This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/accounts.php'); |
||
33 | require_once('../dbo/fields.php'); |
||
34 | require_once('../dbo/values.php'); |
||
35 | require_once('../dbo/records.php'); |
||
36 | require_once('../dbo/views.php'); |
||
37 | /**#@-*/ |
||
38 | |||
39 | init_page(LOAD_TAB, GUEST_IS_ALLOWED); |
||
0 ignored issues
–
show
|
|||
40 | |||
41 | // whether a record's dump was requested |
||
42 | |||
43 | $dump_mode = isset($_REQUEST['dump']); |
||
44 | |||
45 | debug_write_log(DEBUG_NOTICE, 'Dump mode = ' . $dump_mode); |
||
46 | |||
47 | // check that requested record exists |
||
48 | |||
49 | $id = ustr2int(try_request($dump_mode ? 'dump' : 'id')); |
||
50 | $record = record_find($id); |
||
51 | |||
52 | if (!$record) |
||
53 | { |
||
54 | debug_write_log(DEBUG_NOTICE, 'Record cannot be found.'); |
||
55 | exit; |
||
56 | } |
||
57 | |||
58 | // get current user's permissions and verify them |
||
59 | |||
60 | $permissions = record_get_permissions($record['template_id'], $record['creator_id'], $record['responsible_id']); |
||
61 | |||
62 | if (!can_record_be_displayed($permissions)) |
||
63 | { |
||
64 | debug_write_log(DEBUG_NOTICE, 'Record cannot be displayed.'); |
||
65 | exit; |
||
66 | } |
||
67 | |||
68 | // find previous and next records |
||
69 | |||
70 | $columns = columns_list(); |
||
71 | |||
72 | $sort = $page = NULL; |
||
73 | $list = records_list($columns, $sort, $page, $_SESSION[VAR_SEARCH_MODE], $_SESSION[VAR_SEARCH_TEXT]); |
||
74 | |||
75 | $prev_id = $next_id = $temp_id = NULL; |
||
76 | |||
77 | while (($row = $list->fetch())) |
||
78 | { |
||
79 | if ($id == $row['record_id']) |
||
80 | { |
||
81 | $prev_id = $temp_id; |
||
82 | |||
83 | if (($row = $list->fetch())) |
||
84 | { |
||
85 | $next_id = $row['record_id']; |
||
86 | } |
||
87 | |||
88 | break; |
||
89 | } |
||
90 | |||
91 | $temp_id = $row['record_id']; |
||
92 | } |
||
93 | |||
94 | // mark the record as read |
||
95 | |||
96 | record_read($id); |
||
97 | |||
98 | // local JS functions |
||
99 | |||
100 | $resModify = get_js_resource(RES_MODIFY_ID); |
||
101 | $resClone = get_js_resource(RES_CLONE_ID); |
||
102 | $resPostpone = get_js_resource(RES_POSTPONE_ID); |
||
103 | $resSubscribe = get_js_resource(RES_SUBSCRIBE_OTHERS_ID); |
||
104 | $resOK = get_js_resource(RES_OK_ID); |
||
105 | $resCancel = get_js_resource(RES_CANCEL_ID); |
||
106 | $resClose = get_js_resource(RES_CLOSE_ID); |
||
107 | |||
108 | $xml = <<<JQUERY |
||
109 | <script> |
||
110 | |||
111 | function recordModify () |
||
112 | { |
||
113 | jqModal("{$resModify}", "modify.php?id={$id}", "{$resOK}", "{$resCancel}", "$('#modifyform').submit()"); |
||
114 | } |
||
115 | |||
116 | function recordClone () |
||
117 | { |
||
118 | jqModal("{$resClone}", "create.php?id={$id}", "{$resOK}", "{$resCancel}", "$('#mainform').submit()"); |
||
119 | } |
||
120 | |||
121 | function recordPostpone () |
||
122 | { |
||
123 | jqModal("{$resPostpone}", "postpone.php?id={$id}", "{$resOK}", "{$resCancel}", "$('#postponeform').submit()"); |
||
124 | } |
||
125 | |||
126 | function recordResume () |
||
127 | { |
||
128 | $.post("resume.php?id={$id}", function() { |
||
129 | reloadTab(); |
||
130 | }); |
||
131 | } |
||
132 | |||
133 | function recordSubscribe () |
||
134 | { |
||
135 | $.post("subscribe-self.php?id={$id}", function() { |
||
136 | reloadTab(); |
||
137 | }); |
||
138 | } |
||
139 | |||
140 | function recordSubscribeOthers () |
||
141 | { |
||
142 | jqModal("{$resSubscribe}", "subscribe.php?id={$id}", "{$resClose}"); |
||
143 | } |
||
144 | |||
145 | function recordAssign () |
||
146 | { |
||
147 | if ($("#responsible option:selected").val() != 0) |
||
148 | { |
||
149 | $("#assignform").submit(); |
||
150 | } |
||
151 | } |
||
152 | |||
153 | function stateChange () |
||
154 | { |
||
155 | var state = $("#state option:selected").val(); |
||
156 | var title = $("#state option:selected").text(); |
||
157 | jqModal(title, "state.php?id={$id}&state=" + state, "{$resOK}", "{$resCancel}", "$('#stateform').submit()"); |
||
158 | } |
||
159 | |||
160 | function addConfidentialComment () |
||
161 | { |
||
162 | $("#rcommentform :input[name=submitted]").val("rconfidentialform"); |
||
163 | $("#rcommentform").submit(); |
||
164 | $("#rcommentform :input[name=submitted]").val("rcommentform"); |
||
165 | } |
||
166 | |||
167 | function previewComment () |
||
168 | { |
||
169 | $("#rpreviewdiv").load("preview.php", $("#rcommentform").serialize()); |
||
170 | } |
||
171 | |||
172 | function commentSuccess (data) |
||
173 | { |
||
174 | $("[href=#ui-tabs-5]").html(data); |
||
175 | reloadTab(); |
||
176 | } |
||
177 | |||
178 | </script> |
||
179 | JQUERY; |
||
180 | |||
181 | // generate buttons |
||
182 | |||
183 | $xml .= '<buttonset>' |
||
184 | . '<button url="index.php">' . get_html_resource(RES_BACK_ID) . '</button>'; |
||
185 | |||
186 | if (!is_null($prev_id) || !is_null($next_id)) |
||
187 | { |
||
188 | if (!is_null($prev_id)) |
||
189 | { |
||
190 | $xml .= '<button url="view.php?id=' . $prev_id . '">%lt;%lt;</button>'; |
||
191 | } |
||
192 | else |
||
193 | { |
||
194 | $xml .= '<button disabled="true">%lt;%lt;</button>'; |
||
195 | } |
||
196 | |||
197 | if (!is_null($next_id)) |
||
198 | { |
||
199 | $xml .= '<button url="view.php?id=' . $next_id . '">%gt;%gt;</button>'; |
||
200 | } |
||
201 | else |
||
202 | { |
||
203 | $xml .= '<button disabled="true">%gt;%gt;</button>'; |
||
204 | } |
||
205 | } |
||
206 | |||
207 | $xml .= '</buttonset>'; |
||
208 | |||
209 | $xml .= '<button url="record.php?dump=' . $id . '">' . get_html_resource(RES_DUMP_ID) . '</button>'; |
||
210 | |||
211 | $xml .= '<buttonset>'; |
||
212 | |||
213 | $xml .= (can_record_be_modified($record, $permissions) |
||
214 | ? '<button action="recordModify()">' |
||
215 | : '<button disabled="true">') |
||
216 | . get_html_resource(RES_MODIFY_ID) |
||
217 | . '</button>'; |
||
218 | |||
219 | $xml .= (can_record_be_deleted($record, $permissions) |
||
220 | ? '<button url="delete.php?id=' . $id . '" prompt="' . get_html_resource(RES_CONFIRM_DELETE_RECORD_ID) . '">' |
||
221 | : '<button disabled="false">') |
||
222 | . get_html_resource(RES_DELETE_ID) |
||
223 | . '</button>'; |
||
224 | |||
225 | $rs = dal_query(DATABASE_DRIVER == DRIVER_ORACLE9 ? 'records/oracle/tfndid.sql' : 'records/tfndid.sql', |
||
226 | $_SESSION[VAR_USERID], |
||
227 | $record['project_id'], |
||
228 | $record['template_id']); |
||
229 | |||
230 | $xml .= ($rs->rows != 0 |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
231 | ? '<button action="recordClone()">' |
||
232 | : '<button disabled="true">') |
||
233 | . get_html_resource(RES_CLONE_ID) |
||
234 | . '</button>'; |
||
235 | |||
236 | if (is_record_postponed($record)) |
||
237 | { |
||
238 | $xml .= (can_record_be_resumed($record, $permissions) |
||
239 | ? '<button action="recordResume()" prompt="' . get_html_resource(RES_CONFIRM_RESUME_RECORD_ID) . '">' |
||
240 | : '<button disabled="true">') |
||
241 | . get_html_resource(RES_RESUME_ID) |
||
242 | . '</button>'; |
||
243 | } |
||
244 | else |
||
245 | { |
||
246 | $xml .= (can_record_be_postponed($record, $permissions) |
||
247 | ? '<button action="recordPostpone()">' |
||
248 | : '<button disabled="true">') |
||
249 | . get_html_resource(RES_POSTPONE_ID) |
||
250 | . '</button>'; |
||
251 | } |
||
252 | |||
253 | $xml .= '</buttonset>'; |
||
254 | |||
255 | if (EMAIL_NOTIFICATIONS_ENABLED && (get_user_level() != USER_LEVEL_GUEST)) |
||
256 | { |
||
257 | $xml .= '<buttonset>' |
||
258 | . '<button action="recordSubscribe()">' . get_html_resource(is_record_subscribed($id, $_SESSION[VAR_USERID]) ? RES_UNSUBSCRIBE_ID : RES_SUBSCRIBE_ID) . '</button>' |
||
259 | . '<button action="recordSubscribeOthers()">' . get_html_resource(RES_SUBSCRIBE_OTHERS_ID) . '</button>' |
||
260 | . '</buttonset>'; |
||
261 | } |
||
262 | |||
263 | // whether this record can be reassigned |
||
264 | |||
265 | if (can_record_be_reassigned($record, $permissions)) |
||
266 | { |
||
267 | $rs = dal_query('records/responsibles.sql', $record['state_id'], $_SESSION[VAR_USERID]); |
||
268 | |||
269 | if ($rs->rows > 1) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
270 | { |
||
271 | $prompt = get_html_resource(RES_CONFIRM_ASSIGN_RECORD_ID); |
||
272 | $msgtitle = get_html_resource(RES_QUESTION_ID); |
||
273 | $btnactiontext = get_html_resource(RES_OK_ID); |
||
274 | $btncanceltext = get_html_resource(RES_CANCEL_ID); |
||
275 | |||
276 | $xml .= '<form name="assignform" action="assign.php?id=' . $id . '" success="reloadTab">' |
||
277 | . '<dropdown name="responsible">'; |
||
278 | |||
279 | while (($row = $rs->fetch())) |
||
280 | { |
||
281 | if ($record['responsible_id'] != $row['account_id']) |
||
282 | { |
||
283 | $xml .= ($row['account_id'] == $_SESSION[VAR_USERID] |
||
284 | ? '<listitem value="' . $row['account_id'] . '" selected="true">' |
||
285 | : '<listitem value="' . $row['account_id'] . '">') |
||
286 | . ustr2html(sprintf('%s (%s)', $row['fullname'], account_get_username($row['username']))) |
||
287 | . '</listitem>'; |
||
288 | } |
||
289 | } |
||
290 | |||
291 | $xml .= '</dropdown>' |
||
292 | . '<button action="recordAssign()" prompt="' . get_html_resource(RES_CONFIRM_ASSIGN_RECORD_ID) . '">' |
||
293 | . get_html_resource(RES_ASSIGN2_ID) |
||
294 | . '</button>' |
||
295 | . '</form>' |
||
296 | . '<onready>' |
||
297 | . '$("#responsible").combobox();' |
||
298 | . '</onready>'; |
||
299 | } |
||
300 | } |
||
301 | else |
||
302 | { |
||
303 | debug_write_log(DEBUG_NOTICE, 'Record cannot be reassigned.'); |
||
304 | } |
||
305 | |||
306 | // whether current state can be changed |
||
307 | |||
308 | if (can_state_be_changed($record)) |
||
309 | { |
||
310 | $rs = dal_query('depends/listuc.sql', $id); |
||
311 | $rs = dal_query('records/tramongs.sql', $id, $_SESSION[VAR_USERID], ($rs->rows == 0 ? '' : 'and s.state_type <> ' . STATE_TYPE_FINAL)); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
312 | |||
313 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
314 | { |
||
315 | $xml .= '<form>' |
||
316 | . '<dropdown name="state">'; |
||
317 | |||
318 | while (($row = $rs->fetch())) |
||
319 | { |
||
320 | $xml .= ($record['next_state_id'] == $row['state_id'] |
||
321 | ? '<listitem value="' . $row['state_id'] . '" selected="true">' |
||
322 | : '<listitem value="' . $row['state_id'] . '">') |
||
323 | . ustr2html($row['state_name']) |
||
324 | . '</listitem>'; |
||
325 | } |
||
326 | |||
327 | $xml .= '</dropdown>' |
||
328 | . '<button action="stateChange()">' . get_html_resource(RES_CHANGE_STATE_ID) . '</button>' |
||
329 | . '</form>' |
||
330 | . '<onready>' |
||
331 | . '$("#state").combobox();' |
||
332 | . '</onready>'; |
||
333 | } |
||
334 | } |
||
335 | elseif (can_record_be_reopened($record, $permissions)) |
||
336 | { |
||
337 | $rs = dal_query('states/list3.sql', $record['template_id']); |
||
338 | |||
339 | if ($rs->rows != 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
340 | { |
||
341 | $xml .= '<form>' |
||
342 | . '<dropdown name="state">'; |
||
343 | |||
344 | while (($row = $rs->fetch())) |
||
345 | { |
||
346 | if ($row['state_type'] == STATE_TYPE_FINAL) |
||
347 | { |
||
348 | continue; |
||
349 | } |
||
350 | |||
351 | $xml .= ($row['state_type'] == STATE_TYPE_INITIAL |
||
352 | ? '<listitem value="' . $row['state_id'] . '" selected="true">' |
||
353 | : '<listitem value="' . $row['state_id'] . '">') |
||
354 | . ustr2html($row['state_name']) |
||
355 | . '</listitem>'; |
||
356 | } |
||
357 | |||
358 | $xml .= '</dropdown>' |
||
359 | . '<button action="stateChange()">' . get_html_resource(RES_REOPEN_ID) . '</button>' |
||
360 | . '</form>' |
||
361 | . '<onready>' |
||
362 | . '$("#state").combobox();' |
||
363 | . '</onready>'; |
||
364 | } |
||
365 | } |
||
366 | else |
||
367 | { |
||
368 | debug_write_log(DEBUG_NOTICE, 'State cannot be changed.'); |
||
369 | } |
||
370 | |||
371 | // generate general information |
||
372 | |||
373 | $xml .= '<group title="' . get_html_resource(RES_GENERAL_INFO_ID) . '">' |
||
374 | . '<text label="' . get_html_resource(RES_ID_ID) . '">' . record_id($record['record_id'], $record['template_prefix']) . '</text>' |
||
375 | . '<text label="' . get_html_resource(RES_SUBJECT_ID) . '">' . update_references($record['subject'], BBCODE_MINIMUM) . '</text>' |
||
376 | . '<text label="' . get_html_resource(RES_STATE_ID) . '">' . ustr2html($record['state_name']) . '</text>' |
||
377 | . '<text label="' . get_html_resource(RES_RESPONSIBLE_ID) . '">' . (is_null($record['username']) ? get_html_resource(RES_NONE_ID) : ustr2html(sprintf('%s (%s)', $record['fullname'], account_get_username($record['username'])))) . '</text>' |
||
378 | . '<text label="' . get_html_resource(RES_AUTHOR_ID) . '">' . ustr2html(sprintf('%s (%s)', $record['author_fullname'], account_get_username($record['author_username']))) . '</text>' |
||
379 | . '<text label="' . get_html_resource(RES_AGE_ID) . '">' . get_record_last_event($record) . '/' . get_record_age($record) . '</text>' |
||
380 | . '<text label="' . get_html_resource(RES_PROJECT_ID) . '">' . ustr2html($record['project_name']) . '</text>' |
||
381 | . '<text label="' . get_html_resource(RES_TEMPLATE_ID) . '">' . ustr2html($record['template_name']) . '</text>'; |
||
382 | |||
383 | View Code Duplication | if (is_record_postponed($record)) |
|
384 | { |
||
385 | $xml .= '<text label="' . get_html_resource(RES_POSTPONED_ID) . '">' . get_date($record['postpone_time']) . '</text>'; |
||
386 | } |
||
387 | |||
388 | $xml .= '</group>'; |
||
389 | |||
390 | // go through the list of all states and their fields |
||
391 | |||
392 | $responsible = FALSE; |
||
393 | |||
394 | $events = dal_query('records/elist2.sql', $id); |
||
395 | |||
396 | while (($event = $events->fetch())) |
||
397 | { |
||
398 | if ($event['event_type'] == EVENT_RECORD_ASSIGNED) |
||
399 | { |
||
400 | $responsible = account_find($event['event_param']); |
||
401 | $group_title = 'Reassigned'; |
||
402 | } |
||
403 | View Code Duplication | elseif ($event['event_type'] == EVENT_RECORD_CREATED || |
|
404 | $event['event_type'] == EVENT_RECORD_REOPENED || |
||
405 | $event['event_type'] == EVENT_RECORD_STATE_CHANGED) |
||
406 | { |
||
407 | if ($event['responsible'] == STATE_RESPONSIBLE_REMOVE) |
||
408 | { |
||
409 | $responsible = FALSE; |
||
410 | } |
||
411 | elseif ($event['responsible'] == STATE_RESPONSIBLE_ASSIGN) |
||
412 | { |
||
413 | $responsible = account_find($events->fetch('event_param')); |
||
414 | } |
||
415 | |||
416 | $group_title = ustr2html($event['state_name']); |
||
417 | } |
||
418 | elseif ($event['event_type'] == EVENT_COMMENT_ADDED || |
||
419 | $event['event_type'] == EVENT_CONFIDENTIAL_COMMENT) |
||
420 | { |
||
421 | $group_title = get_html_resource(RES_COMMENT_ID); |
||
422 | } |
||
423 | elseif ($event['event_type'] == EVENT_FILE_ATTACHED) |
||
424 | { |
||
425 | $group_title = get_html_resource(RES_ATTACHMENT_ID); |
||
426 | } |
||
427 | else |
||
428 | { |
||
429 | continue; |
||
430 | } |
||
431 | |||
432 | $group_title .= ' - ' . get_datetime($event['event_time']) |
||
433 | . ' - ' . ustr2html(sprintf('%s (%s)', $event['fullname'], account_get_username($event['username']))); |
||
434 | |||
435 | $xml .= '<group title="' . $group_title . '">'; |
||
436 | |||
437 | if ($event['event_type'] == EVENT_RECORD_CREATED || |
||
438 | $event['event_type'] == EVENT_RECORD_REOPENED || |
||
439 | $event['event_type'] == EVENT_RECORD_STATE_CHANGED) |
||
440 | { |
||
441 | $xml .= '<text label="' . get_html_resource(RES_RESPONSIBLE_ID) . '">' |
||
442 | . ($responsible ? ustr2html(sprintf('%s (%s)', $responsible['fullname'], account_get_username($responsible['username']))) |
||
443 | : get_html_resource(RES_NONE_ID)) |
||
444 | . '</text>'; |
||
445 | |||
446 | $fields = dal_query('records/flist2.sql', |
||
447 | $id, |
||
448 | $event['event_id'], |
||
449 | $event['state_id'], |
||
450 | $record['creator_id'], |
||
451 | is_null($record['responsible_id']) ? 0 : $record['responsible_id'], |
||
452 | $_SESSION[VAR_USERID], |
||
453 | FIELD_ALLOW_TO_READ); |
||
454 | |||
455 | View Code Duplication | while (($field = $fields->fetch())) |
|
456 | { |
||
457 | $value = value_find($field['field_type'], $field['value_id']); |
||
458 | |||
459 | if ($field['field_type'] == FIELD_TYPE_CHECKBOX) |
||
460 | { |
||
461 | $value = get_html_resource($value ? RES_YES_ID : RES_NO_ID); |
||
462 | } |
||
463 | elseif ($field['field_type'] == FIELD_TYPE_LIST) |
||
464 | { |
||
465 | $value = (is_null($value) ? NULL : value_find_listvalue($field['field_id'], $value)); |
||
466 | } |
||
467 | elseif ($field['field_type'] == FIELD_TYPE_RECORD) |
||
468 | { |
||
469 | $value = (is_null($value) ? NULL : 'rec#' . $value); |
||
470 | } |
||
471 | |||
472 | $xml .= '<text label="' . ustr2html($field['field_name']) . '">' |
||
473 | . (is_null($value) ? get_html_resource(RES_NONE_ID) : update_references($value, BBCODE_ALL, $field['regex_search'], $field['regex_replace'])) |
||
474 | . '</text>'; |
||
475 | |||
476 | if ($field['add_separator']) |
||
477 | { |
||
478 | $xml .= '<hr/>'; |
||
479 | } |
||
480 | } |
||
481 | } |
||
482 | elseif ($event['event_type'] == EVENT_COMMENT_ADDED || |
||
483 | $event['event_type'] == EVENT_CONFIDENTIAL_COMMENT) |
||
484 | { |
||
485 | $comment = comment_find($event['event_id'], $permissions); |
||
486 | |||
487 | if ($comment) |
||
488 | { |
||
489 | $xml .= ($comment['is_confidential'] |
||
490 | ? '<text label="' . get_html_resource(RES_CONFIDENTIAL_ID) . '">' |
||
491 | : '<text>') |
||
492 | . update_references($comment['comment_body']) |
||
493 | . '</text>'; |
||
494 | } |
||
495 | } |
||
496 | elseif ($event['event_type'] == EVENT_FILE_ATTACHED) |
||
497 | { |
||
498 | $rs = dal_query('attachs/fndk.sql', $event['event_id']); |
||
499 | $attachment = ($rs->rows == 0 ? FALSE : $rs->fetch()); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
500 | |||
501 | if ($attachment) |
||
502 | { |
||
503 | $xml .= '<text label="' . get_html_resource(RES_ATTACHMENT_NAME_ID) . '">' |
||
504 | . ($attachment['is_removed'] ? NULL : '<url address="download.php?id=' . $attachment['attachment_id'] . '">') |
||
505 | . ustr2html($attachment['attachment_name']) |
||
506 | . ($attachment['is_removed'] ? NULL : '</url>') |
||
507 | . '</text>'; |
||
508 | |||
509 | $xml .= '<text label="' . get_html_resource(RES_SIZE_ID) . '">' |
||
510 | . ustrprocess(get_html_resource(RES_KB_ID), sprintf('%01.2f', $attachment['attachment_size'] / 1024)) |
||
511 | . '</text>'; |
||
512 | } |
||
513 | } |
||
514 | |||
515 | $xml .= '</group>'; |
||
516 | } |
||
517 | |||
518 | // whether user is allowed to add new comment |
||
519 | |||
520 | if (can_comment_be_added($record, $permissions)) |
||
521 | { |
||
522 | $xml .= '<form name="rcommentform" action="comments.php?id=' . $id . '" success="commentSuccess">' |
||
523 | . '<group title="' . get_html_resource(RES_COMMENT_ID) . '">' |
||
524 | . '<control name="rcomment">' |
||
525 | . '<textbox rows="' . $_SESSION[VAR_TEXTROWS] . '" resizeable="true" maxlen="' . MAX_COMMENT_BODY . '">' |
||
526 | . '</textbox>' |
||
527 | . '</control>' |
||
528 | . '</group>' |
||
529 | . '<buttonset>' |
||
530 | . '<button default="true">' . get_html_resource(RES_ADD_COMMENT_ID) . '</button>'; |
||
531 | |||
532 | if ($permissions & PERMIT_CONFIDENTIAL_COMMENTS) |
||
533 | { |
||
534 | $xml .= '<button action="addConfidentialComment()">' |
||
535 | . get_html_resource(RES_ADD_CONFIDENTIAL_COMMENT_ID) |
||
536 | . '</button>'; |
||
537 | } |
||
538 | |||
539 | $xml .= '</buttonset>' |
||
540 | . '<button action="previewComment()">' . get_html_resource(RES_PREVIEW_ID) . '</button>' |
||
541 | . '<div id="rpreviewdiv"/>' |
||
542 | . '<note>' . get_html_resource(RES_LINK_TO_ANOTHER_RECORD_ID) . '</note>' |
||
543 | . '</form>'; |
||
544 | } |
||
545 | else |
||
546 | { |
||
547 | debug_write_log(DEBUG_NOTICE, 'Comment cannot be added.'); |
||
548 | } |
||
549 | |||
550 | // generate HTML or dumpfile |
||
551 | |||
552 | if ($dump_mode) |
||
553 | { |
||
554 | header('Pragma: private'); |
||
555 | header('Cache-Control: private, must-revalidate'); |
||
556 | header('Content-Type: text/txt'); |
||
557 | header('Content-Disposition: attachment; filename="dump-' . $id . '.txt"'); |
||
558 | |||
559 | $dump = xml2html("<content>{$xml}</content>", NULL, 'dump.xsl'); |
||
560 | $dump = html_entity_decode($dump, ENT_QUOTES, 'UTF-8'); |
||
561 | $dump = str_replace('<br>', "\n", $dump); |
||
562 | |||
563 | if ($_SESSION[VAR_LINE_ENDINGS] != "\n") |
||
564 | { |
||
565 | $dump = ustr_replace("\n", $_SESSION[VAR_LINE_ENDINGS], $dump); |
||
566 | } |
||
567 | |||
568 | View Code Duplication | if ($_SESSION[VAR_ENCODING] != 'UTF-8') |
|
569 | { |
||
570 | $dump = iconv('UTF-8', $_SESSION[VAR_ENCODING], $dump); |
||
571 | } |
||
572 | |||
573 | echo($dump); |
||
574 | } |
||
575 | else |
||
576 | { |
||
577 | echo(xml2html($xml)); |
||
578 | } |
||
579 | |||
580 | ?> |
||
581 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: