This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Encourage use of @property annotation when providing magic access
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2010-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/filters.php'); |
||
33 | /**#@-*/ |
||
34 | |||
35 | init_page(LOAD_TAB); |
||
36 | |||
37 | // filters list is submitted |
||
38 | |||
39 | View Code Duplication | if (try_request('submitted') == 'enable' || |
|
40 | try_request('submitted') == 'disable' || |
||
41 | try_request('submitted') == 'delete') |
||
42 | { |
||
43 | $filters = array(); |
||
44 | |||
45 | foreach ($_REQUEST as $request) |
||
46 | { |
||
47 | if (substr($request, 0, 6) == 'filter') |
||
48 | { |
||
49 | array_push($filters, intval(substr($request, 6))); |
||
50 | } |
||
51 | } |
||
52 | |||
53 | if (try_request('submitted') == 'enable') |
||
54 | { |
||
55 | debug_write_log(DEBUG_NOTICE, 'Enable selected filters.'); |
||
56 | filters_set($filters); |
||
57 | } |
||
58 | elseif (try_request('submitted') == 'disable') |
||
59 | { |
||
60 | debug_write_log(DEBUG_NOTICE, 'Disable selected filters.'); |
||
61 | filters_clear($filters); |
||
62 | } |
||
63 | elseif (try_request('submitted') == 'delete') |
||
64 | { |
||
65 | debug_write_log(DEBUG_NOTICE, 'Delete selected filters.'); |
||
66 | filters_delete($filters); |
||
67 | } |
||
68 | |||
69 | exit; |
||
70 | } |
||
71 | |||
72 | // local JS functions |
||
73 | |||
74 | $resTitle = get_js_resource(RES_NEW_FILTER_ID); |
||
75 | $resOK = get_js_resource(RES_OK_ID); |
||
76 | $resNext = get_js_resource(RES_NEXT_ID); |
||
77 | $resCancel = get_js_resource(RES_CANCEL_ID); |
||
78 | |||
79 | $xml = <<<JQUERY |
||
80 | <script> |
||
81 | |||
82 | function filterCreateStep1 () |
||
83 | { |
||
84 | jqModal("{$resTitle}", "create.php", "{$resNext}", "{$resCancel}", "filterCreateStep2()"); |
||
85 | } |
||
86 | |||
87 | function filterCreateStep2 () |
||
88 | { |
||
89 | var project = $("#project").val(); |
||
90 | |||
91 | closeModal(); |
||
92 | |||
93 | if (project == 0) |
||
94 | { |
||
95 | jqModal("{$resTitle}", "create.php?" + $("#projectform").serialize(), "{$resOK}", "{$resCancel}", "$('#createform').submit()"); |
||
96 | } |
||
97 | else |
||
98 | { |
||
99 | jqModal("{$resTitle}", "create.php?" + $("#projectform").serialize(), "{$resNext}", "{$resCancel}", "filterCreateStep3()"); |
||
100 | } |
||
101 | } |
||
102 | |||
103 | function filterCreateStep3 () |
||
104 | { |
||
105 | closeModal(); |
||
106 | jqModal("{$resTitle}", "create.php?" + $("#templateform").serialize(), "{$resOK}", "{$resCancel}", "$('#createform').submit()"); |
||
107 | } |
||
108 | |||
109 | function performAction (action) |
||
110 | { |
||
111 | $("#filters :input[name=submitted]").val(action); |
||
112 | $("#filters").submit(); |
||
113 | } |
||
114 | |||
115 | </script> |
||
116 | JQUERY; |
||
117 | |||
118 | // get list of filters |
||
119 | |||
120 | $sort = $page = NULL; |
||
121 | $list = filters_list($_SESSION[VAR_USERID], FALSE, $sort, $page); |
||
122 | |||
123 | $from = $to = 0; |
||
124 | |||
125 | // generate list of filters |
||
126 | |||
127 | $xml .= '<button action="filterCreateStep1()">' . get_html_resource(RES_CREATE_ID) . '</button>'; |
||
128 | |||
129 | if ($list->rows != 0) |
||
0 ignored issues
–
show
|
|||
130 | { |
||
131 | $columns = array |
||
132 | ( |
||
133 | RES_FILTER_NAME_ID, |
||
134 | RES_STATUS_ID, |
||
135 | RES_OWNER_ID, |
||
136 | ); |
||
137 | |||
138 | $bookmarks = gen_xml_bookmarks($page, $list->rows, $from, $to, 'list.php?'); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
139 | |||
140 | $xml .= '<buttonset>' |
||
141 | . '<button action="performAction(\'enable\')">' . get_html_resource(RES_ENABLE_ID) . '</button>' |
||
142 | . '<button action="performAction(\'disable\')">' . get_html_resource(RES_DISABLE_ID) . '</button>' |
||
143 | . '</buttonset>' |
||
144 | . '<button action="performAction(\\\'delete\\\')" prompt="' . get_js_resource(RES_CONFIRM_DELETE_FILTERS_ID) . '">' . get_html_resource(RES_DELETE_ID) . '</button>' |
||
145 | . '<form name="filters" action="list.php" success="reloadTab">' |
||
146 | . '<list>' |
||
147 | . '<hrow>' |
||
148 | . '<hcell checkboxes="true"/>'; |
||
149 | |||
150 | View Code Duplication | for ($i = 1; $i <= count($columns); $i++) |
|
151 | { |
||
152 | $smode = ($sort == $i ? ($i + count($columns)) : $i); |
||
153 | |||
154 | $xml .= "<hcell url=\"list.php?sort={$smode}\">" |
||
155 | . get_html_resource($columns[$i - 1]) |
||
156 | . '</hcell>'; |
||
157 | } |
||
158 | |||
159 | $xml .= '</hrow>'; |
||
160 | |||
161 | $list->seek($from - 1); |
||
162 | |||
163 | for ($i = $from; $i <= $to; $i++) |
||
164 | { |
||
165 | $row = $list->fetch(); |
||
166 | |||
167 | if (is_null($row['fullname'])) |
||
168 | { |
||
169 | $row['username'] = $_SESSION[VAR_USERNAME]; |
||
170 | $row['fullname'] = $_SESSION[VAR_FULLNAME]; |
||
171 | } |
||
172 | |||
173 | $color = $row['active'] ? NULL : 'grey'; |
||
174 | |||
175 | $xml .= ($row['shared'] |
||
176 | ? "<row name=\"filter{$row['filter_id']}\" color=\"{$color}\">" |
||
177 | : "<row name=\"filter{$row['filter_id']}\" url=\"view.php?id={$row['filter_id']}\" color=\"{$color}\">") |
||
178 | . '<cell>' . ustr2html($row['filter_name']) . '</cell>' |
||
179 | . '<cell>' . get_html_resource($row['active'] ? RES_ACTIVE_ID : RES_DISABLED_ID) . '</cell>' |
||
180 | . '<cell>' . ustr2html(sprintf('%s (%s)', $row['fullname'], $row['username'])) . '</cell>' |
||
181 | . '</row>'; |
||
182 | } |
||
183 | |||
184 | $xml .= '</list>' |
||
185 | . '</form>' |
||
186 | . $bookmarks; |
||
187 | } |
||
188 | |||
189 | echo(xml2html($xml)); |
||
190 | |||
191 | ?> |
||
192 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.