This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Check that a closing PHP tag ("?>") is never present
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2006-2009 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * Reminders |
||
25 | * |
||
26 | * This module provides API to work with user reminders. |
||
27 | * See also {@link https://github.com/etraxis/etraxis-obsolete/wiki/tbl_reminders tbl_reminders} database table. |
||
28 | * |
||
29 | * @package DBO |
||
30 | * @subpackage Reminders |
||
31 | */ |
||
32 | |||
33 | /**#@+ |
||
34 | * Dependency. |
||
35 | */ |
||
36 | require_once('../engine/engine.php'); |
||
37 | require_once('../dbo/accounts.php'); |
||
38 | require_once('../dbo/records.php'); |
||
39 | /**#@-*/ |
||
40 | |||
41 | //------------------------------------------------------------------------------ |
||
42 | // Definitions. |
||
43 | //------------------------------------------------------------------------------ |
||
44 | |||
45 | /**#@+ |
||
46 | * Data restrictions. |
||
47 | */ |
||
48 | define('MAX_REMINDER_NAME', 25); |
||
49 | define('MAX_REMINDER_SUBJECT', 100); |
||
50 | /**#@-*/ |
||
51 | |||
52 | /**#@+ |
||
53 | * Reminder group flags. |
||
54 | */ |
||
55 | define('REMINDER_FLAG_GROUP', 0); |
||
56 | define('REMINDER_FLAG_AUTHOR', -1); |
||
57 | define('REMINDER_FLAG_RESPONSIBLE', -2); |
||
58 | /**#@-*/ |
||
59 | |||
60 | //------------------------------------------------------------------------------ |
||
61 | // Functions. |
||
62 | //------------------------------------------------------------------------------ |
||
63 | |||
64 | /** |
||
65 | * Finds in database and returns the information about specified reminder. |
||
66 | * |
||
67 | * @param int $id Reminder ID. |
||
68 | * @return array Array with data if reminder is found in database, FALSE otherwise. |
||
69 | */ |
||
70 | function reminder_find ($id) |
||
71 | { |
||
72 | debug_write_log(DEBUG_TRACE, '[reminder_find]'); |
||
73 | debug_write_log(DEBUG_DUMP, '[reminder_find] $id = ' . $id); |
||
74 | |||
75 | $rs = dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'reminders/oracle/fndid.sql' : 'reminders/fndid.sql', |
||
76 | $_SESSION[VAR_USERID], |
||
77 | $id); |
||
78 | |||
79 | return ($rs->rows == 0 ? FALSE : $rs->fetch()); |
||
80 | } |
||
81 | |||
82 | /** |
||
83 | * Returns {@link CRecordset DAL recordset} which contains all existing reminders of specified account. |
||
84 | * |
||
85 | * @param int $id Account ID. |
||
86 | * @param int &$sort Sort mode (used as output only). The function retrieves current sort mode from |
||
87 | * client cookie ({@link COOKIE_REMINDERS_SORT}) and updates it, if it's out of valid range. |
||
88 | * @param int &$page Number of current page tab (used as output only). The function retrieves current |
||
89 | * page from client cookie ({@link COOKIE_REMINDERS_PAGE}) and updates it, if it's out of valid range. |
||
90 | * @return CRecordset Recordset with list of reminders. |
||
91 | */ |
||
92 | function reminders_list ($id, &$sort, &$page) |
||
93 | { |
||
94 | debug_write_log(DEBUG_TRACE, '[reminders_list]'); |
||
95 | debug_write_log(DEBUG_DUMP, '[reminders_list] $id = ' . $id); |
||
96 | |||
97 | $sort_modes = array |
||
98 | ( |
||
99 | 1 => 'reminder_name asc', |
||
100 | 2 => 'project_name asc, reminder_name asc', |
||
101 | 3 => 'template_name asc, reminder_name asc', |
||
102 | 4 => 'state_name asc, reminder_name asc', |
||
103 | 5 => 'subject_text asc, reminder_name asc', |
||
104 | 6 => 'reminder_name desc', |
||
105 | 7 => 'project_name desc, reminder_name desc', |
||
106 | 8 => 'template_name desc, reminder_name desc', |
||
107 | 9 => 'state_name desc, reminder_name desc', |
||
108 | 10 => 'subject_text desc, reminder_name desc', |
||
109 | ); |
||
110 | |||
111 | $sort = try_request('sort', try_cookie(COOKIE_REMINDERS_SORT, 1)); |
||
112 | $sort = ustr2int($sort, 1, count($sort_modes)); |
||
113 | |||
114 | $page = try_request('page', try_cookie(COOKIE_REMINDERS_PAGE)); |
||
115 | $page = ustr2int($page, 1, MAXINT); |
||
116 | |||
117 | save_cookie(COOKIE_REMINDERS_SORT, $sort); |
||
118 | save_cookie(COOKIE_REMINDERS_PAGE, $page); |
||
119 | |||
120 | return dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'reminders/oracle/list.sql' : 'reminders/list.sql', |
||
121 | $id, |
||
122 | $sort_modes[$sort]); |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * Validates reminder information before creation or modification. |
||
127 | * |
||
128 | * @param string $reminder_name Reminder name. |
||
129 | * @param string $subject_text Subject of reminder. |
||
130 | * @return int Error code: |
||
131 | * <ul> |
||
132 | * <li>{@link NO_ERROR} - data are valid</li> |
||
133 | * <li>{@link ERROR_INCOMPLETE_FORM} - at least one of required field is empty</li> |
||
134 | * </ul> |
||
135 | */ |
||
136 | View Code Duplication | function reminder_validate ($reminder_name, $subject_text) |
|
137 | { |
||
138 | debug_write_log(DEBUG_TRACE, '[reminder_validate]'); |
||
139 | debug_write_log(DEBUG_DUMP, '[reminder_validate] $reminder_name = ' . $reminder_name); |
||
140 | debug_write_log(DEBUG_DUMP, '[reminder_validate] $subject_text = ' . $subject_text); |
||
141 | |||
142 | if (ustrlen($reminder_name) == 0 || |
||
143 | ustrlen($subject_text) == 0) |
||
144 | { |
||
145 | debug_write_log(DEBUG_NOTICE, '[reminder_validate] At least one required field is empty.'); |
||
146 | return ERROR_INCOMPLETE_FORM; |
||
147 | } |
||
148 | |||
149 | return NO_ERROR; |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * Creates new reminder. |
||
154 | * |
||
155 | * @param string $reminder_name Reminder name. |
||
156 | * @param string $subject_text Subject of reminder. |
||
157 | * @param string $state_id State ID. |
||
158 | * @param string $group_id Group ID. |
||
159 | * @param string $group_flag Group flag. |
||
160 | * @return int Error code: |
||
161 | * <ul> |
||
162 | * <li>{@link NO_ERROR} - reminder is successfully created</li> |
||
163 | * <li>{@link ERROR_ALREADY_EXISTS} - reminder with specified name already exists</li> |
||
164 | * </ul> |
||
165 | */ |
||
166 | View Code Duplication | function reminder_create ($reminder_name, $subject_text, $state_id, $group_id, $group_flag) |
|
167 | { |
||
168 | debug_write_log(DEBUG_TRACE, '[reminder_create]'); |
||
169 | debug_write_log(DEBUG_DUMP, '[reminder_create] $reminder_name = ' . $reminder_name); |
||
170 | debug_write_log(DEBUG_DUMP, '[reminder_create] $subject_text = ' . $subject_text); |
||
171 | debug_write_log(DEBUG_DUMP, '[reminder_create] $state_id = ' . $state_id); |
||
172 | debug_write_log(DEBUG_DUMP, '[reminder_create] $group_id = ' . $group_id); |
||
173 | debug_write_log(DEBUG_DUMP, '[reminder_create] $group_flag = ' . $group_flag); |
||
174 | |||
175 | // Check that user doesn't have another reminder with the same name. |
||
176 | $rs = dal_query('reminders/fndk.sql', $_SESSION[VAR_USERID], ustrtolower($reminder_name)); |
||
177 | |||
178 | if ($rs->rows != 0) |
||
179 | { |
||
180 | debug_write_log(DEBUG_NOTICE, '[reminder_create] Reminder already exists.'); |
||
181 | return ERROR_ALREADY_EXISTS; |
||
182 | } |
||
183 | |||
184 | // Create a reminder. |
||
185 | dal_query('reminders/create.sql', |
||
186 | $_SESSION[VAR_USERID], |
||
187 | $reminder_name, |
||
188 | ustrlen($subject_text) == 0 ? NULL : $subject_text, |
||
189 | $state_id, |
||
190 | is_null($group_id) ? NULL : $group_id, |
||
191 | $group_flag); |
||
192 | |||
193 | return NO_ERROR; |
||
194 | } |
||
195 | |||
196 | /** |
||
197 | * Modifies specified reminder. |
||
198 | * |
||
199 | * @param int $id ID of reminder to be modified. |
||
200 | * @param string $reminder_name New Reminder name. |
||
201 | * @param string $subject_text New Subject of reminder. |
||
202 | * @param string $state_id New State ID. |
||
203 | * @param string $group_id New Group ID. |
||
204 | * @param string $group_flag New Group flag. |
||
205 | * @return int Error code: |
||
206 | * <ul> |
||
207 | * <li>{@link NO_ERROR} - reminder is successfully modified</li> |
||
208 | * <li>{@link ERROR_ALREADY_EXISTS} - reminder with specified name already exists</li> |
||
209 | * </ul> |
||
210 | */ |
||
211 | View Code Duplication | function reminder_modify ($id, $reminder_name, $subject_text, $state_id, $group_id, $group_flag) |
|
212 | { |
||
213 | debug_write_log(DEBUG_TRACE, '[reminder_modify]'); |
||
214 | debug_write_log(DEBUG_DUMP, '[reminder_modify] $id = ' . $id); |
||
215 | debug_write_log(DEBUG_DUMP, '[reminder_create] $reminder_name = ' . $reminder_name); |
||
216 | debug_write_log(DEBUG_DUMP, '[reminder_create] $subject_text = ' . $subject_text); |
||
217 | debug_write_log(DEBUG_DUMP, '[reminder_create] $state_id = ' . $state_id); |
||
218 | debug_write_log(DEBUG_DUMP, '[reminder_create] $group_id = ' . $group_id); |
||
219 | debug_write_log(DEBUG_DUMP, '[reminder_create] $group_flag = ' . $group_flag); |
||
220 | |||
221 | // Check that user doesn't have another reminder with the same name, besides this one. |
||
222 | $rs = dal_query('reminders/fndku.sql', $id, $_SESSION[VAR_USERID], ustrtolower($reminder_name)); |
||
223 | |||
224 | if ($rs->rows != 0) |
||
225 | { |
||
226 | debug_write_log(DEBUG_NOTICE, '[reminder_modify] Reminder already exists.'); |
||
227 | return ERROR_ALREADY_EXISTS; |
||
228 | } |
||
229 | |||
230 | // Modify the reminder. |
||
231 | dal_query('reminders/modify.sql', |
||
232 | $id, |
||
233 | $reminder_name, |
||
234 | ustrlen($subject_text) == 0 ? NULL : $subject_text, |
||
235 | $state_id, |
||
236 | is_null($group_id) ? NULL : $group_id, |
||
237 | $group_flag); |
||
238 | |||
239 | return NO_ERROR; |
||
240 | } |
||
241 | |||
242 | /** |
||
243 | * Deletes specified reminder. |
||
244 | * |
||
245 | * @param int $id ID of reminder to be deleted. |
||
246 | * @return int Always {@link NO_ERROR}. |
||
247 | */ |
||
248 | function reminder_delete ($id) |
||
249 | { |
||
250 | debug_write_log(DEBUG_TRACE, '[reminder_delete]'); |
||
251 | debug_write_log(DEBUG_DUMP, '[reminder_delete] $id = ' . $id); |
||
252 | |||
253 | dal_query('reminders/delete.sql', $id); |
||
254 | |||
255 | return NO_ERROR; |
||
256 | } |
||
257 | |||
258 | /** |
||
259 | * Checks whether reminder can be created. |
||
260 | * |
||
261 | * @return bool TRUE if reminder can be created, FALSE otherwise. |
||
262 | */ |
||
263 | function can_reminder_be_created () |
||
264 | { |
||
265 | debug_write_log(DEBUG_TRACE, '[can_reminder_be_created]'); |
||
266 | |||
267 | $rs = dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'reminders/oracle/plist.sql' : 'reminders/plist.sql', |
||
268 | $_SESSION[VAR_USERID]); |
||
269 | |||
270 | return ($rs->rows != 0); |
||
271 | } |
||
272 | |||
273 | /** |
||
274 | * Generates and returns message body for reminder about specified records. |
||
275 | * |
||
276 | * @param array $records Array of records data. |
||
277 | * @param int $locale ID of language. If omitted, then language of current user, or (when user is not logged in) default language will be used (see {@link LANG_DEFAULT}). |
||
278 | * @return string Generated message body. |
||
279 | */ |
||
280 | function reminder_message ($records, $locale = NULL) |
||
281 | { |
||
282 | debug_write_log(DEBUG_TRACE, '[reminder_message]'); |
||
283 | debug_write_log(DEBUG_DUMP, '[reminder_message] $locale = ' . $locale); |
||
284 | |||
285 | $message = |
||
286 | '<html>' . |
||
287 | '<body>' . |
||
288 | '<b><font color="red">' . get_html_resource(RES_ALERT_DO_NOT_REPLY_ID) . '</font></b><br/>' . |
||
289 | '<table border="1" cellspacing="0" cellpadding="5">' . |
||
290 | '<tr valign="top">' . |
||
291 | '<td nowrap><b>' . get_html_resource(RES_ID_ID, $locale) . '</b></td>' . |
||
292 | '<td nowrap><b>' . get_html_resource(RES_STATE_ID, $locale) . '</b></td>' . |
||
293 | '<td nowrap><b>' . get_html_resource(RES_PROJECT_ID, $locale) . '</b></td>' . |
||
294 | '<td><b>' . get_html_resource(RES_SUBJECT_ID, $locale) . '</b></td>' . |
||
295 | '<td nowrap><b>' . get_html_resource(RES_AUTHOR_ID, $locale) . '</b></td>' . |
||
296 | '</tr>'; |
||
297 | |||
298 | while (($row = $records->fetch())) |
||
299 | { |
||
300 | $message .= |
||
301 | '<tr valign="top">' . |
||
302 | '<td align="left" nowrap><a href="' . WEBROOT . 'records/view.php?id=' . $row['record_id'] . '">' . record_id($row['record_id'], $row['template_prefix']) . '</a></td>' . |
||
303 | '<td align="center" nowrap>' . ustr2html($row['state_abbr']) . '</td>' . |
||
304 | '<td align="left" nowrap>' . ustr2html($row['project_name']) . '</td>' . |
||
305 | '<td align="left">' . ustr2html($row['subject']) . '</td>' . |
||
306 | '<td align="left" nowrap>' . ustr2html($row['fullname']) . '</td>' . |
||
307 | '</tr>'; |
||
308 | } |
||
309 | |||
310 | $message .= |
||
311 | '</table>' . |
||
312 | '</body>' . |
||
313 | '</html>'; |
||
314 | |||
315 | return $message; |
||
316 | } |
||
317 | |||
318 | /** |
||
319 | * Sends specified reminder to all interested parties. |
||
320 | * |
||
321 | * @param array $reminder Array with data of reminder (e.g. how it's returned by {@link reminder_find}). |
||
322 | * @return int Always {@link NO_ERROR}. |
||
323 | */ |
||
324 | function reminder_send ($reminder) |
||
325 | { |
||
326 | debug_write_log(DEBUG_TRACE, '[reminder_send]'); |
||
327 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["project_id"] = ' . $reminder['project_id']); |
||
328 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["project_name"] = ' . $reminder['project_name']); |
||
329 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["template_id"] = ' . $reminder['template_id']); |
||
330 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["template_name"] = ' . $reminder['template_name']); |
||
331 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["reminder_name"] = ' . $reminder['reminder_name']); |
||
332 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["subject_text"] = ' . $reminder['subject_text']); |
||
333 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["state_id"] = ' . $reminder['state_id']); |
||
334 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["group_id"] = ' . $reminder['group_id']); |
||
335 | debug_write_log(DEBUG_DUMP, '[reminder_send] $reminder["group_flag"] = ' . $reminder['group_flag']); |
||
336 | |||
337 | global $locale_info; |
||
338 | |||
339 | $account = account_find($_SESSION[VAR_USERID]); |
||
340 | |||
341 | // Since sending email can takes a time, disable PHP execution timeout. |
||
342 | if (!ini_get('safe_mode')) |
||
343 | { |
||
344 | set_time_limit(0); |
||
345 | } |
||
346 | |||
347 | switch ($reminder['group_flag']) |
||
348 | { |
||
349 | // Reminder is dedicated to specified group. |
||
350 | case REMINDER_FLAG_GROUP: |
||
351 | |||
352 | $records = dal_query('reminders/rlist.sql', $reminder['state_id']); |
||
353 | |||
354 | if ($records->rows == 0) |
||
355 | { |
||
356 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Reminder is empty and will not be sent.'); |
||
357 | } |
||
358 | else |
||
359 | { |
||
360 | $supported_locales = array_keys($locale_info); |
||
361 | |||
362 | foreach ($supported_locales as $locale) |
||
363 | { |
||
364 | $to = array(); |
||
365 | $rs = dal_query('reminders/members.sql', $reminder['group_id'], $locale); |
||
366 | |||
367 | while (($row = $rs->fetch())) |
||
368 | { |
||
369 | array_push($to, $row['email']); |
||
370 | } |
||
371 | |||
372 | if (count($to) != 0) |
||
373 | { |
||
374 | $recipients = implode(', ', array_unique($to)); |
||
375 | $message = reminder_message($records, $locale); |
||
376 | |||
377 | if (EMAIL_NOTIFICATIONS_ENABLED) |
||
378 | { |
||
379 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Sending email.'); |
||
380 | sendmail($account['fullname'], $account['email'], $recipients, $reminder['subject_text'], $message); |
||
381 | } |
||
382 | else |
||
383 | { |
||
384 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Email notifications are disabled.'); |
||
385 | } |
||
386 | } |
||
387 | } |
||
388 | } |
||
389 | |||
390 | break; |
||
391 | |||
392 | // Reminder is dedicated to records submitters. |
||
393 | View Code Duplication | case REMINDER_FLAG_AUTHOR: |
|
394 | |||
395 | $rs = dal_query('reminders/alista.sql', $reminder['state_id']); |
||
396 | |||
397 | while (($row = $rs->fetch())) |
||
398 | { |
||
399 | $records = dal_query('reminders/rlista.sql', $reminder['state_id'], $row['account_id']); |
||
400 | |||
401 | if ($records->rows == 0) |
||
402 | { |
||
403 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Reminder is empty and will not be sent.'); |
||
404 | } |
||
405 | else |
||
406 | { |
||
407 | $message = reminder_message($records, $row['locale']); |
||
408 | |||
409 | if (EMAIL_NOTIFICATIONS_ENABLED) |
||
410 | { |
||
411 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Sending email.'); |
||
412 | sendmail($account['fullname'], $account['email'], $row['email'], $reminder['subject_text'], $message); |
||
413 | } |
||
414 | else |
||
415 | { |
||
416 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Email notifications are disabled.'); |
||
417 | } |
||
418 | } |
||
419 | } |
||
420 | |||
421 | break; |
||
422 | |||
423 | // Reminder is dedicated to current records assignees. |
||
424 | View Code Duplication | case REMINDER_FLAG_RESPONSIBLE: |
|
425 | |||
426 | $rs = dal_query('reminders/alistr.sql', $reminder['state_id']); |
||
427 | |||
428 | while (($row = $rs->fetch())) |
||
429 | { |
||
430 | $records = dal_query('reminders/rlistr.sql', $reminder['state_id'], $row['account_id']); |
||
431 | |||
432 | if ($records->rows == 0) |
||
433 | { |
||
434 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Reminder is empty and will not be sent.'); |
||
435 | } |
||
436 | else |
||
437 | { |
||
438 | $message = reminder_message($records, $row['locale']); |
||
439 | |||
440 | if (EMAIL_NOTIFICATIONS_ENABLED) |
||
441 | { |
||
442 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Sending email.'); |
||
443 | sendmail($account['fullname'], $account['email'], $row['email'], $reminder['subject_text'], $message); |
||
444 | } |
||
445 | else |
||
446 | { |
||
447 | debug_write_log(DEBUG_NOTICE, '[reminder_send] Email notifications are disabled.'); |
||
448 | } |
||
449 | } |
||
450 | } |
||
451 | |||
452 | break; |
||
453 | |||
454 | default: |
||
455 | |||
456 | debug_write_log(DEBUG_WARNING, '[reminder_send] Unknown reminder group flags = ' . $reminder['group_flag']); |
||
457 | } |
||
458 | |||
459 | // Restore PHP execution timeout, disabled above. |
||
460 | if (!ini_get('safe_mode')) |
||
461 | { |
||
462 | ini_restore('max_execution_time'); |
||
463 | } |
||
464 | |||
465 | return NO_ERROR; |
||
466 | } |
||
467 | |||
468 | ?> |
||
0 ignored issues
–
show
|
|||
469 |
Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore.
A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever.