Issues in whoisonline.php - All Issues - Inspection of "Merge branch '1.11.x' of https://github.com/chamil..." - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — 1.11.x ( 7ffd51...902ebd )

by José

created 2017-09-04 17:13 UTC

whoisonline.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/* For licensing terms, see /license.txt */

/**
* Who is online list
*/
if (!isset($_GET['cidReq'])) {
    $cidReset = true;
}

// including necessary files
require_once './main/inc/global.inc.php';

if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
    api_protect_course_script(true);
}

$this_section = SECTION_SOCIAL;
$social_right_content = '';
$whoisonline_list = '';
$social_search = '';
$userId = api_get_user_id();

// This if statement prevents users accessing the who's online feature when it has been disabled.
if ((api_get_setting('showonline', 'world') == 'true' && !$userId) ||
    ((api_get_setting('showonline', 'users') == 'true' ||
        api_get_setting('showonline', 'course') == 'true') && $userId)
) {
    if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
        $user_list = who_is_online_in_this_course(
            0,
            MAX_ONLINE_USERS,
            api_get_user_id(),
            api_get_setting('time_limit_whosonline'),
            $_GET['cidReq']
        );
    } else {
        $user_list = who_is_online(0, MAX_ONLINE_USERS);
    }

    if ($user_list) {
        if (!isset($_GET['id'])) {
            if (api_get_setting('allow_social_tool') == 'true') {
                if (!api_is_anonymous()) {
                    $query = isset($_GET['q']) ? $_GET['q'] : null;
                    $social_search = UserManager::get_search_form($query);
                }
            }
            $social_right_content .= SocialManager::display_user_list($user_list);
        }
    }

    $whoisonline_list .= SocialManager::display_user_list($user_list);


    if (isset($_GET['id'])) {
        if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
            header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
            exit;
        } else {
            $social_right_content .= SocialManager::display_individual_user($_GET['id']);
        }
    }
} else {
    api_not_allowed(true);
}

$tpl = new Template(get_lang('UsersOnLineList'));

if (api_get_setting('allow_social_tool') === 'true' && !api_is_anonymous()) {
    $tpl->assign('whoisonline', $whoisonline_list);
    $tpl->assign('social_search', $social_search);
} else {
    $tpl->assign('whoisonline', $social_right_content);
}

$social_layout = $tpl->get_template('social/whoisonline.tpl');
$tpl->display($social_layout);


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* Who is online list
6			*/
7			if (!isset($_GET['cidReq'])) {
8			$cidReset = true;
9			}
10
11			// including necessary files
12			require_once './main/inc/global.inc.php';
13
14			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
15			api_protect_course_script(true);
16			}
17
18			$this_section = SECTION_SOCIAL;
19			$social_right_content = '';
20			$whoisonline_list = '';
21			$social_search = '';
22			$userId = api_get_user_id();
23
24			// This if statement prevents users accessing the who's online feature when it has been disabled.
25			if ((api_get_setting('showonline', 'world') == 'true' && !$userId) \|\|
26			((api_get_setting('showonline', 'users') == 'true' \|\|
27			api_get_setting('showonline', 'course') == 'true') && $userId)
28			) {
29			if (isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
30			$user_list = who_is_online_in_this_course(
31			0,
32			MAX_ONLINE_USERS,
33			api_get_user_id(),
34			api_get_setting('time_limit_whosonline'),
35			$_GET['cidReq']
36			);
37			} else {
38			$user_list = who_is_online(0, MAX_ONLINE_USERS);
39			}
40
41			if ($user_list) {
42			if (!isset($_GET['id'])) {
43			if (api_get_setting('allow_social_tool') == 'true') {
44			if (!api_is_anonymous()) {
45			$query = isset($_GET['q']) ? $_GET['q'] : null;
46			$social_search = UserManager::get_search_form($query);
47			}
48			}
49			$social_right_content .= SocialManager::display_user_list($user_list);
50			}
51			}
52
53			$whoisonline_list .= SocialManager::display_user_list($user_list);
			0 ignored issues – show Security Bug introduced 2016-02-26 17:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user_list` can also be of type `false`; however, `SocialManager::display_user_list()` does only seem to accept `array`, did you maybe forget to handle an error condition? Loading history...
54
55			if (isset($_GET['id'])) {
56			if (api_get_setting('allow_social_tool') == 'true' && api_user_is_login()) {
57			header("Location: ".api_get_path(WEB_CODE_PATH)."social/profile.php?u=".intval($_GET['id']));
58			exit;
59			} else {
60			$social_right_content .= SocialManager::display_individual_user($_GET['id']);
61			}
62			}
63			} else {
64			api_not_allowed(true);
65			}
66
67			$tpl = new Template(get_lang('UsersOnLineList'));
68
69			if (api_get_setting('allow_social_tool') === 'true' && !api_is_anonymous()) {
70			$tpl->assign('whoisonline', $whoisonline_list);
71			$tpl->assign('social_search', $social_search);
72			} else {
73			$tpl->assign('whoisonline', $social_right_content);
74			}
75
76			$social_layout = $tpl->get_template('social/whoisonline.tpl');
77			$tpl->display($social_layout);
78

chamilo / chamilo-lms

Push — 1.11.x ( 7ffd51...902ebd )

whoisonline.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like