Issues in tperms.php (master) - Issues in master - etraxis/etraxis-obsolete - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1098)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/projects/tperms.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

//------------------------------------------------------------------------------
//
//  eTraxis - Records tracking web-based system
//  Copyright (C) 2005-2011  Artem Rodygin
//
//  This program is free software: you can redistribute it and/or modify
//  it under the terms of the GNU General Public License as published by
//  the Free Software Foundation, either version 3 of the License, or
//  (at your option) any later version.
//
//  This program is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//  GNU General Public License for more details.
//
//  You should have received a copy of the GNU General Public License
//  along with this program.  If not, see <http://www.gnu.org/licenses/>.
//
//------------------------------------------------------------------------------

/**
 * @package eTraxis
 * @ignore
 */

/**#@+
 * Dependency.
 */
require_once('../engine/engine.php');
require_once('../dbo/groups.php');
require_once('../dbo/projects.php');
require_once('../dbo/templates.php');
require_once('../dbo/events.php');
/**#@-*/

init_page(LOAD_TAB);

if (get_user_level() != USER_LEVEL_ADMIN)
{
    debug_write_log(DEBUG_NOTICE, 'User must have admin rights to be allowed.');
    exit;
}

// check that requested template exists

$id       = ustr2int(try_request('id'));
$template = template_find($id);

if (!$template)

{
    debug_write_log(DEBUG_NOTICE, 'Template cannot be found.');
    exit;
}

// permissions data

define('GPERMS_CONTROL',    0);
define('GPERMS_PERMISSION', 1);
define('GPERMS_RESOURCE',   2);

$gperms = array
(
    array('perm_view',         PERMIT_VIEW_RECORD,           RES_PERMIT_VIEW_RECORDS_ONLY_ID),
    array('perm_create',       PERMIT_CREATE_RECORD,         RES_PERMIT_CREATE_RECORD_ID),
    array('perm_modify',       PERMIT_MODIFY_RECORD,         RES_PERMIT_MODIFY_RECORD_ID),
    array('perm_postpone',     PERMIT_POSTPONE_RECORD,       RES_PERMIT_POSTPONE_RECORD_ID),
    array('perm_resume',       PERMIT_RESUME_RECORD,         RES_PERMIT_RESUME_RECORD_ID),
    array('perm_reassign',     PERMIT_REASSIGN_RECORD,       RES_PERMIT_REASSIGN_RECORD_ID),
    array('perm_reopen',       PERMIT_REOPEN_RECORD,         RES_PERMIT_REOPEN_RECORD_ID),
    array('perm_comment',      PERMIT_ADD_COMMENTS,          RES_PERMIT_ADD_COMMENTS_ID),
    array('perm_confidential', PERMIT_CONFIDENTIAL_COMMENTS, RES_PERMIT_CONFIDENTIAL_COMMENTS_ID),
    array('perm_attach',       PERMIT_ATTACH_FILES,          RES_PERMIT_ATTACH_FILES_ID),
    array('perm_remove',       PERMIT_REMOVE_FILES,          RES_PERMIT_REMOVE_FILES_ID),
    array('perm_remind',       PERMIT_SEND_REMINDERS,        RES_PERMIT_SEND_REMINDERS_ID),
    array('perm_delete',       PERMIT_DELETE_RECORD,         RES_PERMIT_DELETE_RECORD_ID),
    array('perm_addsub',       PERMIT_ADD_SUBRECORDS,        RES_PERMIT_ADD_SUBRECORDS_ID),
    array('perm_remsub',       PERMIT_REMOVE_SUBRECORDS,     RES_PERMIT_REMOVE_SUBRECORDS_ID),
);

// save changed permissions

if (try_request('submitted') == 'permsform')
{
    debug_write_log(DEBUG_NOTICE, 'Data are submitted.');

    $permissions = 0;

    foreach ($gperms as $gperm)

    {
        if (isset($_REQUEST[$gperm[GPERMS_CONTROL]]))
        {
            $permissions |= $gperm[GPERMS_PERMISSION];
        }
    }

    $gid = ustr2int(try_request('group', TEMPLATE_ROLE_AUTHOR), MIN_TEMPLATE_ROLE);

    switch ($gid)
    {
        case TEMPLATE_ROLE_AUTHOR:
            $permissions &= ~(PERMIT_VIEW_RECORD | PERMIT_CREATE_RECORD);
            template_author_perm_set($id, $permissions);
            break;

        case TEMPLATE_ROLE_RESPONSIBLE:
            $permissions &= ~(PERMIT_VIEW_RECORD | PERMIT_CREATE_RECORD);
            template_responsible_perm_set($id, $permissions);
            break;

        case TEMPLATE_ROLE_REGISTERED:
            template_registered_perm_set($id, $permissions);
            break;

        default:
            group_set_permissions($gid, $id, $permissions);
    }

    exit;
}
else
{
    debug_write_log(DEBUG_NOTICE, 'Data are being requested.');
}

// JS arrays with permissions

$xml = <<<JQUERY
<script>

var perm_view         = new Array();
var perm_create       = new Array();
var perm_modify       = new Array();
var perm_postpone     = new Array();
var perm_resume       = new Array();
var perm_reassign     = new Array();
var perm_reopen       = new Array();
var perm_comment      = new Array();
var perm_confidential = new Array();
var perm_attach       = new Array();
var perm_remove       = new Array();
var perm_remind       = new Array();
var perm_delete       = new Array();
var perm_addsub       = new Array();
var perm_remsub       = new Array();

JQUERY;

foreach ($gperms as $gperm)
{
    $xml .= sprintf('%s["g%d"] = %s;',
                    $gperm[GPERMS_CONTROL],
                    TEMPLATE_ROLE_AUTHOR,
                    (($template['author_perm'] & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));

    $xml .= sprintf('%s["g%d"] = %s;',
                    $gperm[GPERMS_CONTROL],
                    TEMPLATE_ROLE_RESPONSIBLE,
                    (($template['responsible_perm'] & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));

    $xml .= sprintf('%s["g%d"] = %s;',
                    $gperm[GPERMS_CONTROL],
                    TEMPLATE_ROLE_REGISTERED,
                    (($template['registered_perm'] & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));
}

$template['author_perm'] |= PERMIT_VIEW_RECORD;
$template['author_perm'] &= ~PERMIT_CREATE_RECORD;

$template['responsible_perm'] |= PERMIT_VIEW_RECORD;
$template['responsible_perm'] &= ~PERMIT_CREATE_RECORD;

$rs = dal_query('groups/list.sql', $template['project_id'], 'is_global, group_name');

while (($row = $rs->fetch()))

{
    $permissions = group_get_permissions($row['group_id'], $id);

    foreach ($gperms as $gperm)
    {
        $xml .= sprintf('%s["g%d"] = %s;',
                        $gperm[GPERMS_CONTROL],
                        $row['group_id'],
                        (($permissions & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));
    }
}

// local JS functions

$role_author      = TEMPLATE_ROLE_AUTHOR;
$role_responsible = TEMPLATE_ROLE_RESPONSIBLE;

$resTitle   = get_js_resource(RES_PERMISSIONS_ID);
$resMessage = get_js_resource(RES_ALERT_SUCCESSFULLY_SAVED_ID);
$resOK      = get_js_resource(RES_OK_ID);

$xml .= <<<JQUERY

function permissionsSuccess ()
{
    var id = $("#group").val();

    perm_view["g"+id]         = $("#perm_view").prop("checked");
    perm_create["g"+id]       = $("#perm_create").prop("checked");
    perm_modify["g"+id]       = $("#perm_modify").prop("checked");
    perm_postpone["g"+id]     = $("#perm_postpone").prop("checked");
    perm_resume["g"+id]       = $("#perm_resume").prop("checked");
    perm_reassign["g"+id]     = $("#perm_reassign").prop("checked");
    perm_reopen["g"+id]       = $("#perm_reopen").prop("checked");
    perm_comment["g"+id]      = $("#perm_comment").prop("checked");
    perm_confidential["g"+id] = $("#perm_confidential").prop("checked");
    perm_attach["g"+id]       = $("#perm_attach").prop("checked");
    perm_remove["g"+id]       = $("#perm_remove").prop("checked");
    perm_remind["g"+id]       = $("#perm_remind").prop("checked");
    perm_delete["g"+id]       = $("#perm_delete").prop("checked");
    perm_addsub["g"+id]       = $("#perm_addsub").prop("checked");
    perm_remsub["g"+id]       = $("#perm_remsub").prop("checked");

    jqAlert("{$resTitle}", "{$resMessage}", "{$resOK}");
}

function selectAll ()
{
    $("#permsform input:checkbox").prop("checked", true);
    $("#permsform input:checkbox:disabled").prop("checked", false);
}

function updatePerms ()
{
    var id = $("#group").val();

    $("#perm_view").prop("checked",         perm_view["g"+id]);
    $("#perm_create").prop("checked",       perm_create["g"+id]);
    $("#perm_modify").prop("checked",       perm_modify["g"+id]);
    $("#perm_postpone").prop("checked",     perm_postpone["g"+id]);
    $("#perm_resume").prop("checked",       perm_resume["g"+id]);
    $("#perm_reassign").prop("checked",     perm_reassign["g"+id]);
    $("#perm_reopen").prop("checked",       perm_reopen["g"+id]);
    $("#perm_comment").prop("checked",      perm_comment["g"+id]);
    $("#perm_confidential").prop("checked", perm_confidential["g"+id]);
    $("#perm_attach").prop("checked",       perm_attach["g"+id]);
    $("#perm_remove").prop("checked",       perm_remove["g"+id]);
    $("#perm_remind").prop("checked",       perm_remind["g"+id]);
    $("#perm_delete").prop("checked",       perm_delete["g"+id]);
    $("#perm_addsub").prop("checked",       perm_addsub["g"+id]);
    $("#perm_remsub").prop("checked",       perm_remsub["g"+id]);

    if (id == {$role_author} || id == {$role_responsible})
    {
        $("#perm_view").prop("disabled", true);
        $("#perm_create").prop("disabled", true);
    }
    else
    {
        $("#perm_view").prop("disabled", false);
        $("#perm_create").prop("disabled", false);
    }
}

</script>
JQUERY;

// generate left side

$xml .= '<form name="permsform" action="tperms.php?id=' . $id . '" success="permissionsSuccess">'
      . '<dual>'
      . '<dualleft>'
      . '<group title="' . get_html_resource(RES_GROUPS_ID) . '">'
      . '<control name="group">'
      . '<listbox size="10" action="updatePerms()">'
      . '<listitem value="' . TEMPLATE_ROLE_AUTHOR      . '">' . sprintf('%s (%s)', get_html_resource(RES_AUTHOR_ID),      get_html_resource(RES_ROLE_ID)) . '</listitem>'
      . '<listitem value="' . TEMPLATE_ROLE_RESPONSIBLE . '">' . sprintf('%s (%s)', get_html_resource(RES_RESPONSIBLE_ID), get_html_resource(RES_ROLE_ID)) . '</listitem>'
      . '<listitem value="' . TEMPLATE_ROLE_REGISTERED  . '">' . sprintf('%s (%s)', get_html_resource(RES_REGISTERED_ID),  get_html_resource(RES_ROLE_ID)) . '</listitem>';

$rs->seek();

while (($row = $rs->fetch()))

{
    $xml .= '<listitem value="' . $row['group_id'] . '">'
          . ustr2html(sprintf('%s (%s)', $row['group_name'], get_html_resource($row['is_global'] ? RES_GLOBAL_ID : RES_LOCAL_ID)))
          . '</listitem>';
}

$xml .= '</listbox>'
      . '</control>'
      . '</group>'
      . '</dualleft>';

// generate right side

$xml .= '<dualright>'
      . '<group title="' . get_html_resource(RES_PERMISSIONS_ID) . '">';

foreach ($gperms as $gperm)

{
    $xml .= '<control name="' . $gperm[GPERMS_CONTROL] . '">'
          . '<checkbox>' . get_html_resource($gperm[GPERMS_RESOURCE]) . '</checkbox>'
          . '</control>';
}

$xml .= '</group>'
      . '<button default="true">'       . get_html_resource(RES_SAVE_ID)       . '</button>'
      . '<button action="selectAll()">' . get_html_resource(RES_SELECT_ALL_ID) . '</button>'
      . '</dualright>'
      . '</dual>'
      . '</form>';

$xml .= '<onready>'
      . '$("#group :first-child").prop("selected", true);'
      . 'updatePerms();'
      . '</onready>';

echo(xml2html($xml));

?>



1		<?php
2
3		//------------------------------------------------------------------------------
4		//
5		// eTraxis - Records tracking web-based system
6		// Copyright (C) 2005-2011 Artem Rodygin
7		//
8		// This program is free software: you can redistribute it and/or modify
9		// it under the terms of the GNU General Public License as published by
10		// the Free Software Foundation, either version 3 of the License, or
11		// (at your option) any later version.
12		//
13		// This program is distributed in the hope that it will be useful,
14		// but WITHOUT ANY WARRANTY; without even the implied warranty of
15		// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16		// GNU General Public License for more details.
17		//
18		// You should have received a copy of the GNU General Public License
19		// along with this program. If not, see <http://www.gnu.org/licenses/>.
20		//
21		//------------------------------------------------------------------------------
22
23		/**
24		* @package eTraxis
25		* @ignore
26		*/
27
28		/**#@+
29		* Dependency.
30		*/
31		require_once('../engine/engine.php');
32		require_once('../dbo/groups.php');
33		require_once('../dbo/projects.php');
34		require_once('../dbo/templates.php');
35		require_once('../dbo/events.php');
36		/*#@-/
37
38		init_page(LOAD_TAB);
39
40		if (get_user_level() != USER_LEVEL_ADMIN)
41		{
42		debug_write_log(DEBUG_NOTICE, 'User must have admin rights to be allowed.');
43		exit;
44		}
45
46		// check that requested template exists
47
48		$id = ustr2int(try_request('id'));
49		$template = template_find($id);
50
51		if (!$template)
		0 ignored issues – show Bug Best Practice introduced 2016-02-05 20:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$template` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
52		{
53		debug_write_log(DEBUG_NOTICE, 'Template cannot be found.');
54		exit;
55		}
56
57		// permissions data
58
59		define('GPERMS_CONTROL', 0);
60		define('GPERMS_PERMISSION', 1);
61		define('GPERMS_RESOURCE', 2);
62
63		$gperms = array
64		(
65		array('perm_view', PERMIT_VIEW_RECORD, RES_PERMIT_VIEW_RECORDS_ONLY_ID),
66		array('perm_create', PERMIT_CREATE_RECORD, RES_PERMIT_CREATE_RECORD_ID),
67		array('perm_modify', PERMIT_MODIFY_RECORD, RES_PERMIT_MODIFY_RECORD_ID),
68		array('perm_postpone', PERMIT_POSTPONE_RECORD, RES_PERMIT_POSTPONE_RECORD_ID),
69		array('perm_resume', PERMIT_RESUME_RECORD, RES_PERMIT_RESUME_RECORD_ID),
70		array('perm_reassign', PERMIT_REASSIGN_RECORD, RES_PERMIT_REASSIGN_RECORD_ID),
71		array('perm_reopen', PERMIT_REOPEN_RECORD, RES_PERMIT_REOPEN_RECORD_ID),
72		array('perm_comment', PERMIT_ADD_COMMENTS, RES_PERMIT_ADD_COMMENTS_ID),
73		array('perm_confidential', PERMIT_CONFIDENTIAL_COMMENTS, RES_PERMIT_CONFIDENTIAL_COMMENTS_ID),
74		array('perm_attach', PERMIT_ATTACH_FILES, RES_PERMIT_ATTACH_FILES_ID),
75		array('perm_remove', PERMIT_REMOVE_FILES, RES_PERMIT_REMOVE_FILES_ID),
76		array('perm_remind', PERMIT_SEND_REMINDERS, RES_PERMIT_SEND_REMINDERS_ID),
77		array('perm_delete', PERMIT_DELETE_RECORD, RES_PERMIT_DELETE_RECORD_ID),
78		array('perm_addsub', PERMIT_ADD_SUBRECORDS, RES_PERMIT_ADD_SUBRECORDS_ID),
79		array('perm_remsub', PERMIT_REMOVE_SUBRECORDS, RES_PERMIT_REMOVE_SUBRECORDS_ID),
80		);
81
82		// save changed permissions
83
84		if (try_request('submitted') == 'permsform')
85		{
86		debug_write_log(DEBUG_NOTICE, 'Data are submitted.');
87
88		$permissions = 0;
89
90	View Code Duplication	foreach ($gperms as $gperm)
		0 ignored issues – show Duplication introduced 2016-02-05 20:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
91		{
92		if (isset($_REQUEST[$gperm[GPERMS_CONTROL]]))
93		{
94		$permissions \|= $gperm[GPERMS_PERMISSION];
95		}
96		}
97
98		$gid = ustr2int(try_request('group', TEMPLATE_ROLE_AUTHOR), MIN_TEMPLATE_ROLE);
99
100		switch ($gid)
101		{
102		case TEMPLATE_ROLE_AUTHOR:
103		$permissions &= ~(PERMIT_VIEW_RECORD \| PERMIT_CREATE_RECORD);
104		template_author_perm_set($id, $permissions);
105		break;
106
107		case TEMPLATE_ROLE_RESPONSIBLE:
108		$permissions &= ~(PERMIT_VIEW_RECORD \| PERMIT_CREATE_RECORD);
109		template_responsible_perm_set($id, $permissions);
110		break;
111
112		case TEMPLATE_ROLE_REGISTERED:
113		template_registered_perm_set($id, $permissions);
114		break;
115
116		default:
117		group_set_permissions($gid, $id, $permissions);
118		}
119
120		exit;
121		}
122		else
123		{
124		debug_write_log(DEBUG_NOTICE, 'Data are being requested.');
125		}
126
127		// JS arrays with permissions
128
129		$xml = <<<JQUERY
130		<script>
131
132		var perm_view = new Array();
133		var perm_create = new Array();
134		var perm_modify = new Array();
135		var perm_postpone = new Array();
136		var perm_resume = new Array();
137		var perm_reassign = new Array();
138		var perm_reopen = new Array();
139		var perm_comment = new Array();
140		var perm_confidential = new Array();
141		var perm_attach = new Array();
142		var perm_remove = new Array();
143		var perm_remind = new Array();
144		var perm_delete = new Array();
145		var perm_addsub = new Array();
146		var perm_remsub = new Array();
147
148		JQUERY;
149
150		foreach ($gperms as $gperm)
151		{
152		$xml .= sprintf('%s["g%d"] = %s;',
153		$gperm[GPERMS_CONTROL],
154		TEMPLATE_ROLE_AUTHOR,
155		(($template['author_perm'] & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));
156
157		$xml .= sprintf('%s["g%d"] = %s;',
158		$gperm[GPERMS_CONTROL],
159		TEMPLATE_ROLE_RESPONSIBLE,
160		(($template['responsible_perm'] & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));
161
162		$xml .= sprintf('%s["g%d"] = %s;',
163		$gperm[GPERMS_CONTROL],
164		TEMPLATE_ROLE_REGISTERED,
165		(($template['registered_perm'] & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));
166		}
167
168		$template['author_perm'] \|= PERMIT_VIEW_RECORD;
169		$template['author_perm'] &= ~PERMIT_CREATE_RECORD;
170
171		$template['responsible_perm'] \|= PERMIT_VIEW_RECORD;
172		$template['responsible_perm'] &= ~PERMIT_CREATE_RECORD;
173
174		$rs = dal_query('groups/list.sql', $template['project_id'], 'is_global, group_name');
175
176	View Code Duplication	while (($row = $rs->fetch()))
		0 ignored issues – show Duplication introduced 2016-02-05 20:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
177		{
178		$permissions = group_get_permissions($row['group_id'], $id);
179
180		foreach ($gperms as $gperm)
181		{
182		$xml .= sprintf('%s["g%d"] = %s;',
183		$gperm[GPERMS_CONTROL],
184		$row['group_id'],
185		(($permissions & $gperm[GPERMS_PERMISSION]) == 0 ? 'false' : 'true'));
186		}
187		}
188
189		// local JS functions
190
191		$role_author = TEMPLATE_ROLE_AUTHOR;
192		$role_responsible = TEMPLATE_ROLE_RESPONSIBLE;
193
194		$resTitle = get_js_resource(RES_PERMISSIONS_ID);
195		$resMessage = get_js_resource(RES_ALERT_SUCCESSFULLY_SAVED_ID);
196		$resOK = get_js_resource(RES_OK_ID);
197
198		$xml .= <<<JQUERY
199
200		function permissionsSuccess ()
201		{
202		var id = $("#group").val();
203
204		perm_view["g"+id] = $("#perm_view").prop("checked");
205		perm_create["g"+id] = $("#perm_create").prop("checked");
206		perm_modify["g"+id] = $("#perm_modify").prop("checked");
207		perm_postpone["g"+id] = $("#perm_postpone").prop("checked");
208		perm_resume["g"+id] = $("#perm_resume").prop("checked");
209		perm_reassign["g"+id] = $("#perm_reassign").prop("checked");
210		perm_reopen["g"+id] = $("#perm_reopen").prop("checked");
211		perm_comment["g"+id] = $("#perm_comment").prop("checked");
212		perm_confidential["g"+id] = $("#perm_confidential").prop("checked");
213		perm_attach["g"+id] = $("#perm_attach").prop("checked");
214		perm_remove["g"+id] = $("#perm_remove").prop("checked");
215		perm_remind["g"+id] = $("#perm_remind").prop("checked");
216		perm_delete["g"+id] = $("#perm_delete").prop("checked");
217		perm_addsub["g"+id] = $("#perm_addsub").prop("checked");
218		perm_remsub["g"+id] = $("#perm_remsub").prop("checked");
219
220		jqAlert("{$resTitle}", "{$resMessage}", "{$resOK}");
221		}
222
223		function selectAll ()
224		{
225		$("#permsform input:checkbox").prop("checked", true);
226		$("#permsform input:checkbox:disabled").prop("checked", false);
227		}
228
229		function updatePerms ()
230		{
231		var id = $("#group").val();
232
233		$("#perm_view").prop("checked", perm_view["g"+id]);
234		$("#perm_create").prop("checked", perm_create["g"+id]);
235		$("#perm_modify").prop("checked", perm_modify["g"+id]);
236		$("#perm_postpone").prop("checked", perm_postpone["g"+id]);
237		$("#perm_resume").prop("checked", perm_resume["g"+id]);
238		$("#perm_reassign").prop("checked", perm_reassign["g"+id]);
239		$("#perm_reopen").prop("checked", perm_reopen["g"+id]);
240		$("#perm_comment").prop("checked", perm_comment["g"+id]);
241		$("#perm_confidential").prop("checked", perm_confidential["g"+id]);
242		$("#perm_attach").prop("checked", perm_attach["g"+id]);
243		$("#perm_remove").prop("checked", perm_remove["g"+id]);
244		$("#perm_remind").prop("checked", perm_remind["g"+id]);
245		$("#perm_delete").prop("checked", perm_delete["g"+id]);
246		$("#perm_addsub").prop("checked", perm_addsub["g"+id]);
247		$("#perm_remsub").prop("checked", perm_remsub["g"+id]);
248
249		if (id == {$role_author} \|\| id == {$role_responsible})
250		{
251		$("#perm_view").prop("disabled", true);
252		$("#perm_create").prop("disabled", true);
253		}
254		else
255		{
256		$("#perm_view").prop("disabled", false);
257		$("#perm_create").prop("disabled", false);
258		}
259		}
260
261		</script>
262		JQUERY;
263
264		// generate left side
265
266		$xml .= '<form name="permsform" action="tperms.php?id=' . $id . '" success="permissionsSuccess">'
267		. '<dual>'
268		. '<dualleft>'
269		. '<group title="' . get_html_resource(RES_GROUPS_ID) . '">'
270		. '<control name="group">'
271		. '<listbox size="10" action="updatePerms()">'
272		. '<listitem value="' . TEMPLATE_ROLE_AUTHOR . '">' . sprintf('%s (%s)', get_html_resource(RES_AUTHOR_ID), get_html_resource(RES_ROLE_ID)) . '</listitem>'
273		. '<listitem value="' . TEMPLATE_ROLE_RESPONSIBLE . '">' . sprintf('%s (%s)', get_html_resource(RES_RESPONSIBLE_ID), get_html_resource(RES_ROLE_ID)) . '</listitem>'
274		. '<listitem value="' . TEMPLATE_ROLE_REGISTERED . '">' . sprintf('%s (%s)', get_html_resource(RES_REGISTERED_ID), get_html_resource(RES_ROLE_ID)) . '</listitem>';
275
276		$rs->seek();
277
278	View Code Duplication	while (($row = $rs->fetch()))
		0 ignored issues – show Duplication introduced 2016-02-05 20:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
279		{
280		$xml .= '<listitem value="' . $row['group_id'] . '">'
281		. ustr2html(sprintf('%s (%s)', $row['group_name'], get_html_resource($row['is_global'] ? RES_GLOBAL_ID : RES_LOCAL_ID)))
282		. '</listitem>';
283		}
284
285		$xml .= '</listbox>'
286		. '</control>'
287		. '</group>'
288		. '</dualleft>';
289
290		// generate right side
291
292		$xml .= '<dualright>'
293		. '<group title="' . get_html_resource(RES_PERMISSIONS_ID) . '">';
294
295	View Code Duplication	foreach ($gperms as $gperm)
		0 ignored issues – show Duplication introduced 2016-02-05 20:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
296		{
297		$xml .= '<control name="' . $gperm[GPERMS_CONTROL] . '">'
298		. '<checkbox>' . get_html_resource($gperm[GPERMS_RESOURCE]) . '</checkbox>'
299		. '</control>';
300		}
301
302		$xml .= '</group>'
303		. '<button default="true">' . get_html_resource(RES_SAVE_ID) . '</button>'
304		. '<button action="selectAll()">' . get_html_resource(RES_SELECT_ALL_ID) . '</button>'
305		. '</dualright>'
306		. '</dual>'
307		. '</form>';
308
309		$xml .= '<onready>'
310		. '$("#group :first-child").prop("selected", true);'
311		. 'updatePerms();'
312		. '</onready>';
313
314		echo(xml2html($xml));
315
316		?>
		0 ignored issues – show Best Practice introduced 2016-02-05 20:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
317

etraxis / etraxis-obsolete

Issues (1098)

Security Analysis not enabled

src/projects/tperms.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like