This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Check that a closing PHP tag ("?>") is never present
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2010 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * Subscriptions |
||
25 | * |
||
26 | * This module provides API to work with user subscriptions. |
||
27 | * See also {@link https://github.com/etraxis/etraxis-obsolete/wiki/tbl_subscribes tbl_subscribes} database table. |
||
28 | * |
||
29 | * @package DBO |
||
30 | * @subpackage Subscriptions |
||
31 | */ |
||
32 | |||
33 | /**#@+ |
||
34 | * Dependency. |
||
35 | */ |
||
36 | require_once('../engine/engine.php'); |
||
37 | /**#@-*/ |
||
38 | |||
39 | //------------------------------------------------------------------------------ |
||
40 | // Definitions. |
||
41 | //------------------------------------------------------------------------------ |
||
42 | |||
43 | /**#@+ |
||
44 | * Data restriction. |
||
45 | */ |
||
46 | define('MAX_SUBSCRIPTION_NAME', 25); |
||
47 | define('MAX_SUBSCRIPTION_CARBON_COPY', 50); |
||
48 | /**#@-*/ |
||
49 | |||
50 | /**#@+ |
||
51 | * Filter type. |
||
52 | */ |
||
53 | define('SUBSCRIPTION_TYPE_ALL_PROJECTS', 1); |
||
54 | define('SUBSCRIPTION_TYPE_ALL_TEMPLATES', 2); |
||
55 | define('SUBSCRIPTION_TYPE_ONE_TEMPLATE', 3); |
||
56 | /**#@-*/ |
||
57 | |||
58 | // Notifications data. |
||
59 | define('NOTIFY_CONTROL', 0); |
||
60 | define('NOTIFY_EVENT', 1); |
||
61 | define('NOTIFY_RESOURCE', 2); |
||
62 | |||
63 | $notifications = array |
||
64 | ( |
||
65 | array('notify_create', NOTIFY_RECORD_CREATED, RES_NOTIFY_RECORD_CREATED_ID), |
||
66 | array('notify_assign', NOTIFY_RECORD_ASSIGNED, RES_NOTIFY_RECORD_ASSIGNED_ID), |
||
67 | array('notify_modify', NOTIFY_RECORD_MODIFIED, RES_NOTIFY_RECORD_MODIFIED_ID), |
||
68 | array('notify_state', NOTIFY_RECORD_STATE_CHANGED, RES_NOTIFY_RECORD_STATE_CHANGED_ID), |
||
69 | array('notify_postpone', NOTIFY_RECORD_POSTPONED, RES_NOTIFY_RECORD_POSTPONED_ID), |
||
70 | array('notify_resume', NOTIFY_RECORD_RESUMED, RES_NOTIFY_RECORD_RESUMED_ID), |
||
71 | array('notify_reopen', NOTIFY_RECORD_REOPENED, RES_NOTIFY_RECORD_REOPENED_ID), |
||
72 | array('notify_comment', NOTIFY_COMMENT_ADDED, RES_NOTIFY_COMMENT_ADDED_ID), |
||
73 | array('notify_attach', NOTIFY_FILE_ATTACHED, RES_NOTIFY_FILE_ATTACHED_ID), |
||
74 | array('notify_remove', NOTIFY_FILE_REMOVED, RES_NOTIFY_FILE_REMOVED_ID), |
||
75 | array('notify_clone', NOTIFY_RECORD_CLONED, RES_NOTIFY_RECORD_CLONED_ID), |
||
76 | array('notify_addsub', NOTIFY_SUBRECORD_ADDED, RES_NOTIFY_SUBRECORD_ADDED_ID), |
||
77 | array('notify_remsub', NOTIFY_SUBRECORD_REMOVED, RES_NOTIFY_SUBRECORD_REMOVED_ID), |
||
78 | ); |
||
79 | |||
80 | //------------------------------------------------------------------------------ |
||
81 | // Functions. |
||
82 | //------------------------------------------------------------------------------ |
||
83 | |||
84 | /** |
||
85 | * Finds in database and returns the information about specified subscription. |
||
86 | * |
||
87 | * @param int $id Subscription ID. |
||
88 | * @return array Array with data if subscription is found in database, FALSE otherwise. |
||
89 | */ |
||
90 | function subscription_find ($id) |
||
91 | { |
||
92 | debug_write_log(DEBUG_TRACE, '[subscription_find]'); |
||
93 | debug_write_log(DEBUG_DUMP, '[subscription_find] $id = ' . $id); |
||
94 | |||
95 | $rs = dal_query('subscriptions/fndid.sql', $id, $_SESSION[VAR_USERID]); |
||
96 | |||
97 | return ($rs->rows == 0 ? FALSE : $rs->fetch()); |
||
98 | } |
||
99 | |||
100 | /** |
||
101 | * Returns {@link CRecordset DAL recordset} which contains all existing subscriptions of specified account. |
||
102 | * |
||
103 | * @param int $id Account ID. |
||
104 | * @param int &$sort Sort mode (used as output only). The function retrieves current sort mode from |
||
105 | * client cookie ({@link COOKIE_SUBSCRIPTIONS_SORT}) and updates it, if it's out of valid range. |
||
106 | * @param int &$page Number of current page tab (used as output only). The function retrieves current |
||
107 | * page from client cookie ({@link COOKIE_SUBSCRIPTIONS_PAGE}) and updates it, if it's out of valid range. |
||
108 | * @return CRecordset Recordset with list of subscriptions. |
||
109 | */ |
||
110 | View Code Duplication | function subscriptions_list ($id, &$sort, &$page) |
|
111 | { |
||
112 | debug_write_log(DEBUG_TRACE, '[subscriptions_list]'); |
||
113 | debug_write_log(DEBUG_DUMP, '[subscriptions_list] $id = ' . $id); |
||
114 | |||
115 | $sort_modes = array |
||
116 | ( |
||
117 | 1 => 'subscribe_name asc', |
||
118 | 2 => 'carbon_copy asc, subscribe_name asc', |
||
119 | 3 => 'subscribe_name desc', |
||
120 | 4 => 'carbon_copy desc, subscribe_name desc', |
||
121 | ); |
||
122 | |||
123 | $sort = try_request('sort', try_cookie(COOKIE_SUBSCRIPTIONS_SORT, 1)); |
||
124 | $sort = ustr2int($sort, 1, count($sort_modes)); |
||
125 | |||
126 | $page = try_request('page', try_cookie(COOKIE_SUBSCRIPTIONS_PAGE)); |
||
127 | $page = ustr2int($page, 1, MAXINT); |
||
128 | |||
129 | save_cookie(COOKIE_SUBSCRIPTIONS_SORT, $sort); |
||
130 | save_cookie(COOKIE_SUBSCRIPTIONS_PAGE, $page); |
||
131 | |||
132 | return dal_query('subscriptions/list.sql', $id, $sort_modes[$sort]); |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * Validates subscription information before creation or modification. |
||
137 | * |
||
138 | * @param string $subscription_name Subscription name. |
||
139 | * @param string $carbon_copy Carbon copy. |
||
140 | * @return int Error code: |
||
141 | * <ul> |
||
142 | * <li>{@link NO_ERROR} - data are valid</li> |
||
143 | * <li>{@link ERROR_INCOMPLETE_FORM} - at least one of required field is empty</li> |
||
144 | * <li>{@link ERROR_INVALID_EMAIL} - carbon copy is not valid email address</li> |
||
145 | * </ul> |
||
146 | */ |
||
147 | function subscription_validate ($subscription_name, $carbon_copy) |
||
148 | { |
||
149 | debug_write_log(DEBUG_TRACE, '[subscription_validate]'); |
||
150 | debug_write_log(DEBUG_DUMP, '[subscription_validate] $subscription_name = ' . $subscription_name); |
||
151 | debug_write_log(DEBUG_DUMP, '[subscription_validate] $carbon_copy = ' . $carbon_copy); |
||
152 | |||
153 | if (ustrlen($subscription_name) == 0) |
||
154 | { |
||
155 | debug_write_log(DEBUG_NOTICE, '[subscription_validate] At least one required field is empty.'); |
||
156 | return ERROR_INCOMPLETE_FORM; |
||
157 | } |
||
158 | |||
159 | if (ustrlen($carbon_copy) != 0 && !is_email($carbon_copy)) |
||
160 | { |
||
161 | debug_write_log(DEBUG_NOTICE, '[subscription_validate] Invalid email.'); |
||
162 | return ERROR_INVALID_EMAIL; |
||
163 | } |
||
164 | |||
165 | return NO_ERROR; |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * Creates new subscription. |
||
170 | * |
||
171 | * @param string $subscribe_name Subscription name. |
||
172 | * @param string $carbon_copy Carbon copy. |
||
173 | * @param int $subscribe_type Type of subscription. |
||
174 | * @param int $subscribe_flags Flags of subscription. |
||
175 | * @param int $subscribe_param Parameter of subscription, depends on its type. |
||
176 | * @return int Error code: |
||
177 | * <ul> |
||
178 | * <li>{@link NO_ERROR} - subscription is successfully created</li> |
||
179 | * <li>{@link ERROR_ALREADY_EXISTS} - subscription with specified name already exists</li> |
||
180 | * </ul> |
||
181 | */ |
||
182 | View Code Duplication | function subscription_create ($subscription_name, $carbon_copy, $subscription_type, $subscription_flags, $subscription_param = NULL) |
|
183 | { |
||
184 | debug_write_log(DEBUG_TRACE, '[subscription_create]'); |
||
185 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_name = ' . $subscription_name); |
||
186 | debug_write_log(DEBUG_DUMP, '[subscription_create] $carbon_copy = ' . $carbon_copy); |
||
187 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_type = ' . $subscription_type); |
||
188 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_flags = ' . $subscription_flags); |
||
189 | debug_write_log(DEBUG_DUMP, '[subscription_create] $subscription_param = ' . $subscription_param); |
||
190 | |||
191 | // Check that user doesn't have another subscription with the same name. |
||
192 | $rs = dal_query('subscriptions/fndk.sql', $_SESSION[VAR_USERID], ustrtolower($subscription_name)); |
||
193 | |||
194 | if ($rs->rows != 0) |
||
195 | { |
||
196 | debug_write_log(DEBUG_NOTICE, '[subscription_create] Subscription already exists.'); |
||
197 | return ERROR_ALREADY_EXISTS; |
||
198 | } |
||
199 | |||
200 | // Create a subscription. |
||
201 | dal_query('subscriptions/create.sql', |
||
202 | $_SESSION[VAR_USERID], |
||
203 | $subscription_name, |
||
204 | ustrlen($carbon_copy) == 0 ? NULL : $carbon_copy, |
||
205 | $subscription_type, |
||
206 | $subscription_flags, |
||
207 | is_null($subscription_param) ? NULL : $subscription_param); |
||
208 | |||
209 | return NO_ERROR; |
||
210 | } |
||
211 | |||
212 | /** |
||
213 | * Modifies specified subscription. |
||
214 | * |
||
215 | * @param int $id ID of subscription to be modified. |
||
216 | * @param string $subscription_name New subscription name. |
||
217 | * @param string $carbon_copy New carbon copy. |
||
218 | * @param int $subscription_flags New flags of subscription. |
||
219 | * @return int Error code: |
||
220 | * <ul> |
||
221 | * <li>{@link NO_ERROR} - subscription is successfully modified</li> |
||
222 | * <li>{@link ERROR_ALREADY_EXISTS} - subscription with specified name already exists</li> |
||
223 | * </ul> |
||
224 | */ |
||
225 | View Code Duplication | function subscription_modify ($id, $subscription_name, $carbon_copy, $subscription_flags) |
|
226 | { |
||
227 | debug_write_log(DEBUG_TRACE, '[subscription_modify]'); |
||
228 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $id = ' . $id); |
||
229 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $subscription_name = ' . $subscription_name); |
||
230 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $carbon_copy = ' . $carbon_copy); |
||
231 | debug_write_log(DEBUG_DUMP, '[subscription_modify] $subscription_flags = ' . $subscription_flags); |
||
232 | |||
233 | // Check that user doesn't have another subscription with the same name, besides this one. |
||
234 | $rs = dal_query('subscriptions/fndku.sql', $id, $_SESSION[VAR_USERID], ustrtolower($subscription_name)); |
||
235 | |||
236 | if ($rs->rows != 0) |
||
237 | { |
||
238 | debug_write_log(DEBUG_NOTICE, '[subscription_modify] Subscription already exists.'); |
||
239 | return ERROR_ALREADY_EXISTS; |
||
240 | } |
||
241 | |||
242 | // Modify the subscription. |
||
243 | dal_query('subscriptions/modify.sql', |
||
244 | $id, |
||
245 | $subscription_name, |
||
246 | ustrlen($carbon_copy) == 0 ? NULL : $carbon_copy, |
||
247 | $subscription_flags); |
||
248 | |||
249 | return NO_ERROR; |
||
250 | } |
||
251 | |||
252 | /** |
||
253 | * Enables selected subscriptions. |
||
254 | * |
||
255 | * @param array $subscriptions List of subscriptions IDs. |
||
256 | * @return int Always {@link NO_ERROR}. |
||
257 | */ |
||
258 | View Code Duplication | function subscriptions_enable ($subscriptions) |
|
259 | { |
||
260 | debug_write_log(DEBUG_TRACE, '[subscriptions_enable]'); |
||
261 | |||
262 | foreach ($subscriptions as $subscription) |
||
263 | { |
||
264 | dal_query('subscriptions/set.sql', $subscription, $_SESSION[VAR_USERID]); |
||
265 | } |
||
266 | |||
267 | return NO_ERROR; |
||
268 | } |
||
269 | |||
270 | /** |
||
271 | * Disables selected subscriptions. |
||
272 | * |
||
273 | * @param array $subscriptions List of subscriptions IDs. |
||
274 | * @return int Always {@link NO_ERROR}. |
||
275 | */ |
||
276 | View Code Duplication | function subscriptions_disable ($subscriptions) |
|
277 | { |
||
278 | debug_write_log(DEBUG_TRACE, '[subscriptions_disable]'); |
||
279 | |||
280 | foreach ($subscriptions as $subscription) |
||
281 | { |
||
282 | dal_query('subscriptions/clear.sql', $subscription, $_SESSION[VAR_USERID]); |
||
283 | } |
||
284 | |||
285 | return NO_ERROR; |
||
286 | } |
||
287 | |||
288 | /** |
||
289 | * Deletes selected subscriptions. |
||
290 | * |
||
291 | * @param array $subscriptions List of subscriptions IDs. |
||
292 | * @return int Always {@link NO_ERROR}. |
||
293 | */ |
||
294 | function subscriptions_delete ($subscriptions) |
||
295 | { |
||
296 | debug_write_log(DEBUG_TRACE, '[subscriptions_delete]'); |
||
297 | |||
298 | foreach ($subscriptions as $subscription) |
||
299 | { |
||
300 | dal_query('subscriptions/delete.sql', $subscription); |
||
301 | } |
||
302 | |||
303 | return NO_ERROR; |
||
304 | } |
||
305 | |||
306 | ?> |
||
0 ignored issues
–
show
|
|||
307 |
Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore.
A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever.