Issues in XmlPreview.php (development) - Issues in development - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1686)

sources/ElkArte/Controller/XmlPreview.php (2 issues)

Labels

Severity

Major 2

<?php

/**
 * Handles xml preview request in their various forms
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * @version 2.0 dev
 */

namespace ElkArte\Controller;

use BBC\ParserWrapper;
use ElkArte\AbstractController;
use ElkArte\Action;
use ElkArte\Helper\Util;
use ElkArte\Languages\Txt;

/**
 * Handles requests for previews of an item, in an ajax enabled template.
 */
class XmlPreview extends AbstractController
{
	/**
	 * {@inheritDoc}
	 */
	public function trackStats($action = '')
	{
		return false;
	}

	/**
	 * Calls the correct function for the action.
	 *
	 * @see AbstractController::action_index
	 */
	public function action_index()
	{
		global $context;

		$subActions = array(
			'newspreview' => array($this, 'action_newspreview'),
			'newsletterpreview' => array($this, 'action_newsletterpreview'),
			'sig_preview' => array($this, 'action_sig_preview'),
			'warning_preview' => array($this, 'action_warning_preview'),
			'bounce_preview' => array($this, 'action_bounce_preview'),
			'invalid' => array(),
		);

		// Valid action?
		$action = new Action('xml_preview');
		$subAction = $action->initialize($subActions, 'invalid', 'item');

		if ($subAction === 'invalid')
		{
			return;
		}

		// Set up the template and default sub-template.
		theme()->getTemplates()->load('Xml');
		$context['sub_template'] = 'generic_xml';

		// A preview it is then
		$action->dispatch($subAction);
	}

	/**
	 * Get a preview of the important forum news for review before use
	 *
	 *  - Calls parse bbc to render bbc tags for the preview
	 */
	public function action_newspreview()
	{
		global $context;

		// Needed for parse bbc
		require_once(SUBSDIR . '/Post.subs.php');

		$errors = array();
		$news = isset($this->_req->post->news) ? Util::htmlspecialchars($this->_req->post->news, ENT_QUOTES) : '';
		if (empty($news))
		{
			$errors[] = array('value' => 'no_news');
		}
		else
		{
			preparsecode($news);
		}

		$bbc_parser = ParserWrapper::instance();

		// Return the xml response to the template
		$context['xml_data'] = array(
			'news' => array(
				'identifier' => 'parsedNews',
				'children' => array(
					array(
						'value' => $bbc_parser->parseNews($news),
					),
				),
			),
			'errors' => array(
				'identifier' => 'error',
				'children' => $errors
			),
		);
	}

	/**
	 * Get a preview of a newsletter before its sent on to the masses
	 *
	 *  - Uses prepareMailingForPreview to create the actual preview
	 */
	public function action_newsletterpreview()
	{
		global $context, $txt;

		// Needed to create the preview
		require_once(SUBSDIR . '/Mail.subs.php');
		Txt::load('Errors');

		$context['post_error']['errors'] = array();
		$context['send_pm'] = empty($this->_req->post->send_pm) ? 0 : 1;
		$context['send_html'] = empty($this->_req->post->send_html) ? 0 : 1;

		// Let them know about any mistakes
		if (empty($this->_req->post->subject))
		{
			$context['post_error']['errors'][] = $txt['error_no_subject'];
		}

		if (empty($this->_req->post->message))
		{
			$context['post_error']['errors'][] = $txt['error_no_message'];
		}

		prepareMailingForPreview();

		$context['sub_template'] = 'generic_preview';
	}

	/**
	 * Let them see what their signature looks like before they use it like spam
	 */
	public function action_sig_preview()
	{
		global $context, $txt;

		require_once(SUBSDIR . '/Profile.subs.php');
		Txt::load('Profile+Errors');

		$user = isset($this->_req->post->user) ? (int) $this->_req->post->user : 0;
		$is_owner = $user === (int) $this->user->id;


		// @todo Temporary
		// Borrowed from loadAttachmentContext in Display.controller.php
		$can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');

		$errors = array();
		if (!empty($user) && $can_change)
		{
			require_once(SUBSDIR . '/Members.subs.php');

			// Get the current signature
			$member = getBasicMemberData($user, array('preferences' => true));

			$member['signature'] = censor($member['signature']);
			$bbc_parser = ParserWrapper::instance();
			$member['signature'] = $bbc_parser->parseSignature($member['signature'], true);

			// And now what they want it to be
			$preview_signature = empty($this->_req->post->signature) ? '' : Util::htmlspecialchars($this->_req->post->signature);
			$validation = profileValidateSignature($preview_signature);

			// An odd check for errors to be sure
			if ($validation !== true && $validation !== false)
			{
				$errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));
			}

			preparsecode($preview_signature);
			$preview_signature = censor($preview_signature);
			$preview_signature = $bbc_parser->parseSignature($preview_signature, true);
		}
		// Sorry but you can't change the signature
		elseif (!$can_change)
		{
			if ($is_owner)
			{
				$errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
			}
			else
			{
				$errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
			}
		}
		else
		{
			$errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));
		}

		// Return the response for the template
		$context['xml_data']['signatures'] = array(
			'identifier' => 'signature',
			'children' => array()
		);

		if (isset($member['signature']))
		{
			$context['xml_data']['signatures']['children'][] = array(
				'value' => $member['signature'],
				'attributes' => array('type' => 'current'),
			);
		}

		if (isset($preview_signature))
		{
			$context['xml_data']['signatures']['children'][] = array(
				'value' => $preview_signature,
				'attributes' => array('type' => 'preview'),
			);
		}

		if (!empty($errors))
		{
			$context['xml_data']['errors'] = array(
				'identifier' => 'error',
				'children' => array_merge(
					array(
						array(
							'value' => $txt['profile_errors_occurred'],
							'attributes' => array('type' => 'errors_occurred'),
						),
					), $errors
				),
			);
		}
	}

	/**
	 * Used to preview custom warning templates before they are saved to submitted to the user
	 */
	public function action_warning_preview()
	{
		global $context, $txt, $scripturl, $mbname;

		require_once(SUBSDIR . '/Post.subs.php');
		Txt::load('Errors+ModerationCenter');

		$context['post_error']['errors'] = array();

		// If you can't issue the warning, what are you doing here?
		if (allowedTo('issue_warning'))
		{
			$warning_body = empty($this->_req->post->body) ? '' : trim(censor($this->_req->post->body));
			$context['preview_subject'] = empty($this->_req->post->title) ? '' : trim(Util::htmlspecialchars($this->_req->post->title));
			if (isset($this->_req->post->issuing))
			{
				if (empty($this->_req->post->title) || empty($this->_req->post->body))
				{
					$context['post_error']['errors'][] = $txt['warning_notify_blank'];
				}
			}
			else
			{
				if (empty($this->_req->post->title))
				{
					$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_title'];
				}

				if (empty($this->_req->post->body))
				{
					$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_body'];
				}

				// Add in few replacements.
				/**
				 * These are the defaults:
				 * - {MEMBER} - Member Name. => current user for review
				 * - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
				 * - {FORUMNAME} - Forum Name.
				 * - {SCRIPTURL} - Web address of forum.
				 * - {REGARDS} - Standard email sign-off.
				 */
				$find = array(
					'{MEMBER}',
					'{FORUMNAME}',
					'{SCRIPTURL}',
					'{REGARDS}',
				);
				$replace = array(
					$this->user->name,

					$mbname,
					$scripturl,
					replaceBasicActionUrl($txt['regards_team']),
				);
				$warning_body = str_replace($find, $replace, $warning_body);
			}

			// Deal with any BBC so it looks good for the preview
			if (!empty($this->_req->post->body))
			{
				preparsecode($warning_body);
				$bbc_parser = ParserWrapper::instance();
				$warning_body = $bbc_parser->parseNotice($warning_body);
			}

			$context['preview_message'] = $warning_body;
		}
		else
		{
			$context['post_error']['errors'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));
		}

		$context['sub_template'] = 'generic_preview';
	}

	/**
	 * Used to preview custom email bounce templates before they are saved for use
	 */
	public function action_bounce_preview()
	{
		global $context, $txt, $scripturl, $mbname, $modSettings;

		require_once(SUBSDIR . '/Post.subs.php');
		Txt::load('Errors+ModerationCenter');

		$context['post_error']['errors'] = array();

		// If you can't approve emails, what are you doing here?
		if (allowedTo('approve_emails'))
		{
			$body = empty($this->_req->post->body) ? '' : trim(censor($this->_req->post->body));
			$context['preview_subject'] = empty($this->_req->post->title) ? '' : trim(Util::htmlspecialchars($this->_req->post->title));

			if (isset($this->_req->post->issuing))
			{
				if (empty($this->_req->post->title) || empty($this->_req->post->body))
				{
					$context['post_error']['errors'][] = $txt['warning_notify_blank'];
				}
			}
			else
			{
				if (empty($this->_req->post->title))
				{
					$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_title'];
				}

				if (empty($this->_req->post->body))
				{
					$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_body'];
				}

				// Add in few replacements.
				/**
				 * These are the defaults:
				 * - {FORUMNAME} - Forum Name, the full name with all the bells
				 * - {FORUMNAMESHORT} - Short and simple name
				 * - {SCRIPTURL} - Web address of forum.
				 * - {ERROR} - The error that was generated by the post, its unique to the post so can't render it here
				 * - {SUBJECT} - The subject of the email that's being discussed, unique to the post so can't render it here
				 * - {REGARDS} - Standard email sign-off.
				 * - {EMAILREGARDS} - Maybe a bit more friendly sign-off.
				 */
				$find = array(
					'{FORUMNAME}',
					'{FORUMNAMESHORT}',
					'{SCRIPTURL}',
					'{REGARDS}',
					'{EMAILREGARDS}',
				);
				$replace = array(
					$mbname,
					(empty($modSettings['maillist_sitename']) ? $mbname : $modSettings['maillist_sitename']),
					$scripturl,
					replaceBasicActionUrl($txt['regards_team']),
					(empty($modSettings['maillist_sitename_regards']) ? '' : $modSettings['maillist_sitename_regards'])
				);
				$body = str_replace($find, $replace, $body);
			}

			// Deal with any BBC so it looks good for the preview
			if (!empty($this->_req->post->body))
			{
				preparsecode($body);
				$bbc_parser = ParserWrapper::instance();
				$body = $bbc_parser->parseEmail($body);
			}

			$context['preview_message'] = $body;
		}

		$context['sub_template'] = 'generic_preview';
	}
}


1			<?php
2
3			/**
4			* Handles xml preview request in their various forms
5			*
6			* @package ElkArte Forum
7			* @copyright ElkArte Forum contributors
8			* @license BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
9			*
10			* @version 2.0 dev
11			*/
12
13			namespace ElkArte\Controller;
14
15			use BBC\ParserWrapper;
16			use ElkArte\AbstractController;
17			use ElkArte\Action;
18			use ElkArte\Helper\Util;
19			use ElkArte\Languages\Txt;
20
21			/**
22			* Handles requests for previews of an item, in an ajax enabled template.
23			*/
24			class XmlPreview extends AbstractController
25			{
26			/**
27			* {@inheritDoc}
28			*/
29			public function trackStats($action = '')
30			{
31			return false;
32			}
33
34			/**
35			* Calls the correct function for the action.
36			*
37			* @see AbstractController::action_index
38			*/
39			public function action_index()
40			{
41			global $context;
42
43			$subActions = array(
44			'newspreview' => array($this, 'action_newspreview'),
45			'newsletterpreview' => array($this, 'action_newsletterpreview'),
46			'sig_preview' => array($this, 'action_sig_preview'),
47			'warning_preview' => array($this, 'action_warning_preview'),
48			'bounce_preview' => array($this, 'action_bounce_preview'),
49			'invalid' => array(),
50			);
51
52			// Valid action?
53			$action = new Action('xml_preview');
54			$subAction = $action->initialize($subActions, 'invalid', 'item');
55
56			if ($subAction === 'invalid')
57			{
58			return;
59			}
60
61			// Set up the template and default sub-template.
62			theme()->getTemplates()->load('Xml');
63			$context['sub_template'] = 'generic_xml';
64
65			// A preview it is then
66			$action->dispatch($subAction);
67			}
68
69			/**
70			* Get a preview of the important forum news for review before use
71			*
72			* - Calls parse bbc to render bbc tags for the preview
73			*/
74			public function action_newspreview()
75			{
76			global $context;
77
78			// Needed for parse bbc
79			require_once(SUBSDIR . '/Post.subs.php');
80
81			$errors = array();
82			$news = isset($this->_req->post->news) ? Util::htmlspecialchars($this->_req->post->news, ENT_QUOTES) : '';
83			if (empty($news))
84			{
85			$errors[] = array('value' => 'no_news');
86			}
87			else
88			{
89			preparsecode($news);
90			}
91
92			$bbc_parser = ParserWrapper::instance();
93
94			// Return the xml response to the template
95			$context['xml_data'] = array(
96			'news' => array(
97			'identifier' => 'parsedNews',
98			'children' => array(
99			array(
100			'value' => $bbc_parser->parseNews($news),
101			),
102			),
103			),
104			'errors' => array(
105			'identifier' => 'error',
106			'children' => $errors
107			),
108			);
109			}
110
111			/**
112			* Get a preview of a newsletter before its sent on to the masses
113			*
114			* - Uses prepareMailingForPreview to create the actual preview
115			*/
116			public function action_newsletterpreview()
117			{
118			global $context, $txt;
119
120			// Needed to create the preview
121			require_once(SUBSDIR . '/Mail.subs.php');
122			Txt::load('Errors');
123
124			$context['post_error']['errors'] = array();
125			$context['send_pm'] = empty($this->_req->post->send_pm) ? 0 : 1;
126			$context['send_html'] = empty($this->_req->post->send_html) ? 0 : 1;
127
128			// Let them know about any mistakes
129			if (empty($this->_req->post->subject))
130			{
131			$context['post_error']['errors'][] = $txt['error_no_subject'];
132			}
133
134			if (empty($this->_req->post->message))
135			{
136			$context['post_error']['errors'][] = $txt['error_no_message'];
137			}
138
139			prepareMailingForPreview();
140
141			$context['sub_template'] = 'generic_preview';
142			}
143
144			/**
145			* Let them see what their signature looks like before they use it like spam
146			*/
147			public function action_sig_preview()
148			{
149			global $context, $txt;
150
151			require_once(SUBSDIR . '/Profile.subs.php');
152			Txt::load('Profile+Errors');
153
154			$user = isset($this->_req->post->user) ? (int) $this->_req->post->user : 0;
155			$is_owner = $user === (int) $this->user->id;
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `id` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
156
157			// @todo Temporary
158			// Borrowed from loadAttachmentContext in Display.controller.php
159			$can_change = $is_owner ? allowedTo(array('profile_extra_any', 'profile_extra_own')) : allowedTo('profile_extra_any');
160
161			$errors = array();
162			if (!empty($user) && $can_change)
163			{
164			require_once(SUBSDIR . '/Members.subs.php');
165
166			// Get the current signature
167			$member = getBasicMemberData($user, array('preferences' => true));
168
169			$member['signature'] = censor($member['signature']);
170			$bbc_parser = ParserWrapper::instance();
171			$member['signature'] = $bbc_parser->parseSignature($member['signature'], true);
172
173			// And now what they want it to be
174			$preview_signature = empty($this->_req->post->signature) ? '' : Util::htmlspecialchars($this->_req->post->signature);
175			$validation = profileValidateSignature($preview_signature);
176
177			// An odd check for errors to be sure
178			if ($validation !== true && $validation !== false)
179			{
180			$errors[] = array('value' => $txt['profile_error_' . $validation], 'attributes' => array('type' => 'error'));
181			}
182
183			preparsecode($preview_signature);
184			$preview_signature = censor($preview_signature);
185			$preview_signature = $bbc_parser->parseSignature($preview_signature, true);
186			}
187			// Sorry but you can't change the signature
188			elseif (!$can_change)
189			{
190			if ($is_owner)
191			{
192			$errors[] = array('value' => $txt['cannot_profile_extra_own'], 'attributes' => array('type' => 'error'));
193			}
194			else
195			{
196			$errors[] = array('value' => $txt['cannot_profile_extra_any'], 'attributes' => array('type' => 'error'));
197			}
198			}
199			else
200			{
201			$errors[] = array('value' => $txt['no_user_selected'], 'attributes' => array('type' => 'error'));
202			}
203
204			// Return the response for the template
205			$context['xml_data']['signatures'] = array(
206			'identifier' => 'signature',
207			'children' => array()
208			);
209
210			if (isset($member['signature']))
211			{
212			$context['xml_data']['signatures']['children'][] = array(
213			'value' => $member['signature'],
214			'attributes' => array('type' => 'current'),
215			);
216			}
217
218			if (isset($preview_signature))
219			{
220			$context['xml_data']['signatures']['children'][] = array(
221			'value' => $preview_signature,
222			'attributes' => array('type' => 'preview'),
223			);
224			}
225
226			if (!empty($errors))
227			{
228			$context['xml_data']['errors'] = array(
229			'identifier' => 'error',
230			'children' => array_merge(
231			array(
232			array(
233			'value' => $txt['profile_errors_occurred'],
234			'attributes' => array('type' => 'errors_occurred'),
235			),
236			), $errors
237			),
238			);
239			}
240			}
241
242			/**
243			* Used to preview custom warning templates before they are saved to submitted to the user
244			*/
245			public function action_warning_preview()
246			{
247			global $context, $txt, $scripturl, $mbname;
248
249			require_once(SUBSDIR . '/Post.subs.php');
250			Txt::load('Errors+ModerationCenter');
251
252			$context['post_error']['errors'] = array();
253
254			// If you can't issue the warning, what are you doing here?
255			if (allowedTo('issue_warning'))
256			{
257			$warning_body = empty($this->_req->post->body) ? '' : trim(censor($this->_req->post->body));
258			$context['preview_subject'] = empty($this->_req->post->title) ? '' : trim(Util::htmlspecialchars($this->_req->post->title));
259			if (isset($this->_req->post->issuing))
260			{
261			if (empty($this->_req->post->title) \|\| empty($this->_req->post->body))
262			{
263			$context['post_error']['errors'][] = $txt['warning_notify_blank'];
264			}
265			}
266			else
267			{
268			if (empty($this->_req->post->title))
269			{
270			$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_title'];
271			}
272
273			if (empty($this->_req->post->body))
274			{
275			$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_body'];
276			}
277
278			// Add in few replacements.
279			/**
280			* These are the defaults:
281			* - {MEMBER} - Member Name. => current user for review
282			* - {MESSAGE} - Link to Offending Post. (If Applicable) => not applicable here, so not replaced
283			* - {FORUMNAME} - Forum Name.
284			* - {SCRIPTURL} - Web address of forum.
285			* - {REGARDS} - Standard email sign-off.
286			*/
287			$find = array(
288			'{MEMBER}',
289			'{FORUMNAME}',
290			'{SCRIPTURL}',
291			'{REGARDS}',
292			);
293			$replace = array(
294			$this->user->name,
			0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `name` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
295			$mbname,
296			$scripturl,
297			replaceBasicActionUrl($txt['regards_team']),
298			);
299			$warning_body = str_replace($find, $replace, $warning_body);
300			}
301
302			// Deal with any BBC so it looks good for the preview
303			if (!empty($this->_req->post->body))
304			{
305			preparsecode($warning_body);
306			$bbc_parser = ParserWrapper::instance();
307			$warning_body = $bbc_parser->parseNotice($warning_body);
308			}
309
310			$context['preview_message'] = $warning_body;
311			}
312			else
313			{
314			$context['post_error']['errors'][] = array('value' => $txt['cannot_issue_warning'], 'attributes' => array('type' => 'error'));
315			}
316
317			$context['sub_template'] = 'generic_preview';
318			}
319
320			/**
321			* Used to preview custom email bounce templates before they are saved for use
322			*/
323			public function action_bounce_preview()
324			{
325			global $context, $txt, $scripturl, $mbname, $modSettings;
326
327			require_once(SUBSDIR . '/Post.subs.php');
328			Txt::load('Errors+ModerationCenter');
329
330			$context['post_error']['errors'] = array();
331
332			// If you can't approve emails, what are you doing here?
333			if (allowedTo('approve_emails'))
334			{
335			$body = empty($this->_req->post->body) ? '' : trim(censor($this->_req->post->body));
336			$context['preview_subject'] = empty($this->_req->post->title) ? '' : trim(Util::htmlspecialchars($this->_req->post->title));
337
338			if (isset($this->_req->post->issuing))
339			{
340			if (empty($this->_req->post->title) \|\| empty($this->_req->post->body))
341			{
342			$context['post_error']['errors'][] = $txt['warning_notify_blank'];
343			}
344			}
345			else
346			{
347			if (empty($this->_req->post->title))
348			{
349			$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_title'];
350			}
351
352			if (empty($this->_req->post->body))
353			{
354			$context['post_error']['errors'][] = $txt['mc_warning_template_error_no_body'];
355			}
356
357			// Add in few replacements.
358			/**
359			* These are the defaults:
360			* - {FORUMNAME} - Forum Name, the full name with all the bells
361			* - {FORUMNAMESHORT} - Short and simple name
362			* - {SCRIPTURL} - Web address of forum.
363			* - {ERROR} - The error that was generated by the post, its unique to the post so can't render it here
364			* - {SUBJECT} - The subject of the email that's being discussed, unique to the post so can't render it here
365			* - {REGARDS} - Standard email sign-off.
366			* - {EMAILREGARDS} - Maybe a bit more friendly sign-off.
367			*/
368			$find = array(
369			'{FORUMNAME}',
370			'{FORUMNAMESHORT}',
371			'{SCRIPTURL}',
372			'{REGARDS}',
373			'{EMAILREGARDS}',
374			);
375			$replace = array(
376			$mbname,
377			(empty($modSettings['maillist_sitename']) ? $mbname : $modSettings['maillist_sitename']),
378			$scripturl,
379			replaceBasicActionUrl($txt['regards_team']),
380			(empty($modSettings['maillist_sitename_regards']) ? '' : $modSettings['maillist_sitename_regards'])
381			);
382			$body = str_replace($find, $replace, $body);
383			}
384
385			// Deal with any BBC so it looks good for the preview
386			if (!empty($this->_req->post->body))
387			{
388			preparsecode($body);
389			$bbc_parser = ParserWrapper::instance();
390			$body = $bbc_parser->parseEmail($body);
391			}
392
393			$context['preview_message'] = $body;
394			}
395
396			$context['sub_template'] = 'generic_preview';
397			}
398			}
399

elkarte / Elkarte

Issues (1686)

sources/ElkArte/Controller/XmlPreview.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like