This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2005-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * @package eTraxis |
||
25 | * @ignore |
||
26 | */ |
||
27 | |||
28 | /**#@+ |
||
29 | * Dependency. |
||
30 | */ |
||
31 | require_once('../engine/engine.php'); |
||
32 | require_once('../dbo/subscriptions.php'); |
||
33 | /**#@-*/ |
||
34 | |||
35 | init_page(LOAD_TAB); |
||
36 | |||
37 | if (!EMAIL_NOTIFICATIONS_ENABLED) |
||
38 | { |
||
39 | debug_write_log(DEBUG_NOTICE, 'Email Notifications functionality is disabled.'); |
||
40 | exit; |
||
41 | } |
||
42 | |||
43 | // subscriptions list is submitted |
||
44 | |||
45 | View Code Duplication | if (try_request('submitted') == 'enable' || |
|
46 | try_request('submitted') == 'disable' || |
||
47 | try_request('submitted') == 'delete') |
||
48 | { |
||
49 | $subscriptions = array(); |
||
50 | |||
51 | foreach ($_REQUEST as $request) |
||
52 | { |
||
53 | if (substr($request, 0, 5) == 'subsc') |
||
54 | { |
||
55 | array_push($subscriptions, intval(substr($request, 5))); |
||
56 | } |
||
57 | } |
||
58 | |||
59 | if (try_request('submitted') == 'enable') |
||
60 | { |
||
61 | debug_write_log(DEBUG_NOTICE, 'Enable selected subscriptions.'); |
||
62 | subscriptions_enable($subscriptions); |
||
63 | } |
||
64 | elseif (try_request('submitted') == 'disable') |
||
65 | { |
||
66 | debug_write_log(DEBUG_NOTICE, 'Disable selected subscriptions.'); |
||
67 | subscriptions_disable($subscriptions); |
||
68 | } |
||
69 | elseif (try_request('submitted') == 'delete') |
||
70 | { |
||
71 | debug_write_log(DEBUG_NOTICE, 'Delete selected subscriptions.'); |
||
72 | subscriptions_delete($subscriptions); |
||
73 | } |
||
74 | |||
75 | exit; |
||
76 | } |
||
77 | |||
78 | // get list of subscriptions |
||
79 | |||
80 | $sort = $page = NULL; |
||
81 | $list = subscriptions_list($_SESSION[VAR_USERID], $sort, $page); |
||
82 | |||
83 | $from = $to = 0; |
||
84 | |||
85 | // local JS functions |
||
86 | |||
87 | $resTitle = get_js_resource(RES_NEW_SUBSCRIPTION_ID); |
||
88 | $resOK = get_js_resource(RES_OK_ID); |
||
89 | $resNext = get_js_resource(RES_NEXT_ID); |
||
90 | $resCancel = get_js_resource(RES_CANCEL_ID); |
||
91 | |||
92 | $xml = <<<JQUERY |
||
93 | <script> |
||
94 | |||
95 | function subscriptionCreateStep1 () |
||
96 | { |
||
97 | jqModal("{$resTitle}", "create.php", "{$resNext}", "{$resCancel}", "subscriptionCreateStep2()"); |
||
98 | } |
||
99 | |||
100 | function subscriptionCreateStep2 () |
||
101 | { |
||
102 | var project = $("#project").val(); |
||
103 | |||
104 | closeModal(); |
||
105 | |||
106 | if (project == 0) |
||
107 | { |
||
108 | jqModal("{$resTitle}", "create.php?" + $("#projectform").serialize(), "{$resOK}", "{$resCancel}", "$('#createform').submit()"); |
||
109 | } |
||
110 | else |
||
111 | { |
||
112 | jqModal("{$resTitle}", "create.php?" + $("#projectform").serialize(), "{$resNext}", "{$resCancel}", "subscriptionCreateStep3()"); |
||
113 | } |
||
114 | } |
||
115 | |||
116 | function subscriptionCreateStep3 () |
||
117 | { |
||
118 | closeModal(); |
||
119 | jqModal("{$resTitle}", "create.php?" + $("#templateform").serialize(), "{$resOK}", "{$resCancel}", "$('#createform').submit()"); |
||
120 | } |
||
121 | |||
122 | function performAction (action) |
||
123 | { |
||
124 | $("#subscriptions :input[name=submitted]").val(action); |
||
125 | $("#subscriptions").submit(); |
||
126 | } |
||
127 | |||
128 | </script> |
||
129 | JQUERY; |
||
130 | |||
131 | // generate list of subscriptions |
||
132 | |||
133 | $xml .= '<button action="subscriptionCreateStep1()">' . get_html_resource(RES_CREATE_ID) . '</button>'; |
||
134 | |||
135 | if ($list->rows != 0) |
||
0 ignored issues
–
show
|
|||
136 | { |
||
137 | $columns = array |
||
138 | ( |
||
139 | RES_SUBSCRIPTION_NAME_ID, |
||
140 | RES_STATUS_ID, |
||
141 | RES_CARBON_COPY_ID, |
||
142 | ); |
||
143 | |||
144 | $bookmarks = gen_xml_bookmarks($page, $list->rows, $from, $to, 'list.php?'); |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
145 | |||
146 | $xml .= '<buttonset>' |
||
147 | . '<button action="performAction(\'enable\')">' . get_html_resource(RES_ENABLE_ID) . '</button>' |
||
148 | . '<button action="performAction(\'disable\')">' . get_html_resource(RES_DISABLE_ID) . '</button>' |
||
149 | . '</buttonset>' |
||
150 | . '<button action="performAction(\\\'delete\\\')" prompt="' . get_html_resource(RES_CONFIRM_DELETE_SUBSCRIPTIONS_ID) . '">' . get_html_resource(RES_DELETE_ID) . '</button>' |
||
151 | . '<form name="subscriptions" action="list.php" success="reloadTab">' |
||
152 | . '<list>' |
||
153 | . '<hrow>' |
||
154 | . '<hcell checkboxes="true"/>'; |
||
155 | |||
156 | View Code Duplication | for ($i = 1; $i <= count($columns); $i++) |
|
157 | { |
||
158 | $smode = ($sort == $i ? ($i + count($columns)) : $i); |
||
159 | |||
160 | $xml .= "<hcell url=\"list.php?sort={$smode}\">" |
||
161 | . get_html_resource($columns[$i - 1]) |
||
162 | . '</hcell>'; |
||
163 | } |
||
164 | |||
165 | $xml .= '</hrow>'; |
||
166 | |||
167 | $list->seek($from - 1); |
||
168 | |||
169 | for ($i = $from; $i <= $to; $i++) |
||
170 | { |
||
171 | $row = $list->fetch(); |
||
172 | |||
173 | $color = $row['is_activated'] ? NULL : 'grey'; |
||
174 | |||
175 | $xml .= "<row name=\"subsc{$row['subscribe_id']}\" url=\"view.php?id={$row['subscribe_id']}\" color=\"{$color}\">" |
||
176 | . '<cell>' . ustr2html($row['subscribe_name']) . '</cell>' |
||
177 | . '<cell>' . get_html_resource($row['is_activated'] ? RES_ACTIVE_ID : RES_DISABLED_ID) . '</cell>' |
||
178 | . '<cell>' . ustr2html($row['carbon_copy']) . '</cell>' |
||
179 | . '</row>'; |
||
180 | } |
||
181 | |||
182 | $xml .= '</list>' |
||
183 | . '</form>' |
||
184 | . $bookmarks; |
||
185 | } |
||
186 | |||
187 | echo(xml2html($xml)); |
||
188 | |||
189 | ?> |
||
190 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.