Issues in survey.download.inc.php (BT22676) - Issues in BT22676 - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2128)

main/survey/survey.download.inc.php (3 issues)

Labels

Best Practice 3

Severity

Major 3

<?php
/* For licensing terms, see /license.txt */

/**
 * @author Arnaud Ligot <[email protected]>
 *
 * A small peace of code to enable user to access images included into survey
 * which are accessible by non authenticated users. This file is included
 * by document/download.php
 */
function check_download_survey($course, $invitation, $doc_url)
{
    // Getting all the course information
    $_course = api_get_course_info($course);
    $course_id = $_course['real_id'];

    // Database table definitions
    $table_survey = Database::get_course_table(TABLE_SURVEY);
    $table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
    $table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
    $table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION);

    // Now we check if the invitationcode is valid
    $sql = "SELECT * FROM $table_survey_invitation
            WHERE
                c_id = $course_id AND
                invitation_code = '".Database::escape_string($invitation)."'";
    $result = Database::query($sql);
    if (Database::num_rows($result) < 1) {
        echo Display::return_message(get_lang('WrongInvitationCode'), 'error', false);
        exit;

    }
    $survey_invitation = Database::fetch_assoc($result);

    // Now we check if the user already filled the survey
    /*if ($survey_invitation['answered'] == 1) {
        echo Display::return_message(get_lang('YouAlreadyFilledThisSurvey'), 'error', false);
        exit;
    }*/

    // Very basic security check: check if a text field from
    // a survey/answer/option contains the name of the document requested
    // Fetch survey ID
    // If this is the case there will be a language choice
    $sql = "SELECT * FROM $table_survey
            WHERE
                c_id = $course_id AND
                code='".Database::escape_string($survey_invitation['survey_code'])."'";
    $result = Database::query($sql);
    if (Database::num_rows($result) > 1) {
        if ($_POST['language']) {
            $survey_invitation['survey_id'] = $_POST['language'];
        } else {
            echo '<form
                id="language"
                name="language"
                method="POST"
                action="'.api_get_self().'?course='.Security::remove_XSS($_GET['course']).'&invitationcode='.Security::remove_XSS($_GET['invitationcode']).'">';
            echo '  <select name="language">';
            while ($row = Database::fetch_assoc($result)) {
                echo '<option value="'.$row['survey_id'].'">'.$row['lang'].'</option>';
            }
            echo '</select>';
            echo '  <input type="submit" name="Submit" value="'.get_lang('Ok').'" />';
            echo '</form>';
            Display::display_footer();
            exit;

        }
    } else {
        $row = Database::fetch_assoc($result);
        $survey_invitation['survey_id'] = $row['survey_id'];
    }

    $doc_url = Database::escape_string($doc_url);
    $survey_invitation['survey_id'] = Database::escape_string($survey_invitation['survey_id']);

    $sql = "SELECT count(*)
            FROM $table_survey
            WHERE
                c_id = $course_id AND
                survey_id = ".$survey_invitation['survey_id']." AND (
                    title LIKE '%$doc_url%'
                    or subtitle LIKE '%$doc_url%'
                    or intro LIKE '%$doc_url%'
                    or surveythanks LIKE '%$doc_url%'
                )
            UNION
                SELECT count(*)
                FROM $table_survey_question
                WHERE
                    c_id = $course_id AND
                    survey_id = ".$survey_invitation['survey_id']." AND (
                        survey_question LIKE '%$doc_url%' OR
                        survey_question_comment LIKE '%$doc_url%'
                    )
            UNION
                SELECT count(*)
                FROM $table_survey_question_option
                WHERE
                    c_id = $course_id AND
                    survey_id = ".$survey_invitation['survey_id']." AND (
                        option_text LIKE '%$doc_url%'
                    )";
    $result = Database::query($sql);
    if (Database::num_rows($result) == 0) {
        echo Display::return_message(get_lang('WrongInvitationCode'), 'error', false);
        exit;

    }

    return $_course;
}


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* @author Arnaud Ligot <[email protected]>
6			*
7			* A small peace of code to enable user to access images included into survey
8			* which are accessible by non authenticated users. This file is included
9			* by document/download.php
10			*/
11			function check_download_survey($course, $invitation, $doc_url)
12			{
13			// Getting all the course information
14			$_course = api_get_course_info($course);
15			$course_id = $_course['real_id'];
16
17			// Database table definitions
18			$table_survey = Database::get_course_table(TABLE_SURVEY);
19			$table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
20			$table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
21			$table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION);
22
23			// Now we check if the invitationcode is valid
24			$sql = "SELECT * FROM $table_survey_invitation
25			WHERE
26			c_id = $course_id AND
27			invitation_code = '".Database::escape_string($invitation)."'";
28			$result = Database::query($sql);
29			if (Database::num_rows($result) < 1) {
30			echo Display::return_message(get_lang('WrongInvitationCode'), 'error', false);
31			exit;
			0 ignored issues – show Best Practice introduced 2020-11-04 08:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
32			}
33			$survey_invitation = Database::fetch_assoc($result);
34
35			// Now we check if the user already filled the survey
36			/*if ($survey_invitation['answered'] == 1) {
37			echo Display::return_message(get_lang('YouAlreadyFilledThisSurvey'), 'error', false);
38			exit;
39			}*/
40
41			// Very basic security check: check if a text field from
42			// a survey/answer/option contains the name of the document requested
43			// Fetch survey ID
44			// If this is the case there will be a language choice
45			$sql = "SELECT * FROM $table_survey
46			WHERE
47			c_id = $course_id AND
48			code='".Database::escape_string($survey_invitation['survey_code'])."'";
49			$result = Database::query($sql);
50			if (Database::num_rows($result) > 1) {
51			if ($_POST['language']) {
52			$survey_invitation['survey_id'] = $_POST['language'];
53			} else {
54			echo '<form
55			id="language"
56			name="language"
57			method="POST"
58			action="'.api_get_self().'?course='.Security::remove_XSS($_GET['course']).'&invitationcode='.Security::remove_XSS($_GET['invitationcode']).'">';
59			echo ' <select name="language">';
60			while ($row = Database::fetch_assoc($result)) {
61			echo '<option value="'.$row['survey_id'].'">'.$row['lang'].'</option>';
62			}
63			echo '</select>';
64			echo ' <input type="submit" name="Submit" value="'.get_lang('Ok').'" />';
65			echo '</form>';
66			Display::display_footer();
67			exit;
			0 ignored issues – show Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
68			}
69			} else {
70			$row = Database::fetch_assoc($result);
71			$survey_invitation['survey_id'] = $row['survey_id'];
72			}
73
74			$doc_url = Database::escape_string($doc_url);
75			$survey_invitation['survey_id'] = Database::escape_string($survey_invitation['survey_id']);
76
77			$sql = "SELECT count(*)
78			FROM $table_survey
79			WHERE
80			c_id = $course_id AND
81			survey_id = ".$survey_invitation['survey_id']." AND (
82			title LIKE '%$doc_url%'
83			or subtitle LIKE '%$doc_url%'
84			or intro LIKE '%$doc_url%'
85			or surveythanks LIKE '%$doc_url%'
86			)
87			UNION
88			SELECT count(*)
89			FROM $table_survey_question
90			WHERE
91			c_id = $course_id AND
92			survey_id = ".$survey_invitation['survey_id']." AND (
93			survey_question LIKE '%$doc_url%' OR
94			survey_question_comment LIKE '%$doc_url%'
95			)
96			UNION
97			SELECT count(*)
98			FROM $table_survey_question_option
99			WHERE
100			c_id = $course_id AND
101			survey_id = ".$survey_invitation['survey_id']." AND (
102			option_text LIKE '%$doc_url%'
103			)";
104			$result = Database::query($sql);
105			if (Database::num_rows($result) == 0) {
106			echo Display::return_message(get_lang('WrongInvitationCode'), 'error', false);
107			exit;
			0 ignored issues – show Best Practice introduced 2020-11-04 08:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
108			}
109
110			return $_course;
111			}
112

chamilo / chamilo-lms

Issues (2128)

main/survey/survey.download.inc.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like