This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Encourage use of @property annotation when providing magic access
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2010 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * Subscriptions |
||
25 | * |
||
26 | * This module provides API to work with user subscriptions. |
||
27 | * See also {@link https://github.com/etraxis/etraxis-obsolete/wiki/tbl_subscribes tbl_subscribes} database table. |
||
28 | * |
||
29 | * @package DBO |
||
30 | * @subpackage Subscriptions |
||
31 | */ |
||
32 | |||
33 | /**#@+ |
||
34 | * Dependency. |
||
35 | */ |
||
36 | require_once('../engine/engine.php'); |
||
37 | /**#@-*/ |
||
38 | |||
39 | //------------------------------------------------------------------------------ |
||
40 | // Definitions. |
||
41 | //------------------------------------------------------------------------------ |
||
42 | |||
43 | /**#@+ |
||
44 | * Data restriction. |
||
45 | */ |
||
46 | define('MAX_SUBSCRIPTION_NAME', 25); |
||
47 | define('MAX_SUBSCRIPTION_CARBON_COPY', 50); |
||
48 | /**#@-*/ |
||
49 | |||
50 | /**#@+ |
||
51 | * Filter type. |
||
52 | */ |
||
53 | define('SUBSCRIPTION_TYPE_ALL_PROJECTS', 1); |
||
54 | define('SUBSCRIPTION_TYPE_ALL_TEMPLATES', 2); |
||
55 | define('SUBSCRIPTION_TYPE_ONE_TEMPLATE', 3); |
||
56 | /**#@-*/ |
||
57 | |||
58 | // Notifications data. |
||
59 | define('NOTIFY_CONTROL', 0); |
||
60 | define('NOTIFY_EVENT', 1); |
||
61 | define('NOTIFY_RESOURCE', 2); |
||
62 | |||
63 | $notifications = array |
||
64 | ( |
||
65 | array('notify_create', NOTIFY_RECORD_CREATED, RES_NOTIFY_RECORD_CREATED_ID), |
||
66 | array('notify_assign', NOTIFY_RECORD_ASSIGNED, RES_NOTIFY_RECORD_ASSIGNED_ID), |
||
67 | array('notify_modify', NOTIFY_RECORD_MODIFIED, RES_NOTIFY_RECORD_MODIFIED_ID), |
||
68 | array('notify_state', NOTIFY_RECORD_STATE_CHANGED, RES_NOTIFY_RECORD_STATE_CHANGED_ID), |
||
69 | array('notify_postpone', NOTIFY_RECORD_POSTPONED, RES_NOTIFY_RECORD_POSTPONED_ID), |
||
70 | array('notify_resume', NOTIFY_RECORD_RESUMED, RES_NOTIFY_RECORD_RESUMED_ID), |
||
71 | array('notify_reopen', NOTIFY_RECORD_REOPENED, RES_NOTIFY_RECORD_REOPENED_ID), |
||
72 | array('notify_comment', NOTIFY_COMMENT_ADDED, RES_NOTIFY_COMMENT_ADDED_ID), |
||
73 | array('notify_attach', NOTIFY_FILE_ATTACHED, RES_NOTIFY_FILE_ATTACHED_ID), |
||
74 | array('notify_remove', NOTIFY_FILE_REMOVED, RES_NOTIFY_FILE_REMOVED_ID), |
||
75 | array('notify_clone', NOTIFY_RECORD_CLONED, RES_NOTIFY_RECORD_CLONED_ID), |
||
76 | array('notify_addsub', NOTIFY_SUBRECORD_ADDED, RES_NOTIFY_SUBRECORD_ADDED_ID), |
||
77 | array('notify_remsub', NOTIFY_SUBRECORD_REMOVED, RES_NOTIFY_SUBRECORD_REMOVED_ID), |
||
78 | ); |
||
79 | |||
80 | //------------------------------------------------------------------------------ |
||
81 | // Functions. |
||
82 | //------------------------------------------------------------------------------ |
||
83 | |||
84 | /** |
||
85 | * Finds in database and returns the information about specified subscription. |
||
86 | * |
||
87 | * @param int $id Subscription ID. |
||
88 | * @return array Array with data if subscription is found in database, FALSE otherwise. |
||
89 | */ |
||
90 | function subscription_find ($id) |
||
91 | { |
||
92 | debug_write_log(DEBUG_TRACE, '[subscription_find]'); |
||
93 | debug_write_log(DEBUG_DUMP, '[subscription_find] $id = ' . $id); |
||
94 | |||
95 | $rs = dal_query('subscriptions/fndid.sql', $id, $_SESSION[VAR_USERID]); |
||
96 | |||
97 | return ($rs->rows == 0 ? FALSE : $rs->fetch()); |
||
0 ignored issues
–
show
|
|||
98 | } |
||
99 | |||
100 | /** |
||
101 | * Returns {@link CRecordset DAL recordset} which contains all existing subscriptions of specified account. |
||
102 | * |
||
103 | * @param int $id Account ID. |
||
104 | * @param int &$sort Sort mode (used as output only). The function retrieves current sort mode from |
||
105 | * client cookie ({@link COOKIE_SUBSCRIPTIONS_SORT}) and updates it, if it's out of valid range. |
||
106 | * @param int &$page Number of current page tab (used as output only). The function retrieves current |
||
107 | * page from client cookie ({@link COOKIE_SUBSCRIPTIONS_PAGE}) and updates it, if it's out of valid range. |
||
108 | * @return CRecordset Recordset with list of subscriptions. |
||
109 | */ |
||
110 | View Code Duplication | function subscriptions_list ($id, &$sort, &$page) |
|
111 | { |
||
112 | debug_write_log(DEBUG_TRACE, '[subscriptions_list]'); |
||
113 | debug_write_log(DEBUG_DUMP, '[subscriptions_list] $id = ' . $id); |
||
114 | |||
115 | $sort_modes = array |
||
116 | ( |
||
117 | 1 => 'subscribe_name asc', |
||
118 | 2 => 'carbon_copy asc, subscribe_name asc', |
||
119 | 3 => 'subscribe_name desc', |
||
120 | 4 => 'carbon_copy desc, subscribe_name desc', |
||
121 | ); |
||
122 | |||
123 | $sort = try_request('sort', try_cookie(COOKIE_SUBSCRIPTIONS_SORT, 1)); |
||
124 | $sort = ustr2int($sort, 1, count($sort_modes)); |
||
125 | |||
126 | $page = try_request('page', try_cookie(COOKIE_SUBSCRIPTIONS_PAGE)); |
||
127 | $page = ustr2int($page, 1, MAXINT); |
||
128 | |||
129 | save_cookie(COOKIE_SUBSCRIPTIONS_SORT, $sort); |
||
130 | save_cookie(COOKIE_SUBSCRIPTIONS_PAGE, $page); |
||
131 | |||
132 | return dal_query('subscriptions/list.sql', $id, $sort_modes[$sort]); |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * Validates subscription information before creation or modification. |
||
137 | * |
||
138 | * @param string $subscription_name Subscription name. |
||
139 | * @param string $carbon_copy Carbon copy. |
||
140 | * @return int Error code: |
||
141 | * <ul> |
||
142 | * <li>{@link NO_ERROR} - data are valid</li> |
||
143 | * <li>{@link ERROR_INCOMPLETE_FORM} - at least one of required field is empty</li> |
||
144 | * <li>{@link ERROR_INVALID_EMAIL} - carbon copy is not valid email address</li> |
||
145 | * </ul> |
||
146 | */ |
||
147 | function subscription_validate ($subscription_name, $carbon_copy) |
||
148 | { |
||
149 | debug_write_log(DEBUG_TRACE, '[subscription_validate]'); |
||
150 | debug_write_log(DEBUG_DUMP, '[subscription_validate] $subscription_name = ' . $subscription_name); |
||
151 | debug_write_log(DEBUG_DUMP, '[subscription_validate] $carbon_copy = ' . $carbon_copy); |
||
152 | |||
153 | if (ustrlen($subscription_name) == 0) |
||
154 | { |
||
155 | debug_write_log(DEBUG_NOTICE, '[subscription_validate] At least one required field is empty.'); |
||
156 | return ERROR_INCOMPLETE_FORM; |
||
157 | } |
||
158 | |||
159 | if (ustrlen($carbon_copy) != 0 && !is_email($carbon_copy)) |
||
160 | { |
||
161 | debug_write_log(DEBUG_NOTICE, '[subscription_validate] Invalid email.'); |
||
162 | return ERROR_INVALID_EMAIL; |
||
163 | } |
||
164 | |||
165 | return NO_ERROR; |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * Creates new subscription. |
||
170 | * |
||
171 | * @param string $subscribe_name Subscription name. |
||
172 | * @param string $carbon_copy Carbon copy. |
||
173 | * @param int $subscribe_type Type of subscription. |
||
174 | * @param int $subscribe_flags Flags of subscription. |
||
175 | * @param int $subscribe_param Parameter of subscription, depends on its type. |
||
176 | * @return int Error code: |
||
177 | * <ul> |
||
178 | * <li>{@link NO_ERROR} - subscription is successfully created</li> |
||
179 | * <li>{@link ERROR_ALREADY_EXISTS} - subscription with specified name already exists</li> |
||
180 | * </ul> |
||
181 | */ |
||
182 | View Code Duplication | function subscription_create ($subscription_name, $carbon_copy, $subscription_type, $subscription_flags, $subscription_param = NULL) |
|
183 | { |
||
184 | debug_write_log(DEBUG_TRACE, '[subscription_create]'); |
||
185 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_name = ' . $subscription_name); |
||
186 | debug_write_log(DEBUG_DUMP, '[subscription_create] $carbon_copy = ' . $carbon_copy); |
||
187 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_type = ' . $subscription_type); |
||
188 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_flags = ' . $subscription_flags); |
||
189 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_param = ' . $subscription_param); |
||
190 | |||
191 | // Check that user doesn't have another subscription with the same name. |
||
192 | $rs = dal_query('subscriptions/fndk.sql', $_SESSION[VAR_USERID], ustrtolower($subscription_name)); |
||
193 | |||
194 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
195 | { |
||
196 | debug_write_log(DEBUG_NOTICE, '[subscription_create] Subscription already exists.'); |
||
197 | return ERROR_ALREADY_EXISTS; |
||
198 | } |
||
199 | |||
200 | // Create a subscription. |
||
201 | dal_query('subscriptions/create.sql', |
||
202 | $_SESSION[VAR_USERID], |
||
203 | $subscription_name, |
||
204 | ustrlen($carbon_copy) == 0 ? NULL : $carbon_copy, |
||
205 | $subscription_type, |
||
206 | $subscription_flags, |
||
207 | is_null($subscription_param) ? NULL : $subscription_param); |
||
208 | |||
209 | return NO_ERROR; |
||
210 | } |
||
211 | |||
212 | /** |
||
213 | * Modifies specified subscription. |
||
214 | * |
||
215 | * @param int $id ID of subscription to be modified. |
||
216 | * @param string $subscription_name New subscription name. |
||
217 | * @param string $carbon_copy New carbon copy. |
||
218 | * @param int $subscription_flags New flags of subscription. |
||
219 | * @return int Error code: |
||
220 | * <ul> |
||
221 | * <li>{@link NO_ERROR} - subscription is successfully modified</li> |
||
222 | * <li>{@link ERROR_ALREADY_EXISTS} - subscription with specified name already exists</li> |
||
223 | * </ul> |
||
224 | */ |
||
225 | View Code Duplication | function subscription_modify ($id, $subscription_name, $carbon_copy, $subscription_flags) |
|
226 | { |
||
227 | debug_write_log(DEBUG_TRACE, '[subscription_modify]'); |
||
228 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $id = ' . $id); |
||
229 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $subscription_name = ' . $subscription_name); |
||
230 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $carbon_copy = ' . $carbon_copy); |
||
231 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $subscription_flags = ' . $subscription_flags); |
||
232 | |||
233 | // Check that user doesn't have another subscription with the same name, besides this one. |
||
234 | $rs = dal_query('subscriptions/fndku.sql', $id, $_SESSION[VAR_USERID], ustrtolower($subscription_name)); |
||
235 | |||
236 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
237 | { |
||
238 | debug_write_log(DEBUG_NOTICE, '[subscription_modify] Subscription already exists.'); |
||
239 | return ERROR_ALREADY_EXISTS; |
||
240 | } |
||
241 | |||
242 | // Modify the subscription. |
||
243 | dal_query('subscriptions/modify.sql', |
||
244 | $id, |
||
245 | $subscription_name, |
||
246 | ustrlen($carbon_copy) == 0 ? NULL : $carbon_copy, |
||
247 | $subscription_flags); |
||
248 | |||
249 | return NO_ERROR; |
||
250 | } |
||
251 | |||
252 | /** |
||
253 | * Enables selected subscriptions. |
||
254 | * |
||
255 | * @param array $subscriptions List of subscriptions IDs. |
||
256 | * @return int Always {@link NO_ERROR}. |
||
257 | */ |
||
258 | View Code Duplication | function subscriptions_enable ($subscriptions) |
|
259 | { |
||
260 | debug_write_log(DEBUG_TRACE, '[subscriptions_enable]'); |
||
261 | |||
262 | foreach ($subscriptions as $subscription) |
||
263 | { |
||
264 | dal_query('subscriptions/set.sql', $subscription, $_SESSION[VAR_USERID]); |
||
265 | } |
||
266 | |||
267 | return NO_ERROR; |
||
268 | } |
||
269 | |||
270 | /** |
||
271 | * Disables selected subscriptions. |
||
272 | * |
||
273 | * @param array $subscriptions List of subscriptions IDs. |
||
274 | * @return int Always {@link NO_ERROR}. |
||
275 | */ |
||
276 | View Code Duplication | function subscriptions_disable ($subscriptions) |
|
277 | { |
||
278 | debug_write_log(DEBUG_TRACE, '[subscriptions_disable]'); |
||
279 | |||
280 | foreach ($subscriptions as $subscription) |
||
281 | { |
||
282 | dal_query('subscriptions/clear.sql', $subscription, $_SESSION[VAR_USERID]); |
||
283 | } |
||
284 | |||
285 | return NO_ERROR; |
||
286 | } |
||
287 | |||
288 | /** |
||
289 | * Deletes selected subscriptions. |
||
290 | * |
||
291 | * @param array $subscriptions List of subscriptions IDs. |
||
292 | * @return int Always {@link NO_ERROR}. |
||
293 | */ |
||
294 | function subscriptions_delete ($subscriptions) |
||
295 | { |
||
296 | debug_write_log(DEBUG_TRACE, '[subscriptions_delete]'); |
||
297 | |||
298 | foreach ($subscriptions as $subscription) |
||
299 | { |
||
300 | dal_query('subscriptions/delete.sql', $subscription); |
||
301 | } |
||
302 | |||
303 | return NO_ERROR; |
||
304 | } |
||
305 | |||
306 | ?> |
||
307 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.