This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace FreedomCore\VK\API; |
||
4 | |||
5 | use FreedomCore\VK\VKBase; |
||
6 | |||
7 | class VKGroups extends VKAPI { |
||
8 | |||
9 | /** |
||
10 | * API Method for this class |
||
11 | * @var string |
||
12 | */ |
||
13 | protected $apiMethod = 'groups.'; |
||
14 | |||
15 | /** |
||
16 | * Permission Required To Work With This Extension |
||
17 | * @var int |
||
18 | */ |
||
19 | protected $requiredPermission = parent::PERMISSION_GROUPS; |
||
20 | |||
21 | /** |
||
22 | * Default Fields For Selection |
||
23 | */ |
||
24 | const defaultFields = [ 'description', 'members_count', 'status', 'contacts' ]; |
||
25 | |||
26 | /** |
||
27 | * VKGroups constructor. |
||
28 | * @param VKBase $vkObject |
||
29 | */ |
||
30 | public function __construct(VKBase $vkObject) { |
||
31 | parent::__construct($vkObject); |
||
32 | parent::isAllowed($this->requiredPermission); |
||
33 | } |
||
34 | |||
35 | /** |
||
36 | * Returns information specifying whether a user is a member of a community |
||
37 | * @param int | string $groupID |
||
38 | * @param int $userID |
||
39 | * @param int $isExtended |
||
40 | * @return mixed |
||
41 | */ |
||
42 | public function isMember($groupID, $userID, $isExtended = 0) { |
||
43 | $requestParameters = [ |
||
44 | 'group_id' => $groupID, |
||
45 | 'user_id' => $userID, |
||
46 | 'extended' => ($isExtended > 1 || $isExtended < 0) ? 0 : $isExtended |
||
47 | ]; |
||
48 | |||
49 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
50 | } |
||
51 | |||
52 | /** |
||
53 | * Returns information about communities by their ID (IDs) |
||
54 | * @param int | string $groupID |
||
55 | * @param array $requestFields |
||
56 | * @return mixed |
||
57 | */ |
||
58 | public function getById($groupID, $requestFields = self::defaultFields) { |
||
59 | $requestParameters = [ |
||
60 | 'fields' => $this->getAllowedFields($requestFields) |
||
61 | ]; |
||
62 | |||
63 | if (is_array($groupID)) { |
||
64 | $requestParameters[ 'group_ids' ] = implode(',', $groupID); |
||
65 | } else { |
||
66 | $requestParameters[ 'group_id' ] = $groupID; |
||
67 | } |
||
68 | |||
69 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
70 | } |
||
71 | |||
72 | /** |
||
73 | * Returns a list of the communities to which a user belongs |
||
74 | * @param int $userID |
||
75 | * @param int $isExtended |
||
76 | * @param string $setFilter |
||
77 | * @param array $requestFields |
||
78 | * @return mixed |
||
79 | */ |
||
80 | public function get($userID, $isExtended = 0, $setFilter = null, $requestFields = self::defaultFields) { |
||
81 | $allowedFilterTypes = [ 'admin', 'editor', 'moder', 'groups', 'publics', 'events' ]; |
||
82 | $requestParameters = [ |
||
83 | 'user_id' => $userID, |
||
84 | 'extended' => ($isExtended > 1 || $isExtended < 0) ? 0 : $isExtended, |
||
85 | 'fields' => $this->getAllowedFields($requestFields) |
||
86 | ]; |
||
87 | if ($setFilter != null && in_array($setFilter, $allowedFilterTypes)) { |
||
88 | $requestParameters[ 'filter' ] = $setFilter; |
||
89 | } |
||
90 | |||
91 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
92 | } |
||
93 | |||
94 | /** |
||
95 | * Returns a list of community members |
||
96 | * @param int | string $groupID |
||
97 | * @param array $requestFields |
||
98 | * @return mixed |
||
99 | */ |
||
100 | View Code Duplication | public function getMembers($groupID, $requestFields = VKUsers::standardFields) { |
|
101 | $requestParameters = [ |
||
102 | 'group_id' => $groupID, |
||
103 | 'fields' => $requestFields |
||
104 | ]; |
||
105 | |||
106 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
107 | } |
||
108 | |||
109 | /** |
||
110 | * With this method you can join the group or public page, and also confirm your participation in an event. |
||
111 | * @param int $groupID |
||
112 | * @param null $ifMeeting |
||
113 | * @return mixed |
||
114 | */ |
||
115 | public function join($groupID, $ifMeeting = null) { |
||
116 | $requestParameters[ 'group_id' ] = $groupID; |
||
0 ignored issues
–
show
|
|||
117 | if ($ifMeeting != null){ |
||
118 | if ($ifMeeting == 1 || $ifMeeting == 0) { |
||
119 | $requestParameters[ 'not_sure' ] = $ifMeeting; |
||
120 | } |
||
121 | } |
||
122 | |||
123 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
124 | } |
||
125 | |||
126 | /** |
||
127 | * With this method you can leave a group, public page, or event. |
||
128 | * @param int $groupID |
||
129 | * @return mixed |
||
130 | */ |
||
131 | public function leave($groupID) { |
||
132 | $requestParameters[ 'group_id' ] = $groupID; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$requestParameters was never initialized. Although not strictly required by PHP, it is generally a good practice to add $requestParameters = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
133 | |||
134 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
135 | } |
||
136 | |||
137 | /** |
||
138 | * Searches for communities by substring. |
||
139 | * @param string $searchQuery |
||
140 | * @param string $groupType |
||
141 | * @return mixed |
||
142 | */ |
||
143 | public function search($searchQuery, $groupType = null) { |
||
144 | $requestParameters[ 'q' ] = $searchQuery; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$requestParameters was never initialized. Although not strictly required by PHP, it is generally a good practice to add $requestParameters = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
145 | if ($groupType != null && in_array($groupType, [ 'group', 'page', 'event' ])) { |
||
146 | $requestParameters[ 'type' ] = $groupType; |
||
147 | } |
||
148 | |||
149 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * Returns a list of invitations to join communities and events. |
||
154 | * @param int $isExtended |
||
155 | * @return mixed |
||
156 | */ |
||
157 | public function getInvites($isExtended = 0) { |
||
158 | $requestParameters[ 'extended' ] = ($isExtended > 1 || $isExtended < 0) ? 0 : $isExtended; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$requestParameters was never initialized. Although not strictly required by PHP, it is generally a good practice to add $requestParameters = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
159 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
160 | } |
||
161 | |||
162 | /** |
||
163 | * Returns invited users list of a community |
||
164 | * @param int $groupID |
||
165 | * @param array $requestFields |
||
166 | * @return mixed |
||
167 | */ |
||
168 | View Code Duplication | public function getInvitedUsers($groupID, $requestFields = VKUsers::standardFields) { |
|
169 | $requestParameters = [ |
||
170 | 'group_id' => $groupID, |
||
171 | 'fields ' => $requestFields |
||
172 | ]; |
||
173 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
174 | } |
||
175 | |||
176 | /** |
||
177 | * Adds a user to a community blacklist |
||
178 | * @param int $groupID |
||
179 | * @param int $userID |
||
180 | * @param int $banReason - 1 — spam 2 — verbal abuse 3 — strong language 4 — irrelevant messages 0 — other (default) |
||
181 | * @param string $banComment - Comment of ban action |
||
182 | * @param int $endDateTimeStamp - Unix Time |
||
183 | * @param int $commentVisible - Show Comment To User (1 - Yes | 0 - No) |
||
184 | */ |
||
185 | public function banUser($groupID, $userID, $banReason = 0, $banComment = '', $endDateTimeStamp = null, $commentVisible = 1) { |
||
186 | $requestParameters = [ |
||
187 | 'group_id' => $groupID, |
||
188 | 'user_id' => $userID, |
||
189 | 'reason' => ($banReason < 0 || $banReason > 4) ? 0 : $banReason, |
||
190 | 'comment' => $banComment, |
||
191 | 'end_date' => ($endDateTimeStamp == null) ? strtotime(date("Y-m-d", strtotime("+1 week"))) : $endDateTimeStamp, |
||
192 | 'comment_visible' => $commentVisible |
||
193 | ]; |
||
194 | |||
195 | parent::executeQuery(__FUNCTION__, $requestParameters); |
||
196 | } |
||
197 | |||
198 | /** |
||
199 | * Deletes a user from a community blacklist |
||
200 | * @param int $groupID |
||
201 | * @param int $userID |
||
202 | * @return mixed |
||
203 | */ |
||
204 | public function unbanUser($groupID, $userID) { |
||
205 | $requestParameters = [ |
||
206 | 'group_id' => $groupID, |
||
207 | 'user_id' => $userID |
||
208 | ]; |
||
209 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
210 | } |
||
211 | |||
212 | /** |
||
213 | * Returns a list of users on a community blacklist (Requires Moderator Status) |
||
214 | * @param int $groupID |
||
215 | * @return mixed |
||
216 | */ |
||
217 | public function getBanned($groupID) { |
||
218 | return parent::executeQuery(__FUNCTION__, [ 'group_id' => $groupID]); |
||
219 | } |
||
220 | |||
221 | /** |
||
222 | * Creates a new community |
||
223 | * @param string $groupTitle |
||
224 | * @param string $groupDescription |
||
225 | * @param string $groupType |
||
226 | * @param int $subType |
||
227 | * @return mixed |
||
228 | */ |
||
229 | public function create($groupTitle, $groupDescription, $groupType = 'group', $subType = null) { |
||
230 | $allowedGroupTypes = [ 'group', 'event', 'public' ]; |
||
231 | $requestParameters = [ |
||
232 | 'title' => $groupTitle, |
||
233 | 'type' => (in_array($groupType, $allowedGroupTypes)) ? $groupType : 'group' |
||
234 | ]; |
||
235 | if ($groupType != 'public') { |
||
236 | $requestParameters[ 'description' ] = $groupDescription; |
||
237 | } |
||
238 | if ($subType !== null) { |
||
239 | $requestParameters[ 'subtype' ] = ($subType > 4 || $subType < 1) ? 2 : $subType; |
||
240 | } |
||
241 | |||
242 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
243 | } |
||
244 | |||
245 | /** |
||
246 | * Edits a community |
||
247 | * @param int $groupID |
||
248 | * @param string $groupTitle |
||
249 | * @param string $groupDescription |
||
250 | * @param string $groupScreenName |
||
251 | * @param int $groupAccess |
||
252 | * @param string $groupWebSite |
||
253 | * @param int $groupSubject |
||
254 | * @return array |
||
255 | */ |
||
256 | public function edit($groupID, $groupTitle, $groupDescription, $groupScreenName, $groupAccess, $groupWebSite, $groupSubject) { |
||
257 | $requestParameters = [ |
||
258 | 'group_id' => $groupID, |
||
259 | 'title' => $groupTitle, |
||
260 | 'description' => $groupDescription, |
||
261 | 'screen_name' => $groupScreenName, |
||
262 | 'access' => ($groupAccess > 2 || $groupAccess < 0) ? 1 : $groupAccess, |
||
263 | 'website' => $groupWebSite, |
||
264 | 'subject' => ($groupSubject < 1 || $groupSubject > 42) ? 26 : $groupSubject, |
||
265 | ]; |
||
266 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
267 | } |
||
268 | |||
269 | /** |
||
270 | * Get Group Settings |
||
271 | * @param int $groupID |
||
272 | * @return mixed |
||
273 | */ |
||
274 | public function getSettings($groupID) { |
||
275 | return parent::executeQuery(__FUNCTION__, [ 'group_id' => $groupID]); |
||
276 | } |
||
277 | |||
278 | /** |
||
279 | * Get Group Access Request |
||
280 | * @param int $groupID |
||
281 | * @param array $requestFields |
||
282 | * @param int $setCount |
||
283 | * @return array |
||
284 | */ |
||
285 | public function getRequests($groupID, $requestFields = null, $setCount = 20) { |
||
286 | if ($requestFields == null) { |
||
287 | $requestFields = VKUsers::standardFields; |
||
288 | } |
||
289 | |||
290 | $requestParameters = [ |
||
291 | 'group_id' => $groupID, |
||
292 | 'fields' => $requestFields, |
||
293 | 'count' => $setCount |
||
294 | ]; |
||
295 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
296 | } |
||
297 | |||
298 | /** |
||
299 | * Invite User To Group |
||
300 | * @param int $groupID |
||
301 | * @param int $userID |
||
302 | * @return mixed |
||
303 | */ |
||
304 | public function invite($groupID, $userID) { |
||
305 | $requestParameters = [ |
||
306 | 'group_id' => $groupID, |
||
307 | 'user_id' => $userID |
||
308 | ]; |
||
309 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
310 | } |
||
311 | |||
312 | /** |
||
313 | * Remove User From Group |
||
314 | * @param int $groupID |
||
315 | * @param int $userID |
||
316 | * @return mixed |
||
317 | */ |
||
318 | public function removeUser($groupID, $userID) { |
||
319 | $requestParameters = [ |
||
320 | 'group_id' => $groupID, |
||
321 | 'user_id' => $userID |
||
322 | ]; |
||
323 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
324 | } |
||
325 | |||
326 | /** |
||
327 | * Approve User Request To Join Group |
||
328 | * @param int $groupID |
||
329 | * @param int $userID |
||
330 | * @return mixed |
||
331 | */ |
||
332 | public function approveRequest($groupID, $userID) { |
||
333 | $requestParameters = [ |
||
334 | 'group_id' => $groupID, |
||
335 | 'user_id' => $userID |
||
336 | ]; |
||
337 | return parent::executeQuery(__FUNCTION__, $requestParameters); |
||
338 | } |
||
339 | |||
340 | |||
341 | /** |
||
342 | * Get Fields That Allowed To Be Used With Groups API |
||
343 | * @param $fieldsArray |
||
344 | * @return string |
||
345 | */ |
||
346 | private function getAllowedFields($fieldsArray) { |
||
347 | $groupsFields = [ |
||
348 | 'group_id', |
||
349 | 'name', |
||
350 | 'screen_name', |
||
351 | 'is_closed', |
||
352 | 'is_admin', |
||
353 | 'admin_level', |
||
354 | 'is_member', |
||
355 | 'type', |
||
356 | 'photo', |
||
357 | 'photo_medium', |
||
358 | 'photo_big', |
||
359 | 'city', |
||
360 | 'country', |
||
361 | 'place', |
||
362 | 'description', |
||
363 | 'wiki_page', |
||
364 | 'members_count', |
||
365 | 'counters', |
||
366 | 'start_date ', |
||
367 | 'end_date', |
||
368 | 'can_post', |
||
369 | 'can_see_all_posts', |
||
370 | 'activity', |
||
371 | 'status', |
||
372 | 'contacts' |
||
373 | ]; |
||
374 | |||
375 | foreach($fieldsArray as $fKey => $fValue) { |
||
376 | if (!in_array($fValue, $groupsFields)) { |
||
377 | unset($fieldsArray[$fKey]); |
||
378 | } |
||
379 | } |
||
380 | return implode(',', $fieldsArray); |
||
381 | } |
||
382 | } |
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code.
Let’s take a look at an example:
As you can see in this example, the array
$myArray
is initialized the first time when the foreach loop is entered. You can also see that the value of thebar
key is only written conditionally; thus, its value might result from a previous iteration.This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.