Issues in start.php (master) - Issues in master - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2473)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

mod/file/start.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Elgg file plugin
 *
 * @package ElggFile
 */

elgg_register_event_handler('init', 'system', 'file_init');

/**
 * File plugin initialization functions.
 */
function file_init() {

	// register a library of helper functions
	elgg_register_library('elgg:file', elgg_get_plugins_path() . 'file/lib/file.php');

	// Site navigation
	$item = new ElggMenuItem('file', elgg_echo('file'), 'file/all');
	elgg_register_menu_item('site', $item);

	// Extend CSS
	elgg_extend_view('css/elgg', 'file/css');

	// add enclosure to rss item
	elgg_extend_view('extensions/item', 'file/enclosure');

	// extend group main page
	elgg_extend_view('groups/tool_latest', 'file/group_module');

	// Register a page handler, so we can have nice URLs
	elgg_register_page_handler('file', 'file_page_handler');

	// Add a new file widget
	elgg_register_widget_type('filerepo', elgg_echo("file:file"), elgg_echo("file:widget:description"));

	// Register URL handlers for files
	elgg_register_plugin_hook_handler('entity:url', 'object', 'file_set_url');
	elgg_register_plugin_hook_handler('entity:icon:url', 'object', 'file_set_icon_url');

	// Register for notifications
	elgg_register_notification_event('object', 'file', array('create'));
	elgg_register_plugin_hook_handler('prepare', 'notification:create:object:file', 'file_prepare_notification');

	// add the group files tool option
	add_group_tool_option('file', elgg_echo('groups:enablefiles'), true);

	// Register entity type for search
	elgg_register_entity_type('object', 'file');

	// add a file link to owner blocks
	elgg_register_plugin_hook_handler('register', 'menu:owner_block', 'file_owner_block_menu');

	// Register actions
	$action_path = elgg_get_plugins_path() . 'file/actions/file';
	elgg_register_action("file/upload", "$action_path/upload.php");
	elgg_register_action("file/delete", "$action_path/delete.php");
	// temporary - see #2010
	elgg_register_action("file/download", "$action_path/download.php");

	// embed support
	$item = ElggMenuItem::factory(array(
		'name' => 'file',
		'text' => elgg_echo('file'),
		'priority' => 10,
		'data' => array(
			'options' => array(
				'type' => 'object',
				'subtype' => 'file',
			),
		),
	));
	elgg_register_menu_item('embed', $item);

	$item = ElggMenuItem::factory(array(
		'name' => 'file_upload',
		'text' => elgg_echo('file:upload'),
		'priority' => 100,
		'data' => array(
			'view' => 'embed/file_upload/content',
		),
	));

	elgg_register_menu_item('embed', $item);

	elgg_extend_view('theme_sandbox/icons', 'file/theme_sandbox/icons/files');
}

/**
 * Dispatches file pages.
 * URLs take the form of
 *  All files:       file/all
 *  User's files:    file/owner/<username>
 *  Friends' files:  file/friends/<username>
 *  View file:       file/view/<guid>/<title>
 *  New file:        file/add/<guid>
 *  Edit file:       file/edit/<guid>
 *  Group files:     file/group/<guid>/all
 *  Download:        file/download/<guid>
 *
 * Title is ignored
 *
 * @param array $page
 * @return bool
 */
function file_page_handler($page) {

	if (!isset($page[0])) {
		$page[0] = 'all';
	}

	$file_dir = elgg_get_plugins_path() . 'file/pages/file';

	$page_type = $page[0];
	switch ($page_type) {
		case 'owner':
			file_register_toggle();
			include "$file_dir/owner.php";
			break;
		case 'friends':
			file_register_toggle();
			include "$file_dir/friends.php";
			break;
		case 'view':
			elgg_push_context('view_file');
			set_input('guid', $page[1]);
			include "$file_dir/view.php";
			break;
		case 'add':
			include "$file_dir/upload.php";
			break;
		case 'edit':
			set_input('guid', $page[1]);
			include "$file_dir/edit.php";
			break;
		case 'search':
			file_register_toggle();
			include "$file_dir/search.php";
			break;
		case 'group':
			file_register_toggle();
			include "$file_dir/owner.php";
			break;
		case 'all':
			file_register_toggle();
			include "$file_dir/world.php";
			break;
		case 'download':
			set_input('guid', $page[1]);
			include "$file_dir/download.php";
			break;
		default:
			return false;
	}
	return true;
}

/**
 * Adds a toggle to extra menu for switching between list and gallery views
 */
function file_register_toggle() {
	$url = elgg_http_remove_url_query_element(current_page_url(), 'list_type');

	if (get_input('list_type', 'list') == 'list') {
		$list_type = "gallery";
		$icon = elgg_view_icon('grid');
	} else {
		$list_type = "list";
		$icon = elgg_view_icon('list');
	}

	if (substr_count($url, '?')) {
		$url .= "&list_type=" . $list_type;
	} else {
		$url .= "?list_type=" . $list_type;
	}


	elgg_register_menu_item('extras', array(
		'name' => 'file_list',
		'text' => $icon,
		'href' => $url,
		'title' => elgg_echo("file:list:$list_type"),
		'priority' => 1000,
	));
}

/**
 * Prepare a notification message about a new file
 *
 * @param string                          $hook         Hook name
 * @param string                          $type         Hook type
 * @param Elgg\Notifications\Notification $notification The notification to prepare
 * @param array                           $params       Hook parameters
 * @return Elgg\Notifications\Notification
 */
function file_prepare_notification($hook, $type, $notification, $params) {
	$entity = $params['event']->getObject();
	$owner = $params['event']->getActor();
	$recipient = $params['recipient'];
	$language = $params['language'];
	$method = $params['method'];

	$descr = $entity->description;
	$title = $entity->title;

	$notification->subject = elgg_echo('file:notify:subject', array($entity->title), $language);
	$notification->body = elgg_echo('file:notify:body', array(
		$owner->name,
		$title,
		$descr,
		$entity->getURL()
	), $language);
	$notification->summary = elgg_echo('file:notify:summary', array($entity->title), $language);

	return $notification;
}

/**
 * Add a menu item to the user ownerblock
 */
function file_owner_block_menu($hook, $type, $return, $params) {
	if (elgg_instanceof($params['entity'], 'user')) {
		$url = "file/owner/{$params['entity']->username}";
		$item = new ElggMenuItem('file', elgg_echo('file'), $url);
		$return[] = $item;
	} else {
		if ($params['entity']->file_enable != "no") {
			$url = "file/group/{$params['entity']->guid}/all";
			$item = new ElggMenuItem('file', elgg_echo('file:group'), $url);
			$return[] = $item;
		}
	}

	return $return;
}

/**
 * Registers page menu items for file type filtering and returns a view
 *
 * @param int       $container_guid The GUID of the container of the files
 * @param bool      $friends        Whether we're looking at the container or the container's friends
 * 
 * @return string The typecloud
 */
function file_get_type_cloud($container_guid = "", $friends = false) {

	$container_guids = $container_guid;
	$container = get_entity($container_guid);

	if ($friends && $container) {
		// tags interface does not support pulling tags on friends' content so
		// we need to grab all friends
		$friend_entities = $container->getFriends(array('limit' => 0));
		if ($friend_entities) {
			$friend_guids = array();
			foreach ($friend_entities as $friend) {
				$friend_guids[] = $friend->getGUID();
			}
		}
		$container_guids = $friend_guids;
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
	}

	elgg_register_tag_metadata_name('simpletype');
	$options = array(
		'type' => 'object',
		'subtype' => 'file',
		'container_guids' => $container_guids,
		'threshold' => 0,
		'limit' => 10,
		'tag_names' => array('simpletype')
	);
	$types = elgg_get_tags($options);

	if ($types) {
		$all = new stdClass;
		$all->tag = 'all';
		elgg_register_menu_item('page', array(
			'name' => 'file:all',
			'text' => elgg_echo('all'),
			'href' =>  file_type_cloud_get_url($all, $friends),
		));
		
		foreach ($types as $type) {
			elgg_register_menu_item('page', array(
				'name' => "file:$type->tag",
				'text' => elgg_echo("file:type:$type->tag"),
				'href' =>  file_type_cloud_get_url($type, $friends),
			));
		}
	}
	
	// returning the view is needed for BC
	$params = array(
		'friends' => $friends,
		'types' => $types,
	);

	return elgg_view('file/typecloud', $params);
}

function file_type_cloud_get_url($type, $friends) {
	$url = elgg_get_site_url() . 'file/search?subtype=file';

	if ($type->tag != "all") {
		$url .= "&md_type=simpletype&tag=" . urlencode($type->tag);
	}

	if ($friends) {
		$url .= "&friends=$friends";
	}

	if ($type->tag == "image") {
		$url .= "&list_type=gallery";
	}

	if (elgg_get_page_owner_guid()) {
		$url .= "&page_owner=" . elgg_get_page_owner_guid();
	}

	return $url;
}

function get_filetype_cloud($owner_guid = "", $friends = false) {
	elgg_deprecated_notice('Use file_get_type_cloud instead of get_filetype_cloud', 1.8);
	return file_get_type_cloud($owner_guid, $friends);
}

/**
 * Populates the ->getUrl() method for file objects
 *
 * @param string $hook
 * @param string $type
 * @param string $url
 * @param array  $params
 * @return string File URL
 */
function file_set_url($hook, $type, $url, $params) {
	$entity = $params['entity'];
	if (elgg_instanceof($entity, 'object', 'file')) {
		$title = elgg_get_friendly_title($entity->title);
		return "file/view/" . $entity->getGUID() . "/" . $title;
	}
}

/**
 * Override the default entity icon for files
 *
 * Plugins can override or extend the icons using the plugin hook: 'file:icon:url', 'override'
 *
 * @param string $hook
 * @param string $type
 * @param string $url
 * @param array  $params
 * @return string Relative URL
 */
function file_set_icon_url($hook, $type, $url, $params) {
	$file = $params['entity'];
	$size = $params['size'];
	if (elgg_instanceof($file, 'object', 'file')) {

		// thumbnails get first priority
		if ($file->thumbnail) {
			$ts = (int)$file->icontime;
			return "mod/file/thumbnail.php?file_guid=$file->guid&size=$size&icontime=$ts";
		}

		$mapping = array(
			'application/excel' => 'excel',
			'application/msword' => 'word',
			'application/ogg' => 'music',
			'application/pdf' => 'pdf',
			'application/powerpoint' => 'ppt',
			'application/vnd.ms-excel' => 'excel',
			'application/vnd.ms-powerpoint' => 'ppt',
			'application/vnd.oasis.opendocument.text' => 'openoffice',
			'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'word',
			'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'excel',
			'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'ppt',
			'application/x-gzip' => 'archive',
			'application/x-rar-compressed' => 'archive',
			'application/x-stuffit' => 'archive',
			'application/zip' => 'archive',

			'text/directory' => 'vcard',
			'text/v-card' => 'vcard',

			'application' => 'application',
			'audio' => 'music',
			'text' => 'text',
			'video' => 'video',
			'googledoc' => 'googledoc',
		);

		$mime = $file->mimetype;
		if ($mime) {
			$base_type = substr($mime, 0, strpos($mime, '/'));
		} else {
			$mime = 'none';
			$base_type = 'none';
		}

		if (isset($mapping[$mime])) {
			$type = $mapping[$mime];
		} elseif (isset($mapping[$base_type])) {
			$type = $mapping[$base_type];
		} else {
			$type = 'general';
		}

		if ($size == 'large') {
			$ext = '_lrg';
		} else {
			$ext = '';
		}

		$url = "mod/file/graphics/icons/{$type}{$ext}.gif";
		$url = elgg_trigger_plugin_hook('file:icon:url', 'override', $params, $url);
		return $url;
	}
}


Issues (2473)

Security Analysis no vulnerabilities found

mod/file/start.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2		/**
3		* Elgg file plugin
4		*
5		* @package ElggFile
6		*/
7
8		elgg_register_event_handler('init', 'system', 'file_init');
9
10		/**
11		* File plugin initialization functions.
12		*/
13		function file_init() {
14
15		// register a library of helper functions
16		elgg_register_library('elgg:file', elgg_get_plugins_path() . 'file/lib/file.php');
17
18		// Site navigation
19		$item = new ElggMenuItem('file', elgg_echo('file'), 'file/all');
20		elgg_register_menu_item('site', $item);
21
22		// Extend CSS
23		elgg_extend_view('css/elgg', 'file/css');
24
25		// add enclosure to rss item
26		elgg_extend_view('extensions/item', 'file/enclosure');
27
28		// extend group main page
29		elgg_extend_view('groups/tool_latest', 'file/group_module');
30
31		// Register a page handler, so we can have nice URLs
32		elgg_register_page_handler('file', 'file_page_handler');
33
34		// Add a new file widget
35		elgg_register_widget_type('filerepo', elgg_echo("file:file"), elgg_echo("file:widget:description"));
36
37		// Register URL handlers for files
38		elgg_register_plugin_hook_handler('entity:url', 'object', 'file_set_url');
39		elgg_register_plugin_hook_handler('entity:icon:url', 'object', 'file_set_icon_url');
40
41		// Register for notifications
42		elgg_register_notification_event('object', 'file', array('create'));
43		elgg_register_plugin_hook_handler('prepare', 'notification:create:object:file', 'file_prepare_notification');
44
45		// add the group files tool option
46		add_group_tool_option('file', elgg_echo('groups:enablefiles'), true);
47
48		// Register entity type for search
49		elgg_register_entity_type('object', 'file');
50
51		// add a file link to owner blocks
52		elgg_register_plugin_hook_handler('register', 'menu:owner_block', 'file_owner_block_menu');
53
54		// Register actions
55		$action_path = elgg_get_plugins_path() . 'file/actions/file';
56		elgg_register_action("file/upload", "$action_path/upload.php");
57		elgg_register_action("file/delete", "$action_path/delete.php");
58		// temporary - see #2010
59		elgg_register_action("file/download", "$action_path/download.php");
60
61		// embed support
62		$item = ElggMenuItem::factory(array(
63		'name' => 'file',
64		'text' => elgg_echo('file'),
65		'priority' => 10,
66		'data' => array(
67		'options' => array(
68		'type' => 'object',
69		'subtype' => 'file',
70		),
71		),
72		));
73		elgg_register_menu_item('embed', $item);
74
75		$item = ElggMenuItem::factory(array(
76		'name' => 'file_upload',
77		'text' => elgg_echo('file:upload'),
78		'priority' => 100,
79		'data' => array(
80		'view' => 'embed/file_upload/content',
81		),
82		));
83
84		elgg_register_menu_item('embed', $item);
85
86		elgg_extend_view('theme_sandbox/icons', 'file/theme_sandbox/icons/files');
87		}
88
89		/**
90		* Dispatches file pages.
91		* URLs take the form of
92		* All files: file/all
93		* User's files: file/owner/<username>
94		* Friends' files: file/friends/<username>
95		* View file: file/view/<guid>/<title>
96		* New file: file/add/<guid>
97		* Edit file: file/edit/<guid>
98		* Group files: file/group/<guid>/all
99		* Download: file/download/<guid>
100		*
101		* Title is ignored
102		*
103		* @param array $page
104		* @return bool
105		*/
106		function file_page_handler($page) {
107
108		if (!isset($page[0])) {
109		$page[0] = 'all';
110		}
111
112		$file_dir = elgg_get_plugins_path() . 'file/pages/file';
113
114		$page_type = $page[0];
115		switch ($page_type) {
116		case 'owner':
117		file_register_toggle();
118		include "$file_dir/owner.php";
119		break;
120		case 'friends':
121		file_register_toggle();
122		include "$file_dir/friends.php";
123		break;
124		case 'view':
125		elgg_push_context('view_file');
126		set_input('guid', $page[1]);
127		include "$file_dir/view.php";
128		break;
129		case 'add':
130		include "$file_dir/upload.php";
131		break;
132		case 'edit':
133		set_input('guid', $page[1]);
134		include "$file_dir/edit.php";
135		break;
136		case 'search':
137		file_register_toggle();
138		include "$file_dir/search.php";
139		break;
140		case 'group':
141		file_register_toggle();
142		include "$file_dir/owner.php";
143		break;
144		case 'all':
145		file_register_toggle();
146		include "$file_dir/world.php";
147		break;
148		case 'download':
149		set_input('guid', $page[1]);
150		include "$file_dir/download.php";
151		break;
152		default:
153		return false;
154		}
155		return true;
156		}
157
158		/**
159		* Adds a toggle to extra menu for switching between list and gallery views
160		*/
161		function file_register_toggle() {
162		$url = elgg_http_remove_url_query_element(current_page_url(), 'list_type');
163
164		if (get_input('list_type', 'list') == 'list') {
165		$list_type = "gallery";
166		$icon = elgg_view_icon('grid');
167		} else {
168		$list_type = "list";
169		$icon = elgg_view_icon('list');
170		}
171
172		if (substr_count($url, '?')) {
173		$url .= "&list_type=" . $list_type;
174		} else {
175		$url .= "?list_type=" . $list_type;
176		}
177
178
179		elgg_register_menu_item('extras', array(
180		'name' => 'file_list',
181		'text' => $icon,
182		'href' => $url,
183		'title' => elgg_echo("file:list:$list_type"),
184		'priority' => 1000,
185		));
186		}
187
188		/**
189		* Prepare a notification message about a new file
190		*
191		* @param string $hook Hook name
192		* @param string $type Hook type
193		* @param Elgg\Notifications\Notification $notification The notification to prepare
194		* @param array $params Hook parameters
195		* @return Elgg\Notifications\Notification
196		*/
197	View Code Duplication	function file_prepare_notification($hook, $type, $notification, $params) {
198		$entity = $params['event']->getObject();
199		$owner = $params['event']->getActor();
200		$recipient = $params['recipient'];
201		$language = $params['language'];
202		$method = $params['method'];
203
204		$descr = $entity->description;
205		$title = $entity->title;
206
207		$notification->subject = elgg_echo('file:notify:subject', array($entity->title), $language);
208		$notification->body = elgg_echo('file:notify:body', array(
209		$owner->name,
210		$title,
211		$descr,
212		$entity->getURL()
213		), $language);
214		$notification->summary = elgg_echo('file:notify:summary', array($entity->title), $language);
215
216		return $notification;
217		}
218
219		/**
220		* Add a menu item to the user ownerblock
221		*/
222	View Code Duplication	function file_owner_block_menu($hook, $type, $return, $params) {
223		if (elgg_instanceof($params['entity'], 'user')) {
224		$url = "file/owner/{$params['entity']->username}";
225		$item = new ElggMenuItem('file', elgg_echo('file'), $url);
226		$return[] = $item;
227		} else {
228		if ($params['entity']->file_enable != "no") {
229		$url = "file/group/{$params['entity']->guid}/all";
230		$item = new ElggMenuItem('file', elgg_echo('file:group'), $url);
231		$return[] = $item;
232		}
233		}
234
235		return $return;
236		}
237
238		/**
239		* Registers page menu items for file type filtering and returns a view
240		*
241		* @param int $container_guid The GUID of the container of the files
242		* @param bool $friends Whether we're looking at the container or the container's friends
243		*
244		* @return string The typecloud
245		*/
246		function file_get_type_cloud($container_guid = "", $friends = false) {
247
248		$container_guids = $container_guid;
249		$container = get_entity($container_guid);
250
251	View Code Duplication	if ($friends && $container) {
252		// tags interface does not support pulling tags on friends' content so
253		// we need to grab all friends
254		$friend_entities = $container->getFriends(array('limit' => 0));
255		if ($friend_entities) {
256		$friend_guids = array();
257		foreach ($friend_entities as $friend) {
258		$friend_guids[] = $friend->getGUID();
259		}
260		}
261		$container_guids = $friend_guids;
		0 ignored issues – show Bug introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$friend_guids` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
262		}
263
264		elgg_register_tag_metadata_name('simpletype');
265		$options = array(
266		'type' => 'object',
267		'subtype' => 'file',
268		'container_guids' => $container_guids,
269		'threshold' => 0,
270		'limit' => 10,
271		'tag_names' => array('simpletype')
272		);
273		$types = elgg_get_tags($options);
274
275		if ($types) {
276		$all = new stdClass;
277		$all->tag = 'all';
278		elgg_register_menu_item('page', array(
279		'name' => 'file:all',
280		'text' => elgg_echo('all'),
281		'href' => file_type_cloud_get_url($all, $friends),
282		));
283
284		foreach ($types as $type) {
285		elgg_register_menu_item('page', array(
286		'name' => "file:$type->tag",
287		'text' => elgg_echo("file:type:$type->tag"),
288		'href' => file_type_cloud_get_url($type, $friends),
289		));
290		}
291		}
292
293		// returning the view is needed for BC
294		$params = array(
295		'friends' => $friends,
296		'types' => $types,
297		);
298
299		return elgg_view('file/typecloud', $params);
300		}
301
302		function file_type_cloud_get_url($type, $friends) {
303		$url = elgg_get_site_url() . 'file/search?subtype=file';
304
305		if ($type->tag != "all") {
306		$url .= "&md_type=simpletype&tag=" . urlencode($type->tag);
307		}
308
309		if ($friends) {
310		$url .= "&friends=$friends";
311		}
312
313		if ($type->tag == "image") {
314		$url .= "&list_type=gallery";
315		}
316
317		if (elgg_get_page_owner_guid()) {
318		$url .= "&page_owner=" . elgg_get_page_owner_guid();
319		}
320
321		return $url;
322		}
323
324		function get_filetype_cloud($owner_guid = "", $friends = false) {
325		elgg_deprecated_notice('Use file_get_type_cloud instead of get_filetype_cloud', 1.8);
326		return file_get_type_cloud($owner_guid, $friends);
327		}
328
329		/**
330		* Populates the ->getUrl() method for file objects
331		*
332		* @param string $hook
333		* @param string $type
334		* @param string $url
335		* @param array $params
336		* @return string File URL
337		*/
338	View Code Duplication	function file_set_url($hook, $type, $url, $params) {
339		$entity = $params['entity'];
340		if (elgg_instanceof($entity, 'object', 'file')) {
341		$title = elgg_get_friendly_title($entity->title);
342		return "file/view/" . $entity->getGUID() . "/" . $title;
343		}
344		}
345
346		/**
347		* Override the default entity icon for files
348		*
349		* Plugins can override or extend the icons using the plugin hook: 'file:icon:url', 'override'
350		*
351		* @param string $hook
352		* @param string $type
353		* @param string $url
354		* @param array $params
355		* @return string Relative URL
356		*/
357		function file_set_icon_url($hook, $type, $url, $params) {
358		$file = $params['entity'];
359		$size = $params['size'];
360		if (elgg_instanceof($file, 'object', 'file')) {
361
362		// thumbnails get first priority
363		if ($file->thumbnail) {
364		$ts = (int)$file->icontime;
365		return "mod/file/thumbnail.php?file_guid=$file->guid&size=$size&icontime=$ts";
366		}
367
368		$mapping = array(
369		'application/excel' => 'excel',
370		'application/msword' => 'word',
371		'application/ogg' => 'music',
372		'application/pdf' => 'pdf',
373		'application/powerpoint' => 'ppt',
374		'application/vnd.ms-excel' => 'excel',
375		'application/vnd.ms-powerpoint' => 'ppt',
376		'application/vnd.oasis.opendocument.text' => 'openoffice',
377		'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'word',
378		'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'excel',
379		'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'ppt',
380		'application/x-gzip' => 'archive',
381		'application/x-rar-compressed' => 'archive',
382		'application/x-stuffit' => 'archive',
383		'application/zip' => 'archive',
384
385		'text/directory' => 'vcard',
386		'text/v-card' => 'vcard',
387
388		'application' => 'application',
389		'audio' => 'music',
390		'text' => 'text',
391		'video' => 'video',
392		'googledoc' => 'googledoc',
393		);
394
395		$mime = $file->mimetype;
396		if ($mime) {
397		$base_type = substr($mime, 0, strpos($mime, '/'));
398		} else {
399		$mime = 'none';
400		$base_type = 'none';
401		}
402
403		if (isset($mapping[$mime])) {
404		$type = $mapping[$mime];
405		} elseif (isset($mapping[$base_type])) {
406		$type = $mapping[$base_type];
407		} else {
408		$type = 'general';
409		}
410
411		if ($size == 'large') {
412		$ext = '_lrg';
413		} else {
414		$ext = '';
415		}
416
417		$url = "mod/file/graphics/icons/{$type}{$ext}.gif";
418		$url = elgg_trigger_plugin_hook('file:icon:url', 'override', $params, $url);
419		return $url;
420		}
421		}
422

gctools-outilsgc / gcconnex

Issues (2473)

Security Analysis no vulnerabilities found

mod/file/start.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like