Issues in logging.static.php (develop) - Issues in develop - evolution-cms/evolution - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3885)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

manager/actions/logging.static.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if( ! defined('IN_MANAGER_MODE') || IN_MANAGER_MODE !== true) {
    die("<b>INCLUDE_ORDERING_ERROR</b><br /><br />Please use the EVO Content Manager instead of accessing this file directly.");
}
if (!$modx->hasPermission('logs')) {
    $modx->webAlertAndQuit($_lang["error_no_privileges"]);
}

$rs = $modx->getDatabase()->select('DISTINCT internalKey, username, action, itemid, itemname', $modx->getDatabase()->getFullTableName('manager_log'));
$logs = $modx->getDatabase()->makeArray($rs);
?>
    <h1>
        <i class="fa fa-user-secret"></i><?= $_lang['mgrlog_view'] ?>
    </h1>

    <div class="tab-page">
        <div class="container container-body">
            <div class="element-edit-message-tab alert alert-warning"><?= $_lang["mgrlog_query_msg"] ?></div>

            <form action="index.php?a=13" name="logging" method="POST" class="form-group">
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_user"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <select name="searchuser" class="form-control">
                            <option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
                            <?php
                            // get all users currently in the log
                            $logs_user = record_sort(array_unique_multi($logs, 'internalKey'), 'username');
                            foreach ($logs_user as $row) {
                                $selectedtext = $row['internalKey'] == $_REQUEST['searchuser'] ? ' selected="selected"' : '';
                                echo "\t\t" . '<option value="' . $row['internalKey'] . '"' . $selectedtext . '>' . $row['username'] . "</option>\n";
                            }
                            ?>
                        </select>
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_action"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <select name="action" class="form-control">
                            <option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
                            <?php
                            // get all available actions in the log
                            $logs_actions = record_sort(array_unique_multi($logs, 'action'), 'action');
                            foreach ($logs_actions as $row) {
                                $action = EvolutionCMS\Legacy\LogHandler::getAction($row['action']);
                                if ($action == 'Idle') {
                                    continue;
                                }
                                $selectedtext = $row['action'] == $_REQUEST['action'] ? ' selected="selected"' : '';
                                echo "\t\t" . '<option value="' . $row['action'] . '"' . $selectedtext . '>' . $row['action'] . ' - ' . $action . "</option>\n";
                            }
                            ?>
                        </select>
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_itemid"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <select name="itemid" class="form-control">
                            <option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
                            <?php
                            // get all itemid currently in logging
                            $logs_items = record_sort(array_unique_multi($logs, 'itemid'), 'itemid');
                            foreach ($logs_items as $row) {
                                $selectedtext = $row['itemid'] == $_REQUEST['itemid'] ? ' selected="selected"' : '';
                                echo "\t\t" . '<option value="' . $row['itemid'] . '"' . $selectedtext . '>' . $row['itemid'] . "</option>\n";
                            }
                            ?>
                        </select>
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_itemname"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <select name="itemname" class="form-control">
                            <option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
                            <?php
                            // get all itemname currently in logging
                            $logs_names = record_sort(array_unique_multi($logs, 'itemname'), 'itemname');
                            foreach ($logs_names as $row) {
                                $selectedtext = $row['itemname'] == $_REQUEST['itemname'] ? ' selected="selected"' : '';
                                echo "\t\t" . '<option value="' . $row['itemname'] . '"' . $selectedtext . '>' . $row['itemname'] . "</option>\n";
                            }
                            ?>
                        </select>
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_msg"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <input type="text" name="message" class="form-control" value="<?= $_REQUEST['message'] ?>" />
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_datefr"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <div class="input-group">
                            <input type="text" id="datefrom" name="datefrom" class="form-control unstyled DatePicker" value="<?= isset($_REQUEST['datefrom']) ? $_REQUEST['datefrom'] : "" ?>" />
                            <i onClick="document.logging.datefrom.value=''; return true;" class="clearDate <?php echo $_style["actions_calendar_delete"] ?>" title="<?php echo $_lang['remove_date']; ?>"></i>
                        </div>
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_dateto"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <div class="input-group">
                            <input type="text" id="dateto" name="dateto" class="form-control unstyled DatePicker" value="<?= isset($_REQUEST['dateto']) ? $_REQUEST['dateto'] : "" ?>" />
                            <i onClick="document.logging.dateto.value=''; return true;" class="clearDate <?php echo $_style["actions_calendar_delete"] ?>" title="<?php echo $_lang['remove_date']; ?>"></i>
                        </div>
                    </div>
                </div>
                <div class="row form-row">
                    <div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_results"] ?></b></div>
                    <div class="col-sm-8 col-md-5 col-lg-4">
                        <input type="text" name="nrresults" class="form-control" value="<?= isset($_REQUEST['nrresults']) ? $_REQUEST['nrresults'] : $number_of_logs ?>" />
                    </div>
                </div>

                <a class="btn btn-success" href="javascript:;" onclick="documentDirty=false;document.logging.log_submit.click();"><i class="<?= $_style["actions_save"] ?>"></i> <?= $_lang['search'] ?></a>
                <a class="btn btn-secondary" href="index.php?a=2" onclick="documentDirty=false;"><i class="<?= $_style["actions_cancel"] ?>"></i> <?= $_lang['cancel'] ?></a>

                <input type="submit" name="log_submit" value="<?= $_lang["mgrlog_searchlogs"] ?>" style="display:none;" />
            </form>

        </div>
    </div>

    <div class="navbar">
        <?= $_lang["mgrlog_qresults"] ?>
    </div>

    <div class="tab-page">
    <div class="container container-body">

<?php
if (isset($_REQUEST['log_submit'])) {
    // get the selections the user made.
    $sqladd = array();
    if ($_REQUEST['searchuser'] != 0) {
        $sqladd[] = "internalKey='" . (int)$_REQUEST['searchuser'] . "'";
    }
    if ($_REQUEST['action'] != 0) {
        $sqladd[] = "action=" . (int)$_REQUEST['action'];
    }
    if ($_REQUEST['itemid'] != 0 || $_REQUEST['itemid'] == "-") {
        $sqladd[] = "itemid='" . $_REQUEST['itemid'] . "'";
    }
    if ($_REQUEST['itemname'] != '0') {
        $sqladd[] = "itemname='" . $modx->getDatabase()->escape($_REQUEST['itemname']) . "'";
    }
    if ($_REQUEST['message'] != "") {
        $sqladd[] = "message LIKE '%" . $modx->getDatabase()->escape($_REQUEST['message']) . "%'";
    }
    // date stuff
    if ($_REQUEST['datefrom'] != "") {
        $sqladd[] = "timestamp>" . $modx->toTimeStamp($_REQUEST['datefrom']);
    }
    if ($_REQUEST['dateto'] != "") {
        $sqladd[] = "timestamp<" . $modx->toTimeStamp($_REQUEST['dateto']);
    }

    // If current position is not set, set it to zero
    if (!isset($_REQUEST['int_cur_position']) || $_REQUEST['int_cur_position'] == 0) {
        $int_cur_position = 0;
    } else {
        $int_cur_position = $_REQUEST['int_cur_position'];
    }

    // Number of result to display on the page, will be in the LIMIT of the sql query also
    $int_num_result = is_numeric($_REQUEST['nrresults']) ? $_REQUEST['nrresults'] : $number_of_logs;

    $extargv = "&a=13&searchuser=" . $_REQUEST['searchuser'] . "&action=" . $_REQUEST['action'] . "&itemid=" . $_REQUEST['itemid'] . "&itemname=" . $_REQUEST['itemname'] . "&message=" . $_REQUEST['message'] . "&dateto=" . $_REQUEST['dateto'] . "&datefrom=" . $_REQUEST['datefrom'] . "&nrresults=" . $int_num_result . "&log_submit=" . $_REQUEST['log_submit']; // extra argv here (could be anything depending on your page)

    // build the sql
    $limit = $num_rows = $modx->getDatabase()->getValue($modx->getDatabase()->select('COUNT(*)', $modx->getDatabase()->getFullTableName('manager_log'), (!empty($sqladd) ? implode(' AND ', $sqladd) : '')));

    $rs = $modx->getDatabase()->select('*', $modx->getDatabase()->getFullTableName('manager_log'), (!empty($sqladd) ? implode(' AND ', $sqladd) : ''), 'timestamp DESC, id DESC', "{$int_cur_position}, {$int_num_result}");

if ($limit < 1) {
    echo '<p>' . $_lang["mgrlog_emptysrch"] . '</p>';
} else {
    echo '<p>' . $_lang["mgrlog_sortinst"] . '</p>';

    // New instance of the Paging class, you can modify the color and the width of the html table
    $p = new EvolutionCMS\Support\Paginate($num_rows, $int_cur_position, $int_num_result, $extargv);

    // Load up the 2 array in order to display result
    $array_paging = $p->getPagingArray();
    $array_row_paging = $p->getPagingRowArray();
    $current_row = $int_cur_position / $int_num_result;

    // Display the result as you like...
    print "<p>" . $_lang["paging_showing"] . " " . $array_paging['lower'];
    print " " . $_lang["paging_to"] . " " . $array_paging['upper'];
    print " (" . $array_paging['total'] . " " . $_lang["paging_total"] . ")<br />";
    $paging = $array_paging['first_link'] . $_lang["paging_first"] . (isset($array_paging['first_link']) ? "</a> " : " ");
    $paging .= $array_paging['previous_link'] . $_lang["paging_prev"] . (isset($array_paging['previous_link']) ? "</a> " : " ");
    $pagesfound = sizeof($array_row_paging);
    if ($pagesfound > 6) {
        $paging .= $array_row_paging[$current_row - 2]; // ."&nbsp;";
        $paging .= $array_row_paging[$current_row - 1]; // ."&nbsp;";
        $paging .= $array_row_paging[$current_row]; // ."&nbsp;";
        $paging .= $array_row_paging[$current_row + 1]; // ."&nbsp;";
        $paging .= $array_row_paging[$current_row + 2]; // ."&nbsp;";
    } else {
        for ($i = 0; $i < $pagesfound; $i++) {
            $paging .= $array_row_paging[$i] . "&nbsp;";
        }
    }
    $paging .= $array_paging['next_link'] . $_lang["paging_next"] . (isset($array_paging['next_link']) ? "</a> " : " ") . " ";
    $paging .= $array_paging['last_link'] . $_lang["paging_last"] . (isset($array_paging['last_link']) ? "</a> " : " ") . " ";
    // The above exemple print somethings like:
    // Results 1 to 20 of 597  <<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 >>>
    // Of course you can now play with array_row_paging in order to print
    // only the results you would like...
    ?>

    <script type="text/javascript" src="media/script/tablesort.js"></script>

    <div class="pagination">
        <?= $paging ?>
    </div>

    <div class="row">
        <div class="table-responsive">
            <table class="table data">
                <thead>
                <tr>
                    <th class="sortable" width="1%"><?= $_lang["mgrlog_username"] ?></th>
                    <th class="sortable"><?= $_lang["mgrlog_action"] ?></th>
                    <th class="sortable sortable-numeric" width="1%"><?= $_lang["mgrlog_itemid"] ?></th>
                    <th class="sortable"><?= $_lang["mgrlog_itemname"] ?></th>
                    <th class="sortable" width="1%"><?= $_lang["mgrlog_time"] ?></th>
                    <th class="sortable" width="1%">IP</th>
                    <th class="sortable" width="1%">USER_AGENT</th>
                </tr>
                </thead>
                <tbody>
                <?php
                // grab the entire log file...
                $logentries = array();
                $i = 0;
                while ($logentry = $modx->getDatabase()->getRow($rs)) {
                    if (!preg_match("/^[0-9]+$/", $logentry['itemid'])) {
                        $item = '<div style="text-align:center;">-</div>';
                    } elseif ($logentry['action'] == 3 || $logentry['action'] == 27 || $logentry['action'] == 5) {
                        $item = '<a href="index.php?a=3&amp;id=' . $logentry['itemid'] . '">' . $logentry['itemname'] . '</a>';
                    } else {
                        $item = $logentry['itemname'];
                    }
                    //index.php?a=13&searchuser=' . $logentry['internalKey'] . '&action=' . $logentry['action'] . '&itemname=' . $logentry['itemname'] . '&log_submit=true'
                    $user_drill = 'index.php?a=13&searchuser=' . $logentry['internalKey'] . '&itemname=0&log_submit=true';
                    ?>
                    <tr>
                        <td><?= '<a href="' . $user_drill . '">' . $logentry['username'] . '</a>' ?></td>
                        <td class="text-nowrap"><?= '[' . $logentry['action'] . '] ' . $logentry['message'] ?></td>
                        <td class="text-xs-right"><?= $logentry['itemid'] ?></td>
                        <td><?= $item ?></td>
                        <td class="text-nowrap"><?= $modx->toDateFormat($logentry['timestamp'] + $server_offset_time) ?></td>
                        <td class="text-nowrap"><?= $logentry['ip'] ?></td>
                        <td class="text-nowrap"><?= $logentry['useragent'] ?></td>
                    </tr>
                    <?php
                    $i++;
                }
                ?>
                </tbody>
            </table>
        </div>
    </div>

    <div class="pagination">
        <?= $paging ?>
    </div>
<?php
}
?>
    </div>
    </div>
    <?php
    // HACK: prevent multiple "Viewing logging" entries after a search has taken place.
    // @see index.php @ 915
    global $action;
function myFunction($a, $b) {
    // Do something
}
    $action = 1;
} else {
    echo $_lang["mgrlog_noquery"];
}


Issues (3885)

Security Analysis not enabled

manager/actions/logging.static.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
2		if( ! defined('IN_MANAGER_MODE') \|\| IN_MANAGER_MODE !== true) {
3		die("<b>INCLUDE_ORDERING_ERROR</b><br /><br />Please use the EVO Content Manager instead of accessing this file directly.");
4		}
5		if (!$modx->hasPermission('logs')) {
6		$modx->webAlertAndQuit($_lang["error_no_privileges"]);
7		}
8
9		$rs = $modx->getDatabase()->select('DISTINCT internalKey, username, action, itemid, itemname', $modx->getDatabase()->getFullTableName('manager_log'));
10		$logs = $modx->getDatabase()->makeArray($rs);
11		?>
12		<h1>
13		<i class="fa fa-user-secret"></i><?= $_lang['mgrlog_view'] ?>
14		</h1>
15
16		<div class="tab-page">
17		<div class="container container-body">
18		<div class="element-edit-message-tab alert alert-warning"><?= $_lang["mgrlog_query_msg"] ?></div>
19
20		<form action="index.php?a=13" name="logging" method="POST" class="form-group">
21		<div class="row form-row">
22		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_user"] ?></b></div>
23		<div class="col-sm-8 col-md-5 col-lg-4">
24		<select name="searchuser" class="form-control">
25		<option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
26		<?php
27		// get all users currently in the log
28		$logs_user = record_sort(array_unique_multi($logs, 'internalKey'), 'username');
29	View Code Duplication	foreach ($logs_user as $row) {
30		$selectedtext = $row['internalKey'] == $_REQUEST['searchuser'] ? ' selected="selected"' : '';
31		echo "\t\t" . '<option value="' . $row['internalKey'] . '"' . $selectedtext . '>' . $row['username'] . "</option>\n";
32		}
33		?>
34		</select>
35		</div>
36		</div>
37		<div class="row form-row">
38		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_action"] ?></b></div>
39		<div class="col-sm-8 col-md-5 col-lg-4">
40		<select name="action" class="form-control">
41		<option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
42		<?php
43		// get all available actions in the log
44		$logs_actions = record_sort(array_unique_multi($logs, 'action'), 'action');
45		foreach ($logs_actions as $row) {
46		$action = EvolutionCMS\Legacy\LogHandler::getAction($row['action']);
47		if ($action == 'Idle') {
48		continue;
49		}
50		$selectedtext = $row['action'] == $_REQUEST['action'] ? ' selected="selected"' : '';
51		echo "\t\t" . '<option value="' . $row['action'] . '"' . $selectedtext . '>' . $row['action'] . ' - ' . $action . "</option>\n";
52		}
53		?>
54		</select>
55		</div>
56		</div>
57		<div class="row form-row">
58		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_itemid"] ?></b></div>
59		<div class="col-sm-8 col-md-5 col-lg-4">
60		<select name="itemid" class="form-control">
61		<option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
62		<?php
63		// get all itemid currently in logging
64		$logs_items = record_sort(array_unique_multi($logs, 'itemid'), 'itemid');
65	View Code Duplication	foreach ($logs_items as $row) {
66		$selectedtext = $row['itemid'] == $_REQUEST['itemid'] ? ' selected="selected"' : '';
67		echo "\t\t" . '<option value="' . $row['itemid'] . '"' . $selectedtext . '>' . $row['itemid'] . "</option>\n";
68		}
69		?>
70		</select>
71		</div>
72		</div>
73		<div class="row form-row">
74		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_itemname"] ?></b></div>
75		<div class="col-sm-8 col-md-5 col-lg-4">
76		<select name="itemname" class="form-control">
77		<option value="0"><?= $_lang["mgrlog_anyall"] ?></option>
78		<?php
79		// get all itemname currently in logging
80		$logs_names = record_sort(array_unique_multi($logs, 'itemname'), 'itemname');
81	View Code Duplication	foreach ($logs_names as $row) {
82		$selectedtext = $row['itemname'] == $_REQUEST['itemname'] ? ' selected="selected"' : '';
83		echo "\t\t" . '<option value="' . $row['itemname'] . '"' . $selectedtext . '>' . $row['itemname'] . "</option>\n";
84		}
85		?>
86		</select>
87		</div>
88		</div>
89		<div class="row form-row">
90		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_msg"] ?></b></div>
91		<div class="col-sm-8 col-md-5 col-lg-4">
92		<input type="text" name="message" class="form-control" value="<?= $_REQUEST['message'] ?>" />
93		</div>
94		</div>
95		<div class="row form-row">
96		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_datefr"] ?></b></div>
97		<div class="col-sm-8 col-md-5 col-lg-4">
98		<div class="input-group">
99		<input type="text" id="datefrom" name="datefrom" class="form-control unstyled DatePicker" value="<?= isset($_REQUEST['datefrom']) ? $_REQUEST['datefrom'] : "" ?>" />
100		<i onClick="document.logging.datefrom.value=''; return true;" class="clearDate <?php echo $_style["actions_calendar_delete"] ?>" title="<?php echo $_lang['remove_date']; ?>"></i>
101		</div>
102		</div>
103		</div>
104		<div class="row form-row">
105		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_dateto"] ?></b></div>
106		<div class="col-sm-8 col-md-5 col-lg-4">
107		<div class="input-group">
108		<input type="text" id="dateto" name="dateto" class="form-control unstyled DatePicker" value="<?= isset($_REQUEST['dateto']) ? $_REQUEST['dateto'] : "" ?>" />
109		<i onClick="document.logging.dateto.value=''; return true;" class="clearDate <?php echo $_style["actions_calendar_delete"] ?>" title="<?php echo $_lang['remove_date']; ?>"></i>
110		</div>
111		</div>
112		</div>
113		<div class="row form-row">
114		<div class="col-sm-4 col-md-3 col-lg-2"><b><?= $_lang["mgrlog_results"] ?></b></div>
115		<div class="col-sm-8 col-md-5 col-lg-4">
116		<input type="text" name="nrresults" class="form-control" value="<?= isset($_REQUEST['nrresults']) ? $_REQUEST['nrresults'] : $number_of_logs ?>" />
117		</div>
118		</div>
119
120		<a class="btn btn-success" href="javascript:;" onclick="documentDirty=false;document.logging.log_submit.click();"><i class="<?= $_style["actions_save"] ?>"></i> <?= $_lang['search'] ?></a>
121		<a class="btn btn-secondary" href="index.php?a=2" onclick="documentDirty=false;"><i class="<?= $_style["actions_cancel"] ?>"></i> <?= $_lang['cancel'] ?></a>
122
123		<input type="submit" name="log_submit" value="<?= $_lang["mgrlog_searchlogs"] ?>" style="display:none;" />
124		</form>
125
126		</div>
127		</div>
128
129		<div class="navbar">
130		<?= $_lang["mgrlog_qresults"] ?>
131		</div>
132
133		<div class="tab-page">
134		<div class="container container-body">
135
136		<?php
137		if (isset($_REQUEST['log_submit'])) {
138		// get the selections the user made.
139		$sqladd = array();
140		if ($_REQUEST['searchuser'] != 0) {
141		$sqladd[] = "internalKey='" . (int)$_REQUEST['searchuser'] . "'";
142		}
143		if ($_REQUEST['action'] != 0) {
144		$sqladd[] = "action=" . (int)$_REQUEST['action'];
145		}
146		if ($_REQUEST['itemid'] != 0 \|\| $_REQUEST['itemid'] == "-") {
147		$sqladd[] = "itemid='" . $_REQUEST['itemid'] . "'";
148		}
149		if ($_REQUEST['itemname'] != '0') {
150		$sqladd[] = "itemname='" . $modx->getDatabase()->escape($_REQUEST['itemname']) . "'";
151		}
152		if ($_REQUEST['message'] != "") {
153		$sqladd[] = "message LIKE '%" . $modx->getDatabase()->escape($_REQUEST['message']) . "%'";
154		}
155		// date stuff
156		if ($_REQUEST['datefrom'] != "") {
157		$sqladd[] = "timestamp>" . $modx->toTimeStamp($_REQUEST['datefrom']);
158		}
159		if ($_REQUEST['dateto'] != "") {
160		$sqladd[] = "timestamp<" . $modx->toTimeStamp($_REQUEST['dateto']);
161		}
162
163		// If current position is not set, set it to zero
164	View Code Duplication	if (!isset($_REQUEST['int_cur_position']) \|\| $_REQUEST['int_cur_position'] == 0) {
165		$int_cur_position = 0;
166		} else {
167		$int_cur_position = $_REQUEST['int_cur_position'];
168		}
169
170		// Number of result to display on the page, will be in the LIMIT of the sql query also
171		$int_num_result = is_numeric($_REQUEST['nrresults']) ? $_REQUEST['nrresults'] : $number_of_logs;
172
173		$extargv = "&a=13&searchuser=" . $_REQUEST['searchuser'] . "&action=" . $_REQUEST['action'] . "&itemid=" . $_REQUEST['itemid'] . "&itemname=" . $_REQUEST['itemname'] . "&message=" . $_REQUEST['message'] . "&dateto=" . $_REQUEST['dateto'] . "&datefrom=" . $_REQUEST['datefrom'] . "&nrresults=" . $int_num_result . "&log_submit=" . $_REQUEST['log_submit']; // extra argv here (could be anything depending on your page)
174
175		// build the sql
176		$limit = $num_rows = $modx->getDatabase()->getValue($modx->getDatabase()->select('COUNT(*)', $modx->getDatabase()->getFullTableName('manager_log'), (!empty($sqladd) ? implode(' AND ', $sqladd) : '')));
177
178		$rs = $modx->getDatabase()->select('*', $modx->getDatabase()->getFullTableName('manager_log'), (!empty($sqladd) ? implode(' AND ', $sqladd) : ''), 'timestamp DESC, id DESC', "{$int_cur_position}, {$int_num_result}");
179
180		if ($limit < 1) {
181		echo '<p>' . $_lang["mgrlog_emptysrch"] . '</p>';
182		} else {
183		echo '<p>' . $_lang["mgrlog_sortinst"] . '</p>';
184
185		// New instance of the Paging class, you can modify the color and the width of the html table
186		$p = new EvolutionCMS\Support\Paginate($num_rows, $int_cur_position, $int_num_result, $extargv);
187
188		// Load up the 2 array in order to display result
189		$array_paging = $p->getPagingArray();
190		$array_row_paging = $p->getPagingRowArray();
191		$current_row = $int_cur_position / $int_num_result;
192
193		// Display the result as you like...
194		print "<p>" . $_lang["paging_showing"] . " " . $array_paging['lower'];
195		print " " . $_lang["paging_to"] . " " . $array_paging['upper'];
196		print " (" . $array_paging['total'] . " " . $_lang["paging_total"] . ")<br />";
197		$paging = $array_paging['first_link'] . $_lang["paging_first"] . (isset($array_paging['first_link']) ? "</a> " : " ");
198		$paging .= $array_paging['previous_link'] . $_lang["paging_prev"] . (isset($array_paging['previous_link']) ? "</a> " : " ");
199		$pagesfound = sizeof($array_row_paging);
200		if ($pagesfound > 6) {
201		$paging .= $array_row_paging[$current_row - 2]; // ." ";
202		$paging .= $array_row_paging[$current_row - 1]; // ." ";
203		$paging .= $array_row_paging[$current_row]; // ." ";
204		$paging .= $array_row_paging[$current_row + 1]; // ." ";
205		$paging .= $array_row_paging[$current_row + 2]; // ." ";
206		} else {
207		for ($i = 0; $i < $pagesfound; $i++) {
208		$paging .= $array_row_paging[$i] . " ";
209		}
210		}
211		$paging .= $array_paging['next_link'] . $_lang["paging_next"] . (isset($array_paging['next_link']) ? "</a> " : " ") . " ";
212		$paging .= $array_paging['last_link'] . $_lang["paging_last"] . (isset($array_paging['last_link']) ? "</a> " : " ") . " ";
213		// The above exemple print somethings like:
214		// Results 1 to 20 of 597 <<< 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 >>>
215		// Of course you can now play with array_row_paging in order to print
216		// only the results you would like...
217		?>
218
219		<script type="text/javascript" src="media/script/tablesort.js"></script>
220
221		<div class="pagination">
222		<?= $paging ?>
223		</div>
224
225		<div class="row">
226		<div class="table-responsive">
227		<table class="table data">
228		<thead>
229		<tr>
230		<th class="sortable" width="1%"><?= $_lang["mgrlog_username"] ?></th>
231		<th class="sortable"><?= $_lang["mgrlog_action"] ?></th>
232		<th class="sortable sortable-numeric" width="1%"><?= $_lang["mgrlog_itemid"] ?></th>
233		<th class="sortable"><?= $_lang["mgrlog_itemname"] ?></th>
234		<th class="sortable" width="1%"><?= $_lang["mgrlog_time"] ?></th>
235		<th class="sortable" width="1%">IP</th>
236		<th class="sortable" width="1%">USER_AGENT</th>
237		</tr>
238		</thead>
239		<tbody>
240		<?php
241		// grab the entire log file...
242		$logentries = array();
243		$i = 0;
244		while ($logentry = $modx->getDatabase()->getRow($rs)) {
245		if (!preg_match("/^[0-9]+$/", $logentry['itemid'])) {
246		$item = '<div style="text-align:center;">-</div>';
247		} elseif ($logentry['action'] == 3 \|\| $logentry['action'] == 27 \|\| $logentry['action'] == 5) {
248		$item = '<a href="index.php?a=3&id=' . $logentry['itemid'] . '">' . $logentry['itemname'] . '</a>';
249		} else {
250		$item = $logentry['itemname'];
251		}
252		//index.php?a=13&searchuser=' . $logentry['internalKey'] . '&action=' . $logentry['action'] . '&itemname=' . $logentry['itemname'] . '&log_submit=true'
253		$user_drill = 'index.php?a=13&searchuser=' . $logentry['internalKey'] . '&itemname=0&log_submit=true';
254		?>
255		<tr>
256		<td><?= '<a href="' . $user_drill . '">' . $logentry['username'] . '</a>' ?></td>
257		<td class="text-nowrap"><?= '[' . $logentry['action'] . '] ' . $logentry['message'] ?></td>
258		<td class="text-xs-right"><?= $logentry['itemid'] ?></td>
259		<td><?= $item ?></td>
260		<td class="text-nowrap"><?= $modx->toDateFormat($logentry['timestamp'] + $server_offset_time) ?></td>
261		<td class="text-nowrap"><?= $logentry['ip'] ?></td>
262		<td class="text-nowrap"><?= $logentry['useragent'] ?></td>
263		</tr>
264		<?php
265		$i++;
266		}
267		?>
268		</tbody>
269		</table>
270		</div>
271		</div>
272
273		<div class="pagination">
274		<?= $paging ?>
275		</div>
276		<?php
277		}
278		?>
279		</div>
280		</div>
281		<?php
282		// HACK: prevent multiple "Viewing logging" entries after a search has taken place.
283		// @see index.php @ 915
284		global $action;
		0 ignored issues – show Compatibility Best Practice introduced 2018-02-21 15:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
285		$action = 1;
286		} else {
287		echo $_lang["mgrlog_noquery"];
288		}
289

evolution-cms / evolution

Issues (3885)

Security Analysis not enabled

manager/actions/logging.static.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like