Issues in editpost.php - All Issues - Inspection of "Exercise: fix iId to iid in the signature plugin t..." - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( efc14f...a62b75 )

unknown

created 2021-08-31 10:57 UTC

main/forum/editpost.php (1 issue)

Labels

Severity

Minor 1

Scrutinizer Auto-Fixer 1

<?php
/* For licensing terms, see /license.txt */

/**
 * These files are a complete rework of the forum. The database structure is
 * based on phpBB but all the code is rewritten. A lot of new functionalities
 * are added:
 * - forum categories and forums can be sorted up or down, locked or made invisible
 * - consistent and integrated forum administration
 * - forum options:     are students allowed to edit their post?
 *                      moderation of posts (approval)
 *                      reply only forums (students cannot create new threads)
 *                      multiple forums per group
 * - sticky messages
 * - new view option: nested view
 * - quoting a message.
 *
 * @Author Patrick Cool <[email protected]>, Ghent University
 * @Copyright Ghent University
 * @Copyright Patrick Cool
 *
 *  @package chamilo.forum
 */
require_once __DIR__.'/../inc/global.inc.php';

// The section (tabs).
$this_section = SECTION_COURSES;

// Notification for unauthorized people.
api_protect_course_script(true);

$nameTools = get_lang('ToolForum');

// Unset the formElements in session before the includes function works
unset($_SESSION['formelements']);

require_once 'forumfunction.inc.php';

// Are we in a lp ?
$origin = api_get_origin();

/* MAIN DISPLAY SECTION */

/* Retrieving forum and forum category information */

// We are getting all the information about the current forum and forum category.
// Note pcool: I tried to use only one sql statement (and function) for this,
// but the problem is that the visibility of the forum AND forum category are stored in the item_property table.
$forumId = isset($_GET['forum']) ? (int) $_GET['forum'] : 0;
$current_thread = get_thread_information($forumId, $_GET['thread']);
$current_forum = get_forum_information($forumId);
$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
$current_post = get_post_information($_GET['post']);
if (empty($current_post)) {
    api_not_allowed(true);
}

api_block_course_item_locked_by_gradebook($_GET['thread'], LINK_FORUM_THREAD);

$isEditable = postIsEditableByStudent($current_forum, $current_post);
if (!$isEditable) {
    api_not_allowed(true);
}

if (api_is_in_gradebook()) {
    $interbreadcrumb[] = [
        'url' => Category::getUrl(),
        'name' => get_lang('ToolGradebook'),
    ];
}

$group_properties = GroupManager::get_group_properties(api_get_group_id());
if ($origin == 'group') {
    $_clean['toolgroup'] = api_get_group_id();
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
        'name' => get_lang('Groups'),
    ];
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
        'name' => get_lang('GroupSpace').' '.$group_properties['name'],
    ];
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?'.api_get_cidreq().'&forum='.$forumId,
        'name' => prepare4display($current_forum['forum_title']),
    ];
    $interbreadcrumb[] = ['url' => 'javascript: void (0);', 'name' => get_lang('EditPost')];
} else {
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'forum/index.php?'.api_get_cidreq(),
        'name' => $nameTools,
    ];
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'forum/viewforumcategory.php?forumcategory='.$current_forum_category['cat_id'].'&'.api_get_cidreq(),
        'name' => prepare4display($current_forum_category['cat_title']),
    ];
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?forum='.$forumId.'&'.api_get_cidreq(),
        'name' => prepare4display($current_forum['forum_title']),
    ];
    $interbreadcrumb[] = [
        'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?'.api_get_cidreq().'&forum='.$forumId.'&thread='.intval($_GET['thread']),
        'name' => prepare4display($current_thread['thread_title']),
    ];
    $interbreadcrumb[] = ['url' => 'javascript: void (0);', 'name' => get_lang('EditPost')];
}

$table_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);

/* Header */
$htmlHeadXtra[] = <<<JS
    <script>
    $(function() {
        $('#reply-add-attachment').on('click', function(e) {
            e.preventDefault();

            var newInputFile = $('<input>', {
                type: 'file',
                name: 'user_upload[]'
            });

            $('[name="user_upload[]"]').parent().append(newInputFile);
        });
    });
    </script>
JS;

/* Is the user allowed here? */

// The user is not allowed here if
// 1. the forum category, forum or thread is invisible (visibility==0)
// 2. the forum category, forum or thread is locked (locked <>0)
// 3. if anonymous posts are not allowed
// 4. if editing of replies is not allowed
// The only exception is the course manager
// I have split this is several pieces for clarity.
if (!api_is_allowed_to_edit(null, true) &&
    (
        ($current_forum_category && $current_forum_category['visibility'] == 0) ||
        $current_forum['visibility'] == 0
    )
) {
    api_not_allowed(true);
}

if (!api_is_allowed_to_edit(null, true) &&
    (
        ($current_forum_category && $current_forum_category['locked'] != 0) ||

        $current_forum['locked'] != 0 ||
        $current_thread['locked'] != 0
    )
) {
    api_not_allowed(true);
}

if (!$_user['user_id'] && $current_forum['allow_anonymous'] == 0) {
    api_not_allowed(true);
}

$group_id = api_get_group_id();

if (!api_is_allowed_to_edit(null, true) &&
    $current_forum['allow_edit'] == 0 &&
    !GroupManager::is_tutor_of_group(api_get_user_id(), $group_properties)
) {
    api_not_allowed(true);
}

if ($origin == 'learnpath') {
    Display::display_reduced_header();
} else {
    Display::display_header();
}

// Action links
if ($origin != 'learnpath') {
    echo '<div class="actions">';
    echo '<span style="float:right;">'.search_link().'</span>';
    if ($origin == 'group') {
        echo '<a href="../group/group_space.php?'.api_get_cidreq().'">'.
            Display::return_icon(
                'back.png',
                get_lang('BackTo').' '.get_lang('Groups'),
                '',
                ICON_SIZE_MEDIUM
            ).
            '</a>';
    } else {
        echo '<a href="index.php?'.api_get_cidreq().'">'.
            Display::return_icon(
                'back.png',
                get_lang('BackToForumOverview'),
                '',
                ICON_SIZE_MEDIUM
            ).
            '</a>';
    }
    echo '<a href="viewforum.php?forum='.$forumId.'&'.api_get_cidreq().'">'.
        Display::return_icon(
            'forum.png',
            get_lang('BackToForum'),
            '',
            ICON_SIZE_MEDIUM
        ).
        '</a>';
    echo '</div>';
}

/* Display Forum Category and the Forum information */

/*New display forum div*/
echo '<div class="forum_title">';
echo '<h1>';
echo Display::url(
    prepare4display($current_forum['forum_title']),
    'viewforum.php?'.api_get_cidreq().'&'.http_build_query([
        'origin' => $origin,
        'forum' => $current_forum['forum_id'],
    ]),
    ['class' => empty($current_forum['visibility']) ? 'text-muted' : null]
);
echo '</h1>';
echo '<p class="forum_description">'.prepare4display($current_forum['forum_comment']).'</p>';
echo '</div>';
/* End new display forum */

// Set forum attachment data into $_SESSION
getAttachedFiles(
    $current_forum['forum_id'],
    $current_thread['thread_id'],
    $current_post['post_id']
);

show_edit_post_form(
    $current_post,
    $current_thread,
    $current_forum,
    isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''
);

// Footer
if (isset($origin) && $origin == 'learnpath') {
    Display::display_reduced_footer();
} else {
    Display::display_footer();
}


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* These files are a complete rework of the forum. The database structure is
6			* based on phpBB but all the code is rewritten. A lot of new functionalities
7			* are added:
8			* - forum categories and forums can be sorted up or down, locked or made invisible
9			* - consistent and integrated forum administration
10			* - forum options: are students allowed to edit their post?
11			* moderation of posts (approval)
12			* reply only forums (students cannot create new threads)
13			* multiple forums per group
14			* - sticky messages
15			* - new view option: nested view
16			* - quoting a message.
17			*
18			* @Author Patrick Cool <[email protected]>, Ghent University
19			* @Copyright Ghent University
20			* @Copyright Patrick Cool
21			*
22			* @package chamilo.forum
23			*/
24			require_once __DIR__.'/../inc/global.inc.php';
25
26			// The section (tabs).
27			$this_section = SECTION_COURSES;
28
29			// Notification for unauthorized people.
30			api_protect_course_script(true);
31
32			$nameTools = get_lang('ToolForum');
33
34			// Unset the formElements in session before the includes function works
35			unset($_SESSION['formelements']);
36
37			require_once 'forumfunction.inc.php';
38
39			// Are we in a lp ?
40			$origin = api_get_origin();
41
42			/* MAIN DISPLAY SECTION */
43
44			/* Retrieving forum and forum category information */
45
46			// We are getting all the information about the current forum and forum category.
47			// Note pcool: I tried to use only one sql statement (and function) for this,
48			// but the problem is that the visibility of the forum AND forum category are stored in the item_property table.
49			$forumId = isset($_GET['forum']) ? (int) $_GET['forum'] : 0;
50			$current_thread = get_thread_information($forumId, $_GET['thread']);
51			$current_forum = get_forum_information($forumId);
52			$current_forum_category = get_forumcategory_information($current_forum['forum_category']);
53			$current_post = get_post_information($_GET['post']);
54			if (empty($current_post)) {
55			api_not_allowed(true);
56			}
57
58			api_block_course_item_locked_by_gradebook($_GET['thread'], LINK_FORUM_THREAD);
59
60			$isEditable = postIsEditableByStudent($current_forum, $current_post);
61			if (!$isEditable) {
62			api_not_allowed(true);
63			}
64
65			if (api_is_in_gradebook()) {
66			$interbreadcrumb[] = [
67			'url' => Category::getUrl(),
68			'name' => get_lang('ToolGradebook'),
69			];
70			}
71
72			$group_properties = GroupManager::get_group_properties(api_get_group_id());
73			if ($origin == 'group') {
74			$_clean['toolgroup'] = api_get_group_id();
75			$interbreadcrumb[] = [
76			'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
77			'name' => get_lang('Groups'),
78			];
79			$interbreadcrumb[] = [
80			'url' => api_get_path(WEB_CODE_PATH).'group/group_space.php?'.api_get_cidreq(),
81			'name' => get_lang('GroupSpace').' '.$group_properties['name'],
82			];
83			$interbreadcrumb[] = [
84			'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?'.api_get_cidreq().'&forum='.$forumId,
85			'name' => prepare4display($current_forum['forum_title']),
86			];
87			$interbreadcrumb[] = ['url' => 'javascript: void (0);', 'name' => get_lang('EditPost')];
88			} else {
89			$interbreadcrumb[] = [
90			'url' => api_get_path(WEB_CODE_PATH).'forum/index.php?'.api_get_cidreq(),
91			'name' => $nameTools,
92			];
93			$interbreadcrumb[] = [
94			'url' => api_get_path(WEB_CODE_PATH).'forum/viewforumcategory.php?forumcategory='.$current_forum_category['cat_id'].'&'.api_get_cidreq(),
95			'name' => prepare4display($current_forum_category['cat_title']),
96			];
97			$interbreadcrumb[] = [
98			'url' => api_get_path(WEB_CODE_PATH).'forum/viewforum.php?forum='.$forumId.'&'.api_get_cidreq(),
99			'name' => prepare4display($current_forum['forum_title']),
100			];
101			$interbreadcrumb[] = [
102			'url' => api_get_path(WEB_CODE_PATH).'forum/viewthread.php?'.api_get_cidreq().'&forum='.$forumId.'&thread='.intval($_GET['thread']),
103			'name' => prepare4display($current_thread['thread_title']),
104			];
105			$interbreadcrumb[] = ['url' => 'javascript: void (0);', 'name' => get_lang('EditPost')];
106			}
107
108			$table_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
109
110			/* Header */
111			$htmlHeadXtra[] = <<<JS
112			<script>
113			$(function() {
114			$('#reply-add-attachment').on('click', function(e) {
115			e.preventDefault();
116
117			var newInputFile = $('<input>', {
118			type: 'file',
119			name: 'user_upload[]'
120			});
121
122			$('[name="user_upload[]"]').parent().append(newInputFile);
123			});
124			});
125			</script>
126			JS;
127
128			/* Is the user allowed here? */
129
130			// The user is not allowed here if
131			// 1. the forum category, forum or thread is invisible (visibility==0)
132			// 2. the forum category, forum or thread is locked (locked <>0)
133			// 3. if anonymous posts are not allowed
134			// 4. if editing of replies is not allowed
135			// The only exception is the course manager
136			// I have split this is several pieces for clarity.
137			if (!api_is_allowed_to_edit(null, true) &&
138			(
139			($current_forum_category && $current_forum_category['visibility'] == 0) \|\|
140			$current_forum['visibility'] == 0
141			)
142			) {
143			api_not_allowed(true);
144			}
145
146			if (!api_is_allowed_to_edit(null, true) &&
147			(
148			($current_forum_category && $current_forum_category['locked'] != 0) \|\|
			0 ignored issues – show Bug Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$current_forum_category` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
149			$current_forum['locked'] != 0 \|\|
150			$current_thread['locked'] != 0
151			)
152			) {
153			api_not_allowed(true);
154			}
155
156			if (!$_user['user_id'] && $current_forum['allow_anonymous'] == 0) {
157			api_not_allowed(true);
158			}
159
160			$group_id = api_get_group_id();
161
162			if (!api_is_allowed_to_edit(null, true) &&
163			$current_forum['allow_edit'] == 0 &&
164			!GroupManager::is_tutor_of_group(api_get_user_id(), $group_properties)
165			) {
166			api_not_allowed(true);
167			}
168
169			if ($origin == 'learnpath') {
170			Display::display_reduced_header();
171			} else {
172			Display::display_header();
173			}
174
175			// Action links
176			if ($origin != 'learnpath') {
177			echo '<div class="actions">';
178			echo '<span style="float:right;">'.search_link().'</span>';
179			if ($origin == 'group') {
180			echo '<a href="../group/group_space.php?'.api_get_cidreq().'">'.
181			Display::return_icon(
182			'back.png',
183			get_lang('BackTo').' '.get_lang('Groups'),
184			'',
185			ICON_SIZE_MEDIUM
186			).
187			'</a>';
188			} else {
189			echo '<a href="index.php?'.api_get_cidreq().'">'.
190			Display::return_icon(
191			'back.png',
192			get_lang('BackToForumOverview'),
193			'',
194			ICON_SIZE_MEDIUM
195			).
196			'</a>';
197			}
198			echo '<a href="viewforum.php?forum='.$forumId.'&'.api_get_cidreq().'">'.
199			Display::return_icon(
200			'forum.png',
201			get_lang('BackToForum'),
202			'',
203			ICON_SIZE_MEDIUM
204			).
205			'</a>';
206			echo '</div>';
207			}
208
209			/* Display Forum Category and the Forum information */
210
211			/New display forum div/
212			echo '<div class="forum_title">';
213			echo '<h1>';
214			echo Display::url(
215			prepare4display($current_forum['forum_title']),
216			'viewforum.php?'.api_get_cidreq().'&'.http_build_query([
217			'origin' => $origin,
218			'forum' => $current_forum['forum_id'],
219			]),
220			['class' => empty($current_forum['visibility']) ? 'text-muted' : null]
221			);
222			echo '</h1>';
223			echo '<p class="forum_description">'.prepare4display($current_forum['forum_comment']).'</p>';
224			echo '</div>';
225			/* End new display forum */
226
227			// Set forum attachment data into $_SESSION
228			getAttachedFiles(
229			$current_forum['forum_id'],
230			$current_thread['thread_id'],
231			$current_post['post_id']
232			);
233
234			show_edit_post_form(
235			$current_post,
236			$current_thread,
237			$current_forum,
238			isset($_SESSION['formelements']) ? $_SESSION['formelements'] : ''
239			);
240
241			// Footer
242			if (isset($origin) && $origin == 'learnpath') {
243			Display::display_reduced_footer();
244			} else {
245			Display::display_footer();
246			}
247

chamilo / chamilo-lms

Push — 1.11.x ( efc14f...a62b75 )

main/forum/editpost.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like