This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/accounts.php'); |
||
33 | require_once('../dbo/states.php'); |
||
34 | require_once('../dbo/fields.php'); |
||
35 | require_once('../dbo/values.php'); |
||
36 | require_once('../dbo/records.php'); |
||
37 | /**#@-*/ |
||
38 | |||
39 | init_page(LOAD_INLINE); |
||
40 | |||
41 | $error = NO_ERROR; |
||
42 | |||
43 | // check whether a cloning was requested |
||
44 | |||
45 | $id = ustr2int(try_request('id')); |
||
46 | |||
47 | if ($id == 0) |
||
48 | { |
||
49 | $parent = record_find(ustr2int(try_request('parent'))); |
||
50 | $is_dependency = TRUE; |
||
51 | |||
52 | if ($parent) |
||
53 | { |
||
54 | debug_write_log(DEBUG_NOTICE, 'Data for new subrecord creating are being requested.'); |
||
55 | } |
||
56 | else |
||
57 | { |
||
58 | debug_write_log(DEBUG_NOTICE, 'Data for new record creating are being requested.'); |
||
59 | } |
||
60 | |||
61 | if (!can_record_be_created()) |
||
62 | { |
||
63 | debug_write_log(DEBUG_NOTICE, 'Record cannot be created.'); |
||
64 | header('HTTP/1.1 307 index.php'); |
||
65 | exit; |
||
66 | } |
||
67 | |||
68 | $form = 'projectform'; |
||
69 | $focus = '.project'; |
||
70 | $step = 1; |
||
71 | } |
||
72 | else |
||
73 | { |
||
74 | debug_write_log(DEBUG_NOTICE, 'Data for record cloning are being requested.'); |
||
75 | |||
76 | $record = record_find($id); |
||
77 | $parent = FALSE; |
||
78 | $is_dependency = TRUE; |
||
79 | |||
80 | if (!$record) |
||
81 | { |
||
82 | debug_write_log(DEBUG_NOTICE, 'Record cannot be found.'); |
||
83 | header('HTTP/1.1 307 index.php'); |
||
84 | exit; |
||
85 | } |
||
86 | |||
87 | $permissions = record_get_permissions($record['template_id'], $record['creator_id'], $record['responsible_id']); |
||
88 | |||
89 | if (!can_record_be_created()) |
||
90 | { |
||
91 | debug_write_log(DEBUG_NOTICE, 'Record cannot be cloned.'); |
||
92 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
93 | exit; |
||
94 | } |
||
95 | |||
96 | $subject = $record['subject']; |
||
97 | $responsible_id = $record['responsible_id']; |
||
98 | $project_id = $record['project_id']; |
||
99 | $template_id = $record['template_id']; |
||
100 | |||
101 | View Code Duplication | if (DATABASE_DRIVER == DRIVER_ORACLE9) |
|
102 | { |
||
103 | $rs = dal_query('records/oracle/tfndid.sql', $_SESSION[VAR_USERID], $project_id, $template_id); |
||
104 | } |
||
105 | else |
||
106 | { |
||
107 | $rs = dal_query('records/tfndid.sql', $_SESSION[VAR_USERID], $project_id, $template_id); |
||
108 | } |
||
109 | |||
110 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
|
|||
111 | { |
||
112 | debug_write_log(DEBUG_NOTICE, 'Template cannot be found.'); |
||
113 | header('HTTP/1.1 307 view.php?id=' . $id); |
||
114 | exit; |
||
115 | } |
||
116 | |||
117 | $row = $rs->fetch(); |
||
118 | |||
119 | $project_name = $row['project_name']; |
||
120 | $template_name = $row['template_name']; |
||
121 | $state_id = $row['state_id']; |
||
122 | $state_name = $row['state_name']; |
||
123 | $responsible = $row['responsible']; |
||
124 | |||
125 | $form = 'mainform'; |
||
126 | $focus = '.subject'; |
||
127 | $step = 3; |
||
128 | } |
||
129 | |||
130 | // project has been selected |
||
131 | |||
132 | if (try_request('submitted') == 'projectform') |
||
133 | { |
||
134 | debug_write_log(DEBUG_NOTICE, 'Data for step #2 (template) are being requested.'); |
||
135 | |||
136 | $project_id = ustr2int(try_request('project')); |
||
137 | |||
138 | View Code Duplication | if (DATABASE_DRIVER == DRIVER_ORACLE9) |
|
139 | { |
||
140 | $rs = dal_query('records/oracle/pfndid.sql', $_SESSION[VAR_USERID], $project_id); |
||
141 | } |
||
142 | else |
||
143 | { |
||
144 | $rs = dal_query('records/pfndid.sql', $_SESSION[VAR_USERID], $project_id); |
||
145 | } |
||
146 | |||
147 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
148 | { |
||
149 | debug_write_log(DEBUG_NOTICE, 'Project cannot be found.'); |
||
150 | header('HTTP/1.1 307 index.php'); |
||
151 | exit; |
||
152 | } |
||
153 | |||
154 | $project_name = $rs->fetch('project_name'); |
||
155 | |||
156 | $form = 'templateform'; |
||
157 | $focus = '.template'; |
||
158 | $step = 2; |
||
159 | } |
||
160 | |||
161 | // template has been selected |
||
162 | |||
163 | elseif (try_request('submitted') == 'templateform') |
||
164 | { |
||
165 | debug_write_log(DEBUG_NOTICE, 'Data for step #3 (final) are being requested.'); |
||
166 | |||
167 | $subject = ($parent ? $parent['subject'] : NULL); |
||
168 | $responsible_id = ($id == 0 ? NULL : $record['responsible_id']); |
||
169 | $project_id = ustr2int(try_request('project')); |
||
170 | $template_id = ustr2int(try_request('template')); |
||
171 | |||
172 | View Code Duplication | if (DATABASE_DRIVER == DRIVER_ORACLE9) |
|
173 | { |
||
174 | $rs = dal_query('records/oracle/tfndid.sql', $_SESSION[VAR_USERID], $project_id, $template_id); |
||
175 | } |
||
176 | else |
||
177 | { |
||
178 | $rs = dal_query('records/tfndid.sql', $_SESSION[VAR_USERID], $project_id, $template_id); |
||
179 | } |
||
180 | |||
181 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
182 | { |
||
183 | debug_write_log(DEBUG_NOTICE, 'Template cannot be found.'); |
||
184 | header('HTTP/1.1 307 index.php'); |
||
185 | exit; |
||
186 | } |
||
187 | |||
188 | $row = $rs->fetch(); |
||
189 | |||
190 | $project_name = $row['project_name']; |
||
191 | $template_name = $row['template_name']; |
||
192 | $state_id = $row['state_id']; |
||
193 | $state_name = $row['state_name']; |
||
194 | $responsible = $row['responsible']; |
||
195 | |||
196 | $form = 'mainform'; |
||
197 | $focus = '.subject'; |
||
198 | $step = 3; |
||
199 | } |
||
200 | |||
201 | // new record has been submitted |
||
202 | |||
203 | elseif (try_request('submitted') == 'mainform') |
||
204 | { |
||
205 | debug_write_log(DEBUG_NOTICE, 'Data are submitted.'); |
||
206 | |||
207 | $subject = ustrcut($_REQUEST['subject'], MAX_RECORD_SUBJECT); |
||
208 | $project_id = ustr2int(try_request('project')); |
||
209 | $template_id = ustr2int(try_request('template')); |
||
210 | |||
211 | View Code Duplication | if (DATABASE_DRIVER == DRIVER_ORACLE9) |
|
212 | { |
||
213 | $rs = dal_query('records/oracle/tfndid.sql', $_SESSION[VAR_USERID], $project_id, $template_id); |
||
214 | } |
||
215 | else |
||
216 | { |
||
217 | $rs = dal_query('records/tfndid.sql', $_SESSION[VAR_USERID], $project_id, $template_id); |
||
218 | } |
||
219 | |||
220 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
221 | { |
||
222 | debug_write_log(DEBUG_NOTICE, 'Template cannot be found.'); |
||
223 | header('HTTP/1.1 307 index.php'); |
||
224 | exit; |
||
225 | } |
||
226 | |||
227 | $row = $rs->fetch(); |
||
228 | |||
229 | $project_name = $row['project_name']; |
||
230 | $template_name = $row['template_name']; |
||
231 | $state_id = $row['state_id']; |
||
232 | $state_name = $row['state_name']; |
||
233 | $responsible = $row['responsible']; |
||
234 | |||
235 | $rs = dal_query('records/efnd.sql', $_SESSION[VAR_USERID], EVENT_RECORD_CREATED, time() - 3, $state_id); |
||
236 | |||
237 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
238 | { |
||
239 | debug_write_log(DEBUG_NOTICE, 'Double click issue is detected.'); |
||
240 | header('HTTP/1.1 307 index.php'); |
||
241 | exit; |
||
242 | } |
||
243 | |||
244 | $responsible_id = try_request('responsible'); |
||
245 | $is_dependency = isset($_REQUEST['is_dependency']); |
||
246 | |||
247 | $error = record_validate(OPERATION_CREATE_RECORD, $subject, NULL, $state_id); |
||
248 | |||
249 | if ($error == NO_ERROR) |
||
250 | { |
||
251 | $record_id = 0; |
||
252 | |||
253 | $error = record_create($record_id, |
||
254 | $subject, |
||
255 | $state_id, |
||
256 | $responsible_id, |
||
257 | $id); |
||
258 | |||
259 | if ($error == NO_ERROR) |
||
260 | { |
||
261 | if ($parent) |
||
262 | { |
||
263 | subrecord_add($parent['record_id'], $record_id, $is_dependency); |
||
264 | } |
||
265 | |||
266 | /* temporarily disabled |
||
267 | if (isset($_REQUEST['attachname']) && ATTACHMENTS_ENABLED) |
||
268 | { |
||
269 | $attachname = ustrcut($_REQUEST['attachname'], MAX_ATTACHMENT_NAME); |
||
270 | attachment_add($record_id, $attachname, $_FILES['attachfile']); |
||
271 | } |
||
272 | */ |
||
273 | |||
274 | record_read($record_id); |
||
275 | } |
||
276 | } |
||
277 | |||
278 | switch ($error) |
||
279 | { |
||
280 | View Code Duplication | case NO_ERROR: |
|
281 | |||
282 | header('HTTP/1.0 200 OK'); |
||
283 | |||
284 | if ($parent) |
||
285 | { |
||
286 | $rs = dal_query('depends/list.sql', $parent['record_id']); |
||
287 | echo(sprintf('%s (%u)', get_html_resource(RES_SUBRECORDS_ID), $rs->rows)); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
288 | } |
||
289 | else |
||
290 | { |
||
291 | echo($record_id); |
||
292 | } |
||
293 | |||
294 | break; |
||
295 | |||
296 | case ERROR_INCOMPLETE_FORM: |
||
297 | send_http_error(get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID)); |
||
298 | break; |
||
299 | |||
300 | case ERROR_INVALID_INTEGER_VALUE: |
||
301 | send_http_error(get_html_resource(RES_ALERT_INVALID_INTEGER_VALUE_ID)); |
||
302 | break; |
||
303 | |||
304 | case ERROR_INVALID_FLOAT_VALUE: |
||
305 | send_http_error(get_html_resource(RES_ALERT_INVALID_DECIMAL_VALUE_ID)); |
||
306 | break; |
||
307 | |||
308 | case ERROR_INVALID_DATE_VALUE: |
||
309 | send_http_error(get_html_resource(RES_ALERT_INVALID_DATE_VALUE_ID)); |
||
310 | break; |
||
311 | |||
312 | case ERROR_INVALID_TIME_VALUE: |
||
313 | send_http_error(get_html_resource(RES_ALERT_INVALID_TIME_VALUE_ID)); |
||
314 | break; |
||
315 | |||
316 | case ERROR_INTEGER_VALUE_OUT_OF_RANGE: |
||
317 | case ERROR_FLOAT_VALUE_OUT_OF_RANGE: |
||
318 | case ERROR_DATE_VALUE_OUT_OF_RANGE: |
||
319 | case ERROR_TIME_VALUE_OUT_OF_RANGE: |
||
320 | send_http_error(ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), $_SESSION['FIELD_NAME'], $_SESSION['MIN_FIELD_INTEGER'], $_SESSION['MAX_FIELD_INTEGER'])); |
||
321 | unset($_SESSION['FIELD_NAME']); |
||
322 | unset($_SESSION['MIN_FIELD_INTEGER']); |
||
323 | unset($_SESSION['MAX_FIELD_INTEGER']); |
||
324 | break; |
||
325 | |||
326 | case ERROR_RECORD_NOT_FOUND: |
||
327 | send_http_error(get_html_resource(RES_ALERT_RECORD_NOT_FOUND_ID)); |
||
328 | break; |
||
329 | |||
330 | case ERROR_VALUE_FAILS_REGEX_CHECK: |
||
331 | send_http_error(ustrprocess(get_html_resource(RES_ALERT_VALUE_FAILS_REGEX_CHECK_ID), $_SESSION['FIELD_NAME'], $_SESSION['FIELD_VALUE'])); |
||
332 | unset($_SESSION['FIELD_NAME']); |
||
333 | unset($_SESSION['FIELD_VALUE']); |
||
334 | break; |
||
335 | |||
336 | default: |
||
337 | send_http_error(get_html_resource(RES_ALERT_UNKNOWN_ERROR_ID)); |
||
338 | } |
||
339 | |||
340 | exit; |
||
341 | } |
||
342 | |||
343 | // local JS functions |
||
344 | |||
345 | $resTitle = get_js_resource(RES_ERROR_ID); |
||
346 | $resOK = get_js_resource(RES_OK_ID); |
||
347 | |||
348 | $xml = <<<JQUERY |
||
349 | <script> |
||
350 | |||
351 | function cloneSuccess (data) |
||
352 | { |
||
353 | var index = $("#tabs").tabs("option", "selected") + 1; |
||
354 | $("[href=#ui-tabs-" + index + "]").html(data); |
||
355 | |||
356 | closeModal(); |
||
357 | reloadTab(); |
||
358 | } |
||
359 | |||
360 | function createSuccess (data) |
||
361 | { |
||
362 | closeModal(); |
||
363 | window.open("view.php?id=" + data, "_parent"); |
||
364 | } |
||
365 | |||
366 | function createError (XMLHttpRequest) |
||
367 | { |
||
368 | jqAlert("{$resTitle}", XMLHttpRequest.responseText, "{$resOK}"); |
||
369 | } |
||
370 | |||
371 | </script> |
||
372 | JQUERY; |
||
373 | |||
374 | // generate general information |
||
375 | |||
376 | $xml .= '<form name="' . $form . '" action="create.php' . ($id == 0 ? ($parent ? '?parent=' . $parent['record_id'] : NULL) : '?id=' . $id) . '" success=' . ($parent ? '"cloneSuccess"' : '"createSuccess"') . ' error="createError">' |
||
377 | . '<group>'; |
||
378 | |||
379 | if ($step == 1) |
||
380 | { |
||
381 | debug_write_log(DEBUG_NOTICE, 'Step #1 (project) is being proceeded.'); |
||
382 | |||
383 | $xml .= '<control name="project" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
384 | . '<label>' . get_html_resource(RES_PROJECT_ID) . '</label>' |
||
385 | . '<combobox>'; |
||
386 | |||
387 | if (DATABASE_DRIVER == DRIVER_ORACLE9) |
||
388 | { |
||
389 | $rs = dal_query('records/oracle/plist.sql', $_SESSION[VAR_USERID]); |
||
390 | } |
||
391 | else |
||
392 | { |
||
393 | $rs = dal_query('records/plist.sql', $_SESSION[VAR_USERID]); |
||
394 | } |
||
395 | |||
396 | if ($rs->rows == 1) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
397 | { |
||
398 | debug_write_log(DEBUG_NOTICE, 'One project only is found.'); |
||
399 | } |
||
400 | |||
401 | View Code Duplication | while (($row = $rs->fetch())) |
|
402 | { |
||
403 | $xml .= ($parent && $parent['project_id'] == $row['project_id'] |
||
404 | ? '<listitem value="' . $row['project_id'] . '" selected="true">' |
||
405 | : '<listitem value="' . $row['project_id'] . '">') |
||
406 | . ustr2html($row['project_name']) |
||
407 | . '</listitem>'; |
||
408 | } |
||
409 | |||
410 | $xml .= '</combobox>' |
||
411 | . '</control>'; |
||
412 | } |
||
413 | else |
||
414 | { |
||
415 | $xml .= '<control name="project">' |
||
416 | . '<label>' . get_html_resource(RES_PROJECT_ID) . '</label>' |
||
417 | . '<combobox>' |
||
418 | . '<listitem value="' . $project_id . '">' . ustr2html($project_name) . '</listitem>' |
||
419 | . '</combobox>' |
||
420 | . '</control>'; |
||
421 | |||
422 | if ($step == 2) |
||
423 | { |
||
424 | debug_write_log(DEBUG_NOTICE, 'Step #2 (template) is being proceeded.'); |
||
425 | |||
426 | $xml .= '<control name="template" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
427 | . '<label>' . get_html_resource(RES_TEMPLATE_ID) . '</label>' |
||
428 | . '<combobox>'; |
||
429 | |||
430 | View Code Duplication | if (DATABASE_DRIVER == DRIVER_ORACLE9) |
|
431 | { |
||
432 | $rs = dal_query('records/oracle/tlist.sql', $_SESSION[VAR_USERID], $project_id); |
||
433 | } |
||
434 | else |
||
435 | { |
||
436 | $rs = dal_query('records/tlist.sql', $_SESSION[VAR_USERID], $project_id); |
||
437 | } |
||
438 | |||
439 | if ($rs->rows == 1) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
440 | { |
||
441 | debug_write_log(DEBUG_NOTICE, 'One template only is found.'); |
||
442 | } |
||
443 | |||
444 | View Code Duplication | while (($row = $rs->fetch())) |
|
445 | { |
||
446 | $xml .= ($parent && $parent['template_id'] == $row['template_id'] |
||
447 | ? '<listitem value="' . $row['template_id'] . '" selected="true">' |
||
448 | : '<listitem value="' . $row['template_id'] . '">') |
||
449 | . ustr2html($row['template_name']) |
||
450 | . '</listitem>'; |
||
451 | } |
||
452 | |||
453 | $xml .= '</combobox>' |
||
454 | . '</control>'; |
||
455 | } |
||
456 | else |
||
457 | { |
||
458 | debug_write_log(DEBUG_NOTICE, 'Step #3 (final) is being proceeded.'); |
||
459 | |||
460 | $xml .= '<control name="template">' |
||
461 | . '<label>' . get_html_resource(RES_TEMPLATE_ID) . '</label>' |
||
462 | . '<combobox>' |
||
463 | . '<listitem value="' . $template_id . '">' . ustr2html($template_name) . '</listitem>' |
||
464 | . '</combobox>' |
||
465 | . '</control>' |
||
466 | . '<control name="subject" required="' . get_html_resource(RES_REQUIRED3_ID) . '" description="true">' |
||
467 | . '<label>' . get_html_resource(RES_SUBJECT_ID) . '</label>' |
||
468 | . '<editbox maxlen="' . MAX_RECORD_SUBJECT . '">' . ustr2html($subject) . '</editbox>' |
||
469 | . '<description>' |
||
470 | . get_html_resource(RES_ALERT_SPECIFY_SHORT_DESCRIPTION_ID) |
||
471 | . '</description>' |
||
472 | . '</control>'; |
||
473 | |||
474 | if ($responsible == STATE_RESPONSIBLE_ASSIGN) |
||
475 | { |
||
476 | debug_write_log(DEBUG_NOTICE, 'Record should be assigned.'); |
||
477 | |||
478 | $rs = dal_query('records/responsibles.sql', $state_id, $_SESSION[VAR_USERID]); |
||
479 | |||
480 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
481 | { |
||
482 | $xml .= '<control name="responsible" required="' . get_html_resource(RES_REQUIRED3_ID) . '">' |
||
483 | . '<label>' . get_html_resource(RES_RESPONSIBLE_ID) . '</label>' |
||
484 | . '<combobox>'; |
||
485 | |||
486 | View Code Duplication | while (($row = $rs->fetch())) |
|
487 | { |
||
488 | $xml .= ($row['account_id'] == $responsible_id |
||
489 | ? '<listitem value="' . $row['account_id'] . '" selected="true">' |
||
490 | : '<listitem value="' . $row['account_id'] . '">') |
||
491 | . ustr2html(sprintf('%s (%s)', $row['fullname'], account_get_username($row['username']))) |
||
492 | . '</listitem>'; |
||
493 | } |
||
494 | |||
495 | $xml .= '</combobox>' |
||
496 | . '</control>'; |
||
497 | } |
||
498 | } |
||
499 | |||
500 | if ($parent) |
||
501 | { |
||
502 | $xml .= '<control name="is_dependency">' |
||
503 | . ($is_dependency |
||
504 | ? '<checkbox checked="true">' |
||
505 | : '<checkbox>') |
||
506 | . get_html_resource(RES_DEPENDENCY_ID) |
||
507 | . '</checkbox>' |
||
508 | . '</control>'; |
||
509 | } |
||
510 | } |
||
511 | } |
||
512 | |||
513 | $xml .= '</group>'; |
||
514 | |||
515 | // go through the list of all fields of initial state |
||
516 | |||
517 | $flag = FALSE; |
||
518 | $script = NULL; |
||
519 | $notes = '<note>' . get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID) . '</note>'; |
||
520 | |||
521 | if ($step == 3) |
||
522 | { |
||
523 | $rs = dal_query('fields/list.sql', $state_id, 'field_order'); |
||
524 | |||
525 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
526 | { |
||
527 | debug_write_log(DEBUG_NOTICE, 'No fields for initial state are found.'); |
||
528 | } |
||
529 | else |
||
530 | { |
||
531 | debug_write_log(DEBUG_NOTICE, 'Fields of initial state are being enumerated.'); |
||
532 | |||
533 | $xml .= '<group title="' . ustr2html($state_name) . '">'; |
||
534 | |||
535 | while (($row = $rs->fetch())) |
||
536 | { |
||
537 | $name = 'field' . $row['field_id']; |
||
538 | $value = NULL; |
||
539 | |||
540 | if ($id != 0) |
||
541 | { |
||
542 | $rsv = dal_query('values/fndk.sql', $id, $row['field_id']); |
||
543 | |||
544 | if ($rsv->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
545 | { |
||
546 | $value = value_find($row['field_type'], $rsv->fetch('value_id')); |
||
547 | } |
||
548 | View Code Duplication | elseif (!is_null($row['value_id'])) |
|
549 | { |
||
550 | $value = value_find($row['field_type'], ($row['field_type'] == FIELD_TYPE_DATE ? date_offset(time(), $row['value_id']) : $row['value_id'])); |
||
551 | } |
||
552 | } |
||
553 | View Code Duplication | elseif (!is_null($row['value_id'])) |
|
554 | { |
||
555 | $value = value_find($row['field_type'], ($row['field_type'] == FIELD_TYPE_DATE ? date_offset(time(), $row['value_id']) : $row['value_id'])); |
||
556 | } |
||
557 | |||
558 | $xml .= '<control name="' . $name . '"' |
||
559 | . ($row['is_required'] && $row['field_type'] != FIELD_TYPE_CHECKBOX |
||
560 | ? ' required="' . get_html_resource(RES_REQUIRED3_ID) . '"' |
||
561 | : NULL) |
||
562 | . (ustrlen($row['description']) != 0 |
||
563 | ? ' description="true"' |
||
564 | : NULL) |
||
565 | . '>'; |
||
566 | |||
567 | View Code Duplication | switch ($row['field_type']) |
|
568 | { |
||
569 | case FIELD_TYPE_NUMBER: |
||
570 | |||
571 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
572 | |||
573 | $xml .= '<editbox maxlen="' . (ustrlen(MAX_FIELD_INTEGER) + 1) . '">' |
||
574 | . ustr2html(try_request($name, $value)) |
||
575 | . '</editbox>'; |
||
576 | |||
577 | $notes .= '<note>' |
||
578 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), $row['param1'], $row['param2']) |
||
579 | . '</note>'; |
||
580 | |||
581 | break; |
||
582 | |||
583 | case FIELD_TYPE_FLOAT: |
||
584 | |||
585 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
586 | |||
587 | $xml .= '<editbox maxlen="' . ustrlen(MAX_FIELD_FLOAT) . '">' |
||
588 | . ustr2html(try_request($name, $value)) |
||
589 | . '</editbox>'; |
||
590 | |||
591 | $notes .= '<note>' |
||
592 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), |
||
593 | ustr2html($row['field_name']), |
||
594 | value_find(FIELD_TYPE_FLOAT, $row['param1']), |
||
595 | value_find(FIELD_TYPE_FLOAT, $row['param2'])) |
||
596 | . '</note>'; |
||
597 | |||
598 | break; |
||
599 | |||
600 | case FIELD_TYPE_STRING: |
||
601 | |||
602 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
603 | |||
604 | $xml .= '<editbox maxlen="' . $row['param1'] . '">' |
||
605 | . ustr2html(try_request($name, $value)) |
||
606 | . '</editbox>'; |
||
607 | |||
608 | $flag = TRUE; |
||
609 | |||
610 | break; |
||
611 | |||
612 | case FIELD_TYPE_MULTILINED: |
||
613 | |||
614 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
615 | |||
616 | $xml .= '<textbox rows="' . $_SESSION[VAR_TEXTROWS] . '" maxlen="' . MAX_FIELD_MULTILINED . '">' |
||
617 | . ustr2html(try_request($name, $value)) |
||
618 | . '</textbox>'; |
||
619 | |||
620 | $flag = TRUE; |
||
621 | |||
622 | break; |
||
623 | |||
624 | case FIELD_TYPE_CHECKBOX: |
||
625 | |||
626 | $user_value = (try_request('submitted') == 'mainform') |
||
627 | ? isset($_REQUEST[$name]) |
||
628 | : $value; |
||
629 | |||
630 | $xml .= '<label/>'; |
||
631 | |||
632 | $xml .= ($user_value |
||
633 | ? '<checkbox checked="true">' |
||
634 | : '<checkbox>') |
||
635 | . ustr2html($row['field_name']) |
||
636 | . '</checkbox>'; |
||
637 | |||
638 | break; |
||
639 | |||
640 | case FIELD_TYPE_LIST: |
||
641 | |||
642 | $selected = try_request($name, $value); |
||
643 | |||
644 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
645 | |||
646 | $xml .= '<combobox>' |
||
647 | . '<listitem value=""/>'; |
||
648 | |||
649 | $rsv = dal_query('values/lvlist.sql', $row['field_id']); |
||
650 | |||
651 | while (($item = $rsv->fetch())) |
||
652 | { |
||
653 | $xml .= ($selected == $item['int_value'] |
||
654 | ? '<listitem value="' . $item['int_value'] . '" selected="true">' |
||
655 | : '<listitem value="' . $item['int_value'] . '">') |
||
656 | . ustr2html($item['str_value']) |
||
657 | . '</listitem>'; |
||
658 | } |
||
659 | |||
660 | $xml .= '</combobox>'; |
||
661 | |||
662 | break; |
||
663 | |||
664 | case FIELD_TYPE_RECORD: |
||
665 | |||
666 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
667 | |||
668 | $xml .= '<editbox maxlen="' . ustrlen(MAXINT) . '">' |
||
669 | . ustr2html(try_request($name, $value)) |
||
670 | . '</editbox>'; |
||
671 | |||
672 | $notes .= '<note>' |
||
673 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), 1, MAXINT) |
||
674 | . '</note>'; |
||
675 | |||
676 | break; |
||
677 | |||
678 | case FIELD_TYPE_DATE: |
||
679 | |||
680 | $today = time(); |
||
681 | |||
682 | $row['param1'] = date_offset($today, $row['param1']); |
||
683 | $row['param2'] = date_offset($today, $row['param2']); |
||
684 | |||
685 | $xml .= '<label>' . sprintf('%s (%s)', ustr2html($row['field_name']), get_date_format_str()) . '</label>'; |
||
686 | |||
687 | $xml .= '<editbox maxlen="' . ustrlen(get_date(SAMPLE_DATE)) . '">' |
||
688 | . ustr2html(try_request($name, $value)) |
||
689 | . '</editbox>'; |
||
690 | |||
691 | $notes .= '<note>' |
||
692 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), get_date($row['param1']), get_date($row['param2'])) |
||
693 | . '</note>'; |
||
694 | |||
695 | $script .= '<onready>' |
||
696 | . '$("#' . $name . '").datepicker($.datepicker.regional["' . $_SESSION[VAR_LOCALE] . '"]);' |
||
697 | . '</onready>'; |
||
698 | |||
699 | break; |
||
700 | |||
701 | case FIELD_TYPE_DURATION: |
||
702 | |||
703 | $xml .= '<label>' . ustr2html($row['field_name']) . '</label>'; |
||
704 | |||
705 | $xml .= '<editbox maxlen="' . ustrlen(time2ustr(MAX_FIELD_DURATION)) . '">' |
||
706 | . ustr2html(try_request($name, $value)) |
||
707 | . '</editbox>'; |
||
708 | |||
709 | $notes .= '<note>' |
||
710 | . ustrprocess(get_html_resource(RES_ALERT_FIELD_VALUE_OUT_OF_RANGE_ID), ustr2html($row['field_name']), time2ustr($row['param1']), time2ustr($row['param2'])) |
||
711 | . '</note>'; |
||
712 | |||
713 | break; |
||
714 | |||
715 | default: |
||
716 | |||
717 | debug_write_log(DEBUG_WARNING, 'Unknown field type = ' . $row['field_type']); |
||
718 | } |
||
719 | |||
720 | View Code Duplication | if (ustrlen($row['description']) != 0) |
|
721 | { |
||
722 | $xml .= '<description>' |
||
723 | . update_references($row['description'], BBCODE_ALL) |
||
724 | . '</description>'; |
||
725 | } |
||
726 | |||
727 | $xml .= '</control>'; |
||
728 | |||
729 | if ($row['add_separator']) |
||
730 | { |
||
731 | $xml .= '<hr/>'; |
||
732 | } |
||
733 | } |
||
734 | |||
735 | $xml .= '</group>'; |
||
736 | } |
||
737 | |||
738 | $permissions = record_get_permissions($template_id, $_SESSION[VAR_USERID], 0); |
||
739 | |||
740 | /* temporarily disabled |
||
741 | if (get_user_level() != USER_LEVEL_GUEST && |
||
742 | ($permissions & PERMIT_ATTACH_FILES) && |
||
743 | ATTACHMENTS_ENABLED) |
||
744 | { |
||
745 | $xml .= '<group title="' . get_html_resource(RES_ATTACH_FILE_ID) . '">' |
||
746 | . '<control name="attachname">' |
||
747 | . '<label>' . get_html_resource(RES_ATTACHMENT_NAME_ID) . '</label>' |
||
748 | . '<editbox maxlen="' . MAX_ATTACHMENT_NAME . '"/>' |
||
749 | . '</control>' |
||
750 | . '<control name="attachfile">' |
||
751 | . '<label>' . get_html_resource(RES_ATTACHMENT_FILE_ID) . '</label>' |
||
752 | . '<filebox/>' |
||
753 | . '</control>' |
||
754 | . '</group>'; |
||
755 | |||
756 | $notes .= '<note>' . ustrprocess(get_html_resource(RES_ALERT_UPLOAD_FORM_SIZE_ID), ATTACHMENTS_MAXSIZE) . '</note>'; |
||
757 | } |
||
758 | */ |
||
759 | } |
||
760 | |||
761 | if ($flag) |
||
762 | { |
||
763 | $notes .= '<note>' . get_html_resource(RES_LINK_TO_ANOTHER_RECORD_ID) . '</note>'; |
||
764 | } |
||
765 | |||
766 | $xml .= $notes |
||
767 | . '</form>' |
||
768 | . '<script>' |
||
769 | . $script |
||
770 | . '</script>'; |
||
771 | |||
772 | echo(xml2html($xml)); |
||
773 | |||
774 | ?> |
||
775 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.