 XoopsModules25x    /
                    xnewsletter
                      XoopsModules25x    /
                    xnewsletter
                
                            This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include, or for example
                                via PHP's auto-loading mechanism.
                                                    These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
| 1 | <?php | ||
| 2 | |||
| 3 | namespace XoopsModules\Xnewsletter; | ||
| 4 | |||
| 5 | /** | ||
| 6 | * **************************************************************************** | ||
| 7 | * - A Project by Developers TEAM For Xoops - ( https://xoops.org ) | ||
| 8 | * **************************************************************************** | ||
| 9 | * XNEWSLETTER - MODULE FOR XOOPS | ||
| 10 | * Copyright (c) 2007 - 2012 | ||
| 11 | * Goffy ( wedega.com ) | ||
| 12 | * | ||
| 13 | * You may not change or alter any portion of this comment or credits | ||
| 14 | * of supporting developers from this source code or any supporting | ||
| 15 | * source code which is considered copyrighted (c) material of the | ||
| 16 | * original comment or credit authors. | ||
| 17 | * | ||
| 18 | * This program is distributed in the hope that it will be useful, | ||
| 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 21 | * GNU General Public License for more details. | ||
| 22 | * --------------------------------------------------------------------------- | ||
| 23 | * @copyright Goffy ( wedega.com ) | ||
| 24 | * @license GPL 2.0 | ||
| 25 | * @package xnewsletter | ||
| 26 | * @author Goffy ( [email protected] ) | ||
| 27 | * | ||
| 28 | * **************************************************************************** | ||
| 29 | */ | ||
| 30 | |||
| 31 | //use XoopsModules\Xnewsletter; | ||
| 32 | |||
| 33 | require_once dirname(__DIR__) . '/include/common.php'; | ||
| 34 | |||
| 35 | /** | ||
| 36 | * Class Cat | ||
| 37 | */ | ||
| 38 | class Cat extends \XoopsObject | ||
| 39 | { | ||
| 40 | /** | ||
| 41 | * @access public | ||
| 42 | */ | ||
| 43 | public $helper = null; | ||
| 44 | public $db; | ||
| 45 | |||
| 46 | //Constructor | ||
| 47 | |||
| 48 | public function __construct() | ||
| 49 |     { | ||
| 50 | $this->helper = Helper::getInstance(); | ||
| 51 | $this->db = \XoopsDatabaseFactory::getDatabaseConnection(); | ||
| 52 |         $this->initVar('cat_id', XOBJ_DTYPE_INT, null, false); | ||
| 53 |         $this->initVar('cat_name', XOBJ_DTYPE_TXTBOX, '', false, 100); | ||
| 54 |         $this->initVar('cat_info', XOBJ_DTYPE_TXTAREA, '', false); | ||
| 55 |         $this->initVar('cat_mailinglist', XOBJ_DTYPE_INT, 0, false); | ||
| 56 |         $this->initVar('cat_submitter', XOBJ_DTYPE_INT, null, false); | ||
| 57 |         $this->initVar('cat_created', XOBJ_DTYPE_INT, time(), false); | ||
| 58 |         $this->initVar('dohtml', XOBJ_DTYPE_INT, false); // boolean | ||
| 59 |         $this->initVar('dosmiley', XOBJ_DTYPE_INT, true); // boolean | ||
| 60 |         $this->initVar('doxcode', XOBJ_DTYPE_INT, true); // boolean | ||
| 61 |         $this->initVar('doimage', XOBJ_DTYPE_INT, true); // boolean | ||
| 62 |         $this->initVar('dobr', XOBJ_DTYPE_INT, true); // boolean | ||
| 63 | } | ||
| 64 | |||
| 65 | /** | ||
| 66 | * @param bool $action | ||
| 67 | * | ||
| 68 | * @return \XoopsThemeForm | ||
| 69 | */ | ||
| 70 | public function getForm($action = false) | ||
| 71 |     { | ||
| 72 | global $xoopsDB; | ||
| 73 | |||
| 74 | /** @var \XoopsGroupPermHandler $grouppermHandler */ | ||
| 75 |         $grouppermHandler = xoops_getHandler('groupperm'); | ||
| 76 | |||
| 77 |         if (false === $action) { | ||
| 78 | $action = $_SERVER['REQUEST_URI']; | ||
| 79 | } | ||
| 80 | |||
| 81 | $title = $this->isNew() ? sprintf(_AM_XNEWSLETTER_CAT_ADD) : sprintf(_AM_XNEWSLETTER_CAT_EDIT); | ||
| 82 | |||
| 83 | require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php'; | ||
| 84 | $form = new \XoopsThemeForm($title, 'form', $action, 'post', true); | ||
| 85 |         $form->setExtra('enctype="multipart/form-data"'); | ||
| 86 | |||
| 87 | // cat_name | ||
| 88 |         $form->addElement(new \XoopsFormText(_AM_XNEWSLETTER_CAT_NAME, 'cat_name', 50, 255, $this->getVar('cat_name', 'e')), true); | ||
| 89 | |||
| 90 | // cat_info | ||
| 91 |         $cat_info_dhtemtextarea = new \XoopsFormDhtmlTextArea(_AM_XNEWSLETTER_CAT_INFO, 'cat_info', $this->getVar('cat_info', 'e'), 10, 50); | ||
| 92 | $cat_info_dhtemtextarea->setDescription(_AM_XNEWSLETTER_CAT_INFO_DESC); | ||
| 93 | $form->addElement($cat_info_dhtemtextarea, false); | ||
| 94 | |||
| 95 | // category: dohtml, dosmiley, doxcode, doimage, dobr | ||
| 96 | $options_tray = new \XoopsFormElementTray(_AM_XNEWSLETTER_TEXTOPTIONS, ' '); | ||
| 97 | $options_tray->setDescription(_AM_XNEWSLETTER_TEXTOPTIONS_DESC); | ||
| 98 |         $html_checkbox = new \XoopsFormCheckBox('', 'dohtml', $this->getVar('dohtml')); | ||
| 99 | $html_checkbox->addOption(1, _AM_XNEWSLETTER_ALLOWHTML); | ||
| 100 | $options_tray->addElement($html_checkbox); | ||
| 101 |         $smiley_checkbox = new \XoopsFormCheckBox('', 'dosmiley', $this->getVar('dosmiley')); | ||
| 102 | $smiley_checkbox->addOption(1, _AM_XNEWSLETTER_ALLOWSMILEY); | ||
| 103 | $options_tray->addElement($smiley_checkbox); | ||
| 104 |         $xcodes_checkbox = new \XoopsFormCheckBox('', 'doxcode', $this->getVar('doxcode')); | ||
| 105 | $xcodes_checkbox->addOption(1, _AM_XNEWSLETTER_ALLOWXCODE); | ||
| 106 | $options_tray->addElement($xcodes_checkbox); | ||
| 107 |         $noimages_checkbox = new \XoopsFormCheckBox('', 'doimage', $this->getVar('doimage')); | ||
| 108 | $noimages_checkbox->addOption(1, _AM_XNEWSLETTER_ALLOWIMAGES); | ||
| 109 | $options_tray->addElement($noimages_checkbox); | ||
| 110 |         $breaks_checkbox = new \XoopsFormCheckBox('', 'dobr', $this->getVar('dobr')); | ||
| 111 | $breaks_checkbox->addOption(1, _AM_XNEWSLETTER_ALLOWBREAK); | ||
| 112 | $options_tray->addElement($breaks_checkbox); | ||
| 113 | $form->addElement($options_tray); | ||
| 114 | |||
| 115 | // cat_gperms... | ||
| 116 | /** @var \XoopsMemberHandler $memberHandler */ | ||
| 117 |         $memberHandler = xoops_getHandler('member'); | ||
| 118 | $userGroups = $memberHandler->getGroupList(); | ||
| 119 | // create admin checkbox | ||
| 120 |         foreach ($userGroups as $group_id => $group_name) { | ||
| 121 |             if (XOOPS_GROUP_ADMIN == $group_id) { | ||
| 122 | $group_id_admin = $group_id; | ||
| 123 | $group_name_admin = $group_name; | ||
| 124 | } | ||
| 125 | } | ||
| 126 |         $select_perm_admin = new \XoopsFormCheckBox('', 'admin', XOOPS_GROUP_ADMIN); | ||
| 127 | $select_perm_admin->addOption($group_id_admin, $group_name_admin); | ||
| 0 ignored issues–
                            show The variable  $group_name_admindoes not seem to be defined for all execution paths leading up to this point.If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;
        case 'bar':
            $x = 2;
            break;
    }
    // $x is potentially undefined here.
    echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
  Loading history... | |||
| 128 |         $select_perm_admin->setExtra("disabled='disabled'"); | ||
| 129 | |||
| 130 | // permission read cat | ||
| 131 |         $cat_gperms_read     = $grouppermHandler->getGroupIds('newsletter_read_cat', $this->getVar('cat_id'), $this->helper->getModule()->mid()); | ||
| 132 | $arr_cat_gperms_read = $this->isNew() ? '0' : $cat_gperms_read; | ||
| 133 | $perms_tray = new \XoopsFormElementTray(_AM_XNEWSLETTER_CAT_GPERMS_READ, ''); | ||
| 134 | // checkbox webmaster | ||
| 135 | $perms_tray->addElement($select_perm_admin, false); | ||
| 136 | // checkboxes other groups | ||
| 137 |         $select_perm = new \XoopsFormCheckBox('', 'cat_gperms_read', $arr_cat_gperms_read); | ||
| 138 |         foreach ($userGroups as $group_id => $group_name) { | ||
| 139 |             if (XOOPS_GROUP_ADMIN != $group_id) { | ||
| 140 | $select_perm->addOption($group_id, $group_name); | ||
| 141 | } | ||
| 142 | } | ||
| 143 | $perms_tray->addElement($select_perm, false); | ||
| 144 | $form->addElement($perms_tray, false); | ||
| 145 | unset($perms_tray); | ||
| 146 | unset($select_perm); | ||
| 147 | |||
| 148 | // permission create cat | ||
| 149 |         $cat_gperms_create     = $grouppermHandler->getGroupIds('newsletter_create_cat', $this->getVar('cat_id'), $this->helper->getModule()->mid()); | ||
| 150 | $arr_cat_gperms_create = $this->isNew() ? '0' : $cat_gperms_create; | ||
| 151 | $perms_tray = new \XoopsFormElementTray(_AM_XNEWSLETTER_CAT_GPERMS_CREATE . _AM_XNEWSLETTER_CAT_GPERMS_CREATE_DESC, ''); | ||
| 152 | // checkbox webmaster | ||
| 153 | $perms_tray->addElement($select_perm_admin, false); | ||
| 154 | // checkboxes other groups | ||
| 155 |         $select_perm = new \XoopsFormCheckBox('', 'cat_gperms_create', $arr_cat_gperms_create); | ||
| 156 | View Code Duplication |         foreach ($userGroups as $group_id => $group_name) { | |
| 0 ignored issues–
                            show This code seems to be duplicated across your project.
                                             Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.  Loading history... | |||
| 157 |             if (XOOPS_GROUP_ADMIN != $group_id && XOOPS_GROUP_ANONYMOUS != $group_id) { | ||
| 158 | $select_perm->addOption($group_id, $group_name); | ||
| 159 | } | ||
| 160 | } | ||
| 161 | $perms_tray->addElement($select_perm, false); | ||
| 162 | $form->addElement($perms_tray, false); | ||
| 163 | unset($perms_tray); | ||
| 164 | unset($select_perm); | ||
| 165 | |||
| 166 | // permission admin cat | ||
| 167 |         $cat_gperms_admin     = $grouppermHandler->getGroupIds('newsletter_admin_cat', $this->getVar('cat_id'), $this->helper->getModule()->mid()); | ||
| 168 | $arr_cat_gperms_admin = $this->isNew() ? '0' : $cat_gperms_admin; | ||
| 169 | $perms_tray = new \XoopsFormElementTray(_AM_XNEWSLETTER_CAT_GPERMS_ADMIN . _AM_XNEWSLETTER_CAT_GPERMS_ADMIN_DESC, ''); | ||
| 170 | // checkbox webmaster | ||
| 171 | $perms_tray->addElement($select_perm_admin, false); | ||
| 172 | // checkboxes other groups | ||
| 173 |         $select_perm = new \XoopsFormCheckBox('', 'cat_gperms_admin', $arr_cat_gperms_admin); | ||
| 174 | View Code Duplication |         foreach ($userGroups as $group_id => $group_name) { | |
| 0 ignored issues–
                            show This code seems to be duplicated across your project.
                                             Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.  Loading history... | |||
| 175 |             if (XOOPS_GROUP_ADMIN != $group_id && XOOPS_GROUP_ANONYMOUS != $group_id) { | ||
| 176 | $select_perm->addOption($group_id, $group_name); | ||
| 177 | } | ||
| 178 | } | ||
| 179 | $perms_tray->addElement($select_perm, false); | ||
| 180 | $form->addElement($perms_tray, false); | ||
| 181 | unset($perms_tray); | ||
| 182 | unset($select_perm); | ||
| 183 | |||
| 184 | // permission list subscriber of this cat | ||
| 185 |         $cat_gperms_list      = $grouppermHandler->getGroupIds('newsletter_list_cat', $this->getVar('cat_id'), $this->helper->getModule()->mid()); | ||
| 186 | $arr_cat_gperms_admin = $this->isNew() ? '0' : $cat_gperms_list; | ||
| 187 | |||
| 188 | $perms_tray = new \XoopsFormElementTray(_AM_XNEWSLETTER_CAT_GPERMS_LIST, ''); | ||
| 189 | // checkbox webmaster | ||
| 190 | $perms_tray->addElement($select_perm_admin, false); | ||
| 191 | // checkboxes other groups | ||
| 192 |         $select_perm = new \XoopsFormCheckBox('', 'cat_gperms_list', $arr_cat_gperms_admin); | ||
| 193 | View Code Duplication |         foreach ($userGroups as $group_id => $group_name) { | |
| 0 ignored issues–
                            show This code seems to be duplicated across your project.
                                             Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.  Loading history... | |||
| 194 |             if (XOOPS_GROUP_ADMIN != $group_id && XOOPS_GROUP_ANONYMOUS != $group_id) { | ||
| 195 | $select_perm->addOption($group_id, $group_name); | ||
| 196 | } | ||
| 197 | } | ||
| 198 | $perms_tray->addElement($select_perm, false); | ||
| 199 | $form->addElement($perms_tray, false); | ||
| 200 | unset($perms_tray); | ||
| 201 | unset($select_perm); | ||
| 202 | |||
| 203 | // cat_mailinglist | ||
| 204 |         $cat_mailinglist     = $this->isNew() ? '0' : $this->getVar('cat_mailinglist'); | ||
| 205 | $mailinglistCriteria = new \CriteriaCompo(); | ||
| 206 |         $mailinglistCriteria->setSort('mailinglist_id'); | ||
| 207 |         $mailinglistCriteria->setOrder('ASC'); | ||
| 208 |         $numrows_mailinglist = $this->helper->getHandler('Mailinglist')->getCount(); | ||
| 209 |         if ($numrows_mailinglist > 0) { | ||
| 210 | $opt_mailinglist = new \XoopsFormRadio(_AM_XNEWSLETTER_LETTER_MAILINGLIST, 'cat_mailinglist', $cat_mailinglist); | ||
| 211 |             $opt_mailinglist->addOption('0', _AM_XNEWSLETTER_LETTER_MAILINGLIST_NO); | ||
| 212 |             $mailinglistObjs = $this->helper->getHandler('Mailinglist')->getAll($mailinglistCriteria); | ||
| 213 |             foreach ($mailinglistObjs as $mailinglist_id => $mailinglistObj) { | ||
| 214 |                 $opt_mailinglist->addOption($mailinglist_id, $mailinglistObj->getVar('mailinglist_name')); | ||
| 215 | } | ||
| 216 | $form->addElement($opt_mailinglist); | ||
| 217 | } | ||
| 218 | |||
| 219 |         $time = $this->isNew() ? time() : $this->getVar('cat_created'); | ||
| 220 | $form->addElement(new \XoopsFormLabel(_AM_XNEWSLETTER_SUBMITTER, $GLOBALS['xoopsUser']->uname())); | ||
| 221 | $form->addElement(new \XoopsFormLabel(_AM_XNEWSLETTER_CREATED, formatTimestamp($time, 's'))); | ||
| 222 | |||
| 223 |         $form->addElement(new \XoopsFormHidden('op', 'save_cat')); | ||
| 224 |         $form->addElement(new \XoopsFormButtonTray('', _SUBMIT, 'submit', '', false)); | ||
| 225 | |||
| 226 | return $form; | ||
| 227 | } | ||
| 228 | |||
| 229 | /** | ||
| 230 | * Get Values | ||
| 231 | * @param null $keys | ||
| 232 | * @param string|null $format | ||
| 233 | * @param int|null $maxDepth | ||
| 234 | * @return array | ||
| 235 | */ | ||
| 236 | public function getValuesCat($keys = null, $format = null, $maxDepth = null) | ||
| 237 |     { | ||
| 238 | $helper = \XoopsModules\Xnewsletter\Helper::getInstance(); | ||
| 239 | $ret = $this->getValues($keys, $format, $maxDepth); | ||
| 240 |         $ret['id']               = $this->getVar('cat_id'); | ||
| 241 |         $ret['name']             = $this->getVar('cat_name'); | ||
| 242 |         $ret['info']             = $this->getVar('cat_info'); | ||
| 243 |         $ret['mailinglist']      = $this->getVar('cat_mailinglist'); | ||
| 244 | $ret['mailinglist_text'] = ''; | ||
| 245 |         if ((int)$this->getVar('cat_mailinglist') > 0) { | ||
| 246 |             $ret['mailinglist_text'] = $helper->getHandler('Mailinglist')->get($this->getVar('cat_mailinglist'))->getVar('mailinglist_name'); | ||
| 247 | } | ||
| 248 |         $ret['dohtml']    = $this->getVar('dohtml'); | ||
| 249 |         $ret['dosmiley']  = $this->getVar('dosmiley'); | ||
| 250 |         $ret['doxcode']   = $this->getVar('doxcode'); | ||
| 251 |         $ret['doimage']   = $this->getVar('doimage'); | ||
| 252 |         $ret['dobr']      = $this->getVar('dobr'); | ||
| 253 |         $ret['created']   = formatTimestamp($this->getVar('cat_created'), 's'); | ||
| 254 |         $ret['submitter'] = \XoopsUser::getUnameFromId($this->getVar('cat_submitter')); | ||
| 255 | return $ret; | ||
| 256 | } | ||
| 257 | } | ||
| 258 | 
 
                                
If you define a variable conditionally, it can happen that it is not defined for all execution paths.
Let’s take a look at an example:
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.
Available Fixes
Check for existence of the variable explicitly:
Define a default value for the variable:
Add a value for the missing path: