Issues in embed.php (1.11.x) - Issues in 1.11.x - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2126)

main/lp/embed.php (1 issue)

Severity

Unknown 1

<?php
/* For licensing terms, see /license.txt */

use ChamiloSession as Session;

require_once __DIR__.'/../inc/global.inc.php';

api_protect_course_script(true);

$type = $_REQUEST['type'] ?? '';
$src = $_REQUEST['source'] ?? '';
if (empty($type) || empty($src)) {
    api_not_allowed();
}

$iframe = '';
switch ($type) {
    case 'download':
        /** @var learnpath $learnPath */
        $learnPath = Session::read('oLP');
        $itemId = isset($_GET['lp_item_id']) ? $_GET['lp_item_id'] : '';
        if (!$learnPath || empty($itemId)) {

            api_not_allowed();
        }

        $file = learnpath::rl_get_resource_link_for_learnpath(
            api_get_course_int_id(),
            $learnPath->get_id(),
            $itemId,
            $learnPath->get_view_id()
        );

        $iframe = Display::return_message(
            Display::url(get_lang('Download'), $file, ['class' => 'btn btn-primary']),
            'info',
            false
        );
        break;
    case 'youtube':
        $src = "src ='//www.youtube.com/embed/$src'";
        $src = Security::remove_XSS($src);

        $iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
        $iframe .= '<iframe class="youtube-player" type="text/html" width="640" height="385" '.$src.' frameborder="0"></iframe>';
        $iframe .= '</div>';
        break;
    case 'vimeo':
        $src = "src ='//player.vimeo.com/video/$src'";
        $src = Security::remove_XSS($src);
        $iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
        $iframe .= '<iframe '.$src.' width="640" height="385" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>';
        $iframe .= '</div>';
        break;
    case 'nonhttps':
        $icon = '&nbsp;<em class="icon-external-link icon-2x"></em>';
        $iframe = Security::remove_XSS(Display::return_message(
            Display::url($src.$icon, $src, ['class' => 'btn', 'target' => '_blank']),
            'normal',
            false
        ));
        break;
}

$htmlHeadXtra[] = "
<style>
body { background: none;}
</style>
";

Display::display_reduced_header();
echo $iframe;
Display::display_footer();


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			use ChamiloSession as Session;
5
6			require_once __DIR__.'/../inc/global.inc.php';
7
8			api_protect_course_script(true);
9
10			$type = $_REQUEST['type'] ?? '';
11			$src = $_REQUEST['source'] ?? '';
12			if (empty($type) \|\| empty($src)) {
13			api_not_allowed();
14			}
15
16			$iframe = '';
17			switch ($type) {
18			case 'download':
19			/** @var learnpath $learnPath */
20			$learnPath = Session::read('oLP');
21			$itemId = isset($_GET['lp_item_id']) ? $_GET['lp_item_id'] : '';
22			if (!$learnPath \|\| empty($itemId)) {
			0 ignored issues – show introduced 2018-12-11 09:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$learnPath` is of type `learnpath`, thus it always evaluated to `true`. Loading history...
23			api_not_allowed();
24			}
25
26			$file = learnpath::rl_get_resource_link_for_learnpath(
27			api_get_course_int_id(),
28			$learnPath->get_id(),
29			$itemId,
30			$learnPath->get_view_id()
31			);
32
33			$iframe = Display::return_message(
34			Display::url(get_lang('Download'), $file, ['class' => 'btn btn-primary']),
35			'info',
36			false
37			);
38			break;
39			case 'youtube':
40			$src = "src ='//www.youtube.com/embed/$src'";
41			$src = Security::remove_XSS($src);
42
43			$iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
44			$iframe .= '<iframe class="youtube-player" type="text/html" width="640" height="385" '.$src.' frameborder="0"></iframe>';
45			$iframe .= '</div>';
46			break;
47			case 'vimeo':
48			$src = "src ='//player.vimeo.com/video/$src'";
49			$src = Security::remove_XSS($src);
50			$iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
51			$iframe .= '<iframe '.$src.' width="640" height="385" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>';
52			$iframe .= '</div>';
53			break;
54			case 'nonhttps':
55			$icon = ' <em class="icon-external-link icon-2x"></em>';
56			$iframe = Security::remove_XSS(Display::return_message(
57			Display::url($src.$icon, $src, ['class' => 'btn', 'target' => '_blank']),
58			'normal',
59			false
60			));
61			break;
62			}
63
64			$htmlHeadXtra[] = "
65			<style>
66			body { background: none;}
67			</style>
68			";
69
70			Display::display_reduced_header();
71			echo $iframe;
72			Display::display_footer();
73

chamilo / chamilo-lms

Issues (2126)

main/lp/embed.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like