Issues in upgrade.php (master) - Issues in master - XoopsModules25x/xfguestbook - Measure and Improve Code Quality continuously with Scrutinizer

Issues (134)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/upgrade.php (4 issues)

Labels

Unused Code 1

Severity

<?php
//
// ------------------------------------------------------------------------- //
// XF Guestbook for Xoops                                                          //
// ------------------------------------------------------------------------- //
//  This program is free software; you can redistribute it and/or modify     //
//  it under the terms of the GNU General Public License as published by     //
//  the Free Software Foundation; either version 2 of the License, or        //
//  (at your option) any later version.                                      //
//                                                                           //
//  You may not change or alter any portion of this comment or credits       //
//  of supporting developers from this source code or any supporting         //
//  source code which is considered copyrighted (c) material of the          //
//  original comment or credit authors.                                      //
//                                                                           //
//  This program is distributed in the hope that it will be useful,          //
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
//  GNU General Public License for more details.                             //
//                                                                           //
//  You should have received a copy of the GNU General Public License        //
//  along with this program; if not, write to the Free Software              //
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
//---------------------------------------------------------------------------//

//require_once  dirname(dirname(dirname(__DIR__))) . '/mainfile.php';
require_once __DIR__ . '/admin_header.php';
require_once dirname(__DIR__, 3) . '/include/cp_functions.php';
require_once dirname(__DIR__) . '/include/cp_functions.php';

/**
 * @param $tablename
 * @return bool
 */
function TableExist($tablename)
{
    global $xoopsDB;
    $tablename = $xoopsDB->prefix($tablename);
    $result    = $xoopsDB->queryF("SHOW TABLES LIKE '$tablename'");

    return ($xoopsDB->getRowsNum($result) > 0);
}

/**
 * @param $tablename
 * @param $fieldname
 * @return bool
 */
function FieldType($tablename, $fieldname)
{
    global $xoopsDB;
    $arr    = [];

    $sql    = 'SHOW COLUMNS FROM ' . $xoopsDB->prefix($tablename) . " LIKE '$fieldname'";
    $result = $xoopsDB->queryF($sql);
    if (!$result) {
        return false;
    }

    $myrow = $xoopsDB->fetchArray($result);

    return $myrow['Type'];
}

/**
 * @param $tablename
 * @return int
 */
function CountRows($tablename)
{
    global $xoopsDB;
    $sql    = 'SELECT * FROM ' . $xoopsDB->prefix($tablename);
    $result = $xoopsDB->queryF($sql);
    if (!$result) {
        return 0;
    }
    $nbr = $xoopsDB->getRowsNum($result);

    return $nbr;
}

$op = ($_POST['op'] ?? 'check');
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}

switch ($op) {
    case 'check':
    default:
        xoops_cp_header();
        xfguestbook_admin_menu(99);
        $update = false;

        // table xfguestbook_config
        $nt                        = 0;
        $nf                        = 0;
        $arr_table[$nt]['name']    = 'xfguestbook_config';
        $arr_table[$nt]['version'] = AM_XFGUESTBOOK_ADDED . '2.10';
        if (!TableExist('xfguestbook_config')) {
            $arr_table[$nt]['to_update'] = 1;
            $update                      = true;
        } elseif (10 != CountRows('xfguestbook_config')) {
            $arr_table[$nt]['to_update'] = 2;
            $update                      = true;
        } else {
            $arr_table[$nt]['to_update'] = 0;
        }

        // table xfguestbook_msg
        $nt++;
        $nf                        = 0;
        $arr_table[$nt]['name']    = 'xfguestbook_msg';
        $arr_table[$nt]['version'] = '';

        if (!TableExist('xfguestbook_msg')) {
            $arr_table[$nt]['to_update'] = 1;
            $update                      = true;
        } else {
            $arr_table[$nt]['to_update'] = 0;
        }

        $arr_table[$nt]['field'][$nf]['name']    = 'gender';
        $arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.10';
        if (!FieldType('xfguestbook_msg', 'gender')) {
            $arr_table[$nt]['field'][$nf]['to_update'] = 1;
            $update                                    = true;
        } else {
            $arr_table[$nt]['field'][$nf]['to_update'] = 0;
        }
        $nf++;

        $arr_table[$nt]['field'][$nf]['name']    = 'country';
        $arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.10 - ' . AM_XFGUESTBOOK_CHANGED . '2.30';
        $field                                   = FieldType('xfguestbook_msg', 'country');
        if (!$field) {
            $arr_table[$nt]['field'][$nf]['to_update'] = 1;
            $update                                    = true;
        } elseif ('varchar(5)' !== $field) {

            $arr_table[$nt]['field'][$nf]['to_update'] = 2;
            $update                                    = true;
        } else {
            $arr_table[$nt]['field'][$nf]['to_update'] = 0;
        }
        $nf++;

        $arr_table[$nt]['field'][$nf]['name']    = 'photo';
        $arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.20';
        if (!FieldType('xfguestbook_msg', 'photo')) {
            $arr_table[$nt]['field'][$nf]['to_update'] = 1;
            $update                                    = true;
        } else {
            $arr_table[$nt]['field'][$nf]['to_update'] = 0;
        }
        $nf++;

        $arr_table[$nt]['field'][$nf]['name']    = 'flagdir';
        $arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.30';
        if (!FieldType('xfguestbook_msg', 'flagdir')) {
            $arr_table[$nt]['field'][$nf]['to_update'] = 1;
            $update                                    = true;
        } else {
            $arr_table[$nt]['field'][$nf]['to_update'] = 0;
        }
        $nf++;

        $arr_table[$nt]['field'][$nf]['name']    = 'other';
        $arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.30';
        if (!FieldType('xfguestbook_msg', 'other')) {
            $arr_table[$nt]['field'][$nf]['to_update'] = 1;
            $update                                    = true;
        } else {
            $arr_table[$nt]['field'][$nf]['to_update'] = 0;
        }
        $nf++;

        // table xfguestbook_country
        $nt++;
        $nf                        = 0;
        $arr_table[$nt]['name']    = 'xfguestbook_country';
        $arr_table[$nt]['version'] = AM_XFGUESTBOOK_ADDED . '2.10';

        if (!TableExist('xfguestbook_country')) {
            $arr_table[$nt]['to_update'] = 1;
            $update                      = true;
        } else {
            $arr_table[$nt]['to_update']             = 0;
            $arr_table[$nt]['field'][$nf]['name']    = 'country_code';
            $arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_CHANGED . '2.30';
            $field                                   = FieldType('xfguestbook_country', 'country_code');
            if ('varchar(5)' !== $field) {

                $arr_table[$nt]['field'][$nf]['to_update'] = 2;
                $update                                    = true;
            } else {
                $arr_table[$nt]['field'][$nf]['to_update'] = 0;
            }
        }

        // table xfguestbook_badips
        $nt++;
        $nf                        = 0;
        $arr_table[$nt]['name']    = 'xfguestbook_badips';
        $arr_table[$nt]['version'] = AM_XFGUESTBOOK_ADDED . '2.40';

        if (!TableExist('xfguestbook_badips')) {
            $arr_table[$nt]['to_update'] = 1;
            $update                      = true;
        }

        // affichage tableau
        echo '<form name="form1" method="post" action="upgrade.php">';
        foreach ($arr_table as $one_table) {
            echo "<table border='1' width='100%' cellpadding ='3' cellspacing='1'>";
            echo '<tr><td width="40%" class="even">';
            echo '<b>' . AM_XFGUESTBOOK_TABLE . $xoopsDB->prefix($one_table['name']) . '</b>';
            echo '</td>';
            //          echo '<td class="even">';
            if ($one_table['to_update'] > 0) {
                echo '<td width="20%" class = "even"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_notok.gif\' alt=\'Pas OK\' >';
            } else {
                echo '<td width="20%" class = "even"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_ok.gif\' alt=\'OK\' >';
            }
            echo '<input type = "hidden" name = "' . $one_table['name'] . '_checked" value = "' . $one_table['to_update'] . '" >';
            echo '</td>';
            echo '<td class="even">' . $one_table['version'];
            echo '</td>';
            echo '</tr>';
            if (isset($one_table['field'])) {
                foreach ($one_table['field'] as $one_field) {
                    echo '<tr><td width="40%" class = "odd">';
                    echo AM_XFGUESTBOOK_FIELD . $one_field['name'];
                    echo '</td>';
                    if ($one_field['to_update'] > 0) {
                        echo '<td width="20%" class = "odd"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_notok.gif\' >';
                    } else {
                        echo '<td width="20%" class = "odd"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_ok.gif\' >';
                    }
                    echo '<input type = "hidden" name = "' . $one_table['name'] . '_' . $one_field['name'] . '_checked" value = "' . $one_field['to_update'] . '" >';
                    echo '<td  width="40%" class = "odd">' . $one_field['version'];
                    echo '</td>';
                }
            } else {
                echo '<tr><td colspan="3" class = "odd">';
                echo AM_XFGUESTBOOK_NOCHANGE;
                echo '</td>';
                echo '</tr>';
            }
            echo '</table><br>';
        }

        echo "<table border='1' width='100%' ><tr><td class = 'odd'><div align='center'>";
        if ($update) {

            echo AM_XFGUESTBOOK_WARNING_UPGRADE . '<br><br>';
            echo '<input type="hidden" name="op" value="upgrade">';
            echo '<input type="submit" name="Submit" value="' . AM_XFGUESTBOOK_UPGRADE_GO . '">';
        } else {
            echo AM_XFGUESTBOOK_NO_UPGRADE . '<br><br>';
        }
        echo '</div></td></tr></table>';
        echo '</form>';
        xoops_cp_footer();
        break;
    case 'upgrade':
        xoops_cp_header();
        xfguestbook_admin_menu(99);
        $msg = '';
        if ($xfguestbook_config_checked > 0) {
            $sql    = 'DROP TABLE ' . $xoopsDB->prefix('xfguestbook_config');
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
            $sqlfile = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/sql/update_config.sql'; //create + insert values
            $error   = executeSQL($sqlfile);
            $msg     .= AM_XFGUESTBOOK_ERROR . ' ' . $error . '<br>';
        }
        if ($xfguestbook_msg_checked > 0) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook') . ' RENAME ' . $xoopsDB->prefix('xfguestbook_msg');
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' CHANGE `xfguestbook_id` `msg_id` INT(11) NOT NULL AUTO_INCREMENT';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }
        if ($xfguestbook_msg_photo_checked > 0) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `photo` VARCHAR(25) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }
        if ($xfguestbook_msg_gender_checked > 0) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `gender` TINYINT(1) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }
        if (1 == $xfguestbook_msg_country_checked) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `country` VARCHAR(5) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }
        if (2 == $xfguestbook_msg_country_checked) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' CHANGE `country` `country` CHAR(5) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }
        if ($xfguestbook_msg_flagdir_checked > 0) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `flagdir` VARCHAR(20) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
            if (0 == $xfguestbook_country_checked) {
                $sql    = 'UPDATE ' . $xoopsDB->prefix('xfguestbook_msg') . " SET flagdir = 'world_flags' ";
                $result = $xoopsDB->queryF($sql);
                if (!$result) {
                    $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
                }
                //          $sqlfile = XOOPS_ROOT_PATH."/modules/".$xoopsModule->dirname().'/assets/images/flags/world_flags/flags_data.sql';
                //          $msg .= executeSQL($sqlfile);

                /** @var \XoopsConfigHandler $configHandler */
                $configHandler = xoops_getHandler('config');
                $criteria      = new \CriteriaCompo(new \Criteria('conf_modid', $xoopsModule->mid()));
                $criteria->add(new \Criteria('conf_name', 'flagdir'));
                $config = $configHandler->getConfigs($criteria);
                /** @var \XoopsConfigItem $configItem */
                $configItem = $config[0];
                $value      = [$configItem->getConfValueForOutput()];
                $configItem->setVar('conf_value', 'world_flags');
                if (!$configHandler->insertConfig($configItem)) {
                    $msg .= 'Could not insert flagdir config <bt>';
                }
            }
        }
        if (1 == $xfguestbook_msg_other_checked) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `other`VARCHAR(20) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }

        if ($xfguestbook_country_checked > 0) {
            $sqlfile = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/sql/create_country.sql'; //create only
            $error   = executeSQL($sqlfile);
            $msg     .= AM_XFGUESTBOOK_ERROR . ' ' . $error . '<br>';
        } elseif ($xfguestbook_country_country_code_checked > 1) {
            $sql    = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_country') . ' CHANGE `country_code` `country_code` CHAR(5) NOT NULL';
            $result = $xoopsDB->queryF($sql);
            if (!$result) {
                $msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
            }
        }

        if ($xfguestbook_badips_checked > 0) {
            $sqlfile = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/sql/create_badips.sql'; //create only
            $error   = executeSQL($sqlfile);
            $msg     .= AM_XFGUESTBOOK_ERROR . ' ' . $error . '<br>';
        }

        if ('' === $msg) {
            echo AM_XFGUESTBOOK_UPGRADE_SUCCESS;
        }
        xoops_cp_footer();
        break;
}


1			<?php
2			//
3			// ------------------------------------------------------------------------- //
4			// XF Guestbook for Xoops //
5			// ------------------------------------------------------------------------- //
6			// This program is free software; you can redistribute it and/or modify //
7			// it under the terms of the GNU General Public License as published by //
8			// the Free Software Foundation; either version 2 of the License, or //
9			// (at your option) any later version. //
10			// //
11			// You may not change or alter any portion of this comment or credits //
12			// of supporting developers from this source code or any supporting //
13			// source code which is considered copyrighted (c) material of the //
14			// original comment or credit authors. //
15			// //
16			// This program is distributed in the hope that it will be useful, //
17			// but WITHOUT ANY WARRANTY; without even the implied warranty of //
18			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
19			// GNU General Public License for more details. //
20			// //
21			// You should have received a copy of the GNU General Public License //
22			// along with this program; if not, write to the Free Software //
23			// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
24			//---------------------------------------------------------------------------//
25
26			//require_once dirname(dirname(dirname(__DIR__))) . '/mainfile.php';
27			require_once __DIR__ . '/admin_header.php';
28			require_once dirname(__DIR__, 3) . '/include/cp_functions.php';
29			require_once dirname(__DIR__) . '/include/cp_functions.php';
30
31			/**
32			* @param $tablename
33			* @return bool
34			*/
35			function TableExist($tablename)
36			{
37			global $xoopsDB;
38			$tablename = $xoopsDB->prefix($tablename);
39			$result = $xoopsDB->queryF("SHOW TABLES LIKE '$tablename'");
40
41			return ($xoopsDB->getRowsNum($result) > 0);
42			}
43
44			/**
45			* @param $tablename
46			* @param $fieldname
47			* @return bool
48			*/
49			function FieldType($tablename, $fieldname)
50			{
51			global $xoopsDB;
52			$arr = [];
			0 ignored issues – show Unused Code introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$arr` is dead and can be removed. Loading history...
53			$sql = 'SHOW COLUMNS FROM ' . $xoopsDB->prefix($tablename) . " LIKE '$fieldname'";
54			$result = $xoopsDB->queryF($sql);
55			if (!$result) {
56			return false;
57			}
58
59			$myrow = $xoopsDB->fetchArray($result);
60
61			return $myrow['Type'];
62			}
63
64			/**
65			* @param $tablename
66			* @return int
67			*/
68			function CountRows($tablename)
69			{
70			global $xoopsDB;
71			$sql = 'SELECT * FROM ' . $xoopsDB->prefix($tablename);
72			$result = $xoopsDB->queryF($sql);
73			if (!$result) {
74			return 0;
75			}
76			$nbr = $xoopsDB->getRowsNum($result);
77
78			return $nbr;
79			}
80
81			$op = ($_POST['op'] ?? 'check');
82			foreach ($_POST as $k => $v) {
83			${$k} = $v;
84			}
85
86			switch ($op) {
87			case 'check':
88			default:
89			xoops_cp_header();
90			xfguestbook_admin_menu(99);
91			$update = false;
92
93			// table xfguestbook_config
94			$nt = 0;
95			$nf = 0;
96			$arr_table[$nt]['name'] = 'xfguestbook_config';
97			$arr_table[$nt]['version'] = AM_XFGUESTBOOK_ADDED . '2.10';
98			if (!TableExist('xfguestbook_config')) {
99			$arr_table[$nt]['to_update'] = 1;
100			$update = true;
101			} elseif (10 != CountRows('xfguestbook_config')) {
102			$arr_table[$nt]['to_update'] = 2;
103			$update = true;
104			} else {
105			$arr_table[$nt]['to_update'] = 0;
106			}
107
108			// table xfguestbook_msg
109			$nt++;
110			$nf = 0;
111			$arr_table[$nt]['name'] = 'xfguestbook_msg';
112			$arr_table[$nt]['version'] = '';
113
114			if (!TableExist('xfguestbook_msg')) {
115			$arr_table[$nt]['to_update'] = 1;
116			$update = true;
117			} else {
118			$arr_table[$nt]['to_update'] = 0;
119			}
120
121			$arr_table[$nt]['field'][$nf]['name'] = 'gender';
122			$arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.10';
123			if (!FieldType('xfguestbook_msg', 'gender')) {
124			$arr_table[$nt]['field'][$nf]['to_update'] = 1;
125			$update = true;
126			} else {
127			$arr_table[$nt]['field'][$nf]['to_update'] = 0;
128			}
129			$nf++;
130
131			$arr_table[$nt]['field'][$nf]['name'] = 'country';
132			$arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.10 - ' . AM_XFGUESTBOOK_CHANGED . '2.30';
133			$field = FieldType('xfguestbook_msg', 'country');
134			if (!$field) {
135			$arr_table[$nt]['field'][$nf]['to_update'] = 1;
136			$update = true;
137			} elseif ('varchar(5)' !== $field) {
			0 ignored issues – show introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `'varchar(5)' !== $field` is always `true`. Loading history...
138			$arr_table[$nt]['field'][$nf]['to_update'] = 2;
139			$update = true;
140			} else {
141			$arr_table[$nt]['field'][$nf]['to_update'] = 0;
142			}
143			$nf++;
144
145			$arr_table[$nt]['field'][$nf]['name'] = 'photo';
146			$arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.20';
147			if (!FieldType('xfguestbook_msg', 'photo')) {
148			$arr_table[$nt]['field'][$nf]['to_update'] = 1;
149			$update = true;
150			} else {
151			$arr_table[$nt]['field'][$nf]['to_update'] = 0;
152			}
153			$nf++;
154
155			$arr_table[$nt]['field'][$nf]['name'] = 'flagdir';
156			$arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.30';
157			if (!FieldType('xfguestbook_msg', 'flagdir')) {
158			$arr_table[$nt]['field'][$nf]['to_update'] = 1;
159			$update = true;
160			} else {
161			$arr_table[$nt]['field'][$nf]['to_update'] = 0;
162			}
163			$nf++;
164
165			$arr_table[$nt]['field'][$nf]['name'] = 'other';
166			$arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_ADDED . '2.30';
167			if (!FieldType('xfguestbook_msg', 'other')) {
168			$arr_table[$nt]['field'][$nf]['to_update'] = 1;
169			$update = true;
170			} else {
171			$arr_table[$nt]['field'][$nf]['to_update'] = 0;
172			}
173			$nf++;
174
175			// table xfguestbook_country
176			$nt++;
177			$nf = 0;
178			$arr_table[$nt]['name'] = 'xfguestbook_country';
179			$arr_table[$nt]['version'] = AM_XFGUESTBOOK_ADDED . '2.10';
180
181			if (!TableExist('xfguestbook_country')) {
182			$arr_table[$nt]['to_update'] = 1;
183			$update = true;
184			} else {
185			$arr_table[$nt]['to_update'] = 0;
186			$arr_table[$nt]['field'][$nf]['name'] = 'country_code';
187			$arr_table[$nt]['field'][$nf]['version'] = AM_XFGUESTBOOK_CHANGED . '2.30';
188			$field = FieldType('xfguestbook_country', 'country_code');
189			if ('varchar(5)' !== $field) {
			0 ignored issues – show introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `'varchar(5)' !== $field` is always `true`. Loading history...
190			$arr_table[$nt]['field'][$nf]['to_update'] = 2;
191			$update = true;
192			} else {
193			$arr_table[$nt]['field'][$nf]['to_update'] = 0;
194			}
195			}
196
197			// table xfguestbook_badips
198			$nt++;
199			$nf = 0;
200			$arr_table[$nt]['name'] = 'xfguestbook_badips';
201			$arr_table[$nt]['version'] = AM_XFGUESTBOOK_ADDED . '2.40';
202
203			if (!TableExist('xfguestbook_badips')) {
204			$arr_table[$nt]['to_update'] = 1;
205			$update = true;
206			}
207
208			// affichage tableau
209			echo '<form name="form1" method="post" action="upgrade.php">';
210			foreach ($arr_table as $one_table) {
211			echo "<table border='1' width='100%' cellpadding ='3' cellspacing='1'>";
212			echo '<tr><td width="40%" class="even">';
213			echo '<b>' . AM_XFGUESTBOOK_TABLE . $xoopsDB->prefix($one_table['name']) . '</b>';
214			echo '</td>';
215			// echo '<td class="even">';
216			if ($one_table['to_update'] > 0) {
217			echo '<td width="20%" class = "even"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_notok.gif\' alt=\'Pas OK\' >';
218			} else {
219			echo '<td width="20%" class = "even"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_ok.gif\' alt=\'OK\' >';
220			}
221			echo '<input type = "hidden" name = "' . $one_table['name'] . '_checked" value = "' . $one_table['to_update'] . '" >';
222			echo '</td>';
223			echo '<td class="even">' . $one_table['version'];
224			echo '</td>';
225			echo '</tr>';
226			if (isset($one_table['field'])) {
227			foreach ($one_table['field'] as $one_field) {
228			echo '<tr><td width="40%" class = "odd">';
229			echo AM_XFGUESTBOOK_FIELD . $one_field['name'];
230			echo '</td>';
231			if ($one_field['to_update'] > 0) {
232			echo '<td width="20%" class = "odd"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_notok.gif\' >';
233			} else {
234			echo '<td width="20%" class = "odd"><img src=\'' . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/assets/images/ic15_ok.gif\' >';
235			}
236			echo '<input type = "hidden" name = "' . $one_table['name'] . '_' . $one_field['name'] . '_checked" value = "' . $one_field['to_update'] . '" >';
237			echo '<td width="40%" class = "odd">' . $one_field['version'];
238			echo '</td>';
239			}
240			} else {
241			echo '<tr><td colspan="3" class = "odd">';
242			echo AM_XFGUESTBOOK_NOCHANGE;
243			echo '</td>';
244			echo '</tr>';
245			}
246			echo '</table><br>';
247			}
248
249			echo "<table border='1' width='100%' ><tr><td class = 'odd'><div align='center'>";
250			if ($update) {
			0 ignored issues – show introduced 2018-11-26 07:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `$update` is always `true`. Loading history...
251			echo AM_XFGUESTBOOK_WARNING_UPGRADE . '<br><br>';
252			echo '<input type="hidden" name="op" value="upgrade">';
253			echo '<input type="submit" name="Submit" value="' . AM_XFGUESTBOOK_UPGRADE_GO . '">';
254			} else {
255			echo AM_XFGUESTBOOK_NO_UPGRADE . '<br><br>';
256			}
257			echo '</div></td></tr></table>';
258			echo '</form>';
259			xoops_cp_footer();
260			break;
261			case 'upgrade':
262			xoops_cp_header();
263			xfguestbook_admin_menu(99);
264			$msg = '';
265			if ($xfguestbook_config_checked > 0) {
266			$sql = 'DROP TABLE ' . $xoopsDB->prefix('xfguestbook_config');
267			$result = $xoopsDB->queryF($sql);
268			if (!$result) {
269			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
270			}
271			$sqlfile = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/sql/update_config.sql'; //create + insert values
272			$error = executeSQL($sqlfile);
273			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $error . '<br>';
274			}
275			if ($xfguestbook_msg_checked > 0) {
276			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook') . ' RENAME ' . $xoopsDB->prefix('xfguestbook_msg');
277			$result = $xoopsDB->queryF($sql);
278			if (!$result) {
279			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
280			}
281			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' CHANGE `xfguestbook_id` `msg_id` INT(11) NOT NULL AUTO_INCREMENT';
282			$result = $xoopsDB->queryF($sql);
283			if (!$result) {
284			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
285			}
286			}
287			if ($xfguestbook_msg_photo_checked > 0) {
288			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `photo` VARCHAR(25) NOT NULL';
289			$result = $xoopsDB->queryF($sql);
290			if (!$result) {
291			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
292			}
293			}
294			if ($xfguestbook_msg_gender_checked > 0) {
295			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `gender` TINYINT(1) NOT NULL';
296			$result = $xoopsDB->queryF($sql);
297			if (!$result) {
298			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
299			}
300			}
301			if (1 == $xfguestbook_msg_country_checked) {
302			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `country` VARCHAR(5) NOT NULL';
303			$result = $xoopsDB->queryF($sql);
304			if (!$result) {
305			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
306			}
307			}
308			if (2 == $xfguestbook_msg_country_checked) {
309			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' CHANGE `country` `country` CHAR(5) NOT NULL';
310			$result = $xoopsDB->queryF($sql);
311			if (!$result) {
312			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
313			}
314			}
315			if ($xfguestbook_msg_flagdir_checked > 0) {
316			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `flagdir` VARCHAR(20) NOT NULL';
317			$result = $xoopsDB->queryF($sql);
318			if (!$result) {
319			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
320			}
321			if (0 == $xfguestbook_country_checked) {
322			$sql = 'UPDATE ' . $xoopsDB->prefix('xfguestbook_msg') . " SET flagdir = 'world_flags' ";
323			$result = $xoopsDB->queryF($sql);
324			if (!$result) {
325			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
326			}
327			// $sqlfile = XOOPS_ROOT_PATH."/modules/".$xoopsModule->dirname().'/assets/images/flags/world_flags/flags_data.sql';
328			// $msg .= executeSQL($sqlfile);
329
330			/** @var \XoopsConfigHandler $configHandler */
331			$configHandler = xoops_getHandler('config');
332			$criteria = new \CriteriaCompo(new \Criteria('conf_modid', $xoopsModule->mid()));
333			$criteria->add(new \Criteria('conf_name', 'flagdir'));
334			$config = $configHandler->getConfigs($criteria);
335			/** @var \XoopsConfigItem $configItem */
336			$configItem = $config[0];
337			$value = [$configItem->getConfValueForOutput()];
338			$configItem->setVar('conf_value', 'world_flags');
339			if (!$configHandler->insertConfig($configItem)) {
340			$msg .= 'Could not insert flagdir config <bt>';
341			}
342			}
343			}
344			if (1 == $xfguestbook_msg_other_checked) {
345			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_msg') . ' ADD `other`VARCHAR(20) NOT NULL';
346			$result = $xoopsDB->queryF($sql);
347			if (!$result) {
348			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
349			}
350			}
351
352			if ($xfguestbook_country_checked > 0) {
353			$sqlfile = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/sql/create_country.sql'; //create only
354			$error = executeSQL($sqlfile);
355			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $error . '<br>';
356			} elseif ($xfguestbook_country_country_code_checked > 1) {
357			$sql = 'ALTER TABLE ' . $xoopsDB->prefix('xfguestbook_country') . ' CHANGE `country_code` `country_code` CHAR(5) NOT NULL';
358			$result = $xoopsDB->queryF($sql);
359			if (!$result) {
360			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $sql . '<br>';
361			}
362			}
363
364			if ($xfguestbook_badips_checked > 0) {
365			$sqlfile = XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->dirname() . '/sql/create_badips.sql'; //create only
366			$error = executeSQL($sqlfile);
367			$msg .= AM_XFGUESTBOOK_ERROR . ' ' . $error . '<br>';
368			}
369
370			if ('' === $msg) {
371			echo AM_XFGUESTBOOK_UPGRADE_SUCCESS;
372			}
373			xoops_cp_footer();
374			break;
375			}
376

XoopsModules25x / xfguestbook

Issues (134)

Security Analysis not enabled

admin/upgrade.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like