This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php declare(strict_types=1); |
||||
2 | |||||
3 | namespace XoopsModules\Xhelp; |
||||
4 | |||||
5 | /* |
||||
6 | * You may not change or alter any portion of this comment or credits |
||||
7 | * of supporting developers from this source code or any supporting source code |
||||
8 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||||
9 | * |
||||
10 | * This program is distributed in the hope that it will be useful, |
||||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
13 | */ |
||||
14 | |||||
15 | /** |
||||
16 | * @copyright {@link https://xoops.org/ XOOPS Project} |
||||
17 | * @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later} |
||||
18 | * @author Nazar Aziz <[email protected]> |
||||
19 | * @author XOOPS Development Team |
||||
20 | */ |
||||
21 | |||||
22 | if (!\defined('XHELP_CLASS_PATH')) { |
||||
23 | exit(); |
||||
24 | } |
||||
25 | |||||
26 | // require_once XHELP_CLASS_PATH . '/BaseObjectHandler.php'; |
||||
27 | // require_once XHELP_CLASS_PATH . '/mailbox.php'; |
||||
28 | // require_once XHELP_CLASS_PATH . '/mailboxPOP3.php'; |
||||
29 | |||||
30 | /** |
||||
31 | * DepartmentMailBoxHandler class |
||||
32 | * |
||||
33 | * Methods to work store / retrieve DepartmentMailBoxServer |
||||
34 | * objects from the database |
||||
35 | */ |
||||
36 | class DepartmentMailBoxHandler extends BaseObjectHandler |
||||
37 | { |
||||
38 | /** |
||||
39 | * Name of child class |
||||
40 | * |
||||
41 | * @var string |
||||
42 | */ |
||||
43 | public $classname = DepartmentMailBox::class; |
||||
44 | /** |
||||
45 | * DB table name |
||||
46 | * |
||||
47 | * @var string |
||||
48 | */ |
||||
49 | public $dbtable = 'xhelp_department_mailbox'; |
||||
50 | |||||
51 | private const TABLE = 'xhelp_department_mailbox'; |
||||
52 | private const ENTITY = DepartmentMailBox::class; |
||||
53 | private const ENTITYNAME = 'DepartmentMailBox'; |
||||
54 | private const KEYNAME = 'id'; |
||||
55 | private const IDENTIFIER = 'departmentid'; |
||||
56 | |||||
57 | /** |
||||
58 | * Constructor |
||||
59 | * |
||||
60 | * @param \XoopsMySQLDatabase|null $db reference to a xoopsDB object |
||||
61 | */ |
||||
62 | public function __construct(\XoopsMySQLDatabase $db = null) |
||||
63 | { |
||||
64 | $this->init($db); |
||||
65 | $this->helper = Helper::getInstance(); |
||||
66 | parent::__construct($db, static::TABLE, static::ENTITY, static::KEYNAME, static::IDENTIFIER); |
||||
67 | } |
||||
68 | |||||
69 | /** |
||||
70 | * retrieve server list by department |
||||
71 | * @param int $depid department id |
||||
72 | * @return array array of {@link DepartmentMailBox} |
||||
73 | */ |
||||
74 | public function &getByDepartment(int $depid): array |
||||
75 | { |
||||
76 | $ret = []; |
||||
77 | $depid = $depid; |
||||
78 | if ($depid > 0) { |
||||
79 | $criteria = new \Criteria('departmentid', (string)$depid); |
||||
80 | $criteria->setSort('priority'); |
||||
81 | $total = $this->getCount($criteria); |
||||
82 | |||||
83 | if ($total > 0) { |
||||
84 | $ret = $this->getObjects($criteria); |
||||
85 | |||||
86 | return $ret; |
||||
87 | } |
||||
88 | } |
||||
89 | |||||
90 | return $ret; |
||||
91 | } |
||||
92 | |||||
93 | /** |
||||
94 | * @return array |
||||
95 | */ |
||||
96 | public function &getActiveMailboxes(): array |
||||
97 | { |
||||
98 | $criteria = new \Criteria('active', '1'); |
||||
99 | $ret = $this->getObjects($criteria); |
||||
100 | |||||
101 | return $ret; |
||||
102 | } |
||||
103 | |||||
104 | /** |
||||
105 | * creates new email server entry for department |
||||
106 | * |
||||
107 | * @param int $depid |
||||
108 | * @return bool |
||||
109 | */ |
||||
110 | public function addEmailServer(int $depid): bool |
||||
111 | { |
||||
112 | /** @var \XoopsModules\Xhelp\DepartmentMailBox $server */ |
||||
113 | $server = $this->create(); |
||||
114 | $server->setVar('departmentid', $depid); |
||||
115 | |||||
116 | return $this->insert($server); |
||||
117 | } |
||||
118 | |||||
119 | /** |
||||
120 | * remove an email server |
||||
121 | * |
||||
122 | * @param \XoopsObject $object {@link DepartmentMailBox} |
||||
123 | * Mailbox to delete |
||||
124 | * @param bool $force Should bypass XOOPS delete restrictions |
||||
125 | * @return bool True on Successful delete |
||||
126 | */ |
||||
127 | public function delete(\XoopsObject $object, $force = false): bool |
||||
128 | { |
||||
129 | $helper = Helper::getInstance(); |
||||
130 | //Remove all Mail Events for mailbox |
||||
131 | /** @var \XoopsModules\Xhelp\MailEventHandler $mailEventHandler */ |
||||
132 | $mailEventHandler = $helper->getHandler('MailEvent'); |
||||
133 | $criteria = new \Criteria('mbox_id', $object->getVar('id')); |
||||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||||
134 | $mailEventHandler->deleteAll($criteria); |
||||
135 | |||||
136 | $ret = parent::delete($object, $force); |
||||
137 | |||||
138 | return $ret; |
||||
139 | } |
||||
140 | |||||
141 | /** |
||||
142 | * @param \XoopsObject $object |
||||
143 | * @return string |
||||
144 | */ |
||||
145 | public function insertQuery(\XoopsObject $object): string |
||||
146 | { |
||||
147 | //TODO mb replace with individual variables |
||||
148 | // Copy all object vars into local variables |
||||
149 | foreach ($object->cleanVars as $k => $v) { |
||||
150 | ${$k} = $v; |
||||
151 | } |
||||
152 | |||||
153 | $sql = \sprintf( |
||||
154 | 'INSERT INTO `%s` (id, departmentid, SERVER, serverport, username, PASSWORD, priority, emailaddress, mboxtype, active) VALUES (%u, %u, %s, %u, %s, %s, %u, %s, %u, %u)', |
||||
155 | $this->db->prefix($this->dbtable), |
||||
156 | $id, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
157 | $departmentid, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
158 | $this->db->quoteString($server), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
159 | $serverport, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
160 | $this->db->quoteString($username), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
161 | $this->db->quoteString($password), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
162 | $priority, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
163 | $this->db->quoteString($emailaddress), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
164 | $mboxtype, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
165 | $active |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
166 | ); |
||||
167 | |||||
168 | return $sql; |
||||
169 | } |
||||
170 | |||||
171 | /** |
||||
172 | * @param \XoopsObject $object |
||||
173 | * @return string |
||||
174 | */ |
||||
175 | public function updateQuery(\XoopsObject $object): string |
||||
176 | { |
||||
177 | //TODO mb replace with individual variables |
||||
178 | // Copy all object vars into local variables |
||||
179 | foreach ($object->cleanVars as $k => $v) { |
||||
180 | ${$k} = $v; |
||||
181 | } |
||||
182 | |||||
183 | $sql = \sprintf( |
||||
184 | 'UPDATE `%s` SET departmentid = %u, SERVER = %s, serverport = %u, username = %s, PASSWORD = %s, priority = %u, emailaddress = %s, mboxtype = %u, active = %u WHERE id = %u', |
||||
185 | $this->db->prefix($this->dbtable), |
||||
186 | $departmentid, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
187 | $this->db->quoteString($server), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
188 | $serverport, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
189 | $this->db->quoteString($username), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
190 | $this->db->quoteString($password), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
191 | $priority, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
192 | $this->db->quoteString($emailaddress), |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
193 | $mboxtype, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
194 | $active, |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
195 | $id |
||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
|
|||||
196 | ); |
||||
197 | |||||
198 | return $sql; |
||||
199 | } |
||||
200 | |||||
201 | /** |
||||
202 | * @param \XoopsObject $object |
||||
203 | * @return string |
||||
204 | */ |
||||
205 | public function deleteQuery(\XoopsObject $object): string |
||||
206 | { |
||||
207 | $sql = \sprintf('DELETE FROM `%s` WHERE id = %u', $this->db->prefix($this->dbtable), $object->getVar('id')); |
||||
0 ignored issues
–
show
It seems like
$object->getVar('id') can also be of type array and array ; however, parameter $values of sprintf() does only seem to accept double|integer|string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
208 | |||||
209 | return $sql; |
||||
210 | } |
||||
211 | } |
||||
212 |