Issues (134)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  Header Injection
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/main.php (9 issues)

1
<?php
2
//
3
//  ------------------------------------------------------------------------ //
4
//             XF Guestbook                                                  //
5
// ------------------------------------------------------------------------- //
6
//  This program is free software; you can redistribute it and/or modify     //
7
//  it under the terms of the GNU General Public License as published by     //
8
//  the Free Software Foundation; either version 2 of the License, or        //
9
//  (at your option) any later version.                                      //
10
//                                                                           //
11
//  You may not change or alter any portion of this comment or credits       //
12
//  of supporting developers from this source code or any supporting         //
13
//  source code which is considered copyrighted (c) material of the          //
14
//  original comment or credit authors.                                      //
15
//                                                                           //
16
//  This program is distributed in the hope that it will be useful,          //
17
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
18
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
19
//  GNU General Public License for more details.                             //
20
//                                                                           //
21
//  You should have received a copy of the GNU General Public License        //
22
//  along with this program; if not, write to the Free Software              //
23
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
24
//  ------------------------------------------------------------------------ //
25
26
use Xmf\Module\Admin;
27
use Xmf\Request;
28
use XoopsModules\Xfguestbook;
29
use XoopsModules\Xfguestbook\Helper;
30
31
require_once __DIR__ . '/admin_header.php';
32
require_once dirname(__DIR__) . '/include/cp_functions.php';
33
34
/** @var Helper $helper */
35
$helper = Helper::getInstance();
36
37
if (null === $helper->getConfig('flagdir')) {
38
    redirect_header(XOOPS_URL . '/modules/system/admin.php?fct=modulesadmin&op=update&module=' . $xoopsModule->dirname(), 4, AM_XFGUESTBOOK_MUST_UPDATE);
39
}
40
41
if (Request::hasVar('op', 'GET')) {
42
    $op = $_GET['op'];
43
} elseif (Request::hasVar('op', 'POST')) {
44
    $op = $_POST['op'];
45
} else {
46
    $op = 'show';
47
}
48
49
if (Request::hasVar('msg_id', 'GET')) {
50
    $msg_id = Request::getInt('msg_id', 0, 'GET');
51
} else {
52
    $msg_id = Request::getInt('msg_id', 0, 'POST');
53
}
54
55
$msgHandler = $helper->getHandler('Message');
56
57
function delete()
58
{
59
    global $msgHandler, $xoopsModule;
60
    $msg_count = (!empty($_POST['msg_id']) && is_array($_POST['msg_id'])) ? count($_POST['msg_id']) : 0;
61
    if ($msg_count > 0) {
62
        $messagesent = AM_XFGUESTBOOK_MSGDELETED;
63
        for ($i = 0; $i < $msg_count; $i++) {
64
            $msg      = $msgHandler->get($_POST['msg_id'][$i]);
65
            $filename = $msg->getVar('title');
0 ignored issues
show
The assignment to $filename is dead and can be removed.
Loading history...
66
            $filename = $msg->getVar('photo');
67
            if (!$msgHandler->delete($msg)) {
68
                $messagesent = AM_XFGUESTBOOK_ERRORDEL;
69
            }
70
            if ('' !== $filename) {
71
                $filename = XOOPS_UPLOAD_PATH . '/' . $xoopsModule->getVar('dirname') . '/' . $filename;
72
                unlink($filename);
73
            }
74
        }
75
    } else {
76
        $messagesent = AM_XFGUESTBOOK_NOMSG;
77
    }
78
    redirect_header($_SERVER['SCRIPT_NAME'], 2, $messagesent);
79
}
80
81
function approve()
82
{
83
    global $msgHandler;
84
    $msg_count = (!empty($_POST['msg_id']) && is_array($_POST['msg_id'])) ? count($_POST['msg_id']) : 0;
85
    if ($msg_count > 0) {
86
        $messagesent = AM_XFGUESTBOOK_VALIDATE;
87
        for ($i = 0; $i < $msg_count; $i++) {
88
            $msg = $msgHandler->get($_POST['msg_id'][$i]);
89
            $msg->setVar('moderate', 0);
90
            if (!$msgHandler->insert($msg)) {
91
                $messagesent = AM_XFGUESTBOOK_ERRORVALID;
92
            }
93
        }
94
    } else {
95
        $messagesent = AM_XFGUESTBOOK_NOMSG;
96
    }
97
    redirect_header($_SERVER['SCRIPT_NAME'], 2, $messagesent);
98
}
99
100
function banish()
101
{
102
    global $msgHandler, $xoopsDB;
103
    $msg_count = (!empty($_POST['msg_id']) && is_array($_POST['msg_id'])) ? count($_POST['msg_id']) : 0;
104
    if ($msg_count > 0) {
105
        $messagesent = AM_XFGUESTBOOK_BANISHED;
106
        for ($i = 0; $i < $msg_count; $i++) {
107
            $msg    = $msgHandler->get($_POST['msg_id'][$i]);
108
            $ip[$i] = $msg->getVar('poster_ip');
109
            $msg->setVar('moderate', 1);
110
            if (!$msgHandler->insert($msg)) {
111
                $messagesent = AM_XFGUESTBOOK_ERRORBANISHED;
112
            }
113
        }
114
        $ip     = array_unique($ip);
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $ip does not seem to be defined for all execution paths leading up to this point.
Loading history...
115
        $badips = Xfguestbook\Utility::get_badips();
116
        foreach ($ip as $oneip) {
117
            if (!in_array($oneip, $badips)) {
118
                $sql    = 'INSERT INTO ' . $xoopsDB->prefix('xfguestbook_badips') . " (ip_value) VALUES ('$oneip')";
119
                $result = $xoopsDB->query($sql);
0 ignored issues
show
The assignment to $result is dead and can be removed.
Loading history...
120
            }
121
        }
122
    } else {
123
        $messagesent = AM_XFGUESTBOOK_NOMSG;
124
    }
125
126
    redirect_header($_SERVER['SCRIPT_NAME'], 2, $messagesent);
127
}
128
129
function show()
130
{
131
    global $msgHandler, $xoopsModule, $pathIcon16;
132
    $pick              = Request::getInt('pick', 0, 'GET');
0 ignored issues
show
The assignment to $pick is dead and can be removed.
Loading history...
133
    $start             = Request::getInt('start', 0, 'GET');
134
    $sel_status        = Request::getInt('sel_status', 0, 'GET');
135
    $sel_order         = Request::getInt('sel_order', 0, 'GET');
136
    $limit             = 10;
137
    $status_option0    = '';
138
    $status_option1    = '';
139
    $status_option2    = '';
140
    $order_option_asc  = '';
141
    $order_option_desc = '';
142
143
    switch ($sel_status) {
144
        case 0:
145
            $status_option0 = 'selected';
146
            $title          = AM_XFGUESTBOOK_ALLMSG;
147
            $criteria       = new \Criteria('msg_id', 0, '>');
148
            $criteria->setSort('post_time');
149
            break;
150
        case 1:
151
            $status_option1 = 'selected';
152
            $title          = AM_XFGUESTBOOK_PUBMSG;
153
            $criteria       = new \Criteria('moderate', '0');
154
            $criteria->setSort('post_time');
155
            break;
156
        case 2:
157
            $status_option2 = 'selected';
158
            $title          = AM_XFGUESTBOOK_WAITMSG;
159
            $criteria       = new \Criteria('moderate', '1');
160
            $criteria->setSort('post_time');
161
            break;
162
    }
163
164
    switch ($sel_order) {
165
        case 1:
166
            $order_option_asc = 'selected';
167
            $criteria->setOrder('ASC');
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $criteria does not seem to be defined for all execution paths leading up to this point.
Loading history...
168
            break;
169
        case 0:
170
            $order_option_desc = 'selected';
171
            $criteria->setOrder('DESC');
172
            break;
173
    }
174
175
    $totalcount = $msgHandler->countMsg($criteria);
176
    $criteria->setOrder('DESC');
177
    $criteria->setLimit($limit);
178
    $criteria->setStart($start);
179
    $msg = $msgHandler->getObjects($criteria);
180
181
    $badips = Xfguestbook\Utility::get_badips();
182
183
    /* -- Code to show selected terms -- */
184
    echo "<form name='pick' id='pick' action='" . $_SERVER['SCRIPT_NAME'] . '\' method=\'GET\' style=\'margin: 0;\'>';
185
186
    echo "
187
        <table width='100%' cellspacing='1' cellpadding='2' border='0' style='border-left: 1px solid #c0c0c0; border-top: 1px solid #c0c0c0; border-right: 1px solid #c0c0c0;'>
188
            <tr>
189
                <td><span style='font-weight: bold; font-size: 12px; font-variant: small-caps;'>" . $title . ' : ' . $totalcount . "</span></td>
0 ignored issues
show
Comprehensibility Best Practice introduced by
The variable $title does not seem to be defined for all execution paths leading up to this point.
Loading history...
190
                <td align='right'>
191
                " . AM_XFGUESTBOOK_DISPLAY . " :
192
                    <select name='sel_status' onchange='submit()'>
193
                        <option value = '0' $status_option0>" . AM_XFGUESTBOOK_ALLMSG . " </option>
194
                        <option value = '1' $status_option1>" . AM_XFGUESTBOOK_PUBMSG . " </option>
195
                        <option value = '2' $status_option2>" . AM_XFGUESTBOOK_WAITMSG . ' </option>
196
                    </select>
197
                ' . AM_XFGUESTBOOK_SELECT_SORT . "
198
                    <select name='sel_order' onchange='submit()'>
199
                        <option value = '1' $order_option_asc>" . AM_XFGUESTBOOK_SORT_ASC . "</option>
200
                        <option value = '0' $order_option_desc>" . AM_XFGUESTBOOK_SORT_DESC . '</option>
201
                    </select>
202
                </td>
203
            </tr>
204
        </table>
205
        </form>';
206
    /* -- end code to show selected terms -- */
207
208
    echo "<table border='1' width='100%' cellpadding ='2' cellspacing='1'>";
209
    echo "<tr class='bg3'>";
210
    echo "<td align='center'></td>";
211
    echo "<td align='center'><b><input type='hidden' name='op' value='delete'></td>";
212
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_NAME . '</td>';
213
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_TITLE . '</td>';
214
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_MESSAGE . '</td>';
215
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_DATE . '</td>';
216
    echo "<td align='center'><b>" . AM_XFGUESTBOOK_ACTION . '</td>';
217
    echo '</tr>';
218
219
    if ('0' != $totalcount) {
220
        echo "<form name='msglist' id='list' action='" . $_SERVER['SCRIPT_NAME'] . '\' method=\'POST\' style=\'margin: 0;\'>';
221
222
        /** @var \XoopsModules\Xfguestbook\Message $onemsg */
223
        foreach ($msg as $onemsg) {
224
            $all_msg              = [];
225
            $all_msg['post_time'] = formatTimestamp($onemsg->getVar('post_time'));
226
            $all_msg['msg_id']    = $onemsg->getVar('msg_id');
227
            $all_msg['user']      = ($onemsg->getVar('user_id') > 0) ? \XoopsUser::getUnameFromId($onemsg->getVar('user_id')) : $onemsg->getVar('uname');
228
            $all_msg['action']    = "<a href='main.php?op=edit&amp;msg_id=" . $onemsg->getVar('msg_id') . '\'><img src=\'' . $pathIcon16 . "/edit.png'></a>";
229
            $img_status           = "<img src='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/';
230
            if ($onemsg->getVar('moderate')) {
231
                $img_status .= "ic15_question.gif'>";
232
            } else {
233
                $img_status .= "ic15_ok.gif'>";
234
            }
235
            $all_msg['title']   = "<a href='../index.php?op=show_one&msg_id=" . $onemsg->getVar('msg_id') . '\'>' . $onemsg->getVar('title') . '</a>';
236
            $all_msg['message'] = $onemsg->getVar('message');
237
238
            if ($onemsg->getVar('photo')) {
239
                $all_msg['message'] = '<img src="' . XOOPS_UPLOAD_URL . '/' . $xoopsModule->getVar('dirname') . '/' . $onemsg->getVar('photo') . '" align = "left" hspace ="10">' . $onemsg->getVar('message');
240
            } else {
241
                $all_msg['message'] = $onemsg->getVar('message');
242
            }
243
244
            echo '<tr>';
245
            echo "<td align='center' class='even'><input type='checkbox' name='msg_id[]' id='msg_id[]' value='" . $all_msg['msg_id'] . '\'></td>';
246
            echo "<td align='center' class = 'head'><b>" . $img_status . '</b></td>';
247
            echo "<td align='center' class = 'even'>" . $all_msg['user'] . '</td>';
248
            echo "<td align='left' class = 'odd'>" . $all_msg['title'] . '</td>';
249
            echo "<td align='left' class = 'even'>" . $all_msg['message'] . '</td>';
250
            echo "<td class='odd'>" . $all_msg['post_time'] . '<br>';
251
            if (in_array($onemsg->getVar('poster_ip'), $badips)) {
252
                echo "<span style='color: #FF0000; '><b>" . $onemsg->getVar('poster_ip') . '</b></span></td>';
253
            } else {
254
                echo $onemsg->getVar('poster_ip') . '</td>';
255
            }
256
            echo "<td align='center' class='even'>" . $all_msg['action'] . '</td>';
257
            echo '</tr>';
258
            unset($all_msg);
259
        }
260
        echo "<tr class='foot'><td><select name='op'>";
261
        if (1 != $sel_status) {
262
            echo "<option value='approve'>" . AM_XFGUESTBOOK_PUB . '</option>';
263
        }
264
        echo "<option value='delete'>" . _DELETE . '</option>';
265
        echo "<option value='banish'>" . AM_XFGUESTBOOK_BAN . '</option>';
266
        echo '</select>&nbsp;</td>';
267
        echo "<td colspan='6'>" . $GLOBALS['xoopsSecurity']->getTokenHTML() . "<input type='submit' value='" . _GO . '\'>';
268
        echo '</td></tr>';
269
        echo '</form>';
270
    } else {
271
        echo "<tr ><td align='center' colspan ='10' class = 'head'><b>" . AM_XFGUESTBOOK_NOMSG . '</b></td></tr>';
272
    }
273
    echo '</table><br>';
274
    if ($totalcount > $limit) {
275
        require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
276
        $pagenav = new \XoopsPageNav($totalcount, $limit, $start, 'start', 'sel_status=' . $sel_status . '&sel_order=' . $sel_order);
277
        echo "<div class='center;' class = 'head'>" . $pagenav->renderNav() . '</div><br>';
278
    } else {
279
        echo '';
280
    }
281
    echo '<br>';
282
}
283
284
switch ($op) {
285
    case 'save':
286
        global $xoopsModule;
287
        if (!$GLOBALS['xoopsSecurity']->check()) {
288
            redirect_header('index.php', 2, implode('<br>', $GLOBALS['xoopsSecurity']->getErrors()));
289
        }
290
        $msgstop = '';
291
        $msg     = $msgHandler->get($msg_id);
292
        $del_img = Request::getInt('del_img', 0, 'POST');
293
        if ($del_img) {
294
            $filename = XOOPS_UPLOAD_PATH . '/' . $xoopsModule->getVar('dirname') . '/' . $msg->getVar('photo');
295
            unlink($filename);
296
            $msg->setVar('photo', '');
297
        } elseif (!empty($_FILES['photo']['name'])) {
298
            Xfguestbook\Utility::upload();
299
            $photo      = str_replace('tmp_', 'msg_', $preview_name);
300
            $photos_dir = XOOPS_UPLOAD_PATH . '/' . $xoopsModule->getVar('dirname') . '/';
301
            rename($photos_dir . $preview_name, $photos_dir . $photo);
302
            if ('' !== $msg->getVar('photo')) {
303
                $filename = XOOPS_UPLOAD_PATH . '/' . $xoopsModule->getVar('dirname') . '/' . $msg->getVar('photo');
304
                unlink($filename);
305
            }
306
            $msg->setVar('photo', $photo);
307
        }
308
        if (!empty($msgstop)) {
0 ignored issues
show
The condition empty($msgstop) is always true.
Loading history...
309
            redirect_header('main.php?op=edit&msg_id=' . $msg_id, 2, $msgstop);
310
        }
311
        $uname    = Request::getString('uname', '', 'POST');
312
        $email    = Request::getString('email', '', 'POST');
313
        $url      = Request::getString('url', '', 'POST');
314
        $title    = Request::getString('title', '', 'POST');
315
        $message  = Request::getString('message', '', 'POST');
316
        $note     = Request::getString('note', '', 'POST');
317
        $gender   = Request::getString('gender', '', 'POST');
318
        $country  = Request::getString('country', '', 'POST');
319
        $other    = Request::getString('other', '', 'POST');
320
        $moderate = Request::getInt('moderate', 0, 'POST');
321
322
        $msg->setVar('uname', $uname);
323
        $msg->setVar('email', $email);
324
        $msg->setVar('url', $url);
325
        $msg->setVar('title', $title);
326
        $msg->setVar('message', $message);
327
        $msg->setVar('note', $note);
328
        $msg->setVar('gender', $gender);
329
        if ('' !== $country) {
330
            $msg->setVar('country', $country);
331
            $msg->setVar('flagdir', $helper->getConfig('flagdir'));
332
        }
333
        $msg->setVar('other', $other);
334
        $msg->setVar('moderate', $moderate);
335
        if ($msgHandler->insert($msg)) {
336
            redirect_header('main.php?op=show', 1, AM_XFGUESTBOOK_MSGMOD);
337
        } else {
338
            redirect_header('main.php?op=show', 2, AM_XFGUESTBOOK_MSGERROR);
339
        }
340
        break;
341
    case 'edit':
342
        xoops_cp_header();
343
        $adminObject = Admin::getInstance();
344
        $adminObject->displayNavigation(basename(__FILE__));
345
        //xfguestbook_admin_menu(0);
346
        $msg = $msgHandler->get($msg_id);
347
        require_once dirname(__DIR__) . '/include/form_edit.inc.php';
348
        $msg_form->display();
349
        require_once __DIR__ . '/admin_footer.php';
350
        //xoops_cp_footer();
351
        break;
352
    case 'approve':
353
        approve();
0 ignored issues
show
The call to approve() has too few arguments starting with msg_id. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

353
        /** @scrutinizer ignore-call */ 
354
        approve();

This check compares calls to functions or methods with their respective definitions. If the call has less arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.

Loading history...
354
        break;
355
    case 'delete':
356
        delete();
0 ignored issues
show
The call to delete() has too few arguments starting with msg_id. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

356
        /** @scrutinizer ignore-call */ 
357
        delete();

This check compares calls to functions or methods with their respective definitions. If the call has less arguments than are defined, it raises an issue.

If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. Please note the @ignore annotation hint above.

Loading history...
357
        break;
358
    case 'banish':
359
        banish();
360
        break;
361
    case 'show':
362
    default:
363
        xoops_cp_header();
364
        $adminObject = Admin::getInstance();
365
        $adminObject->displayNavigation(basename(__FILE__));
366
        //xfguestbook_admin_menu(0);
367
        show();
368
        require_once __DIR__ . '/admin_footer.php';
369
        //xoops_cp_footer();
370
        break;
371
}
372