This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | /* |
||
4 | You may not change or alter any portion of this comment or credits |
||
5 | of supporting developers from this source code or any supporting source code |
||
6 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
7 | |||
8 | This program is distributed in the hope that it will be useful, |
||
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
11 | */ |
||
12 | |||
13 | /** |
||
14 | * modulebuilder module. |
||
15 | * |
||
16 | * @copyright XOOPS Project (https://xoops.org) |
||
17 | * @license GNU GPL 2 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html) |
||
18 | * |
||
19 | * @since 2.5.5 |
||
20 | * |
||
21 | * @author Txmod Xoops <[email protected]> |
||
22 | * |
||
23 | */ |
||
24 | |||
25 | use Xmf\Request; |
||
26 | use XoopsModules\Modulebuilder\{ |
||
27 | Helper, |
||
28 | Import |
||
29 | }; |
||
30 | |||
31 | /** @var Helper $helper */ |
||
32 | |||
33 | // Define main template |
||
34 | $templateMain = 'modulebuilder_modules.tpl'; |
||
35 | |||
36 | require __DIR__ . '/header.php'; |
||
37 | // Recovered value of argument op in the URL $ |
||
38 | $op = Request::getString('op', 'list'); |
||
39 | $modId = Request::getInt('mod_id'); |
||
40 | |||
41 | switch ($op) { |
||
42 | case 'list': |
||
43 | default: |
||
44 | $start = Request::getInt('start', 0); |
||
45 | $limit = Request::getInt('limit', $helper->getConfig('modules_adminpager')); |
||
46 | $GLOBALS['xoTheme']->addScript('modules/modulebuilder/assets/js/functions.js'); |
||
47 | $GLOBALS['xoTheme']->addStylesheet('modules/modulebuilder/assets/css/admin/style.css'); |
||
48 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('modules.php')); |
||
49 | $adminObject->addItemButton(\_AM_MODULEBUILDER_MODULES_ADD, 'modules.php?op=new', 'add'); |
||
50 | |||
51 | $adminObject->addItemButton(_AM_MODULEBUILDER_MODULES_IMPORT, 'import_module.php', 'compfile'); |
||
52 | |||
53 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||
54 | $GLOBALS['xoopsTpl']->assign('tdmc_url', TDMC_URL); |
||
55 | $GLOBALS['xoopsTpl']->assign('tdmc_upload_imgmod_url', TDMC_UPLOAD_IMGMOD_URL); |
||
56 | $GLOBALS['xoopsTpl']->assign('modPathIcon16', TDMC_URL . '/' . $modPathIcon16); |
||
57 | $modulesCount = $helper->getHandler('Modules')->getCountModules(); |
||
58 | $modulesAll = $helper->getHandler('Modules')->getAllModules($start, $limit); |
||
59 | // Redirect if there aren't modules |
||
60 | if (0 == $modulesCount) { |
||
61 | \redirect_header('modules.php?op=new', 2, \_AM_MODULEBUILDER_THEREARENT_MODULES2); |
||
62 | } |
||
63 | // Display modules list |
||
64 | if ($modulesCount > 0) { |
||
65 | foreach (\array_keys($modulesAll) as $i) { |
||
66 | $module = $modulesAll[$i]->getValuesModules(); |
||
67 | $GLOBALS['xoopsTpl']->append('modules_list', $module); |
||
68 | unset($module); |
||
69 | } |
||
70 | if ($modulesCount > $limit) { |
||
71 | require_once \XOOPS_ROOT_PATH . '/class/pagenav.php'; |
||
72 | $pagenav = new \XoopsPageNav($modulesCount, $limit, $start, 'start', 'op=list&limit=' . $limit); |
||
73 | $GLOBALS['xoopsTpl']->assign('pagenav', $pagenav->renderNav(4)); |
||
74 | } |
||
75 | } else { |
||
76 | $GLOBALS['xoopsTpl']->assign('error', \_AM_MODULEBUILDER_THEREARENT_MODULES); |
||
77 | } |
||
78 | |||
79 | break; |
||
80 | case 'new': |
||
81 | $GLOBALS['xoTheme']->addScript('modules/modulebuilder/assets/js/functions.js'); |
||
82 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('modules.php')); |
||
83 | $adminObject->addItemButton(\_AM_MODULEBUILDER_MODULES_LIST, 'modules.php', 'list'); |
||
84 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||
85 | |||
86 | $settings = $helper->getHandler('Settings')->getActiveSetting(); |
||
87 | if (0 == \count($settings)) { |
||
88 | \redirect_header('settings.php', 5, \_AM_MODULEBUILDER_MODULE_NOACTSET); |
||
89 | } |
||
90 | $modulesObj = $helper->getHandler('Modules')->create(); |
||
91 | $form = $modulesObj->getFormModules(); |
||
92 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||
93 | break; |
||
94 | |||
95 | case 'modules_import': |
||
96 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('modules.php')); |
||
97 | $adminObject->addItemButton(\_AM_MODULEBUILDER_MODULES_LIST, 'modules.php', 'list'); |
||
98 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||
99 | $result = Import::importModule(); |
||
100 | if (false === $result['result']) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
101 | $GLOBALS['xoopsTpl']->assign('error', $result['error']); |
||
102 | } else { |
||
103 | $GLOBALS['xoopsTpl']->assign('tables_list', $result['tables']); |
||
104 | } |
||
105 | break; |
||
106 | |||
107 | case 'save': |
||
108 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
109 | \redirect_header('modules.php', 3, \implode(',', $GLOBALS['xoopsSecurity']->getErrors())); |
||
110 | } |
||
111 | if (isset($modId)) { |
||
112 | $modulesObj = $helper->getHandler('Modules')->get($modId); |
||
113 | } else { |
||
114 | $modulesObj = $helper->getHandler('Modules')->create(); |
||
115 | } |
||
116 | $moduleDirname = \preg_replace('/[^a-zA-Z0-9]\s+/', '', \mb_strtolower(Request::getString('mod_dirname', '', 'POST'))); |
||
117 | //Form module save |
||
118 | $modulesObj->setVars( |
||
119 | [ |
||
120 | 'mod_name' => Request::getString('mod_name', '', 'POST'), |
||
121 | 'mod_dirname' => $moduleDirname, |
||
122 | 'mod_version' => Request::getString('mod_version', '', 'POST'), |
||
123 | 'mod_since' => Request::getString('mod_since', '', 'POST'), |
||
124 | 'mod_min_php' => Request::getString('mod_min_php', '', 'POST'), |
||
125 | 'mod_min_xoops' => Request::getString('mod_min_xoops', '', 'POST'), |
||
126 | 'mod_min_admin' => Request::getString('mod_min_admin', '', 'POST'), |
||
127 | 'mod_min_mysql' => Request::getString('mod_min_mysql', '', 'POST'), |
||
128 | 'mod_description' => Request::getString('mod_description', '', 'POST'), |
||
129 | 'mod_author' => Request::getString('mod_author', '', 'POST'), |
||
130 | 'mod_author_mail' => Request::getString('mod_author_mail', '', 'POST'), |
||
131 | 'mod_author_website_url' => Request::getString('mod_author_website_url', '', 'POST'), |
||
132 | 'mod_author_website_name' => Request::getString('mod_author_website_name', '', 'POST'), |
||
133 | 'mod_credits' => Request::getString('mod_credits', '', 'POST'), |
||
134 | 'mod_license' => Request::getString('mod_license', '', 'POST'), |
||
135 | 'mod_release_info' => Request::getString('mod_release_info', '', 'POST'), |
||
136 | 'mod_release_file' => Request::getString('mod_release_file', '', 'POST'), |
||
137 | 'mod_manual' => Request::getString('mod_manual', '', 'POST'), |
||
138 | 'mod_manual_file' => Request::getString('mod_manual_file', '', 'POST'), |
||
139 | ] |
||
140 | ); |
||
141 | //Form mod_image |
||
142 | require_once \XOOPS_ROOT_PATH . '/class/uploader.php'; |
||
143 | $uploader = new \XoopsMediaUploader( |
||
144 | TDMC_UPLOAD_IMGMOD_PATH, $helper->getConfig('mimetypes_image'), $helper->getConfig('maxsize_image'), null, null |
||
145 | ); |
||
146 | if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { |
||
147 | $uploader->fetchMedia($_POST['xoops_upload_file'][0]); |
||
148 | if (!$uploader->upload()) { |
||
149 | $errors = &$uploader->getErrors(); |
||
150 | \redirect_header('javascript:history.go(-1)', 3, $errors); |
||
151 | } else { |
||
152 | $modulesObj->setVar('mod_image', $uploader->getSavedFileName()); |
||
153 | } |
||
154 | } else { |
||
155 | $modulesObj->setVar('mod_image', Request::getString('mod_image', '', 'POST')); |
||
156 | } |
||
157 | //Form module save |
||
158 | $modulesObj->setVars( |
||
159 | [ |
||
160 | 'mod_demo_site_url' => Request::getString('mod_demo_site_url', '', 'POST'), |
||
161 | 'mod_demo_site_name' => Request::getString('mod_demo_site_name', '', 'POST'), |
||
162 | 'mod_support_url' => Request::getString('mod_support_url', '', 'POST'), |
||
163 | 'mod_support_name' => Request::getString('mod_support_name', '', 'POST'), |
||
164 | 'mod_website_url' => Request::getString('mod_website_url', '', 'POST'), |
||
165 | 'mod_website_name' => Request::getString('mod_website_name', '', 'POST'), |
||
166 | 'mod_release' => Request::getString('mod_release', '', 'POST'), |
||
167 | 'mod_status' => Request::getString('mod_status', '', 'POST'), |
||
168 | 'mod_donations' => Request::getString('mod_donations', '', 'POST'), |
||
169 | 'mod_subversion' => Request::getString('mod_subversion', '', 'POST'), |
||
170 | ] |
||
171 | ); |
||
172 | $moduleOption = Request::getArray('module_option', []); |
||
173 | $modulesObj->setVar('mod_admin', \in_array('admin', $moduleOption)); |
||
174 | $modulesObj->setVar('mod_user', \in_array('user', $moduleOption)); |
||
175 | $modulesObj->setVar('mod_blocks', \in_array('blocks', $moduleOption)); |
||
176 | $modulesObj->setVar('mod_search', \in_array('search', $moduleOption)); |
||
177 | $modulesObj->setVar('mod_comments', \in_array('comments', $moduleOption)); |
||
178 | $modulesObj->setVar('mod_notifications', \in_array('notifications', $moduleOption)); |
||
179 | $modulesObj->setVar('mod_permissions', \in_array('permissions', $moduleOption)); |
||
180 | //$modulesObj->setVar('mod_inroot_copy', \in_array('inroot_copy', $moduleOption)); |
||
181 | |||
182 | if ($helper->getHandler('Modules')->insert($modulesObj)) { |
||
183 | if ($modulesObj->isNew()) { |
||
184 | \redirect_header('tables.php', 5, \sprintf(\_AM_MODULEBUILDER_MODULE_FORM_CREATED_OK, Request::getString('mod_name', '', 'POST'))); |
||
185 | } else { |
||
186 | \redirect_header('modules.php', 5, \sprintf(\_AM_MODULEBUILDER_MODULE_FORM_UPDATED_OK, Request::getString('mod_name', '', 'POST'))); |
||
187 | } |
||
188 | } |
||
189 | |||
190 | $GLOBALS['xoopsTpl']->assign('error', $modulesObj->getHtmlErrors()); |
||
191 | $form = $modulesObj->getFormModules(); |
||
192 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||
193 | break; |
||
194 | case 'edit': |
||
195 | $GLOBALS['xoTheme']->addScript('modules/modulebuilder/assets/js/functions.js'); |
||
196 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('modules.php')); |
||
197 | $adminObject->addItemButton(\_AM_MODULEBUILDER_MODULES_ADD, 'modules.php?op=new', 'add'); |
||
198 | $adminObject->addItemButton(\_AM_MODULEBUILDER_MODULES_LIST, 'modules.php', 'list'); |
||
199 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||
200 | |||
201 | $modulesObj = $helper->getHandler('Modules')->get($modId); |
||
202 | $form = $modulesObj->getFormModules(); |
||
203 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||
204 | break; |
||
205 | case 'delete': |
||
206 | $modulesObj = $helper->getHandler('Modules')->get($modId); |
||
207 | if (isset($_REQUEST['ok']) && 1 == $_REQUEST['ok']) { |
||
208 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||
209 | \redirect_header('modules.php', 3, \implode(',', $GLOBALS['xoopsSecurity']->getErrors())); |
||
210 | } |
||
211 | //delete all morefiles |
||
212 | $critDelete = new \CriteriaCompo(); |
||
213 | $critDelete->add(new \Criteria('file_mid', $modId)); |
||
214 | $helper->getHandler('Morefiles')->deleteAll($critDelete); |
||
215 | unset($critDelete); |
||
216 | //delete all fields |
||
217 | $critDelete = new \CriteriaCompo(); |
||
218 | $critDelete->add(new \Criteria('field_mid', $modId)); |
||
219 | $helper->getHandler('Fields')->deleteAll($critDelete); |
||
220 | unset($critDelete); |
||
221 | //delete all tables |
||
222 | $critDelete = new \CriteriaCompo(); |
||
223 | $critDelete->add(new \Criteria('table_mid', $modId)); |
||
224 | $helper->getHandler('Tables')->deleteAll($critDelete); |
||
225 | unset($critDelete); |
||
226 | //delete module |
||
227 | if ($helper->getHandler('Modules')->delete($modulesObj)) { |
||
228 | \redirect_header('modules.php', 3, \_AM_MODULEBUILDER_FORMDELOK); |
||
229 | } else { |
||
230 | $GLOBALS['xoopsTpl']->assign('error', $modulesObj->getHtmlErrors()); |
||
231 | } |
||
232 | } else { |
||
233 | $xoopsconfirm = new \XoopsModules\Modulebuilder\Common\XoopsConfirm( |
||
234 | ['ok' => 1, 'mod_id' => $modId, 'op' => 'delete'], |
||
235 | \Xmf\Request::getString('REQUEST_URI', '', 'SERVER'), |
||
236 | $modulesObj->getVar('mod_name') |
||
237 | ); |
||
238 | $form = $xoopsconfirm->getFormXoopsConfirm(); |
||
239 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||
240 | } |
||
241 | break; |
||
242 | case 'display': |
||
243 | $modFieldArray = ['admin', 'user', 'blocks', 'search', 'comments', 'notifications', 'permissions']; |
||
244 | $id = Request::getInt('mod_id', 0, 'POST'); |
||
245 | if ($id > 0) { |
||
246 | $modulesObj = $helper->getHandler('Modules')->get($id); |
||
247 | foreach ($modFieldArray as $moduleField) { |
||
248 | if (isset($_POST['mod_' . $moduleField])) { |
||
249 | $modField = $modulesObj->getVar('mod_' . $moduleField); |
||
250 | $modulesObj->setVar('mod_' . $moduleField, !$modField); |
||
251 | } |
||
252 | } |
||
253 | if ($helper->getHandler('Modules')->insert($modulesObj)) { |
||
254 | \redirect_header('modules.php', 3, \_AM_MODULEBUILDER_TOGGLE_SUCCESS); |
||
255 | } |
||
256 | $GLOBALS['xoopsTpl']->assign('error', $modulesObj->getHtmlErrors()); |
||
257 | } |
||
258 | break; |
||
259 | case 'clone': |
||
260 | $modIdSource = Request::getInt('mod_id', 0); |
||
261 | if ($modIdSource > 0) { |
||
262 | //clone data table modules |
||
263 | $modulesHandler = $helper->getHandler('Modules'); |
||
264 | $tablesHandler = $helper->getHandler('Tables'); |
||
265 | $fieldsHandler = $helper->getHandler('Fields'); |
||
266 | $moduleSource = $modulesHandler->get($modIdSource); |
||
267 | $moduleTarget = $modulesHandler->create(); |
||
268 | $sourceVars = $moduleSource->getVars(); |
||
269 | foreach ($sourceVars as $varKey => $varArray) { |
||
270 | if ('mod_id' !== $varKey) { |
||
271 | if (in_array($varKey, ['mod_name', 'mod_dirname'])) { |
||
272 | for ($i = 1; $i <= 10; $i++) { |
||
273 | $uniqValue = $varArray['value'] . $i; |
||
274 | $result = $GLOBALS['xoopsDB']->query( |
||
275 | 'SELECT * FROM ' . $GLOBALS['xoopsDB']->prefix('modulebuilder_modules') . " as ms WHERE ms.{$varKey} = '{$uniqValue}'" |
||
276 | ); |
||
277 | $num_rows = $GLOBALS['xoopsDB']->getRowsNum($result); |
||
278 | if ($num_rows == 0) { |
||
279 | break; |
||
280 | } |
||
281 | } |
||
282 | $moduleTarget->setVar($varKey, $uniqValue); |
||
283 | } else { |
||
284 | $moduleTarget->setVar($varKey, $varArray['value']); |
||
285 | } |
||
286 | } |
||
287 | } |
||
288 | |||
289 | if ($modulesHandler->insert($moduleTarget)) { |
||
290 | //get new mod_id |
||
291 | $modIdTarget = $GLOBALS['xoopsDB']->getInsertId(); |
||
292 | } else { |
||
293 | \redirect_header('modules.php', 5, \_AM_MODULEBUILDER_MODULE_CLONE_ERROR); |
||
294 | } |
||
295 | |||
296 | //clone data table tables |
||
297 | $resultTables = $GLOBALS['xoopsDB']->query( |
||
298 | 'SELECT table_id FROM ' . $GLOBALS['xoopsDB']->prefix('modulebuilder_tables') . " as ts WHERE ts.table_mid = '{$modIdSource}'" |
||
299 | ); |
||
300 | if (!$resultTables instanceof \mysqli_result) { |
||
301 | \trigger_error($GLOBALS['xoopsDB']->error()); |
||
302 | } |
||
303 | $num_rows1 = $GLOBALS['xoopsDB']->getRowsNum($resultTables); |
||
304 | if ($num_rows1 > 0) { |
||
305 | while (false !== ($myTables = $GLOBALS['xoopsDB']->fetchArray($resultTables))) { |
||
306 | $tableIdSource = $myTables['table_id']; |
||
307 | $tableSource = $tablesHandler->get($tableIdSource); |
||
308 | $tableTarget = $tablesHandler->create(); |
||
309 | $sourceVars = $tableSource->getVars(); |
||
310 | foreach ($sourceVars as $varKey => $varArray) { |
||
311 | //skip table_id |
||
312 | if ('table_id' !== $varKey) { |
||
313 | //replace mod_id by new mod_id |
||
314 | if ('table_mid' === $varKey) { |
||
315 | $tableTarget->setVar($varKey, $modIdTarget); |
||
316 | } else { |
||
317 | $tableTarget->setVar($varKey, $varArray['value']); |
||
318 | } |
||
319 | } |
||
320 | } |
||
321 | if ($tablesHandler->insert($tableTarget)) { |
||
322 | //get new table_id |
||
323 | $tableIdTarget = $GLOBALS['xoopsDB']->getInsertId(); |
||
324 | } else { |
||
325 | \redirect_header('modules.php', 5, \_AM_MODULEBUILDER_MODULE_CLONE_ERROR); |
||
326 | } |
||
327 | |||
328 | //clone data table fields |
||
329 | $resultFields = $GLOBALS['xoopsDB']->query( |
||
330 | 'SELECT field_id FROM ' . $GLOBALS['xoopsDB']->prefix('modulebuilder_fields') . " as fs WHERE fs.field_tid = '{$tableIdSource}'" |
||
331 | ); |
||
332 | if (!$resultFields instanceof \mysqli_result) { |
||
333 | \trigger_error($GLOBALS['xoopsDB']->error()); |
||
334 | } |
||
335 | $num_rows2 = $GLOBALS['xoopsDB']->getRowsNum($resultFields); |
||
336 | if ($num_rows2 > 0) { |
||
337 | while (false !== ($myField = $GLOBALS['xoopsDB']->fetchArray($resultFields))) { |
||
338 | $fieldIdSource = $myField['field_id']; |
||
339 | $fieldsSource = $fieldsHandler->get($fieldIdSource); |
||
340 | $fieldsTarget = $fieldsHandler->create(); |
||
341 | $sourceVars = $fieldsSource->getVars(); |
||
342 | foreach ($sourceVars as $varKey => $varArray) { |
||
343 | //skip field_id |
||
344 | if ('field_id' !== $varKey) { |
||
345 | if ('field_mid' === $varKey) { |
||
346 | //replace mod_id by new mod_id |
||
347 | $fieldsTarget->setVar($varKey, $modIdTarget); |
||
348 | } elseif ('field_tid' === $varKey) { |
||
349 | //replace table_id by new table_id |
||
350 | $fieldsTarget->setVar($varKey, $tableIdTarget); |
||
351 | } else { |
||
352 | $fieldsTarget->setVar($varKey, $varArray['value']); |
||
353 | } |
||
354 | } |
||
355 | } |
||
356 | if (!$fieldsHandler->insert($fieldsTarget)) { |
||
357 | \redirect_header('modules.php', 5, \_AM_MODULEBUILDER_MODULE_CLONE_ERROR); |
||
358 | } |
||
359 | } |
||
360 | } |
||
361 | } |
||
362 | } |
||
363 | |||
364 | \redirect_header('modules.php', 5, \_AM_MODULEBUILDER_MODULE_CLONE_SUCCESS); |
||
365 | } |
||
366 | |||
367 | break; |
||
368 | } |
||
369 | |||
370 | require __DIR__ . '/footer.php'; |
||
371 |