getCallbackUrl() - Code Metrics - Inspection of "Merge branch '1.11.x' of github.com:chamilo/chamil..." - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( 31fff3...86e7ae )

by Yannick

created 2021-08-24 15:11 UTC

getCallbackUrl() A

↳ Parent: Project

Complexity

Conditions	2
Paths	2

Size

Total Lines	19
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	2
eloc	11
nc	2
nop	5
dl	0
loc	19
rs	9.9
c	1
b	0
f	0

<?php
/**
 *
 * (c) Copyright Ascensio System SIA 2021
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

require_once __DIR__.'/../../main/inc/global.inc.php';

const USER_AGENT_MOBILE = "/android|avantgo|playbook|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od|ad)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i";

$plugin = OnlyofficePlugin::create();

$isEnable = $plugin->get("enable_onlyoffice_plugin") === 'true';
if (!$isEnable) {
    die ("Document server isn't enabled");
    return;
}

$documentServerUrl = $plugin->get("document_server_url");
if (empty($documentServerUrl)) {
    die ("Document server isn't configured");
    return;
}

$config = [];

$docApiUrl = $documentServerUrl . "/web-apps/apps/api/documents/api.js";

$docId = $_GET["docId"];
$groupId = isset($_GET["groupId"]) && !empty($_GET["groupId"]) ? $_GET["groupId"] : null;

$userId = api_get_user_id();

$userInfo = api_get_user_info($userId);

$sessionId = api_get_session_id();
$courseId = api_get_course_int_id();
$courseInfo = api_get_course_info();
$courseCode = $courseInfo["code"];

$docInfo = DocumentManager::get_document_data_by_id($docId, $courseCode, false, $sessionId);

$extension = strtolower(pathinfo($docInfo["title"], PATHINFO_EXTENSION));

$langInfo = LangManager::getLangUser();

$docType = FileUtility::getDocType($extension);
$key = FileUtility::getKey($courseCode, $docId);
$fileUrl = FileUtility::getFileUrl($courseId, $userId, $docId, $sessionId, $groupId);

$config = [
    "type" => "desktop",
    "documentType" => $docType,
    "document" => [
        "fileType" => $extension,
        "key" => $key,
        "title" => $docInfo["title"],
        "url" => $fileUrl
    ],
    "editorConfig" => [
        "lang" => $langInfo["isocode"],
        "region" => $langInfo["isocode"],
        "user" => [
            "id" => strval($userId),
            "name" => $userInfo["username"]
        ],
        "customization" => [
            "goback" => [
                "blank" => false,
                "requestClose" => false,
                "text" => get_lang("Back"),
                "url" => Security::remove_XSS($_SERVER["HTTP_REFERER"])
            ],
            "compactHeader" => true,
            "toolbarNoTabs" => true
        ]
    ]
];

$userAgent = $_SERVER['HTTP_USER_AGENT'];

$isMobileAgent = preg_match(USER_AGENT_MOBILE, $userAgent);
if ($isMobileAgent) {
    $config['type'] = 'mobile';
}

$isAllowToEdit = api_is_allowed_to_edit(true, true);
$isMyDir = DocumentManager::is_my_shared_folder(
    $userId,
    $docInfo["absolute_parent_path"],
    $sessionId
);

$isGroupAccess = false;
if (!empty($groupId)) {
    $groupProperties = GroupManager::get_group_properties($groupId);
    $docInfoGroup = api_get_item_property_info(
        api_get_course_int_id(),
        'document',
        $docId,
        $sessionId
    );
    $isGroupAccess = GroupManager::allowUploadEditDocument(
        $userId,
        $courseCode,
        $groupProperties,
        $docInfoGroup
    );

    $isMemberGroup = GroupManager::is_user_in_group($userId, $groupProperties);

    if (!$isGroupAccess) {
        if (!$groupProperties["status"]) {
            api_not_allowed(true);
        }
        if (!$isMemberGroup && $groupProperties["doc_state"] != 1) {
            api_not_allowed(true);
        }
    }
}

$accessRights = $isAllowToEdit || $isMyDir || $isGroupAccess;
$canEdit = in_array($extension, FileUtility::$can_edit_types);

$isVisible = DocumentManager::check_visibility_tree($docId, $courseInfo, $sessionId, $userId, $groupId);
$isReadonly = $docInfo["readonly"];

if (!$isVisible) {
    api_not_allowed(true);
}

if ($canEdit && $accessRights && !$isReadonly) {
    $config["editorConfig"]["mode"] = "edit";
    $config["editorConfig"]["callbackUrl"] = getCallbackUrl(
        $docId,
        $userId,
        $courseId,
        $sessionId,
        $groupId
    );
} else {
    $canView = in_array($extension, FileUtility::$can_view_types);
    if ($canView) {
        $config["editorConfig"]["mode"] = "view";
    } else {
        api_not_allowed(true);
    }
}
$config["document"]["permissions"]["edit"] = $accessRights && !$isReadonly;

if (!empty($plugin->get("jwt_secret"))) {
    $token = \Firebase\JWT\JWT::encode($config, $plugin->get("jwt_secret"));
    $config["token"] = $token;
}

/**
 * Return callback url
 */
function getCallbackUrl(int $docId, int $userId, int $courseId, int $sessionId, int $groupId = null): string
{
    $url = "";

    $data = [
        "type" => "track",
        "courseId" => $courseId,
        "userId" => $userId,
        "docId" => $docId,
        "sessionId" => $sessionId
    ];

    if (!empty($groupId)) {
        $data["groupId"] = $groupId;
    }

    $hashUrl = Crypt::GetHash($data);

    return $url . api_get_path(WEB_PLUGIN_PATH) . "onlyoffice/callback.php?hash=" . $hashUrl;
}

?>
<title>ONLYOFFICE</title>
<style>
    #app > iframe {
        height: calc(100% - 140px);
    }
    body {
        height: 100%;
    }
    .chatboxheadmain,
    .pull-right,
    .breadcrumb {
        display: none;
    }
</style>
<script type="text/javascript" src=<?php echo $docApiUrl?>></script>
<script type="text/javascript">
    var onAppReady = function () {
        innerAlert("Document editor ready");
    };
    var connectEditor = function () {
        $("#cm-content")[0].remove(".container");
        $("#main").append('<div id="app-onlyoffice">' +
                            '<div id="app">' +
                                '<div id="iframeEditor">' +
                                '</div>' +
                            '</div>' +
                          '</div>');

        var config = <?php echo json_encode($config)?>;
        var isMobileAgent = <?php echo json_encode($isMobileAgent)?>;

        config.events = {
            "onAppReady": onAppReady
        };

        docEditor = new DocsAPI.DocEditor("iframeEditor", config);

        $(".navbar").css({"margin-bottom": "0px"});
        $("body").css({"margin": "0 0 0px"});
        if (isMobileAgent) {
            var frameEditor = $("#app > iframe")[0];
            $(frameEditor).css({"height": "100%", "top": "0px"});
        }
    }

    if (window.addEventListener) {
        window.addEventListener("load", connectEditor);
    } else if (window.attachEvent) {
        window.attachEvent("load", connectEditor);
    }

</script>
<?php echo Display::display_header(); ?>
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {


1			<?php
2			/**
3			*
4			* (c) Copyright Ascensio System SIA 2021
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*
18			*/
19
20			require_once __DIR__.'/../../main/inc/global.inc.php';
21
22			const USER_AGENT_MOBILE = "/android\|avantgo\|playbook\|blackberry\|blazer\|compal\|elaine\|fennec\|hiptop\|iemobile\|ip(hone\|od\|ad)\|iris\|kindle\|lge \|maemo\|midp\|mmp\|opera m(ob\|in)i\|palm( os)?\|phone\|p(ixi\|re)\\/\|plucker\|pocket\|psp\|symbian\|treo\|up\\.(browser\|link)\|vodafone\|wap\|windows (ce\|phone)\|xda\|xiino/i";
23
24			$plugin = OnlyofficePlugin::create();
25
26			$isEnable = $plugin->get("enable_onlyoffice_plugin") === 'true';
27			if (!$isEnable) {
28			die ("Document server isn't enabled");
29			return;
30			}
31
32			$documentServerUrl = $plugin->get("document_server_url");
33			if (empty($documentServerUrl)) {
34			die ("Document server isn't configured");
35			return;
36			}
37
38			$config = [];
39
40			$docApiUrl = $documentServerUrl . "/web-apps/apps/api/documents/api.js";
41
42			$docId = $_GET["docId"];
43			$groupId = isset($_GET["groupId"]) && !empty($_GET["groupId"]) ? $_GET["groupId"] : null;
44
45			$userId = api_get_user_id();
46
47			$userInfo = api_get_user_info($userId);
48
49			$sessionId = api_get_session_id();
50			$courseId = api_get_course_int_id();
51			$courseInfo = api_get_course_info();
52			$courseCode = $courseInfo["code"];
53
54			$docInfo = DocumentManager::get_document_data_by_id($docId, $courseCode, false, $sessionId);
55
56			$extension = strtolower(pathinfo($docInfo["title"], PATHINFO_EXTENSION));
57
58			$langInfo = LangManager::getLangUser();
59
60			$docType = FileUtility::getDocType($extension);
61			$key = FileUtility::getKey($courseCode, $docId);
62			$fileUrl = FileUtility::getFileUrl($courseId, $userId, $docId, $sessionId, $groupId);
63
64			$config = [
65			"type" => "desktop",
66			"documentType" => $docType,
67			"document" => [
68			"fileType" => $extension,
69			"key" => $key,
70			"title" => $docInfo["title"],
71			"url" => $fileUrl
72			],
73			"editorConfig" => [
74			"lang" => $langInfo["isocode"],
75			"region" => $langInfo["isocode"],
76			"user" => [
77			"id" => strval($userId),
78			"name" => $userInfo["username"]
79			],
80			"customization" => [
81			"goback" => [
82			"blank" => false,
83			"requestClose" => false,
84			"text" => get_lang("Back"),
85			"url" => Security::remove_XSS($_SERVER["HTTP_REFERER"])
86			],
87			"compactHeader" => true,
88			"toolbarNoTabs" => true
89			]
90			]
91			];
92
93			$userAgent = $_SERVER['HTTP_USER_AGENT'];
94
95			$isMobileAgent = preg_match(USER_AGENT_MOBILE, $userAgent);
96			if ($isMobileAgent) {
97			$config['type'] = 'mobile';
98			}
99
100			$isAllowToEdit = api_is_allowed_to_edit(true, true);
101			$isMyDir = DocumentManager::is_my_shared_folder(
102			$userId,
103			$docInfo["absolute_parent_path"],
104			$sessionId
105			);
106
107			$isGroupAccess = false;
108			if (!empty($groupId)) {
109			$groupProperties = GroupManager::get_group_properties($groupId);
110			$docInfoGroup = api_get_item_property_info(
111			api_get_course_int_id(),
112			'document',
113			$docId,
114			$sessionId
115			);
116			$isGroupAccess = GroupManager::allowUploadEditDocument(
117			$userId,
118			$courseCode,
119			$groupProperties,
120			$docInfoGroup
121			);
122
123			$isMemberGroup = GroupManager::is_user_in_group($userId, $groupProperties);
124
125			if (!$isGroupAccess) {
126			if (!$groupProperties["status"]) {
127			api_not_allowed(true);
128			}
129			if (!$isMemberGroup && $groupProperties["doc_state"] != 1) {
130			api_not_allowed(true);
131			}
132			}
133			}
134
135			$accessRights = $isAllowToEdit \|\| $isMyDir \|\| $isGroupAccess;
136			$canEdit = in_array($extension, FileUtility::$can_edit_types);
137
138			$isVisible = DocumentManager::check_visibility_tree($docId, $courseInfo, $sessionId, $userId, $groupId);
139			$isReadonly = $docInfo["readonly"];
140
141			if (!$isVisible) {
142			api_not_allowed(true);
143			}
144
145			if ($canEdit && $accessRights && !$isReadonly) {
146			$config["editorConfig"]["mode"] = "edit";
147			$config["editorConfig"]["callbackUrl"] = getCallbackUrl(
148			$docId,
149			$userId,
150			$courseId,
151			$sessionId,
152			$groupId
153			);
154			} else {
155			$canView = in_array($extension, FileUtility::$can_view_types);
156			if ($canView) {
157			$config["editorConfig"]["mode"] = "view";
158			} else {
159			api_not_allowed(true);
160			}
161			}
162			$config["document"]["permissions"]["edit"] = $accessRights && !$isReadonly;
163
164			if (!empty($plugin->get("jwt_secret"))) {
165			$token = \Firebase\JWT\JWT::encode($config, $plugin->get("jwt_secret"));
166			$config["token"] = $token;
167			}
168
169			/**
170			* Return callback url
171			*/
172			function getCallbackUrl(int $docId, int $userId, int $courseId, int $sessionId, int $groupId = null): string
173			{
174			$url = "";
175
176			$data = [
177			"type" => "track",
178			"courseId" => $courseId,
179			"userId" => $userId,
180			"docId" => $docId,
181			"sessionId" => $sessionId
182			];
183
184			if (!empty($groupId)) {
185			$data["groupId"] = $groupId;
186			}
187
188			$hashUrl = Crypt::GetHash($data);
189
190			return $url . api_get_path(WEB_PLUGIN_PATH) . "onlyoffice/callback.php?hash=" . $hashUrl;
191			}
192
193			?>
194			<title>ONLYOFFICE</title>
195			<style>
196			#app > iframe {
197			height: calc(100% - 140px);
198			}
199			body {
200			height: 100%;
201			}
202			.chatboxheadmain,
203			.pull-right,
204			.breadcrumb {
205			display: none;
206			}
207			</style>
208			<script type="text/javascript" src=<?php echo $docApiUrl?>></script>
209			<script type="text/javascript">
210			var onAppReady = function () {
211			innerAlert("Document editor ready");
212			};
213			var connectEditor = function () {
214			$("#cm-content")[0].remove(".container");
215			$("#main").append('<div id="app-onlyoffice">' +
216			'<div id="app">' +
217			'<div id="iframeEditor">' +
218			'</div>' +
219			'</div>' +
220			'</div>');
221
222			var config = <?php echo json_encode($config)?>;
223			var isMobileAgent = <?php echo json_encode($isMobileAgent)?>;
224
225			config.events = {
226			"onAppReady": onAppReady
227			};
228
229			docEditor = new DocsAPI.DocEditor("iframeEditor", config);
230
231			$(".navbar").css({"margin-bottom": "0px"});
232			$("body").css({"margin": "0 0 0px"});
233			if (isMobileAgent) {
234			var frameEditor = $("#app > iframe")[0];
235			$(frameEditor).css({"height": "100%", "top": "0px"});
236			}
237			}
238
239			if (window.addEventListener) {
240			window.addEventListener("load", connectEditor);
241			} else if (window.attachEvent) {
242			window.attachEvent("load", connectEditor);
243			}
244
245			</script>
246			<?php echo Display::display_header(); ?>
			0 ignored issues – show Bug introduced 2021-08-24 15:24 UTC by Report Bug Copy Issue Report Are you sure the usage of `Display::display_header()` targeting `Display::display_header()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
247

chamilo / chamilo-lms

Push — 1.11.x ( 31fff3...86e7ae )

getCallbackUrl() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like