This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | |||||
3 | namespace XoopsModules\Xsitemap; |
||||
4 | |||||
5 | /* |
||||
6 | * **************************************************************************** |
||||
7 | * xsitemap - MODULE FOR XOOPS CMS |
||||
8 | * Copyright (c) Urbanspaceman (http://www.takeaweb.it) |
||||
9 | * |
||||
10 | * You may not change or alter any portion of this comment or credits |
||||
11 | * of supporting developers from this source code or any supporting source code |
||||
12 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||||
13 | * This program is distributed in the hope that it will be useful, |
||||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
16 | */ |
||||
17 | /** |
||||
18 | * Module: xsitemap |
||||
19 | * |
||||
20 | * @package module\Xsitemap\class |
||||
21 | * @author XOOPS Module Development Team |
||||
22 | * @author Urbanspaceman (http://www.takeaweb.it) |
||||
23 | * @copyright Urbanspaceman (http://www.takeaweb.it) |
||||
24 | * @copyright XOOPS Project (https://xoops.org) |
||||
25 | * @license http://www.fsf.org/copyleft/gpl.html GNU public license |
||||
26 | * @link https://xoops.org XOOPS |
||||
27 | * @since 1.00 |
||||
28 | */ |
||||
29 | |||||
30 | /** |
||||
31 | * Class Plugin |
||||
32 | */ |
||||
33 | class Plugin extends \XoopsObject |
||||
34 | { |
||||
35 | //Constructor |
||||
36 | /** |
||||
37 | * Plugin constructor. |
||||
38 | */ |
||||
39 | public function __construct() |
||||
40 | { |
||||
41 | parent::__construct(); |
||||
42 | $this->initVar('plugin_id', \XOBJ_DTYPE_INT, null, false, 8); |
||||
43 | $this->initVar('plugin_name', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
44 | $this->initVar('plugin_mod_version', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
45 | $this->initVar('plugin_mod_table', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
46 | $this->initVar('plugin_cat_id', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
47 | $this->initVar('plugin_cat_pid', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
48 | $this->initVar('plugin_cat_name', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
49 | $this->initVar('plugin_weight', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
50 | $this->initVar('plugin_where', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
51 | $this->initVar('plugin_call', \XOBJ_DTYPE_TXTBOX, null, false); |
||||
52 | $this->initVar('plugin_submitter', \XOBJ_DTYPE_INT, null, false, 10); |
||||
53 | $this->initVar('plugin_date_created', \XOBJ_DTYPE_INT, null, false, 10); |
||||
54 | $this->initVar('plugin_online', \XOBJ_DTYPE_INT, null, false, 1); |
||||
55 | // to allow html |
||||
56 | $this->initVar('dohtml', \XOBJ_DTYPE_INT, 1, false); |
||||
57 | } |
||||
58 | |||||
59 | /** |
||||
60 | * @return string |
||||
61 | */ |
||||
62 | public function __toString() |
||||
63 | { |
||||
64 | return $this->getVar('plugin_name', 's'); |
||||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||||
65 | } |
||||
66 | |||||
67 | /** |
||||
68 | * @param bool $action |
||||
69 | * @return \XoopsThemeForm |
||||
70 | */ |
||||
71 | public function getForm($action = false) |
||||
72 | { |
||||
73 | if (false === $action) { |
||||
74 | $action = $_SERVER['REQUEST_URI']; |
||||
75 | } |
||||
76 | if ($this->isNew()) { |
||||
77 | $title = \_AM_XSITEMAP_PLUGIN_ADD; |
||||
78 | $plugin_date_created = \time(); |
||||
79 | $plugin_online = 1; |
||||
80 | } else { |
||||
81 | $title = \_AM_XSITEMAP_PLUGIN_EDIT; |
||||
82 | $plugin_date_created = $this->getVar('plugin_date_created'); |
||||
83 | $plugin_online = $this->getVar('plugin_online'); |
||||
84 | } |
||||
85 | // $title = $this->isNew() ? sprintf(_AM_XSITEMAP_PLUGIN_ADD) : sprintf(_AM_XSITEMAP_PLUGIN_EDIT); |
||||
86 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||
87 | $form = new \XoopsThemeForm($title, 'form', $action, 'post', true); |
||||
88 | $form->setExtra('enctype="multipart/form-data"'); |
||||
89 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_NAME, 'plugin_name', 50, 255, $this->getVar('plugin_name')), true); |
||||
0 ignored issues
–
show
It seems like
$this->getVar('plugin_name') can also be of type array and array ; however, parameter $value of XoopsFormText::__construct() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
90 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_MOD_VERSION, 'plugin_mod_version', 50, 255, $this->getVar('plugin_mod_version')), true); |
||||
91 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_MOD_TABLE, 'plugin_mod_table', 50, 255, $this->getVar('plugin_mod_table')), true); |
||||
92 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_CAT_ID, 'plugin_cat_id', 50, 255, $this->getVar('plugin_cat_id')), true); |
||||
93 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_CAT_PID, 'plugin_cat_pid', 50, 255, $this->getVar('plugin_cat_pid')), true); |
||||
94 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_CAT_NAME, 'plugin_cat_name', 50, 255, $this->getVar('plugin_cat_name')), true); |
||||
95 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_WEIGHT, 'plugin_weight', 50, 255, $this->getVar('plugin_weight')), true); |
||||
96 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_WHERE, 'plugin_where', 50, 255, $this->getVar('plugin_where')), false); |
||||
97 | $form->addElement(new \XoopsFormText(\_AM_XSITEMAP_PLUGIN_CALL, 'plugin_call', 50, 255, $this->getVar('plugin_call')), true); |
||||
98 | $form->addElement(new \XoopsFormSelectUser(\_AM_XSITEMAP_PLUGIN_SUBMITTER, 'plugin_submitter', false, $this->getVar('plugin_submitter'), 1, false), true); |
||||
99 | // $plugin_date_created = $this->isNew() ? time() : $this->getVar("plugin_date_created"); |
||||
100 | $form->addElement(new \XoopsFormTextDateSelect(\_AM_XSITEMAP_PLUGIN_DATE_CREATED, 'plugin_date_created', '', $plugin_date_created)); |
||||
0 ignored issues
–
show
'' of type string is incompatible with the type integer expected by parameter $size of XoopsFormTextDateSelect::__construct() .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
101 | // $plugin_online = $this->isNew() ? 1 : $this->getVar("plugin_online"); |
||||
102 | $check_plugin_online = new \XoopsFormCheckBox(\_AM_XSITEMAP_PLUGIN_ONLINE, 'plugin_online', $plugin_online); |
||||
103 | $check_plugin_online->addOption(1, ' '); |
||||
104 | $form->addElement($check_plugin_online); |
||||
105 | $form->addElement(new \XoopsFormHidden('op', 'save_plugin')); |
||||
106 | if (!$this->isNew()) { |
||||
107 | $form->addElement(new \XoopsFormHidden('plugin_id', $this->getVar('plugin_id'))); |
||||
0 ignored issues
–
show
It seems like
$this->getVar('plugin_id') can also be of type array and array ; however, parameter $value of XoopsFormHidden::__construct() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
108 | } |
||||
109 | $form->addElement(new \XoopsFormButtonTray('submit', _SUBMIT)); |
||||
110 | |||||
111 | return $form; |
||||
112 | } |
||||
113 | |||||
114 | /** |
||||
115 | * Get Values |
||||
116 | * @param null|array $keys |
||||
117 | * @param null|string $format |
||||
118 | * @param null|int $maxDepth |
||||
119 | * @return array |
||||
120 | */ |
||||
121 | public function getValuesPlugins($keys = null, $format = null, $maxDepth = null) |
||||
122 | { |
||||
123 | $ret = $this->getValues($keys, $format, $maxDepth); |
||||
124 | $ret['date_created'] = \formatTimestamp($this->getVar('plugin_date_created'), 'm'); |
||||
125 | $ret['submitter'] = \XoopsUser::getUnameFromId($this->getVar('plugin_submitter')); |
||||
126 | |||||
127 | return $ret; |
||||
128 | } |
||||
129 | |||||
130 | } |
||||
131 |