Issues (1752)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/mvc-view.php (16 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
require_once(dirname(__FILE__) . '/fwolflib.php');
3
require_once(FWOLFLIB . 'class/cache/cache.php');
4
require_once(FWOLFLIB . 'class/form.php');
5
require_once(FWOLFLIB . 'class/list-table.php');
6
require_once(FWOLFLIB . 'class/validator.php');
7
require_once(FWOLFLIB . 'class/ajax/ajax-sel-div.php');
8
require_once(FWOLFLIB . 'func/string.php');
9
require_once(FWOLFLIB . 'func/request.php');
10
11
12
/**
13
 * View in MVC
14
 *
15
 * View是在Controler和Module之间起到一个融合的作用,它从Controler接受命令,
16
 * 从Module中接受数据,然后使用适当的模板和顺序来生成最终的html代码,
17
 * 然后交给Controler输出。
18
 *
19
 * View主要体现为各项功能的page.php页面,相似的功能可以放在一个文件中进行处理,
20
 * 方便一些Module调用的共享。
21
 *
22
 * View从Module得到结果数据后,使用Smarty模板进行加工,生成html,再交给Controler输出。
23
 *
24
 * Action的处理主要在View中,Action的默认值也在View中赋予和实现。
25
 *
26
 *
27
 * Output generate sequence:
28
 * GetOutput()
29
 * 	GenHeader()
30
 * 	GenMenu()
31
 * 	GenContent()
32
 * 		Will auto call GenXxx() or GenContentXxx() is exists.
33
 * 	GenFooter()
34
 *
35
 *
36
 * If need to re-generate some part, you can directly call GenFooter() etc.
37
 *
38
 * Apply 'cache=0' at end of url will force cache update,
39
 * notice there is no cache stored for url plused 'cache=0'.
40
 *
41
 *
42
 * Roadmap:
43
 *
44
 * 2012-11-16	1.2 488a3fbf41
45
 * 		Using new Cache class, cache as inner object var now.
46
 * 2010-06-21	1.1 c10b557466
47
 * 		Rename GenContentXxx() to GenXxx(), with backward compative.
48
 * 2010-05-21	1.0	60d16e2417
49
 * 		Basic feature.
50
 *
51
 *
52
 * @deprecated  Use Fwlib\Mvc\AbstractView
53
 * @package		fwolflib
54
 * @subpackage	class.mvc
55
 * @copyright	Copyright 2008-2012, Fwolf
56
 * @author		Fwolf <[email protected]>
57
 * @since		2008-04-06
58
 * @see			Controler
59
 * @see			Module
60
 */
61
abstract class View extends Fwolflib {
0 ignored issues
show
Deprecated Code introduced by
The class Fwolflib has been deprecated with message: Use classes in Fwlib namespace, see PSR-0/1/2

This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.

Loading history...
62
63
	/**
64
	 * Action parameter, the view command to determin what to display
65
	 * @var string	// $_GET['a'], means which action user prefered of the module
66
	 */
67
	protected $sAction = null;
68
69
	/**
70
	 * Ajax select div object
71
	 * @var	object
72
	 */
73
	public $oAjaxSelDiv = null;
74
75
	/**
76
	 * Cache object
77
	 * @var	object
78
	 */
79
	public $oCache = NULL;
80
81
	/**
82
	 * If cache turned on
83
	 * Remember to set cache config before turned it on.
84
	 * @var	boolean
85
	 */
86
	public $bCacheOn = false;
87
88
	/**
89
	 * Css file url used in header
90
	 * eg: array(array(0 => 'default.css', 1 => 'screen, print'), ...)
91
	 * @var	array of array
92
	 */
93
	public $aCss = array();
94
95
	/**
96
	 * View's caller -- Controler object
97
	 * @var	object
98
	 */
99
	public $oCtl = null;
100
101
	/**
102
	 * Form object, auto new when first used.
103
	 * @var	object
104
	 */
105
	public $oForm = null;
106
107
	/**
108
	 * Js file url used in header
109
	 * eg: 'common.js', ..., Can index by string.
110
	 * @var	array of string
111
	 */
112
	public $aJs = array();
113
114
	/**
115
	 * ListTable object, auto new when first used.
116
	 * @var	object
117
	 */
118
	public $oLt = null;
119
120
	/**
121
	 * Output content generated
122
	 * @var	string
123
	 */
124
	public $sOutput = '';
125
126
	/**
127
	 * Main content part of output content, normail is page main content
128
	 * @var	string
129
	 */
130
	protected $sOutputContent = '';
131
132
	/**
133
	 * Footer part of output content
134
	 *
135
	 * In common, this will include some end part of <body> and etc.
136
	 * @var string
137
	 */
138
	protected $sOutputFooter = '';
139
140
	/**
141
	 * Header part of output content, normally is html header part
142
	 *
143
	 * In common, this will include all <html> and some beginner part of <body>
144
	 * @var	string
145
	 */
146
	protected $sOutputHeader = '';
147
148
	/**
149
	 * Menu part of output content, optional
150
	 * @var	string
151
	 */
152
	protected $sOutputMenu = '';
153
154
	/**
155
	 * If use tidy to format output html code, default false.
156
	 * @var boolean
157
	 */
158
	public $bOutputTidy = false;
159
160
	/**
161
	 * If show debug info on footer ?
162
	 * @var	boolean
163
	 */
164
	public $bShowDebugInfo = false;
165
166
	/**
167
	 * Template object, auto new when first used.
168
	 * @var	object
169
	 */
170
	public $oTpl = null;
171
172
	/**
173
	 * Template file path
174
	 * @var	array
175
	 */
176
	protected $aTplFile = array(
177
		'footer' => 'footer.tpl',
178
		'header' => 'header.tpl',
179
		'menu' => 'menu.tpl',
180
		);
181
182
	/**
183
	 * Validator object.
184
	 * @var	object
185
	 */
186
	public $oValidator = null;
187
188
	/**
189
	 * Html <title> of this view
190
	 * @var	string
191
	 */
192
	protected $sViewTitle = '';
193
194
195
	// New Tpl object
196
	abstract protected function NewObjTpl();
197
198
199
	/*
200
	// Changed to define directly in this class (below),
201
	//	sub class only need to set tpl file name or do some other action.
202
	abstract public function GenFooter();
203
	abstract public function GenHeader();
204
	abstract public function GenMenu();
205
	*/
206
207
	// An template is given, point to action-relate method,
208
	// and will check method exists at first.
209
	//abstract protected function GenContent();
210
211
212
	/**
213
	 * construct
214
	 * @param object	&$ctl	Caller controler object
215
	 */
216
	public function __construct (&$ctl) {
217
		parent::__construct();
218
219
		// For auto-new
220
		unset($this->oAjaxSelDiv);
221
		unset($this->oCache);
222
		unset($this->oForm);
223
		unset($this->oLt);
224
		unset($this->oTpl);
225
		unset($this->oValidator);
226
227
		$this->oCtl = $ctl;
228
		$this->sAction = GetGet('a');
0 ignored issues
show
Deprecated Code introduced by
The function GetGet() has been deprecated with message: Use Fwlib\Util\HttpUtil::getGet()

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
229
230
/*
231
		$this->NewObjForm();
232
		$this->NewObjTpl();
233
		$this->NewObjLt();
234
*/
235
236
		/* Template dir must be set before using
237
		$this->GenHeader();
238
		$this->GenMenu();
239
		$this->GenContent();
240
		$this->GenFooter();
241
		*/
242
	} // end of func __construct
243
244
245
	/**
246
	 * Auto new obj if not set, for some special var only
247
	 *
248
	 * @param	string	$name
249
	 * @return	object
250
	 */
251 View Code Duplication
	public function __get($name)
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
252
	{
253
		if ('o' == $name{0}) {
254
			$s_func = 'NewObj' . substr($name, 1);
255
			if (method_exists($this, $s_func)) {
256
				// New object
257
				$this->$name = $this->$s_func();
258
				return $this->$name;
259
			}
260
		}
261
262
		return null;
263
	} // end of func __get
264
265
266
	/**
267
	 * Get content to output with cache
268
	 *
269
	 * @return	string
270
	 */
271
	public function CacheGetOutput() {
272
		$key = $this->CacheKey();
273
274
		if ('0' == GetGet('cache')) {
0 ignored issues
show
Deprecated Code introduced by
The function GetGet() has been deprecated with message: Use Fwlib\Util\HttpUtil::getGet()

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
275
			// Cache temp off, but still gen & set
276
			$s = NULL;
277
		} else {
278
			// Try get
279
			$s = $this->oCache->Get($key, $this->CacheLifetime());
280
		}
281
282
		if (is_null($s)) {
283
			// Cache invalid, gen and set
284
			$s = $this->GetOutput();
285
			$this->oCache->Set($key, $s, $this->CacheLifetime());
286
		}
287
288
		return $s;
289
	} // end of func CacheGetOutput
290
291
292
	/**
293
	 * Gen key of cache by request uri
294
	 *
295
	 * @return	string
296
	 */
297
	public function CacheKey() {
298
		$key = $_SERVER['REQUEST_URI'];
299
		$key = str_replace(array('?', '&', '=', '//'), '/', $key);
300
301
		// When force update cache, ignore 'cache=0' in url
302
		if ('0' == GetGet('cache')) {
0 ignored issues
show
Deprecated Code introduced by
The function GetGet() has been deprecated with message: Use Fwlib\Util\HttpUtil::getGet()

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
303
			// Can't unset($_GET['cache']);
304
			// Because it's used later
305
			$key = str_replace('/cache/0', '', $key);
306
		}
307
308
		// Remove tailing '/'
309 View Code Duplication
		if ('/' == substr($key, -1))
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
310
			$key = substr($key, 0, strlen($key) - 1);
311
312
		return $key;
313
	} // end of func CacheKey
314
315
316
	/**
317
	 * Got cache lifetime, by second
318
	 * Should often re-define in sub class.
319
	 *
320
	 * @param	string	$key
321
	 * @return	int
322
	 */
323
	public function CacheLifetime ($key = '') {
324
		if (empty($key))
325
			$key = $this->CacheKey();
0 ignored issues
show
$key is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
326
327
		// Default 60s * 60m = 3600s
328
		return 3600;
329
	} // end of func CacheLifetime
330
331
332
	/**
333
	 * Generate main content of page
334
	 *
335
	 * Doing this by call sub-method according to $sAction,
336
	 * Also, this can be override by extended class.
337
	 */
338
	public function GenContent() {
339
		if ('content' == strtolower($this->sAction))
340
			$this->oCtl->ViewErrorDisp("Action shoud not named 'content'.");
341
342
		if (empty($this->sAction))
343
			$this->oCtl->ViewErrorDisp("No action given.");
344
345
		// Check if action relate method existence,
346
		// call it or report error.
347
		$s_func = StrUnderline2Ucfirst($this->sAction, true);
0 ignored issues
show
Deprecated Code introduced by
The function StrUnderline2Ucfirst() has been deprecated with message: Use Fwlib\Util\StringUtil::toStudlyCaps()

This function has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead.

Loading history...
348
		$s_func1 = 'Gen' . $s_func;
349
		$s_func2 = 'GenContent' . $s_func;
350
		if (method_exists($this, $s_func1)) {
351
			$this->sOutputContent = $this->$s_func1();
352
			return $this->sOutputContent;
353
		}
354
		elseif (method_exists($this, $s_func2)) {
355
				$this->sOutputContent = $this->$s_func2();
356
				return $this->sOutputContent;
357
		}
358
		// ?a=ajax-something
359
		elseif ('ajax-' == strtolower(substr($this->sAction, 0, 5))
360
			&& method_exists($this, $s_func)) {
361
				$this->sOutputContent = $this->$s_func();
362
				return $this->sOutputContent;
363
		}
364
		else
365
			// An invalid action is given
366
			$this->oCtl->ViewErrorDisp("The given action {$this->sAction} invalid or method $s_func1 doesn't exists.");
367
	} // end of func GenContent
368
369
370
	/**
371
	 * Generate footer part
372
	 */
373
	public function GenFooter() {
374
		$this->sOutputFooter = $this->oTpl->fetch($this->aTplFile['footer']);
375
376
		// Set time used and db query executed time
377
		if ($this->bShowDebugInfo)
378
			$this->sOutputFooter = str_replace('<!-- debug info -->'
379
				, $this->oCtl->GetDebugInfo($this)
380
				. '<!-- debug info -->'
381
				, $this->sOutputFooter);
382
383
		return $this->sOutputFooter;
384
	} // end of func GenFooter
385
386
387
	/**
388
	 * Generate header part
389
	 *
390
	 * @see $aCss, $aJs
391
	 */
392
	public function GenHeader () {
393
		$this->oTpl->assignByRef('css', $this->aCss);
394
395
		$this->aJs = array_unique($this->aJs);
396
		$this->oTpl->assignByRef('js', $this->aJs);
397
398
		$this->sOutputHeader = $this->oTpl->fetch($this->aTplFile['header']);
399
		return $this->sOutputHeader;
400
	} // end of func GenHeader
401
402
403
	/**
404
	 * Generate menu part
405
	 */
406
	public function GenMenu()
407
	{
408
		$this->sOutputMenu = $this->oTpl->fetch($this->aTplFile['menu']);
409
		return $this->sOutputMenu;
410
	} // end of func GenMenu
411
412
413
	/**
414
	 * Get content to output
415
	 *
416
	 * @return string
417
	 * @see $sOutput
418
	 */
419
	public function GetOutput () {
420
		if (empty($this->sOutputContent))
421
			$this->sOutputContent = $this->GenContent();
422
		if (empty($this->sOutputHeader))
423
			$this->sOutputHeader = $this->GenHeader();
424
		if (empty($this->sOutputMenu))
425
			$this->sOutputMenu = $this->GenMenu();
426
		if (empty($this->sOutputFooter))
427
			$this->sOutputFooter = $this->GenFooter();
428
		$this->sOutput = $this->sOutputHeader .
429
						 $this->sOutputMenu .
430
						 $this->sOutputContent .
431
						 $this->sOutputFooter;
432
433
		// Use tidy ?
434
		if (true == $this->bOutputTidy)
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
435
			$this->sOutput = $this->Tidy($this->sOutput);
436
437
		return $this->sOutput;
438
	} // end of func GetOutput
439
440
441
	/**
442
	 * New AjaxSelectDiv object
443
	 *
444
	 * @see	$oAjaxSelectDiv
445
	 */
446
	protected function NewObjAjaxSelDiv() {
447
		return new AjaxSelDiv();
0 ignored issues
show
Deprecated Code introduced by
The class AjaxSelDiv has been deprecated with message: Use Fwlib\Html\Ajax\SelectDiv

This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.

Loading history...
448
	} // end of func NewObjAjaxSelDiv
449
450
451
	/**
452
	 * New Cache object
453
	 *
454
	 * Need replace by sub class, assign cache type
455
	 *
456
	 * @see	$oCache
457
	 */
458
	protected function NewObjCache () {
459
		return Cache::Create('');
0 ignored issues
show
The method Create() does not seem to exist on object<Cache>.

This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.

This is most likely a typographical error or the method has been renamed.

Loading history...
460
	} // end of func NewObjCache
461
462
463
	/**
464
	 * New Form object
465
	 *
466
	 * @see	$oForm
467
	 */
468
	protected function NewObjForm() {
469
		return new Form;
470
	} // end of func NewObjForm
471
472
473
	/**
474
	 * New ListTable object
475
	 *
476
	 * @see	$oLt
477
	 */
478
	protected function NewObjLt() {
479
		return new ListTable($this->oTpl);
0 ignored issues
show
Deprecated Code introduced by
The class ListTable has been deprecated with message: Use Fwlib\Html\ListTable

This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.

Loading history...
480
	} // end of func NewObjLt
481
482
483
	/**
484
	 * New Validator object
485
	 *
486
	 * @see	$oValidator
487
	 * @return	object
488
	 */
489
	protected function NewObjValidator () {
490
		return new Validator();
0 ignored issues
show
Deprecated Code introduced by
The class Validator has been deprecated with message: Use Fwlib\Html\FormValidator

This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.

Loading history...
491
	} // end of func NewObjValidator
492
493
494
	/**
495
	 * Set <title> of view page
496
	 * @param	string	$title
497
	 */
498
	public function SetViewTitle($title)
499
	{
500
		// Init tpl variables set
501
		$this->oTpl->assignByRef('view_title', $this->sViewTitle);
502
503
		$this->sViewTitle = $title;
504
		$this->sOutputHeader = $this->GenHeader();
505
	} // end of func SetViewTitle
506
507
508
	/**
509
	 * Use tidy to format html string
510
	 *
511
	 * @param string	&$html
512
	 * @return string
513
	 */
514 View Code Duplication
	public function Tidy (&$html) {
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
515
		if (true == class_exists("tidy")) {
0 ignored issues
show
Coding Style Best Practice introduced by
It seems like you are loosely comparing two booleans. Considering using the strict comparison === instead.

When comparing two booleans, it is generally considered safer to use the strict comparison operator.

Loading history...
516
			// Specify configuration
517
			$config = array(
518
				'doctype'		=> 'strict',
519
				'indent'		=> true,
520
				'indent-spaces'	=> 2,
521
				'output-xhtml'	=> true,
522
				'wrap'			=> 200
523
			);
524
			// Do tidy
525
			$tidy = new tidy;
526
			$tidy->parseString($html, $config, 'utf8');
527
			$tidy->cleanRepair();
528
529
			return tidy_get_output($tidy);
530
		} else {
531
			$this->Log('Tidy is not installed !', 4);
532
			return $html;
533
		}
534
	} // end of func Tidy
535
536
} // end of class View
537
?>
0 ignored issues
show
It is not recommended to use PHP's closing tag ?> in files other than templates.

Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore.

A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever.

Loading history...
538