Issues in viewcat.php (master) - Issues in master - XoopsModules25x/wfdownloads - Measure and Improve Code Quality continuously with Scrutinizer

Issues (411)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

viewcat.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php
/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * Wfdownloads module
 *
 * @copyright       XOOPS Project (https://xoops.org)
 * @license         GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @package         wfdownload
 * @since           3.23
 * @author          Xoops Development Team
 */

use Xmf\Request;
use XoopsModules\Wfdownloads\{Common,
    Common\LetterChoice,
    DownloadHandler,
    Helper,
    Utility,
    ObjectTree
};

/** @var Helper $helper */
/** @var Utility $utility */

$currentFile = basename(__FILE__);
require_once __DIR__ . '/header.php';

/** @var \XoopsGroupPermHandler $grouppermHandler */
$grouppermHandler = xoops_getHandler('groupperm');

$cid   = Request::getInt('cid', 0);
$start = Request::getInt('start', 0);
//$list = Request::getString('letter', '', 'GET');
$list = Request::getString('list', '');
//$orderby = Request::getString('orderby', null);
$orderby = isset($_GET['orderby']) ? Utility::convertorderbyin($_GET['orderby']) : $helper->getConfig('filexorder');

$groups = is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [0 => XOOPS_GROUP_ANONYMOUS];

// Check permissions
if (in_array(XOOPS_GROUP_ANONYMOUS, $groups)) {
    if (!$grouppermHandler->checkRight('WFDownCatPerm', $cid, $groups, $helper->getModule()->mid())) {
        redirect_header(XOOPS_URL . '/user.php', 3, _MD_WFDOWNLOADS_NEEDLOGINVIEW);
    }
} else {
    if (!$grouppermHandler->checkRight('WFDownCatPerm', $cid, $groups, $helper->getModule()->mid())) {
        redirect_header('index.php', 3, _NOPERM);
    }
}

// Check if submission is allowed
$isSubmissionAllowed = false;
if (is_object($GLOBALS['xoopsUser'])
    && (_WFDOWNLOADS_SUBMISSIONS_DOWNLOAD == $helper->getConfig('submissions')
        || _WFDOWNLOADS_SUBMISSIONS_BOTH == $helper->getConfig('submissions'))) {
    // if user is a registered user
    $groups = $GLOBALS['xoopsUser']->getGroups();
    if (count(array_intersect($helper->getConfig('submitarts'), $groups)) > 0) {
        $isSubmissionAllowed = true;
    }
} else {
    // if user is anonymous
    if (_WFDOWNLOADS_ANONPOST_DOWNLOAD == $helper->getConfig('anonpost')
        || _WFDOWNLOADS_ANONPOST_BOTH == $helper->getConfig('anonpost')) {
        $isSubmissionAllowed = true;
    }
}

// Get category object
$categoryObj = $helper->getHandler('Category')->get($cid);
if (null === $categoryObj) {
    redirect_header('index.php', 3, _CO_WFDOWNLOADS_ERROR_NOCATEGORY);
}

// Get download/upload permissions
$allowedDownCategoriesIds = $grouppermHandler->getItemIds('WFDownCatPerm', $groups, $helper->getModule()->mid());
$allowedUpCategoriesIds   = $grouppermHandler->getItemIds('WFUpCatPerm', $groups, $helper->getModule()->mid());

//$GLOBALS['xoopsOption']['template_main'] = "{$helper->getModule()->dirname()}_viewcat.tpl";
$GLOBALS['xoopsOption']['template_main'] = $helper->getDirname() . '_display_' . $helper->getConfig('idxcat_items_display_type') . '.tpl';
require_once XOOPS_ROOT_PATH . '/header.php';

$xoTheme->addScript(XOOPS_URL . '/browse.php?Frameworks/jquery/jquery.js');
$xoTheme->addScript(WFDOWNLOADS_URL . '/assets/js/magnific/jquery.magnific-popup.min.js');

$xoTheme->addStylesheet(WFDOWNLOADS_URL . '/assets/js/magnific/magnific-popup.css');
$xoTheme->addStylesheet(WFDOWNLOADS_URL . '/assets/css/module.css');

$xoopsTpl->assign('wfdownloads_url', WFDOWNLOADS_URL . '/');

$xoopsTpl->assign('cid', $cid); // this definition is not removed for backward compatibility issues
$xoopsTpl->assign('category_id', $cid); // this definition is not removed for backward compatibility issues
$xoopsTpl->assign('category_cid', $cid);

// Retreiving the top parent category
if (empty($list) && !isset($_GET['selectdate'])) {
    $categoriesTopParentByCid = $helper->getHandler('Category')->getAllSubcatsTopParentCid();
    $topCategoryObj           = $helper->getHandler('Category')->get(@$categoriesTopParentByCid[$cid]);

    $xoopsTpl->assign('topcategory_title', $topCategoryObj->getVar('title'));
    $xoopsTpl->assign('topcategory_image', $topCategoryObj->getVar('imgurl')); // this definition is not removed for backward compatibility issues
    $xoopsTpl->assign('topcategory_image_URL', $topCategoryObj->getVar('imgurl'));
    $xoopsTpl->assign('topcategory_cid', $topCategoryObj->getVar('cid'));
}

// Formulize module support (2006/05/04) jpc - start
if (Utility::checkModule('formulize')) {
    $formulize_fid = $categoryObj->getVar('formulize_fid');
    if ($formulize_fid) {
        $xoopsTpl->assign('custom_form', true);
    } else {
        $xoopsTpl->assign('custom_form', false);
    }
}
// Formulize module support (2006/05/04) jpc - end

// Generate Header

$showAlphabet = $helper->getConfig('showAlphabet');

if ($showAlphabet) {
    $helper->loadLanguage('common');
    $xoopsTpl->assign('letterChoiceTitle', constant('CO_' . $moduleDirNameUpper . '_' . 'BROWSETOTOPIC'));

    // ------------------- Letter Choice Start ---------------------------------------

    $catArray['imageheader'] = Utility::headerImage();
    //$catArray['letters']     = Utility::lettersChoice();
    $db                  = XoopsDatabaseFactory::getDatabaseConnection();
    $objHandler          = new DownloadHandler($db);
    $choicebyletter      = new LetterChoice($objHandler, null, null, range('a', 'z'), 'letter');
    $catarray['letters'] = $choicebyletter->render();
    $xoopsTpl->assign('catarray', $catarray);

    //$catArray['toolbar'] = Utility::toolbar();
    //$xoopsTpl->assign('catarray', $catArray);

    // ------------------- Letter Choice End ------------------------------------
}

$xoopsTpl->assign('categoryPath', $helper->getHandler('Category')->getNicePath($cid)); // this definition is not removed for backward compatibility issues
$xoopsTpl->assign('module_home', Utility::moduleHome(true)); // this definition is not removed for backward compatibility issues

// Get categories tree
$criteria = new CriteriaCompo();
$criteria->setSort('weight ASC, title');
$categoryObjs = $helper->getHandler('Category')->getObjects($criteria, true);
require_once XOOPS_ROOT_PATH . '/class/tree.php';
$categoryObjsTree = new ObjectTree($categoryObjs, 'cid', 'pid');

// Breadcrumb
$breadcrumb = new Common\Breadcrumb();
$breadcrumb->addLink($helper->getModule()->getVar('name'), WFDOWNLOADS_URL);
foreach (array_reverse($categoryObjsTree->getAllParent($cid)) as $parentCategoryObj) {
    $breadcrumb->addLink($parentCategoryObj->getVar('title'), 'viewcat.php?cid=' . $parentCategoryObj->getVar('cid'));
}
if ('' != $categoryObj->getVar('title')) {
    $breadcrumb->addLink($categoryObj->getVar('title'), '');
}
if (!empty($list)) {
    $breadcrumb->addLink($list, '');
}
$xoopsTpl->assign('wfdownloads_breadcrumb', $breadcrumb->render());

// Display Subcategories for selected Category
$allSubCategoryObjs = $categoryObjsTree->getFirstChild($cid);

if (is_array($allSubCategoryObjs) > 0 && !$list && !isset($_GET['selectdate'])) {
    $listings = Utility::getTotalDownloads($allowedDownCategoriesIds);
    $scount   = 1;
    foreach ($allSubCategoryObjs as $subCategoryObj) {
        $download_count = 0;
        // Check if subcategory is allowed
        if (!in_array($subCategoryObj->getVar('cid'), $allowedDownCategoriesIds)) {
            continue;
        }

        $infercategories    = [];
        $catdowncount       = $listings['count'][$subCategoryObj->getVar('cid')] ?? 0;
        $subsubCategoryObjs = $categoryObjsTree->getAllChild($subCategoryObj->getVar('cid'));

        // ----- added for subcat images -----
        if (('' !== $subCategoryObj->getVar('imgurl')) && is_file(XOOPS_ROOT_PATH . '/' . $helper->getConfig('catimage') . '/' . $subCategoryObj->getVar('imgurl'))) {
            if ($helper->getConfig('usethumbs') && function_exists('gd_info')) {
                $imageURL = Utility::createThumb(
                    $subCategoryObj->getVar('imgurl'),
                    $helper->getConfig('catimage'),
                    'thumbs',
                    $helper->getConfig('cat_imgwidth'),
                    $helper->getConfig('cat_imgheight'),
                    $helper->getConfig('imagequality'),
                    $helper->getConfig('updatethumbs'),
                    $helper->getConfig('keepaspect')
                );
            } else {
                $imageURL = XOOPS_URL . '/' . $helper->getConfig('catimage') . '/' . $subCategoryObj->getVar('imgurl');
            }
        } else {
            $imageURL = ''; //XOOPS_URL . '/' . $helper->getConfig('catimage') . '/blank.png';
        }
        // ----- end subcat images -----

        if (count($subsubCategoryObjs) > 0) {
            foreach ($subsubCategoryObjs as $subsubCategoryObj) {
                if (in_array($subsubCategoryObj->getVar('cid'), $allowedDownCategoriesIds)) {
                    $download_count    += $listings['count'][$subsubCategoryObj->getVar('cid')] ?? 0;
                    $infercategories[] = [
                        'cid'             => $subsubCategoryObj->getVar('cid'),
                        'id'              => $subsubCategoryObj->getVar('cid'), // this definition is not removed for backward compatibility issues
                        'title'           => $subsubCategoryObj->getVar('title'),
                        'image'           => $imageURL,
                        'image_URL'       => $imageURL,
                        'count'           => $download_count, // this definition is not removed for backward compatibility issues
                        'downloads_count' => $download_count,
                    ];
                }
            }
        } else {
            $download_count  = 0;
            $infercategories = [];
        }
        $catdowncount   += $download_count;
        $download_count = 0;

        $xoopsTpl->append(
            'subcategories',
            [
                'title'               => $subCategoryObj->getVar('title'),
                'image'               => $imageURL, // this definition is not removed for backward compatibility issues
                'image_URL'           => $imageURL,
                'id'                  => $subCategoryObj->getVar('cid'), // this definition is not removed for backward compatibility issues
                'cid'                 => $subCategoryObj->getVar('cid'),
                'allowed_download'    => in_array($subCategoryObj->getVar('cid'), $allowedDownCategoriesIds),
                'allowed_upload'      => $isSubmissionAllowed && in_array($subCategoryObj->getVar('cid'), $allowedUpCategoriesIds),
                'summary'             => $subCategoryObj->getVar('summary'),
                'infercategories'     => $infercategories,
                'subcategories'       => $infercategories,
                'totallinks'          => $catdowncount, // this definition is not removed for backward compatibility issues
                'downloads_count'     => $catdowncount,
                'count'               => $scount, // this definition is not removed for backward compatibility issues
                'subcategories_count' => $catdowncount,
            ]
        );
        ++$scount;
    }
}
if (isset($cid) && $cid > 0 && isset($categoryObjs[$cid])) {
    $xoopsTpl->assign('category_title', $categoryObjs[$cid]->getVar('title'));
    $xoopsTpl->assign('description', $categoryObjs[$cid]->getVar('description'));
    $xoopsTpl->assign('category_description', $categoryObjs[$cid]->getVar('description'));
    $xoopsTpl->assign('category_allowed_download', $isSubmissionAllowed && in_array($cid, $allowedDownCategoriesIds));
    $xoopsTpl->assign('category_allowed_upload', in_array($cid, $allowedUpCategoriesIds));

    // Making the category image and title available in the template
    if (('' !== $categoryObjs[$cid]->getVar('imgurl')) && is_file(XOOPS_ROOT_PATH . '/' . $helper->getConfig('catimage') . '/' . $categoryObjs[$cid]->getVar('imgurl'))) {
        if ($helper->getConfig('usethumbs') && function_exists('gd_info')) {
            $imageURL = Utility::createThumb(
                $categoryObjs[$cid]->getVar('imgurl'),
                $helper->getConfig('catimage'),
                'thumbs',
                $helper->getConfig('cat_imgwidth'),
                $helper->getConfig('cat_imgheight'),
                $helper->getConfig('imagequality'),
                $helper->getConfig('updatethumbs'),
                $helper->getConfig('keepaspect')
            );
        } else {
            $imageURL = XOOPS_URL . '/' . $helper->getConfig('catimage') . '/' . $categoryObjs[$cid]->getVar('imgurl');
        }
    } else {
        $imageURL = '';
    }

    if ($helper->getConfig('shortTitles')) {
        $xoopsTpl->assign('xoops_pagetitle', $categoryObjs[$cid]->getVar('title'));
    } else {
        $xoopsTpl->assign('xoops_pagetitle', $categoryObjs[$cid]->getVar('title') . ' | ' . $helper->getModule()->name());
    }
    $xoopsTpl->assign('category_image', $imageURL); // this definition is not removed for backward compatibility issues
    $xoopsTpl->assign('category_image_URL', $imageURL);
}

// Extract Download information from database
$xoopsTpl->assign('show_category_title', false);

if (Request::hasVar('selectdate', 'GET')) {
    $criteria->add(new Criteria('', 'TO_DAYS(FROM_UNIXTIME(' . Request::getInt('selectdate', 0, 'GET') . '))', '=', '', 'TO_DAYS(FROM_UNIXTIME(published))'));
    $xoopsTpl->assign('show_categort_title', true);
} elseif (!empty($list)) {
    $criteria->setSort("{$orderby}, title");
    $criteria->add(new Criteria('title', $myts->addSlashes($list) . '%', 'LIKE'));
    $xoopsTpl->assign('categoryPath', sprintf(_MD_WFDOWNLOADS_DOWNLOADS_LIST, htmlspecialchars($list, ENT_QUOTES | ENT_HTML5)));
    $xoopsTpl->assign('show_categort_title', true);
} else {
    $criteria->setSort("{$orderby}, title");
    $criteria->add(new Criteria('cid', $cid));
}

$downloads_count = $helper->getHandler('Download')->getActiveCount($criteria);
$criteria->setLimit($helper->getConfig('perpage'));
$criteria->setStart($start);
$downloadObjs = $helper->getHandler('Download')->getActiveDownloads($criteria);

// Show Downloads by file
if ($downloads_count > 0) {
    foreach ($downloadObjs as $downloadObj) {
        $downloadInfo = $downloadObj->getDownloadInfo();
        $xoopsTpl->assign('lang_dltimes', sprintf(_MD_WFDOWNLOADS_DLTIMES, $downloadInfo['hits']));
        $xoopsTpl->assign('lang_subdate', $downloadInfo['is_updated']);
        $xoopsTpl->append('file', $downloadInfo); // this definition is not removed for backward compatibility issues
        $xoopsTpl->append('downloads', $downloadInfo);
    }

    // Show order box
    $xoopsTpl->assign('show_links', false);
    if ($downloads_count > 1 && 0 != $cid) {
        $xoopsTpl->assign('show_links', true);
        $orderbyTrans = Utility::convertOrderByTrans($orderby);
        $xoopsTpl->assign('orderby', Utility::convertorderbyout($orderby));
        $xoopsTpl->assign('lang_cursortedby', sprintf(_MD_WFDOWNLOADS_CURSORTBY, Utility::convertOrderByTrans($orderby)));
        $orderby = Utility::convertorderbyout($orderby);
    }
    // Screenshots display
    $xoopsTpl->assign('show_screenshot', false);
    if (1 == $helper->getConfig('screenshot')) {
        $xoopsTpl->assign('shots_dir', $helper->getConfig('screenshots'));
        $xoopsTpl->assign('shotwidth', $helper->getConfig('shotwidth'));
        $xoopsTpl->assign('shotheight', $helper->getConfig('shotheight'));
        $xoopsTpl->assign('viewcat', true);
        $xoopsTpl->assign('show_screenshot', true);
    }

    // Nav page render
    require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
    if (Request::hasVar('selectdate', 'GET')) {
        $pagenav = new XoopsPageNav($downloads_count, $helper->getConfig('perpage'), $start, 'start', 'list=' . urlencode($_GET['selectdate']));
    } elseif (!empty($list)) {
        $pagenav = new XoopsPageNav($downloads_count, $helper->getConfig('perpage'), $start, 'start', 'list=' . urlencode($list));
    } else {
        $pagenav = new XoopsPageNav($downloads_count, $helper->getConfig('perpage'), $start, 'start', 'cid=' . $cid);
    }
    $page_nav = $pagenav->renderNav();
    $xoopsTpl->assign('page_nav', isset($page_nav) && !empty($page_nav)); // this definition is not removed for backward compatibility issues
    $xoopsTpl->assign('pagenav', $pagenav->renderNav());
}

$xoopsTpl->assign('use_mirrors', $helper->getConfig('enable_mirrors'));
$xoopsTpl->assign('use_ratings', $helper->getConfig('enable_ratings'));
$xoopsTpl->assign('use_reviews', $helper->getConfig('enable_reviews'));
$xoopsTpl->assign('use_rss', $helper->getConfig('enablerss'));

if ((true == $helper->getConfig('enablerss')) && $downloads_count > 0) {
    $rsslink_URL = WFDOWNLOADS_URL . "/rss.php?cid={$cid}";
    $xoopsTpl->assign('category_rssfeed_URL', $rsslink_URL);
    $rsslink = "<a href='"
               . $rsslink_URL
               . "' title='"
               . _MD_WFDOWNLOADS_LEGENDTEXTCATRSS
               . "'><img src='"
               . XOOPS_URL
               . '/modules/'
               . $helper->getModule()->getVar('dirname')
               . "/assets/images/icon/rss.gif' border='0' alt='"
               . _MD_WFDOWNLOADS_LEGENDTEXTCATRSS
               . "' title='"
               . _MD_WFDOWNLOADS_LEGENDTEXTCATRSS
               . "'></a>";
    $xoopsTpl->assign('cat_rssfeed_link', $rsslink); // this definition is not removed for backward compatibility issues
}

require_once __DIR__ . '/footer.php';

?>
<script type="text/javascript">

    $('.magnific_zoom').magnificPopup({
        type: 'image',
        image: {
            cursor: 'mfp-zoom-out-cur',
            titleSrc: "title",
            verticalFit: true,
            tError: 'The image could not be loaded.' // Error message
        },
        iframe: {
            patterns: {
                youtube: {
                    index: 'youtube.com/',
                    id: 'v=',
                    src: '//www.youtube.com/embed/%id%?autoplay=1'
                }, vimeo: {
                    index: 'vimeo.com/',
                    id: '/',
                    src: '//player.vimeo.com/video/%id%?autoplay=1'
                }, gmaps: {
                    index: '//maps.google.',
                    src: '%id%&output=embed'
                }
            }
        },
        preloader: true,
        showCloseBtn: true,
        closeBtnInside: false,
        closeOnContentClick: true,
        closeOnBgClick: true,
        enableEscapeKey: true,
        modal: false,
        alignTop: false,
        mainClass: 'mfp-img-mobile mfp-fade',
        zoom: {
            enabled: true,
            duration: 300,
            easing: 'ease-in-out'
        },
        removalDelay: 200
    });
</script>


1			<?php
2			/*
3			You may not change or alter any portion of this comment or credits
4			of supporting developers from this source code or any supporting source code
5			which is considered copyrighted (c) material of the original comment or credit authors.
6
7			This program is distributed in the hope that it will be useful,
8			but WITHOUT ANY WARRANTY; without even the implied warranty of
9			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* Wfdownloads module
14			*
15			* @copyright XOOPS Project (https://xoops.org)
16			* @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
17			* @package wfdownload
18			* @since 3.23
19			* @author Xoops Development Team
20			*/
21
22			use Xmf\Request;
23			use XoopsModules\Wfdownloads\{Common,
24			Common\LetterChoice,
25			DownloadHandler,
26			Helper,
27			Utility,
28			ObjectTree
29			};
30
31			/** @var Helper $helper */
32			/** @var Utility $utility */
33
34			$currentFile = basename(__FILE__);
35			require_once __DIR__ . '/header.php';
36
37			/** @var \XoopsGroupPermHandler $grouppermHandler */
38			$grouppermHandler = xoops_getHandler('groupperm');
39
40			$cid = Request::getInt('cid', 0);
41			$start = Request::getInt('start', 0);
42			//$list = Request::getString('letter', '', 'GET');
43			$list = Request::getString('list', '');
44			//$orderby = Request::getString('orderby', null);
45			$orderby = isset($_GET['orderby']) ? Utility::convertorderbyin($_GET['orderby']) : $helper->getConfig('filexorder');
46
47			$groups = is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [0 => XOOPS_GROUP_ANONYMOUS];
48
49			// Check permissions
50			if (in_array(XOOPS_GROUP_ANONYMOUS, $groups)) {
51			if (!$grouppermHandler->checkRight('WFDownCatPerm', $cid, $groups, $helper->getModule()->mid())) {
52			redirect_header(XOOPS_URL . '/user.php', 3, _MD_WFDOWNLOADS_NEEDLOGINVIEW);
53			}
54			} else {
55			if (!$grouppermHandler->checkRight('WFDownCatPerm', $cid, $groups, $helper->getModule()->mid())) {
56			redirect_header('index.php', 3, _NOPERM);
57			}
58			}
59
60			// Check if submission is allowed
61			$isSubmissionAllowed = false;
62			if (is_object($GLOBALS['xoopsUser'])
63			&& (_WFDOWNLOADS_SUBMISSIONS_DOWNLOAD == $helper->getConfig('submissions')
64			\|\| _WFDOWNLOADS_SUBMISSIONS_BOTH == $helper->getConfig('submissions'))) {
65			// if user is a registered user
66			$groups = $GLOBALS['xoopsUser']->getGroups();
67			if (count(array_intersect($helper->getConfig('submitarts'), $groups)) > 0) {
68			$isSubmissionAllowed = true;
69			}
70			} else {
71			// if user is anonymous
72			if (_WFDOWNLOADS_ANONPOST_DOWNLOAD == $helper->getConfig('anonpost')
73			\|\| _WFDOWNLOADS_ANONPOST_BOTH == $helper->getConfig('anonpost')) {
74			$isSubmissionAllowed = true;
75			}
76			}
77
78			// Get category object
79			$categoryObj = $helper->getHandler('Category')->get($cid);
80			if (null === $categoryObj) {
81			redirect_header('index.php', 3, _CO_WFDOWNLOADS_ERROR_NOCATEGORY);
82			}
83
84			// Get download/upload permissions
85			$allowedDownCategoriesIds = $grouppermHandler->getItemIds('WFDownCatPerm', $groups, $helper->getModule()->mid());
86			$allowedUpCategoriesIds = $grouppermHandler->getItemIds('WFUpCatPerm', $groups, $helper->getModule()->mid());
87
88			//$GLOBALS['xoopsOption']['template_main'] = "{$helper->getModule()->dirname()}_viewcat.tpl";
89			$GLOBALS['xoopsOption']['template_main'] = $helper->getDirname() . '_display_' . $helper->getConfig('idxcat_items_display_type') . '.tpl';
90			require_once XOOPS_ROOT_PATH . '/header.php';
91
92			$xoTheme->addScript(XOOPS_URL . '/browse.php?Frameworks/jquery/jquery.js');
93			$xoTheme->addScript(WFDOWNLOADS_URL . '/assets/js/magnific/jquery.magnific-popup.min.js');
			0 ignored issues – show Bug introduced 2020-12-05 12:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `WFDOWNLOADS_URL` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
94			$xoTheme->addStylesheet(WFDOWNLOADS_URL . '/assets/js/magnific/magnific-popup.css');
95			$xoTheme->addStylesheet(WFDOWNLOADS_URL . '/assets/css/module.css');
96
97			$xoopsTpl->assign('wfdownloads_url', WFDOWNLOADS_URL . '/');
98
99			$xoopsTpl->assign('cid', $cid); // this definition is not removed for backward compatibility issues
100			$xoopsTpl->assign('category_id', $cid); // this definition is not removed for backward compatibility issues
101			$xoopsTpl->assign('category_cid', $cid);
102
103			// Retreiving the top parent category
104			if (empty($list) && !isset($_GET['selectdate'])) {
105			$categoriesTopParentByCid = $helper->getHandler('Category')->getAllSubcatsTopParentCid();
106			$topCategoryObj = $helper->getHandler('Category')->get(@$categoriesTopParentByCid[$cid]);
107
108			$xoopsTpl->assign('topcategory_title', $topCategoryObj->getVar('title'));
109			$xoopsTpl->assign('topcategory_image', $topCategoryObj->getVar('imgurl')); // this definition is not removed for backward compatibility issues
110			$xoopsTpl->assign('topcategory_image_URL', $topCategoryObj->getVar('imgurl'));
111			$xoopsTpl->assign('topcategory_cid', $topCategoryObj->getVar('cid'));
112			}
113
114			// Formulize module support (2006/05/04) jpc - start
115			if (Utility::checkModule('formulize')) {
116			$formulize_fid = $categoryObj->getVar('formulize_fid');
117			if ($formulize_fid) {
118			$xoopsTpl->assign('custom_form', true);
119			} else {
120			$xoopsTpl->assign('custom_form', false);
121			}
122			}
123			// Formulize module support (2006/05/04) jpc - end
124
125			// Generate Header
126
127			$showAlphabet = $helper->getConfig('showAlphabet');
128
129			if ($showAlphabet) {
130			$helper->loadLanguage('common');
131			$xoopsTpl->assign('letterChoiceTitle', constant('CO_' . $moduleDirNameUpper . '_' . 'BROWSETOTOPIC'));
132
133			// ------------------- Letter Choice Start ---------------------------------------
134
135			$catArray['imageheader'] = Utility::headerImage();
136			//$catArray['letters'] = Utility::lettersChoice();
137			$db = XoopsDatabaseFactory::getDatabaseConnection();
138			$objHandler = new DownloadHandler($db);
139			$choicebyletter = new LetterChoice($objHandler, null, null, range('a', 'z'), 'letter');
140			$catarray['letters'] = $choicebyletter->render();
141			$xoopsTpl->assign('catarray', $catarray);
142
143			//$catArray['toolbar'] = Utility::toolbar();
144			//$xoopsTpl->assign('catarray', $catArray);
145
146			// ------------------- Letter Choice End ------------------------------------
147			}
148
149			$xoopsTpl->assign('categoryPath', $helper->getHandler('Category')->getNicePath($cid)); // this definition is not removed for backward compatibility issues
150			$xoopsTpl->assign('module_home', Utility::moduleHome(true)); // this definition is not removed for backward compatibility issues
151
152			// Get categories tree
153			$criteria = new CriteriaCompo();
154			$criteria->setSort('weight ASC, title');
155			$categoryObjs = $helper->getHandler('Category')->getObjects($criteria, true);
156			require_once XOOPS_ROOT_PATH . '/class/tree.php';
157			$categoryObjsTree = new ObjectTree($categoryObjs, 'cid', 'pid');
158
159			// Breadcrumb
160			$breadcrumb = new Common\Breadcrumb();
161			$breadcrumb->addLink($helper->getModule()->getVar('name'), WFDOWNLOADS_URL);
162			foreach (array_reverse($categoryObjsTree->getAllParent($cid)) as $parentCategoryObj) {
163			$breadcrumb->addLink($parentCategoryObj->getVar('title'), 'viewcat.php?cid=' . $parentCategoryObj->getVar('cid'));
164			}
165			if ('' != $categoryObj->getVar('title')) {
166			$breadcrumb->addLink($categoryObj->getVar('title'), '');
167			}
168			if (!empty($list)) {
169			$breadcrumb->addLink($list, '');
170			}
171			$xoopsTpl->assign('wfdownloads_breadcrumb', $breadcrumb->render());
172
173			// Display Subcategories for selected Category
174			$allSubCategoryObjs = $categoryObjsTree->getFirstChild($cid);
175
176			if (is_array($allSubCategoryObjs) > 0 && !$list && !isset($_GET['selectdate'])) {
177			$listings = Utility::getTotalDownloads($allowedDownCategoriesIds);
178			$scount = 1;
179			foreach ($allSubCategoryObjs as $subCategoryObj) {
180			$download_count = 0;
181			// Check if subcategory is allowed
182			if (!in_array($subCategoryObj->getVar('cid'), $allowedDownCategoriesIds)) {
183			continue;
184			}
185
186			$infercategories = [];
187			$catdowncount = $listings['count'][$subCategoryObj->getVar('cid')] ?? 0;
188			$subsubCategoryObjs = $categoryObjsTree->getAllChild($subCategoryObj->getVar('cid'));
189
190			// ----- added for subcat images -----
191			if (('' !== $subCategoryObj->getVar('imgurl')) && is_file(XOOPS_ROOT_PATH . '/' . $helper->getConfig('catimage') . '/' . $subCategoryObj->getVar('imgurl'))) {
192			if ($helper->getConfig('usethumbs') && function_exists('gd_info')) {
193			$imageURL = Utility::createThumb(
194			$subCategoryObj->getVar('imgurl'),
195			$helper->getConfig('catimage'),
196			'thumbs',
197			$helper->getConfig('cat_imgwidth'),
198			$helper->getConfig('cat_imgheight'),
199			$helper->getConfig('imagequality'),
200			$helper->getConfig('updatethumbs'),
201			$helper->getConfig('keepaspect')
202			);
203			} else {
204			$imageURL = XOOPS_URL . '/' . $helper->getConfig('catimage') . '/' . $subCategoryObj->getVar('imgurl');
205			}
206			} else {
207			$imageURL = ''; //XOOPS_URL . '/' . $helper->getConfig('catimage') . '/blank.png';
208			}
209			// ----- end subcat images -----
210
211			if (count($subsubCategoryObjs) > 0) {
212			foreach ($subsubCategoryObjs as $subsubCategoryObj) {
213			if (in_array($subsubCategoryObj->getVar('cid'), $allowedDownCategoriesIds)) {
214			$download_count += $listings['count'][$subsubCategoryObj->getVar('cid')] ?? 0;
215			$infercategories[] = [
216			'cid' => $subsubCategoryObj->getVar('cid'),
217			'id' => $subsubCategoryObj->getVar('cid'), // this definition is not removed for backward compatibility issues
218			'title' => $subsubCategoryObj->getVar('title'),
219			'image' => $imageURL,
220			'image_URL' => $imageURL,
221			'count' => $download_count, // this definition is not removed for backward compatibility issues
222			'downloads_count' => $download_count,
223			];
224			}
225			}
226			} else {
227			$download_count = 0;
228			$infercategories = [];
229			}
230			$catdowncount += $download_count;
231			$download_count = 0;
232
233			$xoopsTpl->append(
234			'subcategories',
235			[
236			'title' => $subCategoryObj->getVar('title'),
237			'image' => $imageURL, // this definition is not removed for backward compatibility issues
238			'image_URL' => $imageURL,
239			'id' => $subCategoryObj->getVar('cid'), // this definition is not removed for backward compatibility issues
240			'cid' => $subCategoryObj->getVar('cid'),
241			'allowed_download' => in_array($subCategoryObj->getVar('cid'), $allowedDownCategoriesIds),
242			'allowed_upload' => $isSubmissionAllowed && in_array($subCategoryObj->getVar('cid'), $allowedUpCategoriesIds),
243			'summary' => $subCategoryObj->getVar('summary'),
244			'infercategories' => $infercategories,
245			'subcategories' => $infercategories,
246			'totallinks' => $catdowncount, // this definition is not removed for backward compatibility issues
247			'downloads_count' => $catdowncount,
248			'count' => $scount, // this definition is not removed for backward compatibility issues
249			'subcategories_count' => $catdowncount,
250			]
251			);
252			++$scount;
253			}
254			}
255			if (isset($cid) && $cid > 0 && isset($categoryObjs[$cid])) {
256			$xoopsTpl->assign('category_title', $categoryObjs[$cid]->getVar('title'));
257			$xoopsTpl->assign('description', $categoryObjs[$cid]->getVar('description'));
258			$xoopsTpl->assign('category_description', $categoryObjs[$cid]->getVar('description'));
259			$xoopsTpl->assign('category_allowed_download', $isSubmissionAllowed && in_array($cid, $allowedDownCategoriesIds));
260			$xoopsTpl->assign('category_allowed_upload', in_array($cid, $allowedUpCategoriesIds));
261
262			// Making the category image and title available in the template
263			if (('' !== $categoryObjs[$cid]->getVar('imgurl')) && is_file(XOOPS_ROOT_PATH . '/' . $helper->getConfig('catimage') . '/' . $categoryObjs[$cid]->getVar('imgurl'))) {
264			if ($helper->getConfig('usethumbs') && function_exists('gd_info')) {
265			$imageURL = Utility::createThumb(
266			$categoryObjs[$cid]->getVar('imgurl'),
267			$helper->getConfig('catimage'),
268			'thumbs',
269			$helper->getConfig('cat_imgwidth'),
270			$helper->getConfig('cat_imgheight'),
271			$helper->getConfig('imagequality'),
272			$helper->getConfig('updatethumbs'),
273			$helper->getConfig('keepaspect')
274			);
275			} else {
276			$imageURL = XOOPS_URL . '/' . $helper->getConfig('catimage') . '/' . $categoryObjs[$cid]->getVar('imgurl');
277			}
278			} else {
279			$imageURL = '';
280			}
281
282			if ($helper->getConfig('shortTitles')) {
283			$xoopsTpl->assign('xoops_pagetitle', $categoryObjs[$cid]->getVar('title'));
284			} else {
285			$xoopsTpl->assign('xoops_pagetitle', $categoryObjs[$cid]->getVar('title') . ' \| ' . $helper->getModule()->name());
286			}
287			$xoopsTpl->assign('category_image', $imageURL); // this definition is not removed for backward compatibility issues
288			$xoopsTpl->assign('category_image_URL', $imageURL);
289			}
290
291			// Extract Download information from database
292			$xoopsTpl->assign('show_category_title', false);
293
294			if (Request::hasVar('selectdate', 'GET')) {
295			$criteria->add(new Criteria('', 'TO_DAYS(FROM_UNIXTIME(' . Request::getInt('selectdate', 0, 'GET') . '))', '=', '', 'TO_DAYS(FROM_UNIXTIME(published))'));
296			$xoopsTpl->assign('show_categort_title', true);
297			} elseif (!empty($list)) {
298			$criteria->setSort("{$orderby}, title");
299			$criteria->add(new Criteria('title', $myts->addSlashes($list) . '%', 'LIKE'));
300			$xoopsTpl->assign('categoryPath', sprintf(_MD_WFDOWNLOADS_DOWNLOADS_LIST, htmlspecialchars($list, ENT_QUOTES \| ENT_HTML5)));
301			$xoopsTpl->assign('show_categort_title', true);
302			} else {
303			$criteria->setSort("{$orderby}, title");
304			$criteria->add(new Criteria('cid', $cid));
305			}
306
307			$downloads_count = $helper->getHandler('Download')->getActiveCount($criteria);
308			$criteria->setLimit($helper->getConfig('perpage'));
309			$criteria->setStart($start);
310			$downloadObjs = $helper->getHandler('Download')->getActiveDownloads($criteria);
311
312			// Show Downloads by file
313			if ($downloads_count > 0) {
314			foreach ($downloadObjs as $downloadObj) {
315			$downloadInfo = $downloadObj->getDownloadInfo();
316			$xoopsTpl->assign('lang_dltimes', sprintf(_MD_WFDOWNLOADS_DLTIMES, $downloadInfo['hits']));
317			$xoopsTpl->assign('lang_subdate', $downloadInfo['is_updated']);
318			$xoopsTpl->append('file', $downloadInfo); // this definition is not removed for backward compatibility issues
319			$xoopsTpl->append('downloads', $downloadInfo);
320			}
321
322			// Show order box
323			$xoopsTpl->assign('show_links', false);
324			if ($downloads_count > 1 && 0 != $cid) {
325			$xoopsTpl->assign('show_links', true);
326			$orderbyTrans = Utility::convertOrderByTrans($orderby);
327			$xoopsTpl->assign('orderby', Utility::convertorderbyout($orderby));
328			$xoopsTpl->assign('lang_cursortedby', sprintf(_MD_WFDOWNLOADS_CURSORTBY, Utility::convertOrderByTrans($orderby)));
329			$orderby = Utility::convertorderbyout($orderby);
330			}
331			// Screenshots display
332			$xoopsTpl->assign('show_screenshot', false);
333			if (1 == $helper->getConfig('screenshot')) {
334			$xoopsTpl->assign('shots_dir', $helper->getConfig('screenshots'));
335			$xoopsTpl->assign('shotwidth', $helper->getConfig('shotwidth'));
336			$xoopsTpl->assign('shotheight', $helper->getConfig('shotheight'));
337			$xoopsTpl->assign('viewcat', true);
338			$xoopsTpl->assign('show_screenshot', true);
339			}
340
341			// Nav page render
342			require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
343			if (Request::hasVar('selectdate', 'GET')) {
344			$pagenav = new XoopsPageNav($downloads_count, $helper->getConfig('perpage'), $start, 'start', 'list=' . urlencode($_GET['selectdate']));
345			} elseif (!empty($list)) {
346			$pagenav = new XoopsPageNav($downloads_count, $helper->getConfig('perpage'), $start, 'start', 'list=' . urlencode($list));
347			} else {
348			$pagenav = new XoopsPageNav($downloads_count, $helper->getConfig('perpage'), $start, 'start', 'cid=' . $cid);
349			}
350			$page_nav = $pagenav->renderNav();
351			$xoopsTpl->assign('page_nav', isset($page_nav) && !empty($page_nav)); // this definition is not removed for backward compatibility issues
352			$xoopsTpl->assign('pagenav', $pagenav->renderNav());
353			}
354
355			$xoopsTpl->assign('use_mirrors', $helper->getConfig('enable_mirrors'));
356			$xoopsTpl->assign('use_ratings', $helper->getConfig('enable_ratings'));
357			$xoopsTpl->assign('use_reviews', $helper->getConfig('enable_reviews'));
358			$xoopsTpl->assign('use_rss', $helper->getConfig('enablerss'));
359
360			if ((true == $helper->getConfig('enablerss')) && $downloads_count > 0) {
361			$rsslink_URL = WFDOWNLOADS_URL . "/rss.php?cid={$cid}";
362			$xoopsTpl->assign('category_rssfeed_URL', $rsslink_URL);
363			$rsslink = "<a href='"
364			. $rsslink_URL
365			. "' title='"
366			. _MD_WFDOWNLOADS_LEGENDTEXTCATRSS
367			. "'><img src='"
368			. XOOPS_URL
369			. '/modules/'
370			. $helper->getModule()->getVar('dirname')
371			. "/assets/images/icon/rss.gif' border='0' alt='"
372			. _MD_WFDOWNLOADS_LEGENDTEXTCATRSS
373			. "' title='"
374			. _MD_WFDOWNLOADS_LEGENDTEXTCATRSS
375			. "'></a>";
376			$xoopsTpl->assign('cat_rssfeed_link', $rsslink); // this definition is not removed for backward compatibility issues
377			}
378
379			require_once __DIR__ . '/footer.php';
380
381			?>
382			<script type="text/javascript">
383
384			$('.magnific_zoom').magnificPopup({
385			type: 'image',
386			image: {
387			cursor: 'mfp-zoom-out-cur',
388			titleSrc: "title",
389			verticalFit: true,
390			tError: 'The image could not be loaded.' // Error message
391			},
392			iframe: {
393			patterns: {
394			youtube: {
395			index: 'youtube.com/',
396			id: 'v=',
397			src: '//www.youtube.com/embed/%id%?autoplay=1'
398			}, vimeo: {
399			index: 'vimeo.com/',
400			id: '/',
401			src: '//player.vimeo.com/video/%id%?autoplay=1'
402			}, gmaps: {
403			index: '//maps.google.',
404			src: '%id%&output=embed'
405			}
406			}
407			},
408			preloader: true,
409			showCloseBtn: true,
410			closeBtnInside: false,
411			closeOnContentClick: true,
412			closeOnBgClick: true,
413			enableEscapeKey: true,
414			modal: false,
415			alignTop: false,
416			mainClass: 'mfp-img-mobile mfp-fade',
417			zoom: {
418			enabled: true,
419			duration: 300,
420			easing: 'ease-in-out'
421			},
422			removalDelay: 200
423			});
424			</script>
425

XoopsModules25x / wfdownloads

Issues (411)

Security Analysis not enabled

viewcat.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like