Issues in show_content.php (BT22676) - Issues in BT22676 - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2128)

main/document/show_content.php (2 issues)

Labels

Severity

<?php
/* For licensing terms, see /license.txt */
/**
 * @author jmontoya
 *
 * @package chamilo.document
 */
require_once __DIR__.'/../inc/global.inc.php';

// Protection
api_protect_course_script(true);

$header_file = isset($_GET['file']) ? Security::remove_XSS($_GET['file']) : null;
$document_id = intval($_GET['id']);

$courseId = api_get_course_int_id();
$course_info = api_get_course_info_by_id($courseId);
$course_code = $course_info['code'];
$session_id = api_get_session_id();

if (empty($course_info)) {
    api_not_allowed(true);
}

// Generate path
if (!$document_id) {
    $document_id = DocumentManager::get_document_id($course_info, $header_file);
}
$document_data = DocumentManager::get_document_data_by_id(
    $document_id,
    $course_code,
    true,
    $session_id
);

if ($session_id != 0 && !$document_data) {

    $document_data = DocumentManager::get_document_data_by_id(
        $document_id,
        $course_code,
        true,
        0
    );
}
if (empty($document_data)) {
    api_not_allowed(true);
}

$header_file = $document_data['path'];
$name_to_show = cut($header_file, 80);

$path_array = explode('/', str_replace('\\', '/', $header_file));
$path_array = array_map('urldecode', $path_array);
$header_file = implode('/', $path_array);

$file = Security::remove_XSS(urldecode($document_data['path']));

$file_root = $course_info['path'].'/document'.str_replace('%2F', '/', $file);
$file_url_sys = api_get_path(SYS_COURSE_PATH).$file_root;
$file_url_web = api_get_path(WEB_COURSE_PATH).$file_root;

if (!file_exists($file_url_sys)) {
    api_not_allowed(true);
}

if (is_dir($file_url_sys)) {
    api_not_allowed(true);
}

//fix the screen when you try to access a protected course through the url
$is_allowed_in_course = api_is_allowed_in_course();

if ($is_allowed_in_course == false) {

    api_not_allowed(true);
}

// Check user visibility
$is_visible = DocumentManager::check_visibility_tree(
    $document_id,
    api_get_course_info(),
    api_get_session_id(),
    api_get_user_id(),
    api_get_group_id()
);

if (!api_is_allowed_to_edit() && !$is_visible) {
    api_not_allowed(true);
}

//TODO:clean all code

/*	Main section */
header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
//header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Last-Modified: Wed, 01 Jan 2100 00:00:00 GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
$browser_display_title = 'Documents - '.Security::remove_XSS($_GET['cidReq']).' - '.$file;
$file_url_web = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/document'.$header_file.'?'.api_get_cidreq();
$pathinfo = pathinfo($header_file);

if ($pathinfo['extension'] == 'swf') {
    $width = '83%';
    $height = '83%';
} else {
    $width = '100%';
    $height = '100%';
}

echo '<iframe border="0" frameborder="0" scrolling="no" style="width:'.$width.'; height:'.$height.';background-color:#ffffff;" id="mainFrame" name="mainFrame" src="'.$file_url_web.'?'.api_get_cidreq().'&amp;rand='.mt_rand(1, 1000).'"></iframe>';


1			<?php
2			/* For licensing terms, see /license.txt */
3			/**
4			* @author jmontoya
5			*
6			* @package chamilo.document
7			*/
8			require_once __DIR__.'/../inc/global.inc.php';
9
10			// Protection
11			api_protect_course_script(true);
12
13			$header_file = isset($_GET['file']) ? Security::remove_XSS($_GET['file']) : null;
14			$document_id = intval($_GET['id']);
15
16			$courseId = api_get_course_int_id();
17			$course_info = api_get_course_info_by_id($courseId);
18			$course_code = $course_info['code'];
19			$session_id = api_get_session_id();
20
21			if (empty($course_info)) {
22			api_not_allowed(true);
23			}
24
25			// Generate path
26			if (!$document_id) {
27			$document_id = DocumentManager::get_document_id($course_info, $header_file);
28			}
29			$document_data = DocumentManager::get_document_data_by_id(
30			$document_id,
31			$course_code,
32			true,
33			$session_id
34			);
35
36			if ($session_id != 0 && !$document_data) {
			0 ignored issues – show Bug Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$document_data` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
37			$document_data = DocumentManager::get_document_data_by_id(
38			$document_id,
39			$course_code,
40			true,
41			0
42			);
43			}
44			if (empty($document_data)) {
45			api_not_allowed(true);
46			}
47
48			$header_file = $document_data['path'];
49			$name_to_show = cut($header_file, 80);
50
51			$path_array = explode('/', str_replace('\\', '/', $header_file));
52			$path_array = array_map('urldecode', $path_array);
53			$header_file = implode('/', $path_array);
54
55			$file = Security::remove_XSS(urldecode($document_data['path']));
56
57			$file_root = $course_info['path'].'/document'.str_replace('%2F', '/', $file);
58			$file_url_sys = api_get_path(SYS_COURSE_PATH).$file_root;
59			$file_url_web = api_get_path(WEB_COURSE_PATH).$file_root;
60
61			if (!file_exists($file_url_sys)) {
62			api_not_allowed(true);
63			}
64
65			if (is_dir($file_url_sys)) {
66			api_not_allowed(true);
67			}
68
69			//fix the screen when you try to access a protected course through the url
70			$is_allowed_in_course = api_is_allowed_in_course();
71
72			if ($is_allowed_in_course == false) {
			0 ignored issues – show Coding Style Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
73			api_not_allowed(true);
74			}
75
76			// Check user visibility
77			$is_visible = DocumentManager::check_visibility_tree(
78			$document_id,
79			api_get_course_info(),
80			api_get_session_id(),
81			api_get_user_id(),
82			api_get_group_id()
83			);
84
85			if (!api_is_allowed_to_edit() && !$is_visible) {
86			api_not_allowed(true);
87			}
88
89			//TODO:clean all code
90
91			/* Main section */
92			header('Expires: Wed, 01 Jan 1990 00:00:00 GMT');
93			//header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
94			header('Last-Modified: Wed, 01 Jan 2100 00:00:00 GMT');
95			header('Cache-Control: no-cache, must-revalidate');
96			header('Pragma: no-cache');
97			$browser_display_title = 'Documents - '.Security::remove_XSS($_GET['cidReq']).' - '.$file;
98			$file_url_web = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/document'.$header_file.'?'.api_get_cidreq();
99			$pathinfo = pathinfo($header_file);
100
101			if ($pathinfo['extension'] == 'swf') {
102			$width = '83%';
103			$height = '83%';
104			} else {
105			$width = '100%';
106			$height = '100%';
107			}
108
109			echo '<iframe border="0" frameborder="0" scrolling="no" style="width:'.$width.'; height:'.$height.';background-color:#ffffff;" id="mainFrame" name="mainFrame" src="'.$file_url_web.'?'.api_get_cidreq().'&rand='.mt_rand(1, 1000).'"></iframe>';
110

chamilo / chamilo-lms

Issues (2128)

main/document/show_content.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like