Issues in comments.php (develop) - Issues in develop - blitze/phpBB-ext-sitemaker_content - Measure and Improve Code Quality continuously with Scrutinizer

Issues (81)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

services/comments/comments.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php
/**
 *
 * @package sitemaker
 * @copyright (c) 2016 Daniel A. (blitze)
 * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */

namespace blitze\content\services\comments;

class comments extends form implements comments_interface
{
	/** @var \phpbb\content_visibility */
	protected $content_visibility;

	/** @var \phpbb\db\driver\driver_interface */
	protected $db;

	/** @var \phpbb\pagination */
	protected $pagination;

	/** @var \phpbb\request\request_interface */
	protected $request;

	/** @var \phpbb\template\context */
	protected $template_context;

	/** @var \blitze\sitemaker\services\forum\data */
filter:
    dependency_paths: ["lib/*"]
	protected $forum;

	/** @var \blitze\content\services\topic */
	protected $topic;

	/** @var array */
	private $sort_dir_sql = array('a' => 'ASC', 'd' => 'DESC');

	/** @var array */
	private $sort_by_sql = array(
		't' => 'p.post_time',
		's' => 'p.post_subject, p.post_id',
	);

	/**
	 * Constructor
	 *
	 * @param \phpbb\auth\auth							$auth				Auth object
	 * @param \phpbb\config\config						$config				Config object
	 * @param \phpbb\content_visibility					$content_visibility	Phpbb Content visibility object
	 * @param \phpbb\db\driver\driver_interface			$db					Database object
	 * @param \phpbb\language\language					$language			Language Object
	 * @param \phpbb\pagination							$pagination			Pagination object
	 * @param \phpbb\request\request_interface			$request			Request object
	 * @param \phpbb\template\template					$template			Template object
	 * @param \phpbb\template\context					$template_context	Template context object
	 * @param \phpbb\user								$user				User object
	 * @param \blitze\sitemaker\services\forum\data		$forum				Forum Data object
	 * @param \blitze\content\services\topic			$topic				Topic object
	 * @param string									$root_path			Path to the phpbb directory.
	 * @param string									$php_ext			php file extension
	*/
	public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\content_visibility $content_visibility, \phpbb\db\driver\driver_interface $db, \phpbb\language\language $language, \phpbb\pagination $pagination, \phpbb\request\request_interface $request, \phpbb\template\template $template, \phpbb\template\context $template_context, \phpbb\user $user, \blitze\sitemaker\services\forum\data $forum, \blitze\content\services\topic $topic, $root_path, $php_ext)
	{
		parent::__construct($auth, $config, $language, $template, $user, $root_path, $php_ext);

		$this->content_visibility = $content_visibility;
		$this->db = $db;
		$this->pagination = $pagination;
		$this->request = $request;
		$this->template_context = $template_context;
		$this->forum = $forum;
		$this->topic = $topic;
	}

	/**
	 * @inheritdoc
	 */
	public function get_langname()
	{
		return 'COMMENTS';
	}

	/**
	 * @inheritdoc
	 */
	public function count(array $topic_data)
	{
		return $this->content_visibility->get_count('topic_posts', $topic_data, $topic_data['forum_id']) - 1;
	}

	/**
	 * Show comments for topic
	 *
	 * @param string $content_type
	 * @param array $topic_data
	 * @param array $update_count
	 * @param array $settings
	 * @return void
	 */
	public function show_comments($content_type, array $topic_data, array &$update_count, array $settings = array())
	{
		if ($topic_data['total_comments'])
		{
			$view		= $this->request->variable('view', '');
			$start		= $this->request->variable('start', 0);
			$post_id	= $this->request->variable('p', 0);

			$this->find_unread($view, $topic_data);

			$sort_days = 0;
			$sort_key = $sort_dir = $u_sort_param = '';
			$this->set_sorting_options($sort_days, $sort_key, $sort_dir, $u_sort_param);

			$base_url = append_sid(trim(build_url(array('start', 'p')), '?'), (strlen($u_sort_param)) ? $u_sort_param : '');
			$this->build_pagination($start, (int) $settings['per_page'], $post_id, $topic_data, $sort_dir, $base_url);

			$this->forum->query()
				->fetch_date_range(time(), $sort_days * 86400, 'post')
				->build();
			$posts_data = $this->forum->get_post_data(false, array(), $settings['per_page'], $start, array(
				'WHERE'		=> array(
					'p.topic_id = ' . (int) $topic_data['topic_id'],
					'p.post_id <> ' . (int) $topic_data['topic_first_post_id'],
				),
				'ORDER_BY'	=> $this->sort_by_sql[$sort_key] . ' ' . $this->sort_dir_sql[$sort_dir],
			));

			$topic_tracking_info = $this->forum->get_topic_tracking_info();
			$users_cache = $this->forum->get_posters_info();

			$this->show_posts($topic_data, array_values(array_shift($posts_data)), $topic_tracking_info, $users_cache, $update_count, $content_type, $start);
		}
	}

	/**
	 * @param array $topic_data
	 * @param array $posts_data
	 * @param array $topic_tracking_info
	 * @param array $users_cache
	 * @param array $update_count
	 * @param string $type
	 * @param int $start
	 * @return void
	 */
	protected function show_posts(array $topic_data, array $posts_data, array $topic_tracking_info, array $users_cache, array &$update_count, $type, $start)
	{
		$attachments = $this->forum->get_attachments($topic_data['forum_id']);
		$this->set_form_action($topic_data['topic_url'], $start);

		for ($i = 0, $size = sizeof($posts_data); $i < $size; $i++)
		{
			$row = $posts_data[$i];
			$poster_id = $row['poster_id'];

			$this->template->assign_block_vars('postrow', array_merge(
				$this->topic->get_detail_template_data($type, $topic_data, $row, $users_cache, $attachments, $topic_tracking_info, $update_count),
				$this->get_attachments_tpl_data($row['post_id'], $attachments),
				array(
					'POST_SUBJECT'				=> $row['post_subject'],
					'POST_DATE'					=> $this->user->format_date($row['post_time'], false, false),
					'POSTER_WARNINGS'			=> $this->get_poster_warnings($users_cache[$poster_id]),
					'S_POST_REPORTED'			=> $this->get_report_status($row),
					'S_TOPIC_POSTER'			=> ($topic_data['topic_poster'] == $poster_id) ? true : false,
				)
			));

			$this->topic->show_attachments($attachments, $row['post_id'], 'postrow.attachment');
		}
	}

	/**
	 * @param string $view
	 * @param array $topic_data
	 * @retrun void
	 */
	protected function find_unread($view, array $topic_data)
	{
		if ($view === 'unread')
		{
			$forum_id = (int) $topic_data['forum_id'];
			$topic_id = (int) $topic_data['topic_id'];

			// Get topic tracking info
			$topic_tracking_info = get_complete_topic_tracking($forum_id, $topic_id);
			$topic_last_read = (isset($topic_tracking_info[$topic_id])) ? $topic_tracking_info[$topic_id] : 0;

			$sql = 'SELECT post_id, topic_id, forum_id
				FROM ' . POSTS_TABLE . "
				WHERE topic_id = $topic_id
					AND " . $this->content_visibility->get_visibility_sql('post', $forum_id) . "
					AND post_time > $topic_last_read
					AND forum_id = $forum_id
				ORDER BY post_time ASC, post_id ASC";
			$result = $this->db->sql_query_limit($sql, 1);
			$row = $this->db->sql_fetchrow($result);
			$this->db->sql_freeresult($result);

			if ($row)
			{
				redirect(append_sid($topic_data['topic_url'], 'p=' . $row['post_id']) . '#p' . $row['post_id']);
			}
		}
	}

	/**
	 * This is for determining where we are (page)
	 * @param int $start
	 * @param int $posts_per_page
	 * @param int $post_id
	 * @param array $topic_data
	 * @param string $sort_dir
	 * @param string $base_url
	 * @return void
	 */
	protected function build_pagination(&$start, $posts_per_page, $post_id, array $topic_data, $sort_dir, $base_url)
	{
		if ($post_id)
		{
			$post_info = $this->get_post_info($post_id);
			$this->check_requested_post_id($post_info, $topic_data, $base_url);

			$prev_posts = $this->get_next_posts_count($post_info, $topic_data, $sort_dir, $post_id);
			$start = (int) floor($prev_posts / $posts_per_page) * $posts_per_page;
		}

		$start = $this->pagination->validate_start($start, $posts_per_page, $topic_data['total_comments']);
		$this->pagination->generate_template_pagination($base_url, 'pagination', 'start', $topic_data['total_comments'], $posts_per_page, $start);
		$this->add_comment_anchor_to_pages();
	}

	/**
	 * @return void
	 */
	protected function add_comment_anchor_to_pages()
	{
		$data =& $this->template_context->get_data_ref()['pagination'];
		$data = (array) $data;

		foreach ($data as &$row)
		{
			$row['PAGE_URL'] .= '#comments';
		}
	}

	/**
	 * @param array $post_info
	 * @param array $topic_data
	 * @param string $base_url
	 * @return void
	 */
	protected function check_requested_post_id(array $post_info, array $topic_data, $base_url)
	{
		// are we where we are supposed to be?
		if (($post_info['post_visibility'] == ITEM_UNAPPROVED || $post_info['post_visibility'] == ITEM_REAPPROVE) && !$this->auth->acl_get('m_approve', $topic_data['forum_id']))
		{
			// If post_id was submitted, we try at least to display the topic as a last resort...
			if ($topic_data['topic_id'])
			{
				redirect($base_url);
			}

			trigger_error('NO_TOPIC');
		}
	}

	/**
	 * @param array $post_info
	 * @param array $topic_data
	 * @param string $sort_dir
	 * @param int $post_id
	 * @return int
	 */
	protected function get_next_posts_count(array $post_info, array $topic_data, $sort_dir, $post_id)
	{
		if ($post_id == $topic_data['topic_first_post_id'] || $post_id == $topic_data['topic_last_post_id'])
		{
			$check_sort = ($post_id == $topic_data['topic_first_post_id']) ? 'd' : 'a';

			$prev_posts_count = 0;
			if ($sort_dir == $check_sort)
			{
				$prev_posts_count = $this->content_visibility->get_count('topic_posts', $topic_data, $topic_data['forum_id']) - 1;
			}
			return $prev_posts_count;
		}
		else
		{
			return $this->get_prev_posts_count($post_info, $topic_data['forum_id'], $topic_data['topic_id'], $sort_dir) - 1;
		}
	}

	/**
	 * @param array $row
	 * @param int $forum_id
	 * @param int $topic_id
	 * @param string $sort_dir
	 * @return int
	 */
	protected function get_prev_posts_count(array $row, $forum_id, $topic_id, $sort_dir)
	{
		$sql = 'SELECT COUNT(p.post_id) AS prev_posts
			FROM ' . POSTS_TABLE . " p
			WHERE p.topic_id = $topic_id
				AND " . $this->content_visibility->get_visibility_sql('post', $forum_id, 'p.');

		if ($sort_dir == 'd')
		{
			$sql .= " AND (p.post_time > {$row['post_time']} OR (p.post_time = {$row['post_time']} AND p.post_id >= {$row['post_id']}))";
		}
		else
		{
			$sql .= " AND (p.post_time < {$row['post_time']} OR (p.post_time = {$row['post_time']} AND p.post_id <= {$row['post_id']}))";
		}

		$result = $this->db->sql_query($sql);
		$row = $this->db->sql_fetchrow($result);
		$this->db->sql_freeresult($result);

		return $row['prev_posts'];
	}

	/**
	 * @param int $post_id
	 * @return array
	 */
	protected function get_post_info($post_id)
	{
		$sql = 'SELECT post_id, post_time, post_visibility
			FROM ' . POSTS_TABLE . ' p
			WHERE post_id = ' . (int) $post_id;
		$result = $this->db->sql_query($sql);
		$row = $this->db->sql_fetchrow($result);
		$this->db->sql_freeresult($result);

		return $row;
	}

	/**
	 * @param int $sort_days
	 * @param string $sort_key
	 * @param string $sort_dir
	 * @param string $u_sort_param
	 * @return void
	 */
	protected function set_sorting_options(&$sort_days, &$sort_key, &$sort_dir, &$u_sort_param)
	{
		$default_sort_days	= (!empty($this->user->data['user_post_show_days'])) ? $this->user->data['user_post_show_days'] : 0;
		$default_sort_key	= (!empty($this->user->data['user_post_sortby_type'])) ? $this->user->data['user_post_sortby_type'] : 't';
		$default_sort_dir	= (!empty($this->user->data['user_post_sortby_dir'])) ? $this->user->data['user_post_sortby_dir'] : 'a';

		$sort_days	= $this->request->variable('st', $default_sort_days);
		$sort_key	= $this->request->variable('sk', $default_sort_key);
		$sort_dir	= $this->request->variable('sd', $default_sort_dir);

		$limit_days = array(0 => $this->language->lang('ALL_POSTS'), 1 => $this->language->lang('1_DAY'), 7 => $this->language->lang('7_DAYS'), 14 => $this->language->lang('2_WEEKS'), 30 => $this->language->lang('1_MONTH'), 90 => $this->language->lang('3_MONTHS'), 180 => $this->language->lang('6_MONTHS'), 365 => $this->language->lang('1_YEAR'));
		$sort_by_text = array('t' => $this->language->lang('POST_TIME'), 's' => $this->language->lang('SUBJECT'));

		$s_limit_days = $s_sort_key = $s_sort_dir = '';
		gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param, $default_sort_days, $default_sort_key, $default_sort_dir);

		$this->template->assign_vars(array(
			'S_SELECT_SORT_DIR' 	=> $s_sort_dir,
			'S_SELECT_SORT_KEY' 	=> $s_sort_key,
			'S_SELECT_SORT_DAYS' 	=> $s_limit_days,
		));
	}

	/**
	 * @param int $post_id
	 * @param array $attachments
	 * @return array
	 */
	protected function get_attachments_tpl_data($post_id, array $attachments)
	{
		$has_attachments = $multi_attachments = false;
		if (!empty($attachments[$post_id]))
		{
			$has_attachments = true;
			$multi_attachments = sizeof($attachments[$post_id]) > 1;
		}

		return array(
			'S_HAS_ATTACHMENTS'			=> $has_attachments,
			'S_MULTIPLE_ATTACHMENTS'	=> $multi_attachments,
		);
	}

	/**
	 * @param array $poster_info
	 * @return int
	 */
	protected function get_poster_warnings(array $poster_info)
	{
		return ($this->auth->acl_get('m_warn') && !empty($poster_info['warnings'])) ? $poster_info['warnings'] : 0;
	}

	/**
	 * @param array $row
	 * @return bool
	 */
	protected function get_report_status(array $row)
	{
		return ($row['post_reported'] && $this->auth->acl_get('m_report', $row['forum_id'])) ? true : false;
	}

	/**
	 * @param string $topic_url
	 * @param int $start
	 * @return void
	 */
	protected function set_form_action($topic_url, $start)
	{
		$this->template->assign_var('S_TOPIC_ACTION', append_sid($topic_url, (($start == 0) ? '' : "start=$start")) . '#comments');
	}
}


1			<?php
2			/**
3			*
4			* @package sitemaker
5			* @copyright (c) 2016 Daniel A. (blitze)
6			* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
7			*
8			*/
9
10			namespace blitze\content\services\comments;
11
12			class comments extends form implements comments_interface
13			{
14			/** @var \phpbb\content_visibility */
15			protected $content_visibility;
16
17			/** @var \phpbb\db\driver\driver_interface */
18			protected $db;
19
20			/** @var \phpbb\pagination */
21			protected $pagination;
22
23			/** @var \phpbb\request\request_interface */
24			protected $request;
25
26			/** @var \phpbb\template\context */
27			protected $template_context;
28
29			/** @var \blitze\sitemaker\services\forum\data */
			0 ignored issues – show Bug introduced 2018-02-22 05:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `blitze\sitemaker\services\forum\data` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
30			protected $forum;
31
32			/** @var \blitze\content\services\topic */
33			protected $topic;
34
35			/** @var array */
36			private $sort_dir_sql = array('a' => 'ASC', 'd' => 'DESC');
37
38			/** @var array */
39			private $sort_by_sql = array(
40			't' => 'p.post_time',
41			's' => 'p.post_subject, p.post_id',
42			);
43
44			/**
45			* Constructor
46			*
47			* @param \phpbb\auth\auth $auth Auth object
48			* @param \phpbb\config\config $config Config object
49			* @param \phpbb\content_visibility $content_visibility Phpbb Content visibility object
50			* @param \phpbb\db\driver\driver_interface $db Database object
51			* @param \phpbb\language\language $language Language Object
52			* @param \phpbb\pagination $pagination Pagination object
53			* @param \phpbb\request\request_interface $request Request object
54			* @param \phpbb\template\template $template Template object
55			* @param \phpbb\template\context $template_context Template context object
56			* @param \phpbb\user $user User object
57			* @param \blitze\sitemaker\services\forum\data $forum Forum Data object
58			* @param \blitze\content\services\topic $topic Topic object
59			* @param string $root_path Path to the phpbb directory.
60			* @param string $php_ext php file extension
61			*/
62			public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\content_visibility $content_visibility, \phpbb\db\driver\driver_interface $db, \phpbb\language\language $language, \phpbb\pagination $pagination, \phpbb\request\request_interface $request, \phpbb\template\template $template, \phpbb\template\context $template_context, \phpbb\user $user, \blitze\sitemaker\services\forum\data $forum, \blitze\content\services\topic $topic, $root_path, $php_ext)
63			{
64			parent::__construct($auth, $config, $language, $template, $user, $root_path, $php_ext);
65
66			$this->content_visibility = $content_visibility;
67			$this->db = $db;
68			$this->pagination = $pagination;
69			$this->request = $request;
70			$this->template_context = $template_context;
71			$this->forum = $forum;
72			$this->topic = $topic;
73			}
74
75			/**
76			* @inheritdoc
77			*/
78			public function get_langname()
79			{
80			return 'COMMENTS';
81			}
82
83			/**
84			* @inheritdoc
85			*/
86			public function count(array $topic_data)
87			{
88			return $this->content_visibility->get_count('topic_posts', $topic_data, $topic_data['forum_id']) - 1;
89			}
90
91			/**
92			* Show comments for topic
93			*
94			* @param string $content_type
95			* @param array $topic_data
96			* @param array $update_count
97			* @param array $settings
98			* @return void
99			*/
100			public function show_comments($content_type, array $topic_data, array &$update_count, array $settings = array())
101			{
102			if ($topic_data['total_comments'])
103			{
104			$view = $this->request->variable('view', '');
105			$start = $this->request->variable('start', 0);
106			$post_id = $this->request->variable('p', 0);
107
108			$this->find_unread($view, $topic_data);
109
110			$sort_days = 0;
111			$sort_key = $sort_dir = $u_sort_param = '';
112			$this->set_sorting_options($sort_days, $sort_key, $sort_dir, $u_sort_param);
113
114			$base_url = append_sid(trim(build_url(array('start', 'p')), '?'), (strlen($u_sort_param)) ? $u_sort_param : '');
115			$this->build_pagination($start, (int) $settings['per_page'], $post_id, $topic_data, $sort_dir, $base_url);
116
117			$this->forum->query()
118			->fetch_date_range(time(), $sort_days * 86400, 'post')
119			->build();
120			$posts_data = $this->forum->get_post_data(false, array(), $settings['per_page'], $start, array(
121			'WHERE' => array(
122			'p.topic_id = ' . (int) $topic_data['topic_id'],
123			'p.post_id <> ' . (int) $topic_data['topic_first_post_id'],
124			),
125			'ORDER_BY' => $this->sort_by_sql[$sort_key] . ' ' . $this->sort_dir_sql[$sort_dir],
126			));
127
128			$topic_tracking_info = $this->forum->get_topic_tracking_info();
129			$users_cache = $this->forum->get_posters_info();
130
131			$this->show_posts($topic_data, array_values(array_shift($posts_data)), $topic_tracking_info, $users_cache, $update_count, $content_type, $start);
132			}
133			}
134
135			/**
136			* @param array $topic_data
137			* @param array $posts_data
138			* @param array $topic_tracking_info
139			* @param array $users_cache
140			* @param array $update_count
141			* @param string $type
142			* @param int $start
143			* @return void
144			*/
145			protected function show_posts(array $topic_data, array $posts_data, array $topic_tracking_info, array $users_cache, array &$update_count, $type, $start)
146			{
147			$attachments = $this->forum->get_attachments($topic_data['forum_id']);
148			$this->set_form_action($topic_data['topic_url'], $start);
149
150			for ($i = 0, $size = sizeof($posts_data); $i < $size; $i++)
151			{
152			$row = $posts_data[$i];
153			$poster_id = $row['poster_id'];
154
155			$this->template->assign_block_vars('postrow', array_merge(
156			$this->topic->get_detail_template_data($type, $topic_data, $row, $users_cache, $attachments, $topic_tracking_info, $update_count),
157			$this->get_attachments_tpl_data($row['post_id'], $attachments),
158			array(
159			'POST_SUBJECT' => $row['post_subject'],
160			'POST_DATE' => $this->user->format_date($row['post_time'], false, false),
161			'POSTER_WARNINGS' => $this->get_poster_warnings($users_cache[$poster_id]),
162			'S_POST_REPORTED' => $this->get_report_status($row),
163			'S_TOPIC_POSTER' => ($topic_data['topic_poster'] == $poster_id) ? true : false,
164			)
165			));
166
167			$this->topic->show_attachments($attachments, $row['post_id'], 'postrow.attachment');
168			}
169			}
170
171			/**
172			* @param string $view
173			* @param array $topic_data
174			* @retrun void
175			*/
176			protected function find_unread($view, array $topic_data)
177			{
178			if ($view === 'unread')
179			{
180			$forum_id = (int) $topic_data['forum_id'];
181			$topic_id = (int) $topic_data['topic_id'];
182
183			// Get topic tracking info
184			$topic_tracking_info = get_complete_topic_tracking($forum_id, $topic_id);
185			$topic_last_read = (isset($topic_tracking_info[$topic_id])) ? $topic_tracking_info[$topic_id] : 0;
186
187			$sql = 'SELECT post_id, topic_id, forum_id
188			FROM ' . POSTS_TABLE . "
189			WHERE topic_id = $topic_id
190			AND " . $this->content_visibility->get_visibility_sql('post', $forum_id) . "
191			AND post_time > $topic_last_read
192			AND forum_id = $forum_id
193			ORDER BY post_time ASC, post_id ASC";
194			$result = $this->db->sql_query_limit($sql, 1);
195			$row = $this->db->sql_fetchrow($result);
196			$this->db->sql_freeresult($result);
197
198			if ($row)
199			{
200			redirect(append_sid($topic_data['topic_url'], 'p=' . $row['post_id']) . '#p' . $row['post_id']);
201			}
202			}
203			}
204
205			/**
206			* This is for determining where we are (page)
207			* @param int $start
208			* @param int $posts_per_page
209			* @param int $post_id
210			* @param array $topic_data
211			* @param string $sort_dir
212			* @param string $base_url
213			* @return void
214			*/
215			protected function build_pagination(&$start, $posts_per_page, $post_id, array $topic_data, $sort_dir, $base_url)
216			{
217			if ($post_id)
218			{
219			$post_info = $this->get_post_info($post_id);
220			$this->check_requested_post_id($post_info, $topic_data, $base_url);
221
222			$prev_posts = $this->get_next_posts_count($post_info, $topic_data, $sort_dir, $post_id);
223			$start = (int) floor($prev_posts / $posts_per_page) * $posts_per_page;
224			}
225
226			$start = $this->pagination->validate_start($start, $posts_per_page, $topic_data['total_comments']);
227			$this->pagination->generate_template_pagination($base_url, 'pagination', 'start', $topic_data['total_comments'], $posts_per_page, $start);
228			$this->add_comment_anchor_to_pages();
229			}
230
231			/**
232			* @return void
233			*/
234			protected function add_comment_anchor_to_pages()
235			{
236			$data =& $this->template_context->get_data_ref()['pagination'];
237			$data = (array) $data;
238
239			foreach ($data as &$row)
240			{
241			$row['PAGE_URL'] .= '#comments';
242			}
243			}
244
245			/**
246			* @param array $post_info
247			* @param array $topic_data
248			* @param string $base_url
249			* @return void
250			*/
251			protected function check_requested_post_id(array $post_info, array $topic_data, $base_url)
252			{
253			// are we where we are supposed to be?
254			if (($post_info['post_visibility'] == ITEM_UNAPPROVED \|\| $post_info['post_visibility'] == ITEM_REAPPROVE) && !$this->auth->acl_get('m_approve', $topic_data['forum_id']))
255			{
256			// If post_id was submitted, we try at least to display the topic as a last resort...
257			if ($topic_data['topic_id'])
258			{
259			redirect($base_url);
260			}
261
262			trigger_error('NO_TOPIC');
263			}
264			}
265
266			/**
267			* @param array $post_info
268			* @param array $topic_data
269			* @param string $sort_dir
270			* @param int $post_id
271			* @return int
272			*/
273			protected function get_next_posts_count(array $post_info, array $topic_data, $sort_dir, $post_id)
274			{
275			if ($post_id == $topic_data['topic_first_post_id'] \|\| $post_id == $topic_data['topic_last_post_id'])
276			{
277			$check_sort = ($post_id == $topic_data['topic_first_post_id']) ? 'd' : 'a';
278
279			$prev_posts_count = 0;
280			if ($sort_dir == $check_sort)
281			{
282			$prev_posts_count = $this->content_visibility->get_count('topic_posts', $topic_data, $topic_data['forum_id']) - 1;
283			}
284			return $prev_posts_count;
285			}
286			else
287			{
288			return $this->get_prev_posts_count($post_info, $topic_data['forum_id'], $topic_data['topic_id'], $sort_dir) - 1;
289			}
290			}
291
292			/**
293			* @param array $row
294			* @param int $forum_id
295			* @param int $topic_id
296			* @param string $sort_dir
297			* @return int
298			*/
299			protected function get_prev_posts_count(array $row, $forum_id, $topic_id, $sort_dir)
300			{
301			$sql = 'SELECT COUNT(p.post_id) AS prev_posts
302			FROM ' . POSTS_TABLE . " p
303			WHERE p.topic_id = $topic_id
304			AND " . $this->content_visibility->get_visibility_sql('post', $forum_id, 'p.');
305
306			if ($sort_dir == 'd')
307			{
308			$sql .= " AND (p.post_time > {$row['post_time']} OR (p.post_time = {$row['post_time']} AND p.post_id >= {$row['post_id']}))";
309			}
310			else
311			{
312			$sql .= " AND (p.post_time < {$row['post_time']} OR (p.post_time = {$row['post_time']} AND p.post_id <= {$row['post_id']}))";
313			}
314
315			$result = $this->db->sql_query($sql);
316			$row = $this->db->sql_fetchrow($result);
317			$this->db->sql_freeresult($result);
318
319			return $row['prev_posts'];
320			}
321
322			/**
323			* @param int $post_id
324			* @return array
325			*/
326			protected function get_post_info($post_id)
327			{
328			$sql = 'SELECT post_id, post_time, post_visibility
329			FROM ' . POSTS_TABLE . ' p
330			WHERE post_id = ' . (int) $post_id;
331			$result = $this->db->sql_query($sql);
332			$row = $this->db->sql_fetchrow($result);
333			$this->db->sql_freeresult($result);
334
335			return $row;
336			}
337
338			/**
339			* @param int $sort_days
340			* @param string $sort_key
341			* @param string $sort_dir
342			* @param string $u_sort_param
343			* @return void
344			*/
345			protected function set_sorting_options(&$sort_days, &$sort_key, &$sort_dir, &$u_sort_param)
346			{
347			$default_sort_days = (!empty($this->user->data['user_post_show_days'])) ? $this->user->data['user_post_show_days'] : 0;
348			$default_sort_key = (!empty($this->user->data['user_post_sortby_type'])) ? $this->user->data['user_post_sortby_type'] : 't';
349			$default_sort_dir = (!empty($this->user->data['user_post_sortby_dir'])) ? $this->user->data['user_post_sortby_dir'] : 'a';
350
351			$sort_days = $this->request->variable('st', $default_sort_days);
352			$sort_key = $this->request->variable('sk', $default_sort_key);
353			$sort_dir = $this->request->variable('sd', $default_sort_dir);
354
355			$limit_days = array(0 => $this->language->lang('ALL_POSTS'), 1 => $this->language->lang('1_DAY'), 7 => $this->language->lang('7_DAYS'), 14 => $this->language->lang('2_WEEKS'), 30 => $this->language->lang('1_MONTH'), 90 => $this->language->lang('3_MONTHS'), 180 => $this->language->lang('6_MONTHS'), 365 => $this->language->lang('1_YEAR'));
356			$sort_by_text = array('t' => $this->language->lang('POST_TIME'), 's' => $this->language->lang('SUBJECT'));
357
358			$s_limit_days = $s_sort_key = $s_sort_dir = '';
359			gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param, $default_sort_days, $default_sort_key, $default_sort_dir);
360
361			$this->template->assign_vars(array(
362			'S_SELECT_SORT_DIR' => $s_sort_dir,
363			'S_SELECT_SORT_KEY' => $s_sort_key,
364			'S_SELECT_SORT_DAYS' => $s_limit_days,
365			));
366			}
367
368			/**
369			* @param int $post_id
370			* @param array $attachments
371			* @return array
372			*/
373			protected function get_attachments_tpl_data($post_id, array $attachments)
374			{
375			$has_attachments = $multi_attachments = false;
376			if (!empty($attachments[$post_id]))
377			{
378			$has_attachments = true;
379			$multi_attachments = sizeof($attachments[$post_id]) > 1;
380			}
381
382			return array(
383			'S_HAS_ATTACHMENTS' => $has_attachments,
384			'S_MULTIPLE_ATTACHMENTS' => $multi_attachments,
385			);
386			}
387
388			/**
389			* @param array $poster_info
390			* @return int
391			*/
392			protected function get_poster_warnings(array $poster_info)
393			{
394			return ($this->auth->acl_get('m_warn') && !empty($poster_info['warnings'])) ? $poster_info['warnings'] : 0;
395			}
396
397			/**
398			* @param array $row
399			* @return bool
400			*/
401			protected function get_report_status(array $row)
402			{
403			return ($row['post_reported'] && $this->auth->acl_get('m_report', $row['forum_id'])) ? true : false;
404			}
405
406			/**
407			* @param string $topic_url
408			* @param int $start
409			* @return void
410			*/
411			protected function set_form_action($topic_url, $start)
412			{
413			$this->template->assign_var('S_TOPIC_ACTION', append_sid($topic_url, (($start == 0) ? '' : "start=$start")) . '#comments');
414			}
415			}
416

blitze / phpBB-ext-sitemaker_content

Issues (81)

Security Analysis not enabled

services/comments/comments.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like