Issues in zoompage.php - All Issues - Inspection of "Fix recursive bug" - enwikipedia-acc/waca - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#221)

by Maximilian

created 2016-01-17 04:26 UTC

zoompage.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**************************************************************************
 **********      English Wikipedia Account Request Interface      **********
 ***************************************************************************
 ** Wikipedia Account Request Graphic Design by Charles Melbye,           **
 ** which is licensed under a Creative Commons                            **
 ** Attribution-Noncommercial-Share Alike 3.0 United States License.      **
 **                                                                       **
 ** All other code are released under the Public Domain                   **
 ** by the ACC Development Team.                                          **
 **                                                                       **
 ** See CREDITS for the list of developers.                               **
 ***************************************************************************/

function zoomPage($id, $urlhash)
{
	global $session, $availableRequestStates, $createdid;
	global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider;
	global $xffTrustProvider, $enableEmailConfirm;
    
	$database = gGetDb();
	$request = Request::getById($id, $database);
	if ($request == false) {
		// Notifies the user and stops the script.
		BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false);
		BootstrapSkin::displayInternalFooter();
		die();
	}
    
	$smarty->assign('ecenable', $enableEmailConfirm);

	if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) {
		$smarty->assign('ecoverride', true);
	}
	else {
		$smarty->assign('ecoverride', false);
	}
        
	$smarty->assign('request', $request);    
    
	$smarty->assign("usernamerawunicode", html_entity_decode($request->getName()));
    
	$smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp()));
        
	$createdreason = EmailTemplate::getById($createdid, gGetDb());
	$smarty->assign("createdEmailTemplate", $createdreason);

	#region setup whether data is viewable or not
	
	$viewableDataStatement = $database->prepare(<<<SQL
        SELECT COUNT(*) 
        FROM request 
        WHERE 
            (
                email = :email 
                OR ip = :trustedIp 
                OR forwardedip LIKE :trustedProxy
            ) 
            AND reserved = :reserved 
            AND emailconfirm = 'Confirmed' 
            AND status != 'Closed';
SQL
	);
    
	$viewableDataStatement->bindValue(":email", $request->getEmail());
	$viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId());
	$viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp());
	$viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%');
    
	$viewableDataStatement->execute();
    
	$viewableData = $viewableDataStatement->fetchColumn();
	$viewableDataStatement->closeCursor();
    
	$hideinfo = ($viewableData == 0);
    
	#endregion
	
	if ($request->getStatus() == "Closed") {
		$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime()); //If the request is closed, change the hash based on microseconds similar to the checksums.
		$smarty->assign("isclosed", true);
	}
	else {
		$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp());
		$smarty->assign("isclosed", false);
	}
	$smarty->assign("hash", $hash);
	if ($hash == $urlhash) {
		$correcthash = true;
	}
	else {
		$correcthash = false;
	}
	
	$smarty->assign("showinfo", false);
	if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
		$smarty->assign("showinfo", true);
	}
    
	// force to not show, overriden later
	$smarty->assign("proxyip", "");

	if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
		$smarty->assign("proxyip", $request->getForwardedIp());
		if ($request->getForwardedIp()) {
			$smartyproxies = array(); // Initialize array to store data to be output in Smarty template.
			$smartyproxiesindex = 0;
			
			$proxies = explode(",", $request->getForwardedIp());
			$proxies[] = $request->getIp();
			
			$origin = $proxies[0];
			$smarty->assign("origin", $origin);
			
			$proxies = array_reverse($proxies);
			$trust = true;
			global $rfc1918ips;

			foreach ($proxies as $proxynum => $p) {
				$p2 = trim($p);
				$smartyproxies[$smartyproxiesindex]['ip'] = $p2;

				// get data on this IP.
				$trusted = $xffTrustProvider->isTrusted($p2);
				$ipisprivate = ipInRange($rfc1918ips, $p2);
                
				if (!$ipisprivate) {
					$iprdns = $rdnsProvider->getRdns($p2);
					$iplocation = $locationProvider->getIpLocation($p2);
				}
				else {
					// this is going to fail, so why bother trying?
					$iprdns = false;
					$iplocation = false;
				}
                
				// current trust chain status BEFORE this link
				$pretrust = $trust;
				
				// is *this* link trusted?
				$smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted;
                
				// current trust chain status AFTER this link
				$trust = $trust & $trusted;
				if ($pretrust && $p2 == $origin) {
					$trust = true;   
				}
				$smartyproxies[$smartyproxiesindex]['trust'] = $trust;
				
				$smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false;
				$smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns;
				$smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate;
				
				$smartyproxies[$smartyproxiesindex]['location'] = $iplocation;
				
				if ($iprdns == $p2 && $ipisprivate == false) {
					$smartyproxies[$smartyproxiesindex]['rdns'] = null;
				}
                
				$smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust || $p2 == $origin) && !$ipisprivate;
                
				$smartyproxiesindex++;
			}
			
			$smarty->assign("proxies", $smartyproxies);
		}
	}

	global $defaultRequestStateKey;
	
	// TODO: remove me and replace with call in the template directly
	$smarty->assign("isprotected", $request->isProtected());
    
	$smarty->assign("defaultstate", $defaultRequestStateKey);
	$smarty->assign("requeststates", $availableRequestStates);
		
	try {
		$spoofs = $antispoofProvider->getSpoofs($request->getName());
	}
	catch (Exception $ex) {
		$spoofs = $ex->getMessage();   
	}
    
	$smarty->assign("spoofs", $spoofs);
	
	// START LOG DISPLAY
	
	$logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase());
	$requestLogs = array();
	
	if (trim($request->getComment()) !== "") {
		$requestLogs[] = array(
			'type' => 'comment',
			'security' => 'user',
			'userid' => null,
			'user' => $request->getName(),
			'entry' => null,
			'time' => $request->getDate(),
			'canedit' => false,
			'id' => $request->getId(),
			'comment' => $request->getComment(),
		);
	}
	
	$namecache = array();
	
	$editableComments = false;
	if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
		$editableComments = true;
	}
	
	foreach ($logs as $entry) {
		// both log and comment have a 'user' field
		if (!array_key_exists($entry->getUser(), $namecache)) {
			$namecache[$entry->getUser()] = $entry->getUserObject();
		}
		
		if ($entry instanceof Comment) {
			$requestLogs[] = array(
				'type' => 'comment',
				'security' => $entry->getVisibility(), 
				'user' => $namecache[$entry->getUser()]->getUsername(),
				'userid' => $entry->getUser() == -1 ? null : $entry->getUser(),
				'entry' => null,
				'time' => $entry->getTime(),
				'canedit' => ($editableComments || $entry->getUser() == User::getCurrent()->getId()),
				'id' => $entry->getId(),
				'comment' => $entry->getComment(),
			);
		}
		
		if ($entry instanceof Log) {
			$requestLogs[] = array(
				'type' => 'log',
				'security' => 'user',
				'userid' => $entry->getUser() == -1 ? null : $entry->getUser(),
				'user' => $namecache[$entry->getUser()]->getUsername(),
				'entry' => Logger::getLogDescription($entry),
				'time' => $entry->getTimestamp(),
				'canedit' => false,
				'id' => $entry->getId(),
				'comment' => $entry->getComment(),
			);
		}
	}
	
	$smarty->assign("requestLogs", $requestLogs);
	

	// START OTHER REQUESTS BY IP AND EMAIL STUFF
	
	// Displays other requests from this ip.

	// assign to user
	$userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';";
	$userListResult = gGetDb()->query($userListQuery);
	$userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN);
	$userListProcessedData = array();
	foreach ($userListData as $userListItem) {
		$userListProcessedData[] = "\"" . htmlentities($userListItem) . "\"";
	}
    
	$userList = '[' . implode(",", $userListProcessedData) . ']';	
	$smarty->assign("jsuserlist", $userList);
	// end: assign to user
    
	// TODO: refactor this!
	$createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED);
	$smarty->assign("createreasons", $createreasons);
	
	$declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED);
	$smarty->assign("declinereasons", $declinereasons);
    
	$allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED);
	$smarty->assign("allcreatereasons", $allcreatereasons);
	
	$alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED);
	$smarty->assign("alldeclinereasons", $alldeclinereasons);

	$allotherreasons = EmailTemplate::getAllActiveTemplates(false);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
	$smarty->assign("allotherreasons", $allotherreasons);
	
	return $smarty->fetch("request-zoom.tpl");
}


1			<?php
2			/**************************************************************************
3			******** English Wikipedia Account Request Interface ********
4			***************************************************************************
5			Wikipedia Account Request Graphic Design by Charles Melbye,
6			which is licensed under a Creative Commons
7			Attribution-Noncommercial-Share Alike 3.0 United States License.
8
9			All other code are released under the Public Domain
10			by the ACC Development Team.
11
12			See CREDITS for the list of developers.
13			***************************************************************************/
14
15			function zoomPage($id, $urlhash)
16			{
17			global $session, $availableRequestStates, $createdid;
18			global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider;
19			global $xffTrustProvider, $enableEmailConfirm;
20
21			$database = gGetDb();
22			$request = Request::getById($id, $database);
23			if ($request == false) {
24			// Notifies the user and stops the script.
25			BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false);
26			BootstrapSkin::displayInternalFooter();
27			die();
28			}
29
30			$smarty->assign('ecenable', $enableEmailConfirm);
31
32			if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) {
33			$smarty->assign('ecoverride', true);
34			}
35			else {
36			$smarty->assign('ecoverride', false);
37			}
38
39			$smarty->assign('request', $request);
40
41			$smarty->assign("usernamerawunicode", html_entity_decode($request->getName()));
42
43			$smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp()));
44
45			$createdreason = EmailTemplate::getById($createdid, gGetDb());
46			$smarty->assign("createdEmailTemplate", $createdreason);
47
48			#region setup whether data is viewable or not
49
50			$viewableDataStatement = $database->prepare(<<<SQL
51			SELECT COUNT(*)
52			FROM request
53			WHERE
54			(
55			email = :email
56			OR ip = :trustedIp
57			OR forwardedip LIKE :trustedProxy
58			)
59			AND reserved = :reserved
60			AND emailconfirm = 'Confirmed'
61			AND status != 'Closed';
62			SQL
63			);
64
65			$viewableDataStatement->bindValue(":email", $request->getEmail());
66			$viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId());
67			$viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp());
68			$viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%');
69
70			$viewableDataStatement->execute();
71
72			$viewableData = $viewableDataStatement->fetchColumn();
73			$viewableDataStatement->closeCursor();
74
75			$hideinfo = ($viewableData == 0);
76
77			#endregion
78
79			if ($request->getStatus() == "Closed") {
80			$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime()); //If the request is closed, change the hash based on microseconds similar to the checksums.
81			$smarty->assign("isclosed", true);
82			}
83			else {
84			$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp());
85			$smarty->assign("isclosed", false);
86			}
87			$smarty->assign("hash", $hash);
88			if ($hash == $urlhash) {
89			$correcthash = true;
90			}
91			else {
92			$correcthash = false;
93			}
94
95			$smarty->assign("showinfo", false);
96			if ($hideinfo == false \|\| $correcthash == true \|\| User::getCurrent()->isAdmin() \|\| User::getCurrent()->isCheckuser()) {
97			$smarty->assign("showinfo", true);
98			}
99
100			// force to not show, overriden later
101			$smarty->assign("proxyip", "");
102
103			if ($hideinfo == false \|\| $correcthash == true \|\| User::getCurrent()->isAdmin() \|\| User::getCurrent()->isCheckuser()) {
104			$smarty->assign("proxyip", $request->getForwardedIp());
105			if ($request->getForwardedIp()) {
106			$smartyproxies = array(); // Initialize array to store data to be output in Smarty template.
107			$smartyproxiesindex = 0;
108
109			$proxies = explode(",", $request->getForwardedIp());
110			$proxies[] = $request->getIp();
111
112			$origin = $proxies[0];
113			$smarty->assign("origin", $origin);
114
115			$proxies = array_reverse($proxies);
116			$trust = true;
117			global $rfc1918ips;
118
119			foreach ($proxies as $proxynum => $p) {
120			$p2 = trim($p);
121			$smartyproxies[$smartyproxiesindex]['ip'] = $p2;
122
123			// get data on this IP.
124			$trusted = $xffTrustProvider->isTrusted($p2);
125			$ipisprivate = ipInRange($rfc1918ips, $p2);
126
127			if (!$ipisprivate) {
128			$iprdns = $rdnsProvider->getRdns($p2);
129			$iplocation = $locationProvider->getIpLocation($p2);
130			}
131			else {
132			// this is going to fail, so why bother trying?
133			$iprdns = false;
134			$iplocation = false;
135			}
136
137			// current trust chain status BEFORE this link
138			$pretrust = $trust;
139
140			// is this link trusted?
141			$smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted;
142
143			// current trust chain status AFTER this link
144			$trust = $trust & $trusted;
145			if ($pretrust && $p2 == $origin) {
146			$trust = true;
147			}
148			$smartyproxies[$smartyproxiesindex]['trust'] = $trust;
149
150			$smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false;
151			$smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns;
152			$smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate;
153
154			$smartyproxies[$smartyproxiesindex]['location'] = $iplocation;
155
156			if ($iprdns == $p2 && $ipisprivate == false) {
157			$smartyproxies[$smartyproxiesindex]['rdns'] = null;
158			}
159
160			$smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust \|\| $p2 == $origin) && !$ipisprivate;
161
162			$smartyproxiesindex++;
163			}
164
165			$smarty->assign("proxies", $smartyproxies);
166			}
167			}
168
169			global $defaultRequestStateKey;
170
171			// TODO: remove me and replace with call in the template directly
172			$smarty->assign("isprotected", $request->isProtected());
173
174			$smarty->assign("defaultstate", $defaultRequestStateKey);
175			$smarty->assign("requeststates", $availableRequestStates);
176
177			try {
178			$spoofs = $antispoofProvider->getSpoofs($request->getName());
179			}
180			catch (Exception $ex) {
181			$spoofs = $ex->getMessage();
182			}
183
184			$smarty->assign("spoofs", $spoofs);
185
186			// START LOG DISPLAY
187
188			$logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase());
189			$requestLogs = array();
190
191			if (trim($request->getComment()) !== "") {
192			$requestLogs[] = array(
193			'type' => 'comment',
194			'security' => 'user',
195			'userid' => null,
196			'user' => $request->getName(),
197			'entry' => null,
198			'time' => $request->getDate(),
199			'canedit' => false,
200			'id' => $request->getId(),
201			'comment' => $request->getComment(),
202			);
203			}
204
205			$namecache = array();
206
207			$editableComments = false;
208			if (User::getCurrent()->isAdmin() \|\| User::getCurrent()->isCheckuser()) {
209			$editableComments = true;
210			}
211
212			foreach ($logs as $entry) {
213			// both log and comment have a 'user' field
214			if (!array_key_exists($entry->getUser(), $namecache)) {
215			$namecache[$entry->getUser()] = $entry->getUserObject();
216			}
217
218			if ($entry instanceof Comment) {
219			$requestLogs[] = array(
220			'type' => 'comment',
221			'security' => $entry->getVisibility(),
222			'user' => $namecache[$entry->getUser()]->getUsername(),
223			'userid' => $entry->getUser() == -1 ? null : $entry->getUser(),
224			'entry' => null,
225			'time' => $entry->getTime(),
226			'canedit' => ($editableComments \|\| $entry->getUser() == User::getCurrent()->getId()),
227			'id' => $entry->getId(),
228			'comment' => $entry->getComment(),
229			);
230			}
231
232			if ($entry instanceof Log) {
233			$requestLogs[] = array(
234			'type' => 'log',
235			'security' => 'user',
236			'userid' => $entry->getUser() == -1 ? null : $entry->getUser(),
237			'user' => $namecache[$entry->getUser()]->getUsername(),
238			'entry' => Logger::getLogDescription($entry),
239			'time' => $entry->getTimestamp(),
240			'canedit' => false,
241			'id' => $entry->getId(),
242			'comment' => $entry->getComment(),
243			);
244			}
245			}
246
247			$smarty->assign("requestLogs", $requestLogs);
248
249
250			// START OTHER REQUESTS BY IP AND EMAIL STUFF
251
252			// Displays other requests from this ip.
253
254			// assign to user
255			$userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';";
256			$userListResult = gGetDb()->query($userListQuery);
257			$userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN);
258			$userListProcessedData = array();
259			foreach ($userListData as $userListItem) {
260			$userListProcessedData[] = "\"" . htmlentities($userListItem) . "\"";
261			}
262
263			$userList = '[' . implode(",", $userListProcessedData) . ']';
264			$smarty->assign("jsuserlist", $userList);
265			// end: assign to user
266
267			// TODO: refactor this!
268			$createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED);
269			$smarty->assign("createreasons", $createreasons);
270
271			$declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED);
272			$smarty->assign("declinereasons", $declinereasons);
273
274			$allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED);
275			$smarty->assign("allcreatereasons", $allcreatereasons);
276
277			$alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED);
278			$smarty->assign("alldeclinereasons", $alldeclinereasons);
279
280			$allotherreasons = EmailTemplate::getAllActiveTemplates(false);
			0 ignored issues – show Documentation introduced 2015-12-31 03:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this `false` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
281			$smarty->assign("allotherreasons", $allotherreasons);
282
283			return $smarty->fetch("request-zoom.tpl");
284			}
285

enwikipedia-acc / waca

Pull Request — master (#221)

zoompage.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like