Issues in embed.php (master) - Issues in master - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2089)

public/main/lp/embed.php (1 issue)

Severity

Unknown 1

<?php
/* For licensing terms, see /license.txt */

use ChamiloSession as Session;

require_once __DIR__.'/../inc/global.inc.php';

api_protect_course_script(true);

$type = $_REQUEST['type'] ?? '';
$src = $_REQUEST['source'] ?? '';
if (empty($type) || empty($src)) {
    api_not_allowed();
}

$iframe = '';
switch ($type) {
    case 'download':
        /** @var learnpath $learnPath */
        $learnPath = Session::read('oLP');
        $itemId = isset($_GET['lp_item_id']) ? $_GET['lp_item_id'] : '';
        if (!$learnPath || empty($itemId)) {

            api_not_allowed();
        }

        $file = learnpath::rl_get_resource_link_for_learnpath(
            api_get_course_int_id(),
            $learnPath->get_id(),
            $itemId,
            $learnPath->get_view_id()
        );

        $iframe = Display::return_message(
            Display::url(get_lang('Download'), $file, ['class' => 'btn btn--primary']),
            'info',
            false
        );
        break;
    case 'youtube':
        $src = "src ='//www.youtube.com/embed/$src'";
        $src = Security::remove_XSS($src);
        $iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
        $iframe .= '<iframe class="youtube-player" type="text/html" width="640" height="385" '.$src.' frameborder="0"></iframe>';
        $iframe .= '</div>';
        break;
    case 'vimeo':
        $src = "src ='//player.vimeo.com/video/$src'";
        $src = Security::remove_XSS($src);
        $iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
        $iframe .= '<iframe '.$src.' width="640" height="385" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>';
        $iframe .= '</div>';
        break;
    case 'nonhttps':
        $icon = '&nbsp;<em class="icon-external-link icon-2x"></em>';
        $iframe = Security::remove_XSS(Display::return_message(
            Display::url($src.$icon, $src, ['class' => 'btn', 'target' => '_blank']),
            'normal',
            false
        ));
        break;
}

$htmlHeadXtra[] = "
<style>
body { background: none;}
</style>
";

Display::display_reduced_header();
echo $iframe;
Display::display_footer();


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			use ChamiloSession as Session;
5
6			require_once __DIR__.'/../inc/global.inc.php';
7
8			api_protect_course_script(true);
9
10			$type = $_REQUEST['type'] ?? '';
11			$src = $_REQUEST['source'] ?? '';
12			if (empty($type) \|\| empty($src)) {
13			api_not_allowed();
14			}
15
16			$iframe = '';
17			switch ($type) {
18			case 'download':
19			/** @var learnpath $learnPath */
20			$learnPath = Session::read('oLP');
21			$itemId = isset($_GET['lp_item_id']) ? $_GET['lp_item_id'] : '';
22			if (!$learnPath \|\| empty($itemId)) {
			0 ignored issues – show introduced 2019-11-27 07:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$learnPath` is of type `learnpath`, thus it always evaluated to `true`. Loading history...
23			api_not_allowed();
24			}
25
26			$file = learnpath::rl_get_resource_link_for_learnpath(
27			api_get_course_int_id(),
28			$learnPath->get_id(),
29			$itemId,
30			$learnPath->get_view_id()
31			);
32
33			$iframe = Display::return_message(
34			Display::url(get_lang('Download'), $file, ['class' => 'btn btn--primary']),
35			'info',
36			false
37			);
38			break;
39			case 'youtube':
40			$src = "src ='//www.youtube.com/embed/$src'";
41			$src = Security::remove_XSS($src);
42			$iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
43			$iframe .= '<iframe class="youtube-player" type="text/html" width="640" height="385" '.$src.' frameborder="0"></iframe>';
44			$iframe .= '</div>';
45			break;
46			case 'vimeo':
47			$src = "src ='//player.vimeo.com/video/$src'";
48			$src = Security::remove_XSS($src);
49			$iframe .= '<div id="content" style="width: 700px ;margin-left:auto; margin-right:auto;"><br />';
50			$iframe .= '<iframe '.$src.' width="640" height="385" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>';
51			$iframe .= '</div>';
52			break;
53			case 'nonhttps':
54			$icon = ' <em class="icon-external-link icon-2x"></em>';
55			$iframe = Security::remove_XSS(Display::return_message(
56			Display::url($src.$icon, $src, ['class' => 'btn', 'target' => '_blank']),
57			'normal',
58			false
59			));
60			break;
61			}
62
63			$htmlHeadXtra[] = "
64			<style>
65			body { background: none;}
66			</style>
67			";
68
69			Display::display_reduced_header();
70			echo $iframe;
71			Display::display_footer();
72

chamilo / chamilo-lms

Issues (2089)

public/main/lp/embed.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like