Issues (1098)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/dbo/reminders.php (7 issues)

Encourage use of @property annotation when providing magic access

Documentation Minor

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
3
//------------------------------------------------------------------------------
4
//
5
//  eTraxis - Records tracking web-based system
6
//  Copyright (C) 2006-2009  Artem Rodygin
7
//
8
//  This program is free software: you can redistribute it and/or modify
9
//  it under the terms of the GNU General Public License as published by
10
//  the Free Software Foundation, either version 3 of the License, or
11
//  (at your option) any later version.
12
//
13
//  This program is distributed in the hope that it will be useful,
14
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
15
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16
//  GNU General Public License for more details.
17
//
18
//  You should have received a copy of the GNU General Public License
19
//  along with this program.  If not, see <http://www.gnu.org/licenses/>.
20
//
21
//------------------------------------------------------------------------------
22
23
/**
24
 * Reminders
25
 *
26
 * This module provides API to work with user reminders.
27
 * See also {@link https://github.com/etraxis/etraxis-obsolete/wiki/tbl_reminders tbl_reminders} database table.
28
 *
29
 * @package DBO
30
 * @subpackage Reminders
31
 */
32
33
/**#@+
34
 * Dependency.
35
 */
36
require_once('../engine/engine.php');
37
require_once('../dbo/accounts.php');
38
require_once('../dbo/records.php');
39
/**#@-*/
40
41
//------------------------------------------------------------------------------
42
//  Definitions.
43
//------------------------------------------------------------------------------
44
45
/**#@+
46
 * Data restrictions.
47
 */
48
define('MAX_REMINDER_NAME',    25);
49
define('MAX_REMINDER_SUBJECT', 100);
50
/**#@-*/
51
52
/**#@+
53
 * Reminder group flags.
54
 */
55
define('REMINDER_FLAG_GROUP',        0);
56
define('REMINDER_FLAG_AUTHOR',      -1);
57
define('REMINDER_FLAG_RESPONSIBLE', -2);
58
/**#@-*/
59
60
//------------------------------------------------------------------------------
61
//  Functions.
62
//------------------------------------------------------------------------------
63
64
/**
65
 * Finds in database and returns the information about specified reminder.
66
 *
67
 * @param int $id Reminder ID.
68
 * @return array Array with data if reminder is found in database, FALSE otherwise.
69
 */
70
function reminder_find ($id)
71
{
72
    debug_write_log(DEBUG_TRACE, '[reminder_find]');
73
    debug_write_log(DEBUG_DUMP,  '[reminder_find] $id = ' . $id);
74
75
    $rs = dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'reminders/oracle/fndid.sql' : 'reminders/fndid.sql',
76
                    $_SESSION[VAR_USERID],
77
                    $id);
78
79
    return ($rs->rows == 0 ? FALSE : $rs->fetch());
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
80
}
81
82
/**
83
 * Returns {@link CRecordset DAL recordset} which contains all existing reminders of specified account.
84
 *
85
 * @param int $id Account ID.
86
 * @param int &$sort Sort mode (used as output only). The function retrieves current sort mode from
87
 * client cookie ({@link COOKIE_REMINDERS_SORT}) and updates it, if it's out of valid range.
88
 * @param int &$page Number of current page tab (used as output only). The function retrieves current
89
 * page from client cookie ({@link COOKIE_REMINDERS_PAGE}) and updates it, if it's out of valid range.
90
 * @return CRecordset Recordset with list of reminders.
91
 */
92
function reminders_list ($id, &$sort, &$page)
93
{
94
    debug_write_log(DEBUG_TRACE, '[reminders_list]');
95
    debug_write_log(DEBUG_DUMP,  '[reminders_list] $id = ' . $id);
96
97
    $sort_modes = array
98
    (
99
        1  => 'reminder_name asc',
100
        2  => 'project_name asc, reminder_name asc',
101
        3  => 'template_name asc, reminder_name asc',
102
        4  => 'state_name asc, reminder_name asc',
103
        5  => 'subject_text asc, reminder_name asc',
104
        6  => 'reminder_name desc',
105
        7  => 'project_name desc, reminder_name desc',
106
        8  => 'template_name desc, reminder_name desc',
107
        9  => 'state_name desc, reminder_name desc',
108
        10 => 'subject_text desc, reminder_name desc',
109
    );
110
111
    $sort = try_request('sort', try_cookie(COOKIE_REMINDERS_SORT, 1));
112
    $sort = ustr2int($sort, 1, count($sort_modes));
113
114
    $page = try_request('page', try_cookie(COOKIE_REMINDERS_PAGE));
115
    $page = ustr2int($page, 1, MAXINT);
116
117
    save_cookie(COOKIE_REMINDERS_SORT, $sort);
118
    save_cookie(COOKIE_REMINDERS_PAGE, $page);
119
120
    return dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'reminders/oracle/list.sql' : 'reminders/list.sql',
121
                     $id,
122
                     $sort_modes[$sort]);
123
}
124
125
/**
126
 * Validates reminder information before creation or modification.
127
 *
128
 * @param string $reminder_name Reminder name.
129
 * @param string $subject_text Subject of reminder.
130
 * @return int Error code:
131
 * <ul>
132
 * <li>{@link NO_ERROR} - data are valid</li>
133
 * <li>{@link ERROR_INCOMPLETE_FORM} - at least one of required field is empty</li>
134
 * </ul>
135
 */
136 View Code Duplication
function reminder_validate ($reminder_name, $subject_text)
137
{
138
    debug_write_log(DEBUG_TRACE, '[reminder_validate]');
139
    debug_write_log(DEBUG_DUMP,  '[reminder_validate] $reminder_name = ' . $reminder_name);
140
    debug_write_log(DEBUG_DUMP,  '[reminder_validate] $subject_text  = ' . $subject_text);
141
142
    if (ustrlen($reminder_name) == 0 ||
143
        ustrlen($subject_text)  == 0)
144
    {
145
        debug_write_log(DEBUG_NOTICE, '[reminder_validate] At least one required field is empty.');
146
        return ERROR_INCOMPLETE_FORM;
147
    }
148
149
    return NO_ERROR;
150
}
151
152
/**
153
 * Creates new reminder.
154
 *
155
 * @param string $reminder_name Reminder name.
156
 * @param string $subject_text Subject of reminder.
157
 * @param string $state_id State ID.
158
 * @param string $group_id Group ID.
159
 * @param string $group_flag Group flag.
160
 * @return int Error code:
161
 * <ul>
162
 * <li>{@link NO_ERROR} - reminder is successfully created</li>
163
 * <li>{@link ERROR_ALREADY_EXISTS} - reminder with specified name already exists</li>
164
 * </ul>
165
 */
166 View Code Duplication
function reminder_create ($reminder_name, $subject_text, $state_id, $group_id, $group_flag)
167
{
168
    debug_write_log(DEBUG_TRACE, '[reminder_create]');
169
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $reminder_name = ' . $reminder_name);
170
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $subject_text  = ' . $subject_text);
171
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $state_id      = ' . $state_id);
172
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $group_id      = ' . $group_id);
173
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $group_flag    = ' . $group_flag);
174
175
    // Check that user doesn't have another reminder with the same name.
176
    $rs = dal_query('reminders/fndk.sql', $_SESSION[VAR_USERID], ustrtolower($reminder_name));
177
178
    if ($rs->rows != 0)
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
179
    {
180
        debug_write_log(DEBUG_NOTICE, '[reminder_create] Reminder already exists.');
181
        return ERROR_ALREADY_EXISTS;
182
    }
183
184
    // Create a reminder.
185
    dal_query('reminders/create.sql',
186
              $_SESSION[VAR_USERID],
187
              $reminder_name,
188
              ustrlen($subject_text) == 0 ? NULL : $subject_text,
189
              $state_id,
190
              is_null($group_id) ? NULL : $group_id,
191
              $group_flag);
192
193
    return NO_ERROR;
194
}
195
196
/**
197
 * Modifies specified reminder.
198
 *
199
 * @param int $id ID of reminder to be modified.
200
 * @param string $reminder_name New Reminder name.
201
 * @param string $subject_text New Subject of reminder.
202
 * @param string $state_id New State ID.
203
 * @param string $group_id New Group ID.
204
 * @param string $group_flag New Group flag.
205
 * @return int Error code:
206
 * <ul>
207
 * <li>{@link NO_ERROR} - reminder is successfully modified</li>
208
 * <li>{@link ERROR_ALREADY_EXISTS} - reminder with specified name already exists</li>
209
 * </ul>
210
 */
211 View Code Duplication
function reminder_modify ($id, $reminder_name, $subject_text, $state_id, $group_id, $group_flag)
212
{
213
    debug_write_log(DEBUG_TRACE, '[reminder_modify]');
214
    debug_write_log(DEBUG_DUMP,  '[reminder_modify] $id            = ' . $id);
215
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $reminder_name = ' . $reminder_name);
216
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $subject_text  = ' . $subject_text);
217
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $state_id      = ' . $state_id);
218
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $group_id      = ' . $group_id);
219
    debug_write_log(DEBUG_DUMP,  '[reminder_create] $group_flag    = ' . $group_flag);
220
221
    // Check that user doesn't have another reminder with the same name, besides this one.
222
    $rs = dal_query('reminders/fndku.sql', $id, $_SESSION[VAR_USERID], ustrtolower($reminder_name));
223
224
    if ($rs->rows != 0)
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
225
    {
226
        debug_write_log(DEBUG_NOTICE, '[reminder_modify] Reminder already exists.');
227
        return ERROR_ALREADY_EXISTS;
228
    }
229
230
    // Modify the reminder.
231
    dal_query('reminders/modify.sql',
232
              $id,
233
              $reminder_name,
234
              ustrlen($subject_text) == 0 ? NULL : $subject_text,
235
              $state_id,
236
              is_null($group_id) ? NULL : $group_id,
237
              $group_flag);
238
239
    return NO_ERROR;
240
}
241
242
/**
243
 * Deletes specified reminder.
244
 *
245
 * @param int $id ID of reminder to be deleted.
246
 * @return int Always {@link NO_ERROR}.
247
 */
248
function reminder_delete ($id)
249
{
250
    debug_write_log(DEBUG_TRACE, '[reminder_delete]');
251
    debug_write_log(DEBUG_DUMP,  '[reminder_delete] $id = ' . $id);
252
253
    dal_query('reminders/delete.sql', $id);
254
255
    return NO_ERROR;
256
}
257
258
/**
259
 * Checks whether reminder can be created.
260
 *
261
 * @return bool TRUE if reminder can be created, FALSE otherwise.
262
 */
263
function can_reminder_be_created ()
264
{
265
    debug_write_log(DEBUG_TRACE, '[can_reminder_be_created]');
266
267
    $rs = dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'reminders/oracle/plist.sql' : 'reminders/plist.sql',
268
                    $_SESSION[VAR_USERID]);
269
270
    return ($rs->rows != 0);
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
271
}
272
273
/**
274
 * Generates and returns message body for reminder about specified records.
275
 *
276
 * @param array $records Array of records data.
277
 * @param int $locale ID of language. If omitted, then language of current user, or (when user is not logged in) default language will be used (see {@link LANG_DEFAULT}).
278
 * @return string Generated message body.
279
 */
280
function reminder_message ($records, $locale = NULL)
281
{
282
    debug_write_log(DEBUG_TRACE, '[reminder_message]');
283
    debug_write_log(DEBUG_DUMP,  '[reminder_message] $locale = ' . $locale);
284
285
    $message =
286
        '<html>' .
287
        '<body>' .
288
        '<b><font color="red">' . get_html_resource(RES_ALERT_DO_NOT_REPLY_ID) . '</font></b><br/>' .
289
        '<table border="1" cellspacing="0" cellpadding="5">' .
290
        '<tr valign="top">' .
291
        '<td nowrap><b>' . get_html_resource(RES_ID_ID,      $locale) . '</b></td>' .
292
        '<td nowrap><b>' . get_html_resource(RES_STATE_ID,   $locale) . '</b></td>' .
293
        '<td nowrap><b>' . get_html_resource(RES_PROJECT_ID, $locale) . '</b></td>' .
294
        '<td><b>'        . get_html_resource(RES_SUBJECT_ID, $locale) . '</b></td>' .
295
        '<td nowrap><b>' . get_html_resource(RES_AUTHOR_ID,  $locale) . '</b></td>' .
296
        '</tr>';
297
298
    while (($row = $records->fetch()))
299
    {
300
        $message .=
301
            '<tr valign="top">' .
302
            '<td align="left" nowrap><a href="' . WEBROOT . 'records/view.php?id=' . $row['record_id'] . '">' . record_id($row['record_id'], $row['template_prefix']) . '</a></td>' .
303
            '<td align="center" nowrap>' . ustr2html($row['state_abbr'])      . '</td>' .
304
            '<td align="left" nowrap>'   . ustr2html($row['project_name'])    . '</td>' .
305
            '<td align="left">'          . ustr2html($row['subject'])         . '</td>' .
306
            '<td align="left" nowrap>'   . ustr2html($row['fullname']) . '</td>' .
307
            '</tr>';
308
    }
309
310
    $message .=
311
        '</table>' .
312
        '</body>' .
313
        '</html>';
314
315
    return $message;
316
}
317
318
/**
319
 * Sends specified reminder to all interested parties.
320
 *
321
 * @param array $reminder Array with data of reminder (e.g. how it's returned by {@link reminder_find}).
322
 * @return int Always {@link NO_ERROR}.
323
 */
324
function reminder_send ($reminder)
325
{
326
    debug_write_log(DEBUG_TRACE, '[reminder_send]');
327
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["project_id"]    = ' . $reminder['project_id']);
328
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["project_name"]  = ' . $reminder['project_name']);
329
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["template_id"]   = ' . $reminder['template_id']);
330
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["template_name"] = ' . $reminder['template_name']);
331
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["reminder_name"] = ' . $reminder['reminder_name']);
332
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["subject_text"]  = ' . $reminder['subject_text']);
333
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["state_id"]      = ' . $reminder['state_id']);
334
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["group_id"]      = ' . $reminder['group_id']);
335
    debug_write_log(DEBUG_DUMP,  '[reminder_send] $reminder["group_flag"]    = ' . $reminder['group_flag']);
336
337
    global $locale_info;
338
339
    $account = account_find($_SESSION[VAR_USERID]);
340
341
    // Since sending email can takes a time, disable PHP execution timeout.
342
    if (!ini_get('safe_mode'))
343
    {
344
        set_time_limit(0);
345
    }
346
347
    switch ($reminder['group_flag'])
348
    {
349
        // Reminder is dedicated to specified group.
350
        case REMINDER_FLAG_GROUP:
351
352
            $records = dal_query('reminders/rlist.sql', $reminder['state_id']);
353
354
            if ($records->rows == 0)
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
355
            {
356
                debug_write_log(DEBUG_NOTICE, '[reminder_send] Reminder is empty and will not be sent.');
357
            }
358
            else
359
            {
360
                $supported_locales = array_keys($locale_info);
361
362
                foreach ($supported_locales as $locale)
363
                {
364
                    $to = array();
365
                    $rs = dal_query('reminders/members.sql', $reminder['group_id'], $locale);
366
367
                    while (($row = $rs->fetch()))
368
                    {
369
                        array_push($to, $row['email']);
370
                    }
371
372
                    if (count($to) != 0)
373
                    {
374
                        $recipients = implode(', ', array_unique($to));
375
                        $message    = reminder_message($records, $locale);
376
377
                        if (EMAIL_NOTIFICATIONS_ENABLED)
378
                        {
379
                            debug_write_log(DEBUG_NOTICE, '[reminder_send] Sending email.');
380
                            sendmail($account['fullname'], $account['email'], $recipients, $reminder['subject_text'], $message);
381
                        }
382
                        else
383
                        {
384
                            debug_write_log(DEBUG_NOTICE, '[reminder_send] Email notifications are disabled.');
385
                        }
386
                    }
387
                }
388
            }
389
390
            break;
391
392
        // Reminder is dedicated to records submitters.
393 View Code Duplication
        case REMINDER_FLAG_AUTHOR:
394
395
            $rs = dal_query('reminders/alista.sql', $reminder['state_id']);
396
397
            while (($row = $rs->fetch()))
398
            {
399
                $records = dal_query('reminders/rlista.sql', $reminder['state_id'], $row['account_id']);
400
401
                if ($records->rows == 0)
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
402
                {
403
                    debug_write_log(DEBUG_NOTICE, '[reminder_send] Reminder is empty and will not be sent.');
404
                }
405
                else
406
                {
407
                    $message = reminder_message($records, $row['locale']);
408
409
                    if (EMAIL_NOTIFICATIONS_ENABLED)
410
                    {
411
                        debug_write_log(DEBUG_NOTICE, '[reminder_send] Sending email.');
412
                        sendmail($account['fullname'], $account['email'], $row['email'], $reminder['subject_text'], $message);
413
                    }
414
                    else
415
                    {
416
                        debug_write_log(DEBUG_NOTICE, '[reminder_send] Email notifications are disabled.');
417
                    }
418
                }
419
            }
420
421
            break;
422
423
        // Reminder is dedicated to current records assignees.
424 View Code Duplication
        case REMINDER_FLAG_RESPONSIBLE:
425
426
            $rs = dal_query('reminders/alistr.sql', $reminder['state_id']);
427
428
            while (($row = $rs->fetch()))
429
            {
430
                $records = dal_query('reminders/rlistr.sql', $reminder['state_id'], $row['account_id']);
431
432
                if ($records->rows == 0)
0 ignored issues
show
The property $rows is declared protected in CRecordset. Since you implemented __get(), maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.

Since your code implements the magic setter _set, this function will be called for any write access on an undefined variable. You can add the @property annotation to your class or interface to document the existence of this variable.

<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

Since the property has write access only, you can use the @property-write annotation instead.

Of course, you may also just have mistyped another name, in which case you should fix the error.

See also the PhpDoc documentation for @property.

Loading history...
433
                {
434
                    debug_write_log(DEBUG_NOTICE, '[reminder_send] Reminder is empty and will not be sent.');
435
                }
436
                else
437
                {
438
                    $message = reminder_message($records, $row['locale']);
439
440
                    if (EMAIL_NOTIFICATIONS_ENABLED)
441
                    {
442
                        debug_write_log(DEBUG_NOTICE, '[reminder_send] Sending email.');
443
                        sendmail($account['fullname'], $account['email'], $row['email'], $reminder['subject_text'], $message);
444
                    }
445
                    else
446
                    {
447
                        debug_write_log(DEBUG_NOTICE, '[reminder_send] Email notifications are disabled.');
448
                    }
449
                }
450
            }
451
452
            break;
453
454
        default:
455
456
            debug_write_log(DEBUG_WARNING, '[reminder_send] Unknown reminder group flags = ' . $reminder['group_flag']);
457
    }
458
459
    // Restore PHP execution timeout, disabled above.
460
    if (!ini_get('safe_mode'))
461
    {
462
        ini_restore('max_execution_time');
463
    }
464
465
    return NO_ERROR;
466
}
467
468
?>
469