start']);
43 
				$GLOBALS['xoopsTpl']->assign('order', $GLOBALS['order']);
44 
				$GLOBALS['xoopsTpl']->assign('sort', $GLOBALS['sort']);
45 
				$GLOBALS['xoopsTpl']->assign('filter', $GLOBALS['filter']);
46 
				$GLOBALS['xoopsTpl']->assign('xoConfig', $GLOBALS['songlistModuleConfig']);
47
48 
				$criteria->setStart($GLOBALS['start']);
49 
				$criteria->setLimit($GLOBALS['limit']);
50 
				$criteria->setSort('`'.$GLOBALS['sort'].'`');
51 
				$criteria->setOrder($GLOBALS['order']);
52
53 
				$albumss = $albums_handler->getObjects($criteria, true);
54 
				foreach($albumss as $cid => $albums) {
55 
					if (is_object($albums))
56 
						$GLOBALS['xoopsTpl']->append('albums', $albums->toArray());
57 
				}
58 
				$GLOBALS['xoopsTpl']->assign('form', songlist_albums_get_form(false));
59 
				$GLOBALS['xoopsTpl']->assign('php_self', $_SERVER['PHP_SELF']);
60 
				$GLOBALS['xoopsTpl']->display('db:songlist_cpanel_albums_list.html');
61 
				break;
62
63 
			case "new":
64 
			case "edit":
65
66 
				$indexAdmin = new ModuleAdmin();
67 
				echo $indexAdmin->addNavigation(basename(__FILE__));
68
69 
				$albums_handler =& xoops_getmodulehandler('albums', 'songlist');
70 
				if (isset($_REQUEST['id'])) {
71 
					$albums = $albums_handler->get(intval($_REQUEST['id']));
72 
				} else {
73 
					$albums = $albums_handler->create();
74 
				}
75
76 
				$GLOBALS['xoopsTpl']->assign('form', $albums->getForm());
77 
				$GLOBALS['xoopsTpl']->assign('php_self', $_SERVER['PHP_SELF']);
78 
				$GLOBALS['xoopsTpl']->display('db:songlist_cpanel_albums_edit.html');
79 
				break;
80 
			case "save":
81
82 
				$albums_handler =& xoops_getmodulehandler('albums', 'songlist');
83 
				$id=0;
84 
				if ($id=intval($_REQUEST['id'])) {
85 
					$albums = $albums_handler->get($id);
86 
				} else {
87 
					$albums = $albums_handler->create();
88 
				}
89 
				$albums->setVars($_POST[$id]);
90
91 
				if (!$id=$albums_handler->insert($albums)) {
92 
					redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=list&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_FAILEDTOSAVE);
93 
					exit(0);
94 
				} else {
95
96 
					if (isset($_FILES['image'])&&!empty($_FILES['image']['title'])) {
97
98 
						if (!is_dir($GLOBALS['xoops']->path($GLOBALS['songlistModuleConfig']['upload_areas']))) {
99 
							foreach(explode('\\', $GLOBALS['xoops']->path($GLOBALS['songlistModuleConfig']['upload_areas'])) as $folders)
100 
								foreach(explode('/', $folders) as $folder) {
101 
									$path .= DS . $folder;
102 
									mkdir($path, 0777);
103 
								}
104 
						}
105
106 
						include_once($GLOBALS['xoops']->path('modules/songlist/include/uploader.php'));
107 
						$albums = $albums_handler->get($id);
108 
						$uploader = new SonglistMediaUploader($GLOBALS['xoops']->path($GLOBALS['songlistModuleConfig']['upload_areas']), explode('|', $GLOBALS['songlistModuleConfig']['allowed_mimetype']), $GLOBALS['songlistModuleConfig']['filesize_upload'], 0, 0, explode('|', $GLOBALS['songlistModuleConfig']['allowed_extensions']));
109 
						$uploader->setPrefix(substr(md5(microtime(true)), mt_rand(0,20), 13));
110
111 
						if ($uploader->fetchMedia('image')) {
112 
						  	if (!$uploader->upload()) {
113
114 
						    	songlist_adminMenu(1);
115 
						    	echo $uploader->getErrors();
116 
								songlist_footer_adminMenu();
117 
								xoops_cp_footer();
118 
								exit(0);
119 
					  	    } else {
120
121 
						      	if (strlen($albums->getVar('image')))
122 
						      		unlink($GLOBALS['xoops']->path($albums->getVar('path')).$albums->getVar('image'));
123
124 
						      	$albums->setVar('path', $GLOBALS['songlistModuleConfig']['upload_areas']);
125 
						      	$albums->setVar('image', $uploader->getSavedFileName());
126 
						      	@$albums_handler->insert($albums);
0 ignored issues
show
Security Best Practice introduced by
It seems like you do not handle an error condition for insert(). This can introduce security issues, and is generally not recommended. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unhandled  annotation

126 
						      	/** @scrutinizer ignore-unhandled */ @$albums_handler->insert($albums);

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
127
128 
						    }
129 
					  	} else {
130
131 
					  		songlist_adminMenu(1);
132 
					       	echo $uploader->getErrors();
133 
							songlist_footer_adminMenu();
134 
							xoops_cp_footer();
135 
							exit(0);
136 
					   	}
137 
					}
138
139 
					if ($_REQUEST['state'][$_REQUEST['id']]=='new')
140 
						redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=edit&id='.$_REQUEST['id'] . '&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_SAVEDOKEY);
141 
					else
142 
						redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=list&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_SAVEDOKEY);
143 
					exit(0);
144 
				}
145 
				break;
146 
			case "savelist":
147
148 
				$albums_handler =& xoops_getmodulehandler('albums', 'songlist');
149 
				foreach($_REQUEST['id'] as $id) {
150 
					$albums = $albums_handler->get($id);
151 
					$albums->setVars($_POST[$id]);
152 
					if (!$albums_handler->insert($albums)) {
153 
						redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=list&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_FAILEDTOSAVE);
154 
						exit(0);
155 
					}
156 
				}
157 
				redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=list&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_SAVEDOKEY);
158 
				exit(0);
159 
				break;
160 
			case "delete":
161
162 
				$albums_handler =& xoops_getmodulehandler('albums', 'songlist');
163 
				$id=0;
164 
				if (isset($_POST['id'])&&$id=intval($_POST['id'])) {
165 
					$albums = $albums_handler->get($id);
166 
					if (!$albums_handler->delete($albums)) {
167 
						redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=list&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_FAILEDTODELETE);
168 
						exit(0);
169 
					} else {
170 
						redirect_header($_SERVER['PHP_SELF'].'?op='.$GLOBALS['op'].'&fct=list&limit='.$GLOBALS['limit'].'&start='.$GLOBALS['start'].'&order='.$GLOBALS['order'].'&sort='.$GLOBALS['sort'].'&filter='.$GLOBALS['filter'], 10, _AM_SONGLIST_MSG_ALBUMS_DELETED);
171 
						exit(0);
172 
					}
173 
				} else {
174 
					$albums = $albums_handler->get(intval($_REQUEST['id']));
175 
					xoops_confirm(array('id'=>$_REQUEST['id'], 'op'=>$_REQUEST['op'], 'fct'=>$_REQUEST['fct'], 'limit'=>$_REQUEST['limit'], 'start'=>$_REQUEST['start'], 'order'=>$_REQUEST['order'], 'sort'=>$_REQUEST['sort'], 'filter'=>$_REQUEST['filter']), $_SERVER['PHP_SELF'], sprintf(_AM_SONGLIST_MSG_ALBUMS_DELETE, $albums->getVar('title')));
176 
				}
177 
				break;
178 
		}
179 
		break;
180
181 
	}
182
183 
	xoops_cp_footer();
184 
?>