Issues in IshotHandler.php (master) - Issues in master - XoopsModules25x/suico - Measure and Improve Code Quality continuously with Scrutinizer

Issues (432)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/IshotHandler.php (1 issue)

Severity

<?php declare(strict_types=1);

namespace XoopsModules\Suico;

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

use CriteriaElement;
use XoopsDatabase;
use XoopsObject;
use XoopsPersistableObjectHandler;

/**
 * @category        Module
 * @copyright       {@link https://xoops.org/ XOOPS Project}
 * @license         GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @author          Marcello Brandão aka  Suico, Mamba, LioMJ  <https://xoops.org>
 */
require_once XOOPS_ROOT_PATH . '/kernel/object.php';

/**
 * suico_ishothandler class.
 * This class provides simple mechanism for Ishot object
 */
class IshotHandler extends XoopsPersistableObjectHandler
{
    public Helper $helper;
    public        $isAdmin;

    /**
     * Constructor
     * @param \XoopsDatabase|null             $xoopsDatabase
     * @param \XoopsModules\Suico\Helper|null $helper
     */
    public function __construct(
        ?XoopsDatabase $xoopsDatabase = null,
        $helper = null
    ) {
        /** @var \XoopsModules\Suico\Helper $this- >helper */
        if (null === $helper) {
            $this->helper = Helper::getInstance();
        } else {
            $this->helper = $helper;
        }
        $this->isAdmin = $this->helper->isUserAdmin();
        //        parent::__construct($db, 'suico_groups', Image::class, 'group_id', 'group_title');
    }

    /**
     * create a new Groups
     *
     * @param bool $isNew flag the new objects as "new"?
     * @return \XoopsObject Groups
     */
    public function create(
        $isNew = true
    ) {
        $obj = parent::create($isNew);
        if ($isNew) {
            $obj->setNew();
        } else {
            $obj->unsetNew();
        }
        $obj->helper = $this->helper;

        return $obj;
    }

    /**
     * retrieve a Ishot
     *
     * @param int|null $id of the Ishot
     * @param null     $fields
     * @return false|\XoopsModules\Suico\Ishot reference to the {@link Ishot} object, FALSE if failed
     */
    public function get2(
        $id = null,
        $fields = null
    ) {
        $sql = 'SELECT * FROM ' . $this->db->prefix('suico_ishot') . ' WHERE cod_ishot=' . $id;
        if (!$result = $this->db->query($sql)) {
            return false;
        }
        $numrows = $this->db->getRowsNum($result);
        if (1 === $numrows) {
            $suico_ishot = new Ishot();
            $suico_ishot->assignVars($this->db->fetchArray($result));

            return $suico_ishot;
        }

        return false;
    }

    /**
     * insert a new Ishot in the database
     *
     * @param \XoopsObject $object  reference to the {@link Ishot}
     *                                   object
     * @param bool         $force
     * @return bool FALSE if failed, TRUE if already present and unchanged or successful
     */
    public function insert2(
        XoopsObject $object,
        $force = false
    ) {
        global $xoopsConfig;
        if (!$object instanceof Ishot) {
            return false;
        }
        if (!$object->isDirty()) {
            return true;
        }
        if (!$object->cleanVars()) {
            return false;
        }
        $ishot     = '';
        $uid_voted = '';
        $uid_voter = '';
        $cod_ishot = '';
        foreach ($object->cleanVars as $k => $v) {
            ${$k} = $v;
        }
        //        $now = 'date_add(now(), interval ' . $xoopsConfig['server_TZ'] . ' hour)';
        if ($object->isNew()) {
            // ajout/modification d'un Ishot
            $object = new Ishot();
            $format      = 'INSERT INTO %s (cod_ishot, uid_voter, uid_voted, ishot, DATE)';
            $format      .= 'VALUES (%u, %u, %u, %u, %s)';
            $sql         = \sprintf(
                $format,
                $this->db->prefix('suico_ishot'),
                $cod_ishot,
                $uid_voter,
                $uid_voted,
                $ishot,
                $this->db->quoteString($date)
            );
            $force       = true;
        } else {
            $format = 'UPDATE %s SET ';
            $format .= 'cod_ishot=%u, uid_voter=%u, uid_voted=%u, ishot=%u, date_created=%s';
            $format .= ' WHERE cod_ishot = %u';
            $sql    = \sprintf(
                $format,
                $this->db->prefix('suico_ishot'),
                $cod_ishot,
                $uid_voter,
                $uid_voted,
                $ishot,
                $this->db->quoteString($date),
                $cod_ishot
            );
        }
        if ($force) {
            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }
        if (!$result) {
            return false;
        }
        if (empty($cod_ishot)) {

            $cod_ishot = $this->db->getInsertId();
        }
        $object->assignVar('cod_ishot', $cod_ishot);

        return true;
    }

    /**
     * delete a Ishot from the database
     *
     * @param \XoopsObject $object reference to the Ishot to delete
     * @param bool         $force
     * @return bool FALSE if failed.
     */
    public function delete(
        XoopsObject $object,
        $force = false
    ) {
        if (!$object instanceof Ishot) {
            return false;
        }
        $sql = \sprintf(
            'DELETE FROM %s WHERE cod_ishot = %u',
            $this->db->prefix('suico_ishot'),
            (int)$object->getVar('cod_ishot')
        );
        if ($force) {
            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }
        if (!$result) {
            return false;
        }

        return true;
    }

    /**
     * retrieve suico_ishots from the database
     *
     * @param \CriteriaElement|\CriteriaCompo|null $criteria {@link \CriteriaElement} conditions to be met
     * @param bool                                 $id_as_key       use the UID as key for the array?
     * @param bool                                 $as_object
     * @return array array of {@link Ishot} objects
     */
    public function &getObjects(
        ?CriteriaElement $criteria = null,
        $id_as_key = false,
        $as_object = true
    ) {
        $ret   = [];
        $start = 0;
        $limit = 0;
        $sql   = 'SELECT * FROM ' . $this->db->prefix('suico_ishot');
        if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
            $sql .= ' ' . $criteria->renderWhere();
            if ('' !== $criteria->getSort()) {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit = $criteria->getLimit();
            $start = $criteria->getStart();
        }
        $result = $this->db->query($sql, $limit, $start);
        if (!$result) {
            return $ret;
        }
        while (false !== ($myrow = $this->db->fetchArray($result))) {
            $suico_ishot = new Ishot();
            $suico_ishot->assignVars($myrow);
            if ($id_as_key) {
                $ret[$myrow['cod_ishot']] = &$suico_ishot;
            } else {
                $ret[] = &$suico_ishot;
            }
            unset($suico_ishot);
        }

        return $ret;
    }

    /**
     * count suico_ishots matching a condition
     *
     * @param \CriteriaElement|\CriteriaCompo|null $criteria {@link CriteriaElement} to match
     * @return int count of suico_ishots
     */
    public function getCount(
        ?CriteriaElement $criteria = null
    ) {
        $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('suico_ishot');
        if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        [$count] = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * delete suico_ishots matching a set of conditions
     *
     * @param \CriteriaElement|\CriteriaCompo|null $criteria {@link CriteriaElement}
     * @param bool                                 $force
     * @param bool                                 $asObject
     * @return bool FALSE if deletion failed
     */
    public function deleteAll(
        ?CriteriaElement $criteria = null,
        $force = true,
        $asObject = false
    ) {
        $sql = 'DELETE FROM ' . $this->db->prefix('suico_ishot');
        if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        if (!$result = $this->db->query($sql)) {
            return false;
        }

        return true;
    }

    /**
     * @param null $criteria
     * @return array
     */
    public function getHottest($criteria = null)
    {
        $sql = 'SELECT DISTINCTROW uname, user_avatar, uid_voted, COUNT(cod_ishot) AS qtd FROM ' . $this->db->prefix(
                'suico_ishot'
            ) . ', ' . $this->db->prefix(
                'users'
            );
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        //attention here this is kind of a hack
        $sql .= ' AND uid = uid_voted';
        if ('' !== $criteria->getGroupby()) {
            $sql .= $criteria->getGroupby();
        }
        if ('' !== $criteria->getSort()) {
            $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
        }
        $limit  = $criteria->getLimit();
        $start  = $criteria->getStart();
        $result = $this->db->query($sql, $limit, $start);
        $vetor  = [];
        $i      = 0;
        while (false !== ($myrow = $this->db->fetchArray($result))) {
            $vetor[$i]['qtd']         = $myrow['qtd'];
            $vetor[$i]['uid_voted']   = $myrow['uid_voted'];
            $vetor[$i]['uname']       = $myrow['uname'];
            $vetor[$i]['user_avatar'] = $myrow['user_avatar'];
            $i++;
        }

        return $vetor;
    }

    /**
     * @param null $criteria
     * @param bool $id_as_key
     * @return array
     */
    public function getHotFriends(
        $criteria = null,
        $id_as_key = false
    ) {
        $ret   = [];
        $start = 0;
        $limit = 0;
        $sql   = 'SELECT uname, user_avatar, uid_voted FROM ' . $this->db->prefix(
                'suico_ishot'
            ) . ', ' . $this->db->prefix(
                'users'
            );
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
            //attention here this is kind of a hack
            $sql .= ' AND uid = uid_voted AND ishot=1';
            if ('' !== $criteria->getSort()) {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit  = $criteria->getLimit();
            $start  = $criteria->getStart();
            $result = $this->db->query($sql, $limit, $start);
            $vetor  = [];
            $i      = 0;
            while (false !== ($myrow = $this->db->fetchArray($result))) {
                $vetor[$i]['uid_voted']   = $myrow['uid_voted'];
                $vetor[$i]['uname']       = $myrow['uname'];
                $vetor[$i]['user_avatar'] = $myrow['user_avatar'];
                $i++;
            }

            return $vetor;
        }
    }
}


1			<?php declare(strict_types=1);
2
3			namespace XoopsModules\Suico;
4
5			/*
6			You may not change or alter any portion of this comment or credits
7			of supporting developers from this source code or any supporting source code
8			which is considered copyrighted (c) material of the original comment or credit authors.
9
10			This program is distributed in the hope that it will be useful,
11			but WITHOUT ANY WARRANTY; without even the implied warranty of
12			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			use CriteriaElement;
16			use XoopsDatabase;
17			use XoopsObject;
18			use XoopsPersistableObjectHandler;
19
20			/**
21			* @category Module
22			* @copyright {@link https://xoops.org/ XOOPS Project}
23			* @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
24			* @author Marcello Brandão aka Suico, Mamba, LioMJ <https://xoops.org>
25			*/
26			require_once XOOPS_ROOT_PATH . '/kernel/object.php';
27
28			/**
29			* suico_ishothandler class.
30			* This class provides simple mechanism for Ishot object
31			*/
32			class IshotHandler extends XoopsPersistableObjectHandler
33			{
34			public Helper $helper;
35			public $isAdmin;
36
37			/**
38			* Constructor
39			* @param \XoopsDatabase\|null $xoopsDatabase
40			* @param \XoopsModules\Suico\Helper\|null $helper
41			*/
42			public function __construct(
43			?XoopsDatabase $xoopsDatabase = null,
44			$helper = null
45			) {
46			/** @var \XoopsModules\Suico\Helper $this- >helper */
47			if (null === $helper) {
48			$this->helper = Helper::getInstance();
49			} else {
50			$this->helper = $helper;
51			}
52			$this->isAdmin = $this->helper->isUserAdmin();
53			// parent::__construct($db, 'suico_groups', Image::class, 'group_id', 'group_title');
54			}
55
56			/**
57			* create a new Groups
58			*
59			* @param bool $isNew flag the new objects as "new"?
60			* @return \XoopsObject Groups
61			*/
62			public function create(
63			$isNew = true
64			) {
65			$obj = parent::create($isNew);
66			if ($isNew) {
67			$obj->setNew();
68			} else {
69			$obj->unsetNew();
70			}
71			$obj->helper = $this->helper;
72
73			return $obj;
74			}
75
76			/**
77			* retrieve a Ishot
78			*
79			* @param int\|null $id of the Ishot
80			* @param null $fields
81			* @return false\|\XoopsModules\Suico\Ishot reference to the {@link Ishot} object, FALSE if failed
82			*/
83			public function get2(
84			$id = null,
85			$fields = null
86			) {
87			$sql = 'SELECT * FROM ' . $this->db->prefix('suico_ishot') . ' WHERE cod_ishot=' . $id;
88			if (!$result = $this->db->query($sql)) {
89			return false;
90			}
91			$numrows = $this->db->getRowsNum($result);
92			if (1 === $numrows) {
93			$suico_ishot = new Ishot();
94			$suico_ishot->assignVars($this->db->fetchArray($result));
95
96			return $suico_ishot;
97			}
98
99			return false;
100			}
101
102			/**
103			* insert a new Ishot in the database
104			*
105			* @param \XoopsObject $object reference to the {@link Ishot}
106			* object
107			* @param bool $force
108			* @return bool FALSE if failed, TRUE if already present and unchanged or successful
109			*/
110			public function insert2(
111			XoopsObject $object,
112			$force = false
113			) {
114			global $xoopsConfig;
115			if (!$object instanceof Ishot) {
116			return false;
117			}
118			if (!$object->isDirty()) {
119			return true;
120			}
121			if (!$object->cleanVars()) {
122			return false;
123			}
124			$ishot = '';
125			$uid_voted = '';
126			$uid_voter = '';
127			$cod_ishot = '';
128			foreach ($object->cleanVars as $k => $v) {
129			${$k} = $v;
130			}
131			// $now = 'date_add(now(), interval ' . $xoopsConfig['server_TZ'] . ' hour)';
132			if ($object->isNew()) {
133			// ajout/modification d'un Ishot
134			$object = new Ishot();
135			$format = 'INSERT INTO %s (cod_ishot, uid_voter, uid_voted, ishot, DATE)';
136			$format .= 'VALUES (%u, %u, %u, %u, %s)';
137			$sql = \sprintf(
138			$format,
139			$this->db->prefix('suico_ishot'),
140			$cod_ishot,
141			$uid_voter,
142			$uid_voted,
143			$ishot,
144			$this->db->quoteString($date)
145			);
146			$force = true;
147			} else {
148			$format = 'UPDATE %s SET ';
149			$format .= 'cod_ishot=%u, uid_voter=%u, uid_voted=%u, ishot=%u, date_created=%s';
150			$format .= ' WHERE cod_ishot = %u';
151			$sql = \sprintf(
152			$format,
153			$this->db->prefix('suico_ishot'),
154			$cod_ishot,
155			$uid_voter,
156			$uid_voted,
157			$ishot,
158			$this->db->quoteString($date),
159			$cod_ishot
160			);
161			}
162			if ($force) {
163			$result = $this->db->queryF($sql);
164			} else {
165			$result = $this->db->query($sql);
166			}
167			if (!$result) {
168			return false;
169			}
170			if (empty($cod_ishot)) {
			0 ignored issues – show introduced 2020-04-26 15:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `empty($cod_ishot)` is always `true`. Loading history...
171			$cod_ishot = $this->db->getInsertId();
172			}
173			$object->assignVar('cod_ishot', $cod_ishot);
174
175			return true;
176			}
177
178			/**
179			* delete a Ishot from the database
180			*
181			* @param \XoopsObject $object reference to the Ishot to delete
182			* @param bool $force
183			* @return bool FALSE if failed.
184			*/
185			public function delete(
186			XoopsObject $object,
187			$force = false
188			) {
189			if (!$object instanceof Ishot) {
190			return false;
191			}
192			$sql = \sprintf(
193			'DELETE FROM %s WHERE cod_ishot = %u',
194			$this->db->prefix('suico_ishot'),
195			(int)$object->getVar('cod_ishot')
196			);
197			if ($force) {
198			$result = $this->db->queryF($sql);
199			} else {
200			$result = $this->db->query($sql);
201			}
202			if (!$result) {
203			return false;
204			}
205
206			return true;
207			}
208
209			/**
210			* retrieve suico_ishots from the database
211			*
212			* @param \CriteriaElement\|\CriteriaCompo\|null $criteria {@link \CriteriaElement} conditions to be met
213			* @param bool $id_as_key use the UID as key for the array?
214			* @param bool $as_object
215			* @return array array of {@link Ishot} objects
216			*/
217			public function &getObjects(
218			?CriteriaElement $criteria = null,
219			$id_as_key = false,
220			$as_object = true
221			) {
222			$ret = [];
223			$start = 0;
224			$limit = 0;
225			$sql = 'SELECT * FROM ' . $this->db->prefix('suico_ishot');
226			if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
227			$sql .= ' ' . $criteria->renderWhere();
228			if ('' !== $criteria->getSort()) {
229			$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
230			}
231			$limit = $criteria->getLimit();
232			$start = $criteria->getStart();
233			}
234			$result = $this->db->query($sql, $limit, $start);
235			if (!$result) {
236			return $ret;
237			}
238			while (false !== ($myrow = $this->db->fetchArray($result))) {
239			$suico_ishot = new Ishot();
240			$suico_ishot->assignVars($myrow);
241			if ($id_as_key) {
242			$ret[$myrow['cod_ishot']] = &$suico_ishot;
243			} else {
244			$ret[] = &$suico_ishot;
245			}
246			unset($suico_ishot);
247			}
248
249			return $ret;
250			}
251
252			/**
253			* count suico_ishots matching a condition
254			*
255			* @param \CriteriaElement\|\CriteriaCompo\|null $criteria {@link CriteriaElement} to match
256			* @return int count of suico_ishots
257			*/
258			public function getCount(
259			?CriteriaElement $criteria = null
260			) {
261			$sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('suico_ishot');
262			if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
263			$sql .= ' ' . $criteria->renderWhere();
264			}
265			$result = $this->db->query($sql);
266			if (!$result) {
267			return 0;
268			}
269			[$count] = $this->db->fetchRow($result);
270
271			return $count;
272			}
273
274			/**
275			* delete suico_ishots matching a set of conditions
276			*
277			* @param \CriteriaElement\|\CriteriaCompo\|null $criteria {@link CriteriaElement}
278			* @param bool $force
279			* @param bool $asObject
280			* @return bool FALSE if deletion failed
281			*/
282			public function deleteAll(
283			?CriteriaElement $criteria = null,
284			$force = true,
285			$asObject = false
286			) {
287			$sql = 'DELETE FROM ' . $this->db->prefix('suico_ishot');
288			if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
289			$sql .= ' ' . $criteria->renderWhere();
290			}
291			if (!$result = $this->db->query($sql)) {
292			return false;
293			}
294
295			return true;
296			}
297
298			/**
299			* @param null $criteria
300			* @return array
301			*/
302			public function getHottest($criteria = null)
303			{
304			$sql = 'SELECT DISTINCTROW uname, user_avatar, uid_voted, COUNT(cod_ishot) AS qtd FROM ' . $this->db->prefix(
305			'suico_ishot'
306			) . ', ' . $this->db->prefix(
307			'users'
308			);
309			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
310			$sql .= ' ' . $criteria->renderWhere();
311			}
312			//attention here this is kind of a hack
313			$sql .= ' AND uid = uid_voted';
314			if ('' !== $criteria->getGroupby()) {
315			$sql .= $criteria->getGroupby();
316			}
317			if ('' !== $criteria->getSort()) {
318			$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
319			}
320			$limit = $criteria->getLimit();
321			$start = $criteria->getStart();
322			$result = $this->db->query($sql, $limit, $start);
323			$vetor = [];
324			$i = 0;
325			while (false !== ($myrow = $this->db->fetchArray($result))) {
326			$vetor[$i]['qtd'] = $myrow['qtd'];
327			$vetor[$i]['uid_voted'] = $myrow['uid_voted'];
328			$vetor[$i]['uname'] = $myrow['uname'];
329			$vetor[$i]['user_avatar'] = $myrow['user_avatar'];
330			$i++;
331			}
332
333			return $vetor;
334			}
335
336			/**
337			* @param null $criteria
338			* @param bool $id_as_key
339			* @return array
340			*/
341			public function getHotFriends(
342			$criteria = null,
343			$id_as_key = false
344			) {
345			$ret = [];
346			$start = 0;
347			$limit = 0;
348			$sql = 'SELECT uname, user_avatar, uid_voted FROM ' . $this->db->prefix(
349			'suico_ishot'
350			) . ', ' . $this->db->prefix(
351			'users'
352			);
353			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
354			$sql .= ' ' . $criteria->renderWhere();
355			//attention here this is kind of a hack
356			$sql .= ' AND uid = uid_voted AND ishot=1';
357			if ('' !== $criteria->getSort()) {
358			$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
359			}
360			$limit = $criteria->getLimit();
361			$start = $criteria->getStart();
362			$result = $this->db->query($sql, $limit, $start);
363			$vetor = [];
364			$i = 0;
365			while (false !== ($myrow = $this->db->fetchArray($result))) {
366			$vetor[$i]['uid_voted'] = $myrow['uid_voted'];
367			$vetor[$i]['uname'] = $myrow['uname'];
368			$vetor[$i]['user_avatar'] = $myrow['user_avatar'];
369			$i++;
370			}
371
372			return $vetor;
373			}
374			}
375			}
376

XoopsModules25x / suico

Issues (432)

Security Analysis not enabled

class/IshotHandler.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like