Issues in country_manager.php (master) - Issues in master - XoopsModules25x/xfguestbook - Measure and Improve Code Quality continuously with Scrutinizer

Issues (134)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/country_manager.php (11 issues)

Labels

Severity

<?php
//
//  ------------------------------------------------------------------------ //
//             XF Guestbook                                                  //
// ------------------------------------------------------------------------- //
//  This program is free software; you can redistribute it and/or modify     //
//  it under the terms of the GNU General Public License as published by     //
//  the Free Software Foundation; either version 2 of the License, or        //
//  (at your option) any later version.                                      //
//                                                                           //
//  You may not change or alter any portion of this comment or credits       //
//  of supporting developers from this source code or any supporting         //
//  source code which is considered copyrighted (c) material of the          //
//  original comment or credit authors.                                      //
//                                                                           //
//  This program is distributed in the hope that it will be useful,          //
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
//  GNU General Public License for more details.                             //
//                                                                           //
//  You should have received a copy of the GNU General Public License        //
//  along with this program; if not, write to the Free Software              //
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
//  ------------------------------------------------------------------------ //

use Xmf\Module\Admin;
use Xmf\Request;
use XoopsModules\Xfguestbook;
use XoopsModules\Xfguestbook\Helper;

//require_once dirname(dirname(dirname(__DIR__))) . '/include/cp_header.php';
//require_once  dirname(__DIR__) . '/include/cp_functions.php';
require_once __DIR__ . '/admin_header.php';

/** @var Helper $helper */
$helper = Helper::getInstance();

// Flag
$maxsize   = 2000;
$maxheight = 50;
$maxwidth  = 80;
$format    = 'gif';

$op = 'countryShow';
if (Request::hasVar('op', 'GET')) {
    $op = $_GET['op'];
} elseif (Request::hasVar('op', 'POST')) {
    $op = $_POST['op'];
}

if (Request::hasVar('country_id', 'GET')) {
    $country_id = Request::getInt('country_id', 0, 'GET');
} else {
    $country_id = Request::getInt('country_id', 0, 'POST');
}

$country_code = '';
if (Request::hasVar('country_code', 'GET')) {
    $country_code = $_GET['country_code'];
} elseif (Request::hasVar('country_code', 'POST')) {
    $country_code = $_POST['country_code'];
}

$start        = Request::getInt('start', 0, 'GET');
$country_name = Request::getString('country_name', '', 'POST');

/**
 * @param $country_code
 */
function flagUpload($country_code)
{
    global $xoopsModule, $maxsize, $maxwidth, $maxheight, $format;
    /** @var Helper $helper */
    $helper = Helper::getInstance();

    $array_allowed_mimetypes = ['image/' . $format];
    // photos
    if (!empty($_FILES['photo']['name'])) {
        $ext = preg_replace("/^.+\.([^.]+)$/sU", '\\1', $_FILES['photo']['name']);

        require_once XOOPS_ROOT_PATH . '/class/uploader.php';
        $field = $_POST['xoops_upload_file'][0];
        if (!empty($field) || '' !== $field) {
            // Check if file uploaded
            if ('' === $_FILES[$field]['tmp_name'] || !is_readable($_FILES[$field]['tmp_name'])) {
                redirect_header('country_manager.php', 2, MD_XFGUESTBOOK_FILEERROR);
            }
            $photos_dir = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir');
            $uploader   = new \XoopsMediaUploader($photos_dir, $array_allowed_mimetypes, $maxsize, $maxwidth, $maxheight);
            $uploader->setPrefix('tmp');
            if ($uploader->fetchMedia($field) && $uploader->upload()) {
                $tmp_name = $uploader->getSavedFileName();
                $ext      = preg_replace("/^.+\.([^.]+)$/sU", '\\1', $tmp_name);
                $photo    = $country_code . '.' . $ext;
                if (is_file($photos_dir . '/' . $photo)) {
                    unlink($photos_dir . '/' . $photo);
                }
                rename("$photos_dir/$tmp_name", "$photos_dir/$photo");
            } else {
                redirect_header('country_manager.php', 2, $uploader->getErrors());
            }
        }
        redirect_header('country_manager.php', 2, AM_XFGUESTBOOK_FILEUPLOADED);
    } else {
        redirect_header('country_manager.php?op=flagForm&amp;country_code=' . $country_code, 2, MD_XFGUESTBOOK_NOIMGSELECTED);
    }
    exit();

}

/**
 * @param $country_code
 */
function flagForm($country_code)
{
    global $xoopsModule, $maxsize, $maxwidth, $maxheight, $format;
    /** @var Helper $helper */
    $helper = Helper::getInstance();

    require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';

    $flagform = new \XoopsThemeForm(AM_XFGUESTBOOK_SUBMITFLAG, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true);
    $flagform->setExtra("enctype='multipart/form-data'");

    $flag = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $country_code . '.gif';
    if (file_exists(XOOPS_ROOT_PATH . $flag)) {
        $flag_img = "<img src='" . XOOPS_URL . $flag . '\'>';
        $img_flag = new \XoopsFormLabel('', '<br>' . $flag_img . '<br>');
        $flagform->addElement($img_flag);
    }
    $flag_desc = sprintf(AM_XFGUESTBOOK_FLAGDSC, $maxsize, $maxwidth, $maxheight, $format);
    $flagform->addElement(new \XoopsFormLabel('', $flag_desc));

    $img_text = new \XoopsFormFile(AM_XFGUESTBOOK_ADDIMG, 'photo', 30000);
    $img_text->setExtra("size ='60'");
    $flagform->addElement($img_text);

    $buttonTray = new \XoopsFormElementTray('', '');
    $buttonTray->addElement(new \XoopsFormButton('', 'post', _SUBMIT, 'submit'));
    $buttonTray->addElement(new \XoopsFormHidden('country_code', $country_code));
    $buttonTray->addElement(new \XoopsFormHidden('op', 'flagUpload'));
    $flagform->addElement($buttonTray);

    $flagform->display();
}

/**
 * @param $country_code
 */
function flagDel($country_code)
{
    global $xoopsModule;
    /** @var Helper $helper */
    $helper = Helper::getInstance();

    $ok = Request::getInt('ok', 0, 'POST');
    if (1 == $ok) {
        $flag = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $country_code . '.gif';
        if (is_file(XOOPS_ROOT_PATH . $flag)) {
            unlink(XOOPS_ROOT_PATH . $flag);
        }
        redirect_header('country_manager.php', 2, AM_XFGUESTBOOK_FLAGDELETED);
    } else {
        xoops_cp_header();
        $adminObject = Admin::getInstance();
        $adminObject->displayNavigation(basename(__FILE__));
        xoops_confirm(['op' => 'flagDel', 'country_code' => $country_code, 'ok' => 1], 'country_manager.php', AM_XFGUESTBOOK_CONFDELFLAG);
        require_once __DIR__ . '/admin_footer.php';
        //xoops_cp_footer();
    }
}

/**
 * @param null $country_id

 */
function countryForm($country_id = null)
{
    require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';

    if ($country_id) {

        $sform        = new \XoopsThemeForm(AM_XFGUESTBOOK_MODCOUNTRY, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true);
        $arr_country  = Xfguestbook\Utility::getCountry('country_id=' . $country_id, 0, 0);
        $country_code = $arr_country[0]['country_code'];
        $country_name = $arr_country[0]['country_name'];
    } else {
        $sform        = new \XoopsThemeForm(AM_XFGUESTBOOK_ADDCOUNTRY, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true);
        $country_code = '';
        $country_name = '';
    }

    $text_code = new \XoopsFormText(AM_XFGUESTBOOK_FLAGCODE, 'country_code', 5, 5, $country_code);
    if ($country_id) {

        $text_code->setExtra("readonly = 'readonly'");
    }
    $sform->addElement($text_code, true);
    $sform->addElement(new \XoopsFormText(AM_XFGUESTBOOK_FLAGNAME, 'country_name', 50, 50, $country_name), true);

    $buttonTray = new \XoopsFormElementTray('', '');
    $buttonTray->addElement(new \XoopsFormButton('', 'save', _SUBMIT, 'submit'));
    if ($country_id) {

        $buttonTray->addElement(new \XoopsFormHidden('country_id', $country_id));
    }
    $buttonTray->addElement(new \XoopsFormHidden('op', 'countrySave'));
    $sform->addElement($buttonTray);
    $sform->display();
}

/**
 * @param null $criteria

 * @param int  $limit
 * @param int  $start
 * @return array
 */
function xfgb_getCountry($criteria = null, $limit = 0, $start = 0)
{
    global $xoopsDB, $action;
    $ret = [];

    $sql = 'SELECT * FROM ' . $xoopsDB->prefix('xfguestbook_country');
    if (null !== $criteria && '' !== $criteria) {

        $sql .= ' WHERE ' . $criteria;
    }
    $sql    .= ' ORDER BY country_name ASC';
    $result = $xoopsDB->query($sql, $limit, $start);
    while (false !== ($myrow = $xoopsDB->fetchArray($result))) {
        $ret[] = $myrow;
    }

    return $ret;
}

/**
 * @param $country_id
 */
function countryDel($country_id)
{
    global $xoopsDB, $xoopsModule;
    /** @var Helper $helper */
    $helper = Helper::getInstance();

    $ok = Request::getInt('ok', 0, 'POST');
    if (1 == $ok) {
        $arr_country = Xfguestbook\Utility::getCountry('country_id=' . $country_id, 0, 0);
        $flag        = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $arr_country[0]['country_code'] . '.gif';
        $sql         = 'DELETE FROM ' . $xoopsDB->prefix('xfguestbook_country') . " WHERE country_id=$country_id";
        $result      = $xoopsDB->query($sql);

        if (is_file(XOOPS_ROOT_PATH . $flag)) {
            unlink(XOOPS_ROOT_PATH . $flag);
        }
        redirect_header('country_manager.php', 1, AM_XFGUESTBOOK_COUNTRYDELETED);
    } else {
        xoops_cp_header();
        $adminObject = Admin::getInstance();
        $adminObject->displayNavigation(basename(__FILE__));
        xoops_confirm(['op' => 'countryDel', 'country_id' => $country_id, 'ok' => 1], 'country_manager.php', AM_XFGUESTBOOK_CONFDELCOUNTRY);
        require_once __DIR__ . '/admin_footer.php';
        //xoops_cp_footer();
    }
}

/**
 * @param $country_id
 * @param $country_code
 * @param $country_name
 */
function countrySave($country_id, $country_code, $country_name)
{
    global $xoopsDB;

    $myts = \MyTextSanitizer::getInstance();

    //$country_code=$myts->makeTboxData4Save::$country_code;
    //$country_name=$myts->makeTboxData4Save::$country_name;
    echo $country_code;
    if (!empty($country_id)) {
        $sql = 'UPDATE ' . $xoopsDB->prefix('xfguestbook_country') . " SET country_code='$country_code', country_name='$country_name'";
        $sql .= " WHERE country_id=$country_id";
        $xoopsDB->query($sql);
        $messagesent = AM_XFGUESTBOOK_COUNTRY_UPDATED;
    } else {
        $sql = sprintf("SELECT COUNT(*) FROM  %s WHERE country_code = '%s'", $xoopsDB->prefix('xfguestbook_country'), $country_code);
        [$count] = $xoopsDB->fetchRow($xoopsDB->query($sql));
        if ($count > 0) {
            $messagesent = '<span style="color: #FF0000; ">' . AM_XFGUESTBOOK_COUNTRY_EXIST . '</span>';
        } else {
            $country_id = $xoopsDB->genId('country_id_seq');
            $sql        = sprintf("INSERT INTO `%s` (country_id, country_code, country_name) VALUES (%s, '%s', '%s')", $xoopsDB->prefix('xfguestbook_country'), $country_id, $country_code, $country_name);
            $xoopsDB->query($sql);
            $messagesent = AM_XFGUESTBOOK_COUNTRY_ADDED;
        }
    }
    redirect_header('country_manager.php', 2, $messagesent);
}

function countryShow()
{
    global $action, $start, $xoopsModule, $pathIcon16;
    /** @var Helper $helper */
    $helper = Helper::getInstance();

    $myts        = \MyTextSanitizer::getInstance();

    $limit       = 15;
    $arr_country = Xfguestbook\Utility::getCountry('', $limit, $start);
    $scount      = count(Xfguestbook\Utility::getCountry('', $limit, 0));
    $totalcount  = count(Xfguestbook\Utility::getCountry('', 0, 0));

    echo "
    <table width='100%' cellspacing='1' cellpadding='2' border='0' style='border-left: 1px solid #c0c0c0; border-top: 1px solid #c0c0c0; border-right: 1px solid #c0c0c0;'>
        <tr>
            <td><span style='font-weight: bold; font-size: 12px; font-variant: small-caps;'>" . AM_XFGUESTBOOK_DISPCOUNTRY . ' : ' . $totalcount . "</span></td>
            <td align='right'>
            </td>
        </tr>
    </table>";

    echo "<table border='1' width='100%' cellpadding ='2' cellspacing='1'>";
    echo "<tr class='bg3'>";
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGIMG . '</td>';
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGCODE . '</td>';
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGNAME . '</td>';
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_COUNTRY . '</td></b>';
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGIMG . '</td></b>';
    echo '</tr>';

    if ('0' == count($arr_country)) {
        echo "<tr ><td align='center' colspan ='10' class = 'head'><b>" . AM_XFGUESTBOOK_NOFLAG . '</b></td></tr>';
    }

    for ($i = 0, $iMax = count($arr_country); $i < $iMax; ++$i) {
        $all_country = [];
        $flag        = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $arr_country[$i]['country_code'] . '.gif';
        if (file_exists(XOOPS_ROOT_PATH . $flag)) {
            $all_country['flag_img'] = "<img src='" . XOOPS_URL . $flag . '\'>';
        } else {
            $all_country['flag_img'] = "<img src='" . XOOPS_URL . "/images/blank.gif'>";
        }

        $all_country['country_id']   = $arr_country[$i]['country_id'];
        $all_country['country_code'] = $arr_country[$i]['country_code'];
        $all_country['country_name'] = $arr_country[$i]['country_name'];
        $all_country['msg_action']   = "<a href='country_manager.php?op=countryEdit&amp;country_id=" . $arr_country[$i]['country_id'] . '\'><img src=\'' . $pathIcon16 . "/edit.png'></a>";
        $all_country['msg_action']   .= "&nbsp;<a href='country_manager.php?op=countryDel&amp;country_id=" . $arr_country[$i]['country_id'] . '\'><img src=\'' . $pathIcon16 . "/delete.png'></a>";
        $all_country['flag_action']  = "<a href='country_manager.php?op=flagForm&amp;country_code=" . $arr_country[$i]['country_code'] . '\'><img src=\'' . $pathIcon16 . "/add.png'></a>";
        $all_country['flag_action']  .= "&nbsp;<a href='country_manager.php?op=flagDel&amp;country_code=" . $arr_country[$i]['country_code'] . '\'><img src=\'' . $pathIcon16 . "/delete.png'></a>";
        echo "<tr><td align='center' class = 'head'><b>" . $all_country['flag_img'] . '</b>';
        echo "</td><td class = 'even'>" . $all_country['country_code'] . '';
        echo "</td><td class = 'odd'>" . $all_country['country_name'] . '';
        echo "</td><td align='center' class='even'>" . $all_country['msg_action'] . '';
        echo "</td><td align='center' class='even'>" . $all_country['flag_action'] . '';
        echo '</td></tr>';
        unset($all_country);
    }

    echo '</table><br>';

    if ($totalcount > $scount) {
        require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
        $pagenav = new \XoopsPageNav($totalcount, $limit, $start, 'start', 'action=' . $action);
        echo "<div class='center;' class = 'head'>" . $pagenav->renderNav() . '</div><br>';
    } else {
        echo '';
    }
    echo '<br>';
}

switch ($op) {
    case 'flagForm':
        xoops_cp_header();
        $adminObject = Admin::getInstance();
        $adminObject->displayNavigation(basename(__FILE__));
        //xfguestbook_admin_menu(2);
        flagForm($country_code);
        require_once __DIR__ . '/admin_footer.php';
        //xoops_cp_footer();
        break;
    case 'flagUpload':
        flagUpload($country_code);
        break;
    case 'flagDel':
        flagDel($country_code);
        break;
    case 'countryDel':
        countryDel($country_id);
        break;
    case 'countryEdit':
        xoops_cp_header();
        $adminObject = Admin::getInstance();
        $adminObject->displayNavigation(basename(__FILE__));
        //xfguestbook_admin_menu(2);
        countryForm($country_id);
        require_once __DIR__ . '/admin_footer.php';
        //xoops_cp_footer();
        break;
    case 'countrySave':
        countrySave($country_id, $country_code, $country_name);
        break;
    case 'countryAdd':
        xoops_cp_header();
        $adminObject = Admin::getInstance();
        $adminObject->displayNavigation(basename(__FILE__));
        //xfguestbook_admin_menu(2);
        countryForm();
        require_once __DIR__ . '/admin_footer.php';
        //xoops_cp_footer();
        break;
    case 'countryShow':
    default:
        xoops_cp_header();
        $adminObject = Admin::getInstance();
        $adminObject->displayNavigation(basename(__FILE__));
        //xfguestbook_admin_menu(2);
        countryShow();
        countryForm();
        require_once __DIR__ . '/admin_footer.php';
        //xoops_cp_footer();
        break;
}


1			<?php
2			//
3			// ------------------------------------------------------------------------ //
4			// XF Guestbook //
5			// ------------------------------------------------------------------------- //
6			// This program is free software; you can redistribute it and/or modify //
7			// it under the terms of the GNU General Public License as published by //
8			// the Free Software Foundation; either version 2 of the License, or //
9			// (at your option) any later version. //
10			// //
11			// You may not change or alter any portion of this comment or credits //
12			// of supporting developers from this source code or any supporting //
13			// source code which is considered copyrighted (c) material of the //
14			// original comment or credit authors. //
15			// //
16			// This program is distributed in the hope that it will be useful, //
17			// but WITHOUT ANY WARRANTY; without even the implied warranty of //
18			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
19			// GNU General Public License for more details. //
20			// //
21			// You should have received a copy of the GNU General Public License //
22			// along with this program; if not, write to the Free Software //
23			// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
24			// ------------------------------------------------------------------------ //
25
26			use Xmf\Module\Admin;
27			use Xmf\Request;
28			use XoopsModules\Xfguestbook;
29			use XoopsModules\Xfguestbook\Helper;
30
31			//require_once dirname(dirname(dirname(__DIR__))) . '/include/cp_header.php';
32			//require_once dirname(__DIR__) . '/include/cp_functions.php';
33			require_once __DIR__ . '/admin_header.php';
34
35			/** @var Helper $helper */
36			$helper = Helper::getInstance();
37
38			// Flag
39			$maxsize = 2000;
40			$maxheight = 50;
41			$maxwidth = 80;
42			$format = 'gif';
43
44			$op = 'countryShow';
45			if (Request::hasVar('op', 'GET')) {
46			$op = $_GET['op'];
47			} elseif (Request::hasVar('op', 'POST')) {
48			$op = $_POST['op'];
49			}
50
51			if (Request::hasVar('country_id', 'GET')) {
52			$country_id = Request::getInt('country_id', 0, 'GET');
53			} else {
54			$country_id = Request::getInt('country_id', 0, 'POST');
55			}
56
57			$country_code = '';
58			if (Request::hasVar('country_code', 'GET')) {
59			$country_code = $_GET['country_code'];
60			} elseif (Request::hasVar('country_code', 'POST')) {
61			$country_code = $_POST['country_code'];
62			}
63
64			$start = Request::getInt('start', 0, 'GET');
65			$country_name = Request::getString('country_name', '', 'POST');
66
67			/**
68			* @param $country_code
69			*/
70			function flagUpload($country_code)
71			{
72			global $xoopsModule, $maxsize, $maxwidth, $maxheight, $format;
73			/** @var Helper $helper */
74			$helper = Helper::getInstance();
75
76			$array_allowed_mimetypes = ['image/' . $format];
77			// photos
78			if (!empty($_FILES['photo']['name'])) {
79			$ext = preg_replace("/^.+\.([^.]+)$/sU", '\\1', $_FILES['photo']['name']);
			0 ignored issues – show Unused Code introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$ext` is dead and can be removed. Loading history...
80			require_once XOOPS_ROOT_PATH . '/class/uploader.php';
81			$field = $_POST['xoops_upload_file'][0];
82			if (!empty($field) \|\| '' !== $field) {
83			// Check if file uploaded
84			if ('' === $_FILES[$field]['tmp_name'] \|\| !is_readable($_FILES[$field]['tmp_name'])) {
85			redirect_header('country_manager.php', 2, MD_XFGUESTBOOK_FILEERROR);
86			}
87			$photos_dir = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir');
88			$uploader = new \XoopsMediaUploader($photos_dir, $array_allowed_mimetypes, $maxsize, $maxwidth, $maxheight);
89			$uploader->setPrefix('tmp');
90			if ($uploader->fetchMedia($field) && $uploader->upload()) {
91			$tmp_name = $uploader->getSavedFileName();
92			$ext = preg_replace("/^.+\.([^.]+)$/sU", '\\1', $tmp_name);
93			$photo = $country_code . '.' . $ext;
94			if (is_file($photos_dir . '/' . $photo)) {
95			unlink($photos_dir . '/' . $photo);
96			}
97			rename("$photos_dir/$tmp_name", "$photos_dir/$photo");
98			} else {
99			redirect_header('country_manager.php', 2, $uploader->getErrors());
100			}
101			}
102			redirect_header('country_manager.php', 2, AM_XFGUESTBOOK_FILEUPLOADED);
103			} else {
104			redirect_header('country_manager.php?op=flagForm&country_code=' . $country_code, 2, MD_XFGUESTBOOK_NOIMGSELECTED);
105			}
106			exit();
			0 ignored issues – show Best Practice introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
107			}
108
109			/**
110			* @param $country_code
111			*/
112			function flagForm($country_code)
113			{
114			global $xoopsModule, $maxsize, $maxwidth, $maxheight, $format;
115			/** @var Helper $helper */
116			$helper = Helper::getInstance();
117
118			require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
119
120			$flagform = new \XoopsThemeForm(AM_XFGUESTBOOK_SUBMITFLAG, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true);
121			$flagform->setExtra("enctype='multipart/form-data'");
122
123			$flag = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $country_code . '.gif';
124			if (file_exists(XOOPS_ROOT_PATH . $flag)) {
125			$flag_img = "<img src='" . XOOPS_URL . $flag . '\'>';
126			$img_flag = new \XoopsFormLabel('', '<br>' . $flag_img . '<br>');
127			$flagform->addElement($img_flag);
128			}
129			$flag_desc = sprintf(AM_XFGUESTBOOK_FLAGDSC, $maxsize, $maxwidth, $maxheight, $format);
130			$flagform->addElement(new \XoopsFormLabel('', $flag_desc));
131
132			$img_text = new \XoopsFormFile(AM_XFGUESTBOOK_ADDIMG, 'photo', 30000);
133			$img_text->setExtra("size ='60'");
134			$flagform->addElement($img_text);
135
136			$buttonTray = new \XoopsFormElementTray('', '');
137			$buttonTray->addElement(new \XoopsFormButton('', 'post', _SUBMIT, 'submit'));
138			$buttonTray->addElement(new \XoopsFormHidden('country_code', $country_code));
139			$buttonTray->addElement(new \XoopsFormHidden('op', 'flagUpload'));
140			$flagform->addElement($buttonTray);
141
142			$flagform->display();
143			}
144
145			/**
146			* @param $country_code
147			*/
148			function flagDel($country_code)
149			{
150			global $xoopsModule;
151			/** @var Helper $helper */
152			$helper = Helper::getInstance();
153
154			$ok = Request::getInt('ok', 0, 'POST');
155			if (1 == $ok) {
156			$flag = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $country_code . '.gif';
157			if (is_file(XOOPS_ROOT_PATH . $flag)) {
158			unlink(XOOPS_ROOT_PATH . $flag);
159			}
160			redirect_header('country_manager.php', 2, AM_XFGUESTBOOK_FLAGDELETED);
161			} else {
162			xoops_cp_header();
163			$adminObject = Admin::getInstance();
164			$adminObject->displayNavigation(basename(__FILE__));
165			xoops_confirm(['op' => 'flagDel', 'country_code' => $country_code, 'ok' => 1], 'country_manager.php', AM_XFGUESTBOOK_CONFDELFLAG);
166			require_once __DIR__ . '/admin_footer.php';
167			//xoops_cp_footer();
168			}
169			}
170
171			/**
172			* @param null $country_id
			0 ignored issues – show Documentation Bug introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$country_id` is correct as it would always require `null` to be passed? Loading history...
173			*/
174			function countryForm($country_id = null)
175			{
176			require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
177
178			if ($country_id) {
			0 ignored issues – show introduced 2019-07-17 07:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$country_id` is of type `null`, thus it always evaluated to `false`. Loading history...
179			$sform = new \XoopsThemeForm(AM_XFGUESTBOOK_MODCOUNTRY, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true);
180			$arr_country = Xfguestbook\Utility::getCountry('country_id=' . $country_id, 0, 0);
181			$country_code = $arr_country[0]['country_code'];
182			$country_name = $arr_country[0]['country_name'];
183			} else {
184			$sform = new \XoopsThemeForm(AM_XFGUESTBOOK_ADDCOUNTRY, 'op', xoops_getenv('SCRIPT_NAME'), 'post', true);
185			$country_code = '';
186			$country_name = '';
187			}
188
189			$text_code = new \XoopsFormText(AM_XFGUESTBOOK_FLAGCODE, 'country_code', 5, 5, $country_code);
190			if ($country_id) {
			0 ignored issues – show introduced 2019-07-17 07:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$country_id` is of type `null`, thus it always evaluated to `false`. Loading history...
191			$text_code->setExtra("readonly = 'readonly'");
192			}
193			$sform->addElement($text_code, true);
194			$sform->addElement(new \XoopsFormText(AM_XFGUESTBOOK_FLAGNAME, 'country_name', 50, 50, $country_name), true);
195
196			$buttonTray = new \XoopsFormElementTray('', '');
197			$buttonTray->addElement(new \XoopsFormButton('', 'save', _SUBMIT, 'submit'));
198			if ($country_id) {
			0 ignored issues – show introduced 2019-07-17 07:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$country_id` is of type `null`, thus it always evaluated to `false`. Loading history...
199			$buttonTray->addElement(new \XoopsFormHidden('country_id', $country_id));
200			}
201			$buttonTray->addElement(new \XoopsFormHidden('op', 'countrySave'));
202			$sform->addElement($buttonTray);
203			$sform->display();
204			}
205
206			/**
207			* @param null $criteria
			0 ignored issues – show Documentation Bug introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$criteria` is correct as it would always require `null` to be passed? Loading history...
208			* @param int $limit
209			* @param int $start
210			* @return array
211			*/
212			function xfgb_getCountry($criteria = null, $limit = 0, $start = 0)
213			{
214			global $xoopsDB, $action;
215			$ret = [];
216
217			$sql = 'SELECT * FROM ' . $xoopsDB->prefix('xfguestbook_country');
218			if (null !== $criteria && '' !== $criteria) {
			0 ignored issues – show introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `null !== $criteria` is always `false`. Loading history...
219			$sql .= ' WHERE ' . $criteria;
220			}
221			$sql .= ' ORDER BY country_name ASC';
222			$result = $xoopsDB->query($sql, $limit, $start);
223			while (false !== ($myrow = $xoopsDB->fetchArray($result))) {
224			$ret[] = $myrow;
225			}
226
227			return $ret;
228			}
229
230			/**
231			* @param $country_id
232			*/
233			function countryDel($country_id)
234			{
235			global $xoopsDB, $xoopsModule;
236			/** @var Helper $helper */
237			$helper = Helper::getInstance();
238
239			$ok = Request::getInt('ok', 0, 'POST');
240			if (1 == $ok) {
241			$arr_country = Xfguestbook\Utility::getCountry('country_id=' . $country_id, 0, 0);
242			$flag = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $arr_country[0]['country_code'] . '.gif';
243			$sql = 'DELETE FROM ' . $xoopsDB->prefix('xfguestbook_country') . " WHERE country_id=$country_id";
244			$result = $xoopsDB->query($sql);
			0 ignored issues – show Unused Code introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$result` is dead and can be removed. Loading history...
245			if (is_file(XOOPS_ROOT_PATH . $flag)) {
246			unlink(XOOPS_ROOT_PATH . $flag);
247			}
248			redirect_header('country_manager.php', 1, AM_XFGUESTBOOK_COUNTRYDELETED);
249			} else {
250			xoops_cp_header();
251			$adminObject = Admin::getInstance();
252			$adminObject->displayNavigation(basename(__FILE__));
253			xoops_confirm(['op' => 'countryDel', 'country_id' => $country_id, 'ok' => 1], 'country_manager.php', AM_XFGUESTBOOK_CONFDELCOUNTRY);
254			require_once __DIR__ . '/admin_footer.php';
255			//xoops_cp_footer();
256			}
257			}
258
259			/**
260			* @param $country_id
261			* @param $country_code
262			* @param $country_name
263			*/
264			function countrySave($country_id, $country_code, $country_name)
265			{
266			global $xoopsDB;
267
268			$myts = \MyTextSanitizer::getInstance();
			0 ignored issues – show Unused Code introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
269			//$country_code=$myts->makeTboxData4Save::$country_code;
270			//$country_name=$myts->makeTboxData4Save::$country_name;
271			echo $country_code;
272			if (!empty($country_id)) {
273			$sql = 'UPDATE ' . $xoopsDB->prefix('xfguestbook_country') . " SET country_code='$country_code', country_name='$country_name'";
274			$sql .= " WHERE country_id=$country_id";
275			$xoopsDB->query($sql);
276			$messagesent = AM_XFGUESTBOOK_COUNTRY_UPDATED;
277			} else {
278			$sql = sprintf("SELECT COUNT(*) FROM %s WHERE country_code = '%s'", $xoopsDB->prefix('xfguestbook_country'), $country_code);
279			[$count] = $xoopsDB->fetchRow($xoopsDB->query($sql));
280			if ($count > 0) {
281			$messagesent = '<span style="color: #FF0000; ">' . AM_XFGUESTBOOK_COUNTRY_EXIST . '</span>';
282			} else {
283			$country_id = $xoopsDB->genId('country_id_seq');
284			$sql = sprintf("INSERT INTO `%s` (country_id, country_code, country_name) VALUES (%s, '%s', '%s')", $xoopsDB->prefix('xfguestbook_country'), $country_id, $country_code, $country_name);
285			$xoopsDB->query($sql);
286			$messagesent = AM_XFGUESTBOOK_COUNTRY_ADDED;
287			}
288			}
289			redirect_header('country_manager.php', 2, $messagesent);
290			}
291
292			function countryShow()
293			{
294			global $action, $start, $xoopsModule, $pathIcon16;
295			/** @var Helper $helper */
296			$helper = Helper::getInstance();
297
298			$myts = \MyTextSanitizer::getInstance();
			0 ignored issues – show Unused Code introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
299			$limit = 15;
300			$arr_country = Xfguestbook\Utility::getCountry('', $limit, $start);
301			$scount = count(Xfguestbook\Utility::getCountry('', $limit, 0));
302			$totalcount = count(Xfguestbook\Utility::getCountry('', 0, 0));
303
304			echo "
305			<table width='100%' cellspacing='1' cellpadding='2' border='0' style='border-left: 1px solid #c0c0c0; border-top: 1px solid #c0c0c0; border-right: 1px solid #c0c0c0;'>
306			<tr>
307			<td><span style='font-weight: bold; font-size: 12px; font-variant: small-caps;'>" . AM_XFGUESTBOOK_DISPCOUNTRY . ' : ' . $totalcount . "</span></td>
308			<td align='right'>
309			</td>
310			</tr>
311			</table>";
312
313			echo "<table border='1' width='100%' cellpadding ='2' cellspacing='1'>";
314			echo "<tr class='bg3'>";
315			echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGIMG . '</td>';
316			echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGCODE . '</td>';
317			echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGNAME . '</td>';
318			echo "<td align='center'><b>" . AM_XFGUESTBOOK_COUNTRY . '</td></b>';
319			echo "<td align='center'><b>" . AM_XFGUESTBOOK_FLAGIMG . '</td></b>';
320			echo '</tr>';
321
322			if ('0' == count($arr_country)) {
323			echo "<tr ><td align='center' colspan ='10' class = 'head'><b>" . AM_XFGUESTBOOK_NOFLAG . '</b></td></tr>';
324			}
325
326			for ($i = 0, $iMax = count($arr_country); $i < $iMax; ++$i) {
327			$all_country = [];
328			$flag = '/modules/' . $xoopsModule->dirname() . '/assets/images/flags/' . $helper->getConfig('flagdir') . '/' . $arr_country[$i]['country_code'] . '.gif';
329			if (file_exists(XOOPS_ROOT_PATH . $flag)) {
330			$all_country['flag_img'] = "<img src='" . XOOPS_URL . $flag . '\'>';
331			} else {
332			$all_country['flag_img'] = "<img src='" . XOOPS_URL . "/images/blank.gif'>";
333			}
334
335			$all_country['country_id'] = $arr_country[$i]['country_id'];
336			$all_country['country_code'] = $arr_country[$i]['country_code'];
337			$all_country['country_name'] = $arr_country[$i]['country_name'];
338			$all_country['msg_action'] = "<a href='country_manager.php?op=countryEdit&country_id=" . $arr_country[$i]['country_id'] . '\'><img src=\'' . $pathIcon16 . "/edit.png'></a>";
339			$all_country['msg_action'] .= " <a href='country_manager.php?op=countryDel&country_id=" . $arr_country[$i]['country_id'] . '\'><img src=\'' . $pathIcon16 . "/delete.png'></a>";
340			$all_country['flag_action'] = "<a href='country_manager.php?op=flagForm&country_code=" . $arr_country[$i]['country_code'] . '\'><img src=\'' . $pathIcon16 . "/add.png'></a>";
341			$all_country['flag_action'] .= " <a href='country_manager.php?op=flagDel&country_code=" . $arr_country[$i]['country_code'] . '\'><img src=\'' . $pathIcon16 . "/delete.png'></a>";
342			echo "<tr><td align='center' class = 'head'><b>" . $all_country['flag_img'] . '</b>';
343			echo "</td><td class = 'even'>" . $all_country['country_code'] . '';
344			echo "</td><td class = 'odd'>" . $all_country['country_name'] . '';
345			echo "</td><td align='center' class='even'>" . $all_country['msg_action'] . '';
346			echo "</td><td align='center' class='even'>" . $all_country['flag_action'] . '';
347			echo '</td></tr>';
348			unset($all_country);
349			}
350
351			echo '</table><br>';
352
353			if ($totalcount > $scount) {
354			require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
355			$pagenav = new \XoopsPageNav($totalcount, $limit, $start, 'start', 'action=' . $action);
356			echo "<div class='center;' class = 'head'>" . $pagenav->renderNav() . '</div><br>';
357			} else {
358			echo '';
359			}
360			echo '<br>';
361			}
362
363			switch ($op) {
364			case 'flagForm':
365			xoops_cp_header();
366			$adminObject = Admin::getInstance();
367			$adminObject->displayNavigation(basename(__FILE__));
368			//xfguestbook_admin_menu(2);
369			flagForm($country_code);
370			require_once __DIR__ . '/admin_footer.php';
371			//xoops_cp_footer();
372			break;
373			case 'flagUpload':
374			flagUpload($country_code);
375			break;
376			case 'flagDel':
377			flagDel($country_code);
378			break;
379			case 'countryDel':
380			countryDel($country_id);
381			break;
382			case 'countryEdit':
383			xoops_cp_header();
384			$adminObject = Admin::getInstance();
385			$adminObject->displayNavigation(basename(__FILE__));
386			//xfguestbook_admin_menu(2);
387			countryForm($country_id);
388			require_once __DIR__ . '/admin_footer.php';
389			//xoops_cp_footer();
390			break;
391			case 'countrySave':
392			countrySave($country_id, $country_code, $country_name);
393			break;
394			case 'countryAdd':
395			xoops_cp_header();
396			$adminObject = Admin::getInstance();
397			$adminObject->displayNavigation(basename(__FILE__));
398			//xfguestbook_admin_menu(2);
399			countryForm();
400			require_once __DIR__ . '/admin_footer.php';
401			//xoops_cp_footer();
402			break;
403			case 'countryShow':
404			default:
405			xoops_cp_header();
406			$adminObject = Admin::getInstance();
407			$adminObject->displayNavigation(basename(__FILE__));
408			//xfguestbook_admin_menu(2);
409			countryShow();
410			countryForm();
411			require_once __DIR__ . '/admin_footer.php';
412			//xoops_cp_footer();
413			break;
414			}
415

XoopsModules25x / xfguestbook

Issues (134)

Security Analysis not enabled

admin/country_manager.php (11 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like