This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2006-2010 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/reminders.php'); |
||
33 | /**#@-*/ |
||
34 | |||
35 | init_page(LOAD_TAB); |
||
36 | |||
37 | if (!EMAIL_NOTIFICATIONS_ENABLED) |
||
38 | { |
||
39 | debug_write_log(DEBUG_NOTICE, 'Email Notifications functionality is disabled.'); |
||
40 | exit; |
||
41 | } |
||
42 | |||
43 | if (!can_reminder_be_created()) |
||
44 | { |
||
45 | debug_write_log(DEBUG_NOTICE, 'Reminders are denied.'); |
||
46 | exit; |
||
47 | } |
||
48 | |||
49 | // reminders list is submitted |
||
50 | |||
51 | if (try_request('submitted') == 'send') |
||
52 | { |
||
53 | debug_write_log(DEBUG_NOTICE, 'Send selected reminders.'); |
||
54 | |||
55 | View Code Duplication | foreach ($_REQUEST as $request) |
|
56 | { |
||
57 | if (substr($request, 0, 3) == 'rem') |
||
58 | { |
||
59 | $reminder = reminder_find(intval(substr($request, 3))); |
||
60 | |||
61 | if ($reminder) |
||
62 | { |
||
63 | reminder_send($reminder); |
||
64 | } |
||
65 | } |
||
66 | } |
||
67 | |||
68 | exit; |
||
69 | } |
||
70 | elseif (try_request('submitted') == 'delete') |
||
71 | { |
||
72 | debug_write_log(DEBUG_NOTICE, 'Delete selected reminders.'); |
||
73 | |||
74 | foreach ($_REQUEST as $request) |
||
75 | { |
||
76 | debug_write_log(DEBUG_NOTICE, '$request = ' . $request); |
||
77 | |||
78 | if (substr($request, 0, 3) == 'rem') |
||
79 | { |
||
80 | reminder_delete(intval(substr($request, 3))); |
||
81 | } |
||
82 | } |
||
83 | |||
84 | exit; |
||
85 | } |
||
86 | |||
87 | // get list of reminders |
||
88 | |||
89 | $sort = $page = NULL; |
||
90 | $list = reminders_list($_SESSION[VAR_USERID], $sort, $page); |
||
91 | |||
92 | $from = $to = 0; |
||
93 | |||
94 | // local JS functions |
||
95 | |||
96 | $resTitle1 = get_js_resource(RES_NEW_REMINDER_ID); |
||
97 | $resTitle2 = get_js_resource(RES_REMINDERS_ID); |
||
98 | $resMessage = get_js_resource(RES_ALERT_REMINDER_IS_SENT_ID); |
||
99 | $resOK = get_js_resource(RES_OK_ID); |
||
100 | $resNext = get_js_resource(RES_NEXT_ID); |
||
101 | $resCancel = get_js_resource(RES_CANCEL_ID); |
||
102 | |||
103 | $xml = <<<JQUERY |
||
104 | <script> |
||
105 | |||
106 | function reminderCreateForceToStep2 () |
||
107 | { |
||
108 | var items = $("#projectform #project").children().length; |
||
109 | |||
110 | if (items == 1) |
||
111 | { |
||
112 | reminderCreateStep2(); |
||
113 | } |
||
114 | } |
||
115 | |||
116 | function reminderCreateForceToStep3 () |
||
117 | { |
||
118 | var items = $("#templateform #template").children().length; |
||
119 | |||
120 | if (items == 1) |
||
121 | { |
||
122 | reminderCreateStep3(); |
||
123 | } |
||
124 | } |
||
125 | |||
126 | function reminderCreateStep1 () |
||
127 | { |
||
128 | jqModal("{$resTitle1}", "create.php", "{$resNext}", "{$resCancel}", "reminderCreateStep2()", null, "reminderCreateForceToStep2()"); |
||
129 | } |
||
130 | |||
131 | function reminderCreateStep2 () |
||
132 | { |
||
133 | closeModal(); |
||
134 | jqModal("{$resTitle1}", "create.php?" + $("#projectform").serialize(), "{$resNext}", "{$resCancel}", "reminderCreateStep3()", null, "reminderCreateForceToStep3()"); |
||
135 | } |
||
136 | |||
137 | function reminderCreateStep3 () |
||
138 | { |
||
139 | closeModal(); |
||
140 | jqModal("{$resTitle1}", "create.php?" + $("#templateform").serialize(), "{$resOK}", "{$resCancel}", "$('#createform').submit()"); |
||
141 | } |
||
142 | |||
143 | function performAction (action) |
||
144 | { |
||
145 | $("#reminders :input[name=submitted]").val(action); |
||
146 | $("#reminders").submit(); |
||
147 | } |
||
148 | |||
149 | function onSuccess () |
||
150 | { |
||
151 | if ($("#reminders :input[name=submitted]").val() == "send") |
||
152 | { |
||
153 | jqAlert("{$resTitle2}", "{$resMessage}", "{$resOK}"); |
||
154 | } |
||
155 | else |
||
156 | { |
||
157 | reloadTab(); |
||
158 | } |
||
159 | } |
||
160 | |||
161 | </script> |
||
162 | JQUERY; |
||
163 | |||
164 | // generate list of reminders |
||
165 | |||
166 | $xml .= '<button action="reminderCreateStep1()">' . get_html_resource(RES_CREATE_ID) . '</button>'; |
||
167 | |||
168 | if ($list->rows != 0) |
||
0 ignored issues
–
show
|
|||
169 | { |
||
170 | $columns = array |
||
171 | ( |
||
172 | RES_REMINDER_NAME_ID, |
||
173 | RES_PROJECT_ID, |
||
174 | RES_TEMPLATE_ID, |
||
175 | RES_STATE_ID, |
||
176 | RES_REMINDER_SUBJECT_ID, |
||
177 | ); |
||
178 | |||
179 | $bookmarks = gen_xml_bookmarks($page, $list->rows, $from, $to, 'list.php?'); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
180 | |||
181 | $xml .= '<button action="performAction(\\\'send\\\')" prompt="' . get_html_resource(RES_CONFIRM_SEND_REMINDER_ID) . '">' . get_html_resource(RES_SEND_ID) . '</button>' |
||
182 | . '<button action="performAction(\\\'delete\\\')" prompt="' . get_html_resource(RES_CONFIRM_DELETE_REMINDER_ID) . '">' . get_html_resource(RES_DELETE_ID) . '</button>' |
||
183 | . '<form name="reminders" action="list.php" success="onSuccess">' |
||
184 | . '<list>' |
||
185 | . '<hrow>' |
||
186 | . '<hcell checkboxes="true"/>'; |
||
187 | |||
188 | View Code Duplication | for ($i = 1; $i <= count($columns); $i++) |
|
189 | { |
||
190 | $smode = ($sort == $i ? ($i + count($columns)) : $i); |
||
191 | |||
192 | $xml .= "<hcell url=\"list.php?sort={$smode}\">" |
||
193 | . get_html_resource($columns[$i - 1]) |
||
194 | . '</hcell>'; |
||
195 | } |
||
196 | |||
197 | $xml .= '</hrow>'; |
||
198 | |||
199 | $list->seek($from - 1); |
||
200 | |||
201 | for ($i = $from; $i <= $to; $i++) |
||
202 | { |
||
203 | $row = $list->fetch(); |
||
204 | |||
205 | $xml .= "<row name=\"rem{$row['reminder_id']}\" url=\"view.php?id={$row['reminder_id']}\">" |
||
206 | . '<cell>' . ustr2html($row['reminder_name']) . '</cell>' |
||
207 | . '<cell>' . ustr2html($row['project_name']) . '</cell>' |
||
208 | . '<cell>' . ustr2html($row['template_name']) . '</cell>' |
||
209 | . '<cell>' . ustr2html($row['state_name']) . '</cell>' |
||
210 | . '<cell>' . ustr2html($row['subject_text']) . '</cell>' |
||
211 | . '</row>'; |
||
212 | } |
||
213 | |||
214 | $xml .= '</list>' |
||
215 | . '</form>' |
||
216 | . $bookmarks; |
||
217 | } |
||
218 | |||
219 | echo(xml2html($xml)); |
||
220 | |||
221 | ?> |
||
222 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.