Issues in AdminXoopsCode.php (master) - Issues in master - ggoffy/modulebuilder - Measure and Improve Code Quality continuously with Scrutinizer

Issues (314)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/Files/admin/AdminXoopsCode.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

<?php

namespace XoopsModules\Modulebuilder\Files\Admin;

use XoopsModules\Modulebuilder;

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
/**
 * modulebuilder module.
 *
 * @copyright       XOOPS Project (https://xoops.org)
 * @license         GNU GPL 2 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
 *
 * @since           2.5.0
 *
 * @author          Txmod Xoops https://xoops.org 
 *                  Goffy https://myxoops.org
 *
 */

/**
 * Class Axc.
 */
class AdminXoopsCode
{
    /**
     * @var mixed
     */
    private $xc = null;

    /**
     * @var mixed
     */
    private $pc = null;

    /**
     * @public function constructor
     * @param null
     */
    public function __construct()
    {
        $this->xc = Modulebuilder\Files\CreateXoopsCode::getInstance();
        $this->pc = Modulebuilder\Files\CreatePhpCode::getInstance();
    }

    /**
     * @static function getInstance
     * @param null
     * @return AdminXoopsCode
     */
    public static function getInstance()
    {
        static $instance = false;
        if (!$instance) {
            $instance = new self();
        }

        return $instance;
    }

    /**
     * @public function getAdminTemplateMain
     * @param        $moduleDirname
     * @param        $tableName
     *
     * @param string $t
     * @return string
     */
    public function getAdminTemplateMain($moduleDirname, $tableName, $t = '')
    {
        return "{$t}\$templateMain = '{$moduleDirname}_admin_{$tableName}.tpl';\n";
    }

    /**
     * @public function getAdminTemplateMain
     * @param        $language
     * @param        $tableName
     * @param        $stuTableSoleName
     * @param string $op
     * @param string $type
     *
     * @param string $t
     * @return string
     */
    public function getAdminItemButton($language, $tableName, $stuTableSoleName, $op = '?op=new', $type = 'add', $t = '')
    {
        $stuType = \mb_strtoupper($type);
        $aM      = $t . '$adminObject->addItemButton(';
        switch ($type) {
            case 'add';
                $ret = $aM . "{$language}ADD_{$stuTableSoleName}, '{$tableName}.php{$op}', '{$type}');\n";
            break;
            case 'samplebutton';
                $ret = $aM . "{$language}, '{$op}', 'add');\n";
                break;
            case 'default':
            default:
                $ret = $aM . "{$language}{$stuType}_{$stuTableSoleName}, '{$tableName}.php{$op}', '{$type}');\n";
            break;
        }

        return $ret;
    }

    /**
     * @public function getAdminAddNavigation
     *
     * @param $type
     * @param string $t
     * @return string
     */
    public function getAdminDisplayButton($type, $t = '')
    {
        return "{$t}\$adminObject->displayButton('{$type}');\n";
    }

    /**
     * @public function getAdminAddNavigation
     *
     * @param        $tableName
     *
     * @param string $t
     * @return string
     */
    public function getAdminDisplayNavigation($tableName, $t = '')
    {
        return "{$t}\$adminObject->displayNavigation('{$tableName}.php')";
    }

    /**
     * @public function getAxcAddInfoBox
     * @param        $language
     *
     * @param string $t
     * @return string
     */
    public function getAxcAddInfoBox($language, $t = '')
    {
        return "{$t}\$adminObject->addInfoBox({$language});\n";
    }

    /**
     * @public function getAxcAddInfoBoxLine
     * @param string $label
     * @param string $var
     *
     * @param string $t
     * @return string
     */
    public function getAxcAddInfoBoxLine($label = '', $var = '', $t = '')
    {
        $aMenu = $t . '$adminObject->addInfoBoxLine(\sprintf(';
        if ('' != $var) {
            $ret = $aMenu . " '<label>' . {$label} . '</label>', {$var}));\n";
        } else {
            $ret = $aMenu . " '<label>' . {$label} . '</label>'));\n";
        }

        return $ret;
    }

    /**
     * @public function getAxcAddConfigBoxLine
     * @param        $language
     * @param string $label
     * @param string $var
     *
     * @param string $t
     * @return string
     */
    public function getAxcAddConfigBoxLine($language, $label = '', $var = '', $t = '')
    {
        $aMenu = $t . '$adminObject->addConfigBoxLine(';
        if ('' != $var) {
            $ret = $aMenu . "{$language}, '{$label}', {$var});\n";
        } else {
            $ret = $aMenu . "{$language}, '{$label}');\n";
        }

        return $ret;
    }

    /**
     * @public function getAxcSetVarImageList
     * @param string $tableName
     * @param string $fieldName
     * @param string $t
     * @param int $countUploader
     * @return string
     */
    public function getAxcSetVarImageList($tableName, $fieldName, $t = '', $countUploader = 0)
    {
        $ret         = $this->pc->getPhpCodeCommentLine('Set Var', $fieldName, $t);
        $ret         .= $this->pc->getPhpCodeIncludeDir('\XOOPS_ROOT_PATH', 'class/uploader', true, false, '', $t);
        $xRootPath   = "\XOOPS_ROOT_PATH . '/Frameworks/moduleclasses/icons/32'";
        $ret         .= $this->xc->getXcMediaUploader('uploader', $xRootPath, 'mimetypes_image', 'maxsize_image', $t);
        $post        = $this->pc->getPhpCodeGlobalsVariables('xoops_upload_file', 'POST') . '[' . $countUploader . ']';
        $fetchMedia  = $this->getAxcFetchMedia('uploader', $post);
        $ifelse      = $t . "\t//" . $this->getAxcSetPrefix('uploader', "{$fieldName}_") . ";\n";
        $ifelse      .= $t . "\t//{$fetchMedia};\n";
        $contIf      = $this->xc->getXcSetVarObj($tableName, $fieldName, '$uploader->getSavedFileName()', $t . "\t\t");
        $contElseInt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
        $ifelse      .= $this->pc->getPhpCodeConditions('$uploader->upload()', '', '', $contIf, $contElseInt, $t . "\t");
        $contElseExt = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}')", $t . "\t");

        $ret         .= $this->pc->getPhpCodeConditions($fetchMedia, '', '', $ifelse, $contElseExt, $t);

        return $ret;
    }

    /**
     * @public function getAxcSetVarUploadImage
     * @param string $moduleDirname
     * @param string $tableName
     * @param string $fieldName
     * @param        $fieldMain
     * @param string $t
     * @param int    $countUploader
     * @return string
     */
    public function getAxcSetVarUploadImage($moduleDirname, $tableName, $fieldName, $fieldMain, $t = '', $countUploader = 0)
    {
        $stuModuleDirname = \mb_strtoupper($moduleDirname);
        $ucfModuleDirname = \ucfirst($moduleDirname);
        $ret          = $this->pc->getPhpCodeCommentLine('Set Var', $fieldName, $t);
        $ret          .= $this->pc->getPhpCodeIncludeDir('\XOOPS_ROOT_PATH', 'class/uploader', true, false, '', $t);
        $file         = $this->pc->getPhpCodeGlobalsVariables($fieldName, 'FILES') . "['name']";
        $ret          .= $this->xc->getXcEqualsOperator('$filename      ', $file, null, $t);
        $mimetype     = $this->pc->getPhpCodeGlobalsVariables($fieldName, 'FILES') . "['type']";
        $ret          .= $this->xc->getXcEqualsOperator('$imgMimetype   ', $mimetype, null, $t);
        $ret          .= $this->xc->getXcEqualsOperator('$imgNameDef    ', "Request::getString('{$fieldMain}')", null, $t);
        $xUploadImage = "\\{$stuModuleDirname}_UPLOAD_IMAGE_PATH";
        $ret          .= $this->xc->getXcMediaUploader('uploader', $xUploadImage . " . '/{$tableName}/'", 'mimetypes_image', 'maxsize_image', $t);
        $post         = $this->pc->getPhpCodeGlobalsVariables('xoops_upload_file', 'POST') . '[' . $countUploader . ']';
        $fetchMedia   = $this->getAxcFetchMedia('uploader', $post);
        $expr         = '/^.+\.([^.]+)$/sU';
        $ifelse       = $this->pc->getPhpCodePregFunzions('extension', $expr, '', "\$filename", 'replace', false, $t . "\t");
        $ifelse       .= $t . "\t\$imgName = \str_replace(' ', '', \$imgNameDef) . '.' . \$extension;\n";
        $ifelse       .= $this->getAxcSetPrefix('uploader', '$imgName', $t . "\t") . ";\n";
        $ifelse       .= $t . "\t{$fetchMedia};\n";
        $contIf       = $this->xc->getXcEqualsOperator('$savedFilename', '$uploader->getSavedFileName()', null, $t . "\t\t");
        $config       = $this->xc->getXcGetConfig('maxwidth_image');
        $contIf       .= $this->xc->getXcEqualsOperator('$maxwidth ', "(int){$config}", null, $t . "\t\t");
        $config       = $this->xc->getXcGetConfig('maxheight_image');
        $contIf       .= $this->xc->getXcEqualsOperator('$maxheight', "(int){$config}", null, $t . "\t\t");
        $resizer      = $this->pc->getPhpCodeCommentLine('Resize image', '', $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$imgHandler               ', "new {$ucfModuleDirname}\Common\Resizer()", null, $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$imgHandler->sourceFile   ', $xUploadImage . " . '/{$tableName}/' . \$savedFilename", null, $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$imgHandler->endFile      ', $xUploadImage . " . '/{$tableName}/' . \$savedFilename", null, $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$imgHandler->imageMimetype', '$imgMimetype', null, $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$imgHandler->maxWidth     ', '$maxwidth', null, $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$imgHandler->maxHeight    ', '$maxheight', null, $t . "\t\t\t");
        $resizer      .= $this->xc->getXcEqualsOperator('$result                   ', '$imgHandler->resizeImage()', null, $t . "\t\t\t");
        $contIf       .= $this->pc->getPhpCodeConditions('$maxwidth > 0 && $maxheight > 0', '', '', $resizer, false, $t . "\t\t");
        $contIf       .= $this->xc->getXcSetVarObj($tableName, $fieldName, '$savedFilename', $t . "\t\t");
        $contElseInt  = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
        $ifelse       .= $this->pc->getPhpCodeConditions('$uploader->upload()', '', '', $contIf, $contElseInt, $t . "\t");
        $ifelseExt    = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
        $contElseExt  = $this->pc->getPhpCodeConditions("\$filename", ' > ', "''", $ifelseExt, false, $t . "\t");
        $contElseExt  .= $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}')", $t . "\t");

        $ret          .= $this->pc->getPhpCodeConditions($fetchMedia, '', '', $ifelse, $contElseExt, $t);

        return $ret;
    }

    /**
     * @public function getAxcFileSetVar
     * @param        $moduleDirname
     * @param        $tableName
     * @param        $fieldName
     * @param bool   $formatUrl
     * @param string $t
     * @param int    $countUploader
     * @param string $fieldMain
     * @return string
     */
    public function getAxcSetVarUploadFile($moduleDirname, $tableName, $fieldName, $formatUrl = false, $t = '', $countUploader = 0, $fieldMain = '')
    {
        $stuModuleDirname = \mb_strtoupper($moduleDirname);
        $ret              = $this->getAxcSetVarImageFile('\\' . $stuModuleDirname . '_UPLOAD_FILES_PATH', $tableName, $fieldName, $formatUrl, $t, $countUploader, $fieldMain, 'mimetypes_file', 'maxsize_file');

        return $ret;
    }

    /**
     * @private function getAxcSetVarImageFile
     * @param        $dirname
     * @param        $tableName
     * @param        $fieldName
     * @param bool $formatUrl
     * @param string $t
     * @param int $countUploader
     * @param string $fieldMain
     * @param string $mimetype
     * @param string $maxsize
     * @return string
     */
    private function getAxcSetVarImageFile($dirname, $tableName, $fieldName, $formatUrl = false, $t = '', $countUploader = 0, $fieldMain = '', $mimetype = 'mimetypes_image', $maxsize = 'maxsize_image')
    {
        $ret    = '';
        $files  = '';
        $contIf = '';


        if ($formatUrl) {
            $ret .= $this->xc->getXcSetVarObj($tableName, $fieldName, "formatURL(\$_REQUEST['{$fieldName}'])", $t);
        }
        $ret         .= $this->pc->getPhpCodeCommentLine('Set Var', $fieldName, $t);
        $ret         .= $this->pc->getPhpCodeIncludeDir('\XOOPS_ROOT_PATH', 'class/uploader', true, false, '', $t);
        $file        = $this->pc->getPhpCodeGlobalsVariables($fieldName, 'FILES') . "['name']";
        $ret         .= $this->xc->getXcEqualsOperator('$filename      ', $file, null, $t);
        $ret         .= $this->xc->getXcEqualsOperator('$imgNameDef    ', "Request::getString('{$fieldMain}')", null, $t);
        $ret         .= $this->xc->getXcMediaUploader('uploader', $dirname . " . '/{$tableName}{$files}/'", $mimetype, $maxsize, $t);
        $post        = $this->pc->getPhpCodeGlobalsVariables('xoops_upload_file', 'POST') . '[' . $countUploader . ']';
        $fetchMedia  = $this->getAxcFetchMedia('uploader', $post);
        $expr        = '/^.+\.([^.]+)$/sU';
        $ifelse      = $this->pc->getPhpCodePregFunzions('extension', $expr, '', "\$filename", 'replace', false, $t . "\t");
        $ifelse      .= $t . "\t\$imgName = \str_replace(' ', '', \$imgNameDef) . '.' . \$extension;\n";
        $ifelse      .= $this->getAxcSetPrefix('uploader', '$imgName', $t . "\t") . ";\n";
        $ifelse      .= $t . "\t{$fetchMedia};\n";
        $contIf      = $this->xc->getXcSetVarObj($tableName, $fieldName, '$uploader->getSavedFileName()', $t . "\t\t");
        $contElseInt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
        $ifelse      .= $this->pc->getPhpCodeConditions('$uploader->upload()', '', '', $contIf, $contElseInt, $t . "\t");
        $ifelseExt   = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
        $contElseExt = $this->pc->getPhpCodeConditions("\$filename", ' > ', "''", $ifelseExt, false, $t . "\t");
        $contElseExt .= $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}')", $t . "\t");

        $ret         .= $this->pc->getPhpCodeConditions($fetchMedia, '', '', $ifelse, $contElseExt, $t);

        return $ret;
    }

    /**
     * @public function getAxcSetVarPassword
     * @param        $tableName
     * @param        $fieldName
     * @param string $t
     * @return string
     */
    public function getAxcSetVarPassword($tableName, $fieldName, $t = '')
    {
        $cf  = Modulebuilder\Files\CreateFile::getInstance();
        $ccFieldId = $cf->getCamelCase($fieldName, false, true);
        $ret       = $this->xc->getXcEqualsOperator("\${$ccFieldId}", "Request::getString('{$fieldName}', '')", '',$t);
        $contIf    = $this->xc->getXcSetVarObj($tableName, $fieldName, "password_hash(\${$ccFieldId}, PASSWORD_DEFAULT)", $t . "\t");
        $ret       .= $this->pc->getPhpCodeConditions("\${$ccFieldId}", ' !== ', "''", $contIf, false, $t);

        return $ret;
    }


    /**
     * @public function getAxcSetVarMisc
     * @param        $tableName
     * @param        $fieldName
     * @param $fieldType
     * @param $fieldElement
     * @param string $t
     * @return string
     */
    public function getAxcSetVarMisc($tableName, $fieldName, $fieldType, $fieldElement, $t = '')
    {
        switch ((int)$fieldType){
            case 2:
            case 3:
            case 4:
            case 5:
                $ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getInt('{$fieldName}', 0)", $t);
                break;
            case 6:
            case 7:
            case 8:
                $ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getFloat('{$fieldName}', 0)", $t);
                break;
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
                if ((int)$fieldElement == 4) {
                    $ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getText('{$fieldName}', '')", $t);
                } else {
                    $ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}', '')", $t);
                }
                break;
            case 0:
            default:
                //TODO: should be finally
                $ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "\$_POST['{$fieldName}']", $t);
                break;
        }

        return $ret;
    }

    /**
     * @public function getAxcFetchMedia
     *
     * @param        $anchor
     * @param        $var
     *
     * @param string $t
     * @return string
     */
    public function getAxcFetchMedia($anchor, $var, $t = '')
    {
        return "{$t}\${$anchor}->fetchMedia({$var})";
    }

    /**
     * @public function getAxcSetPrefix
     *
     * @param        $anchor
     * @param        $var
     *
     * @param string $t
     * @return string
     */
    public function getAxcSetPrefix($anchor, $var, $t = '')
    {
        return "{$t}\${$anchor}->setPrefix({$var})";
    }
}


1			<?php
2
3			namespace XoopsModules\Modulebuilder\Files\Admin;
4
5			use XoopsModules\Modulebuilder;
6
7			/*
8			You may not change or alter any portion of this comment or credits
9			of supporting developers from this source code or any supporting source code
10			which is considered copyrighted (c) material of the original comment or credit authors.
11
12			This program is distributed in the hope that it will be useful,
13			but WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15			*/
16			/**
17			* modulebuilder module.
18			*
19			* @copyright XOOPS Project (https://xoops.org)
20			* @license GNU GPL 2 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
21			*
22			* @since 2.5.0
23			*
24			* @author Txmod Xoops https://xoops.org
25			* Goffy https://myxoops.org
26			*
27			*/
28
29			/**
30			* Class Axc.
31			*/
32			class AdminXoopsCode
33			{
34			/**
35			* @var mixed
36			*/
37			private $xc = null;
38
39			/**
40			* @var mixed
41			*/
42			private $pc = null;
43
44			/**
45			* @public function constructor
46			* @param null
47			*/
48			public function __construct()
49			{
50			$this->xc = Modulebuilder\Files\CreateXoopsCode::getInstance();
51			$this->pc = Modulebuilder\Files\CreatePhpCode::getInstance();
52			}
53
54			/**
55			* @static function getInstance
56			* @param null
57			* @return AdminXoopsCode
58			*/
59			public static function getInstance()
60			{
61			static $instance = false;
62			if (!$instance) {
63			$instance = new self();
64			}
65
66			return $instance;
67			}
68
69			/**
70			* @public function getAdminTemplateMain
71			* @param $moduleDirname
72			* @param $tableName
73			*
74			* @param string $t
75			* @return string
76			*/
77			public function getAdminTemplateMain($moduleDirname, $tableName, $t = '')
78			{
79			return "{$t}\$templateMain = '{$moduleDirname}_admin_{$tableName}.tpl';\n";
80			}
81
82			/**
83			* @public function getAdminTemplateMain
84			* @param $language
85			* @param $tableName
86			* @param $stuTableSoleName
87			* @param string $op
88			* @param string $type
89			*
90			* @param string $t
91			* @return string
92			*/
93			public function getAdminItemButton($language, $tableName, $stuTableSoleName, $op = '?op=new', $type = 'add', $t = '')
94			{
95			$stuType = \mb_strtoupper($type);
96			$aM = $t . '$adminObject->addItemButton(';
97			switch ($type) {
98			case 'add';
99			$ret = $aM . "{$language}ADD_{$stuTableSoleName}, '{$tableName}.php{$op}', '{$type}');\n";
100			break;
101			case 'samplebutton';
102			$ret = $aM . "{$language}, '{$op}', 'add');\n";
103			break;
104			case 'default':
105			default:
106			$ret = $aM . "{$language}{$stuType}_{$stuTableSoleName}, '{$tableName}.php{$op}', '{$type}');\n";
107			break;
108			}
109
110			return $ret;
111			}
112
113			/**
114			* @public function getAdminAddNavigation
115			*
116			* @param $type
117			* @param string $t
118			* @return string
119			*/
120			public function getAdminDisplayButton($type, $t = '')
121			{
122			return "{$t}\$adminObject->displayButton('{$type}');\n";
123			}
124
125			/**
126			* @public function getAdminAddNavigation
127			*
128			* @param $tableName
129			*
130			* @param string $t
131			* @return string
132			*/
133			public function getAdminDisplayNavigation($tableName, $t = '')
134			{
135			return "{$t}\$adminObject->displayNavigation('{$tableName}.php')";
136			}
137
138			/**
139			* @public function getAxcAddInfoBox
140			* @param $language
141			*
142			* @param string $t
143			* @return string
144			*/
145			public function getAxcAddInfoBox($language, $t = '')
146			{
147			return "{$t}\$adminObject->addInfoBox({$language});\n";
148			}
149
150			/**
151			* @public function getAxcAddInfoBoxLine
152			* @param string $label
153			* @param string $var
154			*
155			* @param string $t
156			* @return string
157			*/
158			public function getAxcAddInfoBoxLine($label = '', $var = '', $t = '')
159			{
160			$aMenu = $t . '$adminObject->addInfoBoxLine(\sprintf(';
161			if ('' != $var) {
162			$ret = $aMenu . " '<label>' . {$label} . '</label>', {$var}));\n";
163			} else {
164			$ret = $aMenu . " '<label>' . {$label} . '</label>'));\n";
165			}
166
167			return $ret;
168			}
169
170			/**
171			* @public function getAxcAddConfigBoxLine
172			* @param $language
173			* @param string $label
174			* @param string $var
175			*
176			* @param string $t
177			* @return string
178			*/
179			public function getAxcAddConfigBoxLine($language, $label = '', $var = '', $t = '')
180			{
181			$aMenu = $t . '$adminObject->addConfigBoxLine(';
182			if ('' != $var) {
183			$ret = $aMenu . "{$language}, '{$label}', {$var});\n";
184			} else {
185			$ret = $aMenu . "{$language}, '{$label}');\n";
186			}
187
188			return $ret;
189			}
190
191			/**
192			* @public function getAxcSetVarImageList
193			* @param string $tableName
194			* @param string $fieldName
195			* @param string $t
196			* @param int $countUploader
197			* @return string
198			*/
199			public function getAxcSetVarImageList($tableName, $fieldName, $t = '', $countUploader = 0)
200			{
201			$ret = $this->pc->getPhpCodeCommentLine('Set Var', $fieldName, $t);
202			$ret .= $this->pc->getPhpCodeIncludeDir('\XOOPS_ROOT_PATH', 'class/uploader', true, false, '', $t);
203			$xRootPath = "\XOOPS_ROOT_PATH . '/Frameworks/moduleclasses/icons/32'";
204			$ret .= $this->xc->getXcMediaUploader('uploader', $xRootPath, 'mimetypes_image', 'maxsize_image', $t);
205			$post = $this->pc->getPhpCodeGlobalsVariables('xoops_upload_file', 'POST') . '[' . $countUploader . ']';
206			$fetchMedia = $this->getAxcFetchMedia('uploader', $post);
207			$ifelse = $t . "\t//" . $this->getAxcSetPrefix('uploader', "{$fieldName}_") . ";\n";
208			$ifelse .= $t . "\t//{$fetchMedia};\n";
209			$contIf = $this->xc->getXcSetVarObj($tableName, $fieldName, '$uploader->getSavedFileName()', $t . "\t\t");
210			$contElseInt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
211			$ifelse .= $this->pc->getPhpCodeConditions('$uploader->upload()', '', '', $contIf, $contElseInt, $t . "\t");
212			$contElseExt = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}')", $t . "\t");
213
214			$ret .= $this->pc->getPhpCodeConditions($fetchMedia, '', '', $ifelse, $contElseExt, $t);
215
216			return $ret;
217			}
218
219			/**
220			* @public function getAxcSetVarUploadImage
221			* @param string $moduleDirname
222			* @param string $tableName
223			* @param string $fieldName
224			* @param $fieldMain
225			* @param string $t
226			* @param int $countUploader
227			* @return string
228			*/
229			public function getAxcSetVarUploadImage($moduleDirname, $tableName, $fieldName, $fieldMain, $t = '', $countUploader = 0)
230			{
231			$stuModuleDirname = \mb_strtoupper($moduleDirname);
232			$ucfModuleDirname = \ucfirst($moduleDirname);
233			$ret = $this->pc->getPhpCodeCommentLine('Set Var', $fieldName, $t);
234			$ret .= $this->pc->getPhpCodeIncludeDir('\XOOPS_ROOT_PATH', 'class/uploader', true, false, '', $t);
235			$file = $this->pc->getPhpCodeGlobalsVariables($fieldName, 'FILES') . "['name']";
236			$ret .= $this->xc->getXcEqualsOperator('$filename ', $file, null, $t);
237			$mimetype = $this->pc->getPhpCodeGlobalsVariables($fieldName, 'FILES') . "['type']";
238			$ret .= $this->xc->getXcEqualsOperator('$imgMimetype ', $mimetype, null, $t);
239			$ret .= $this->xc->getXcEqualsOperator('$imgNameDef ', "Request::getString('{$fieldMain}')", null, $t);
240			$xUploadImage = "\\{$stuModuleDirname}_UPLOAD_IMAGE_PATH";
241			$ret .= $this->xc->getXcMediaUploader('uploader', $xUploadImage . " . '/{$tableName}/'", 'mimetypes_image', 'maxsize_image', $t);
242			$post = $this->pc->getPhpCodeGlobalsVariables('xoops_upload_file', 'POST') . '[' . $countUploader . ']';
243			$fetchMedia = $this->getAxcFetchMedia('uploader', $post);
244			$expr = '/^.+\.([^.]+)$/sU';
245			$ifelse = $this->pc->getPhpCodePregFunzions('extension', $expr, '', "\$filename", 'replace', false, $t . "\t");
246			$ifelse .= $t . "\t\$imgName = \str_replace(' ', '', \$imgNameDef) . '.' . \$extension;\n";
247			$ifelse .= $this->getAxcSetPrefix('uploader', '$imgName', $t . "\t") . ";\n";
248			$ifelse .= $t . "\t{$fetchMedia};\n";
249			$contIf = $this->xc->getXcEqualsOperator('$savedFilename', '$uploader->getSavedFileName()', null, $t . "\t\t");
250			$config = $this->xc->getXcGetConfig('maxwidth_image');
251			$contIf .= $this->xc->getXcEqualsOperator('$maxwidth ', "(int){$config}", null, $t . "\t\t");
252			$config = $this->xc->getXcGetConfig('maxheight_image');
253			$contIf .= $this->xc->getXcEqualsOperator('$maxheight', "(int){$config}", null, $t . "\t\t");
254			$resizer = $this->pc->getPhpCodeCommentLine('Resize image', '', $t . "\t\t\t");
255			$resizer .= $this->xc->getXcEqualsOperator('$imgHandler ', "new {$ucfModuleDirname}\Common\Resizer()", null, $t . "\t\t\t");
256			$resizer .= $this->xc->getXcEqualsOperator('$imgHandler->sourceFile ', $xUploadImage . " . '/{$tableName}/' . \$savedFilename", null, $t . "\t\t\t");
257			$resizer .= $this->xc->getXcEqualsOperator('$imgHandler->endFile ', $xUploadImage . " . '/{$tableName}/' . \$savedFilename", null, $t . "\t\t\t");
258			$resizer .= $this->xc->getXcEqualsOperator('$imgHandler->imageMimetype', '$imgMimetype', null, $t . "\t\t\t");
259			$resizer .= $this->xc->getXcEqualsOperator('$imgHandler->maxWidth ', '$maxwidth', null, $t . "\t\t\t");
260			$resizer .= $this->xc->getXcEqualsOperator('$imgHandler->maxHeight ', '$maxheight', null, $t . "\t\t\t");
261			$resizer .= $this->xc->getXcEqualsOperator('$result ', '$imgHandler->resizeImage()', null, $t . "\t\t\t");
262			$contIf .= $this->pc->getPhpCodeConditions('$maxwidth > 0 && $maxheight > 0', '', '', $resizer, false, $t . "\t\t");
263			$contIf .= $this->xc->getXcSetVarObj($tableName, $fieldName, '$savedFilename', $t . "\t\t");
264			$contElseInt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
265			$ifelse .= $this->pc->getPhpCodeConditions('$uploader->upload()', '', '', $contIf, $contElseInt, $t . "\t");
266			$ifelseExt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
267			$contElseExt = $this->pc->getPhpCodeConditions("\$filename", ' > ', "''", $ifelseExt, false, $t . "\t");
268			$contElseExt .= $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}')", $t . "\t");
269
270			$ret .= $this->pc->getPhpCodeConditions($fetchMedia, '', '', $ifelse, $contElseExt, $t);
271
272			return $ret;
273			}
274
275			/**
276			* @public function getAxcFileSetVar
277			* @param $moduleDirname
278			* @param $tableName
279			* @param $fieldName
280			* @param bool $formatUrl
281			* @param string $t
282			* @param int $countUploader
283			* @param string $fieldMain
284			* @return string
285			*/
286			public function getAxcSetVarUploadFile($moduleDirname, $tableName, $fieldName, $formatUrl = false, $t = '', $countUploader = 0, $fieldMain = '')
287			{
288			$stuModuleDirname = \mb_strtoupper($moduleDirname);
289			$ret = $this->getAxcSetVarImageFile('\\' . $stuModuleDirname . '_UPLOAD_FILES_PATH', $tableName, $fieldName, $formatUrl, $t, $countUploader, $fieldMain, 'mimetypes_file', 'maxsize_file');
290
291			return $ret;
292			}
293
294			/**
295			* @private function getAxcSetVarImageFile
296			* @param $dirname
297			* @param $tableName
298			* @param $fieldName
299			* @param bool $formatUrl
300			* @param string $t
301			* @param int $countUploader
302			* @param string $fieldMain
303			* @param string $mimetype
304			* @param string $maxsize
305			* @return string
306			*/
307			private function getAxcSetVarImageFile($dirname, $tableName, $fieldName, $formatUrl = false, $t = '', $countUploader = 0, $fieldMain = '', $mimetype = 'mimetypes_image', $maxsize = 'maxsize_image')
308			{
309			$ret = '';
310			$files = '';
311			$contIf = '';
			0 ignored issues – show Unused Code introduced 2021-06-23 09:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$contIf` is dead and can be removed. Loading history...
312
313			if ($formatUrl) {
314			$ret .= $this->xc->getXcSetVarObj($tableName, $fieldName, "formatURL(\$_REQUEST['{$fieldName}'])", $t);
315			}
316			$ret .= $this->pc->getPhpCodeCommentLine('Set Var', $fieldName, $t);
317			$ret .= $this->pc->getPhpCodeIncludeDir('\XOOPS_ROOT_PATH', 'class/uploader', true, false, '', $t);
318			$file = $this->pc->getPhpCodeGlobalsVariables($fieldName, 'FILES') . "['name']";
319			$ret .= $this->xc->getXcEqualsOperator('$filename ', $file, null, $t);
320			$ret .= $this->xc->getXcEqualsOperator('$imgNameDef ', "Request::getString('{$fieldMain}')", null, $t);
321			$ret .= $this->xc->getXcMediaUploader('uploader', $dirname . " . '/{$tableName}{$files}/'", $mimetype, $maxsize, $t);
322			$post = $this->pc->getPhpCodeGlobalsVariables('xoops_upload_file', 'POST') . '[' . $countUploader . ']';
323			$fetchMedia = $this->getAxcFetchMedia('uploader', $post);
324			$expr = '/^.+\.([^.]+)$/sU';
325			$ifelse = $this->pc->getPhpCodePregFunzions('extension', $expr, '', "\$filename", 'replace', false, $t . "\t");
326			$ifelse .= $t . "\t\$imgName = \str_replace(' ', '', \$imgNameDef) . '.' . \$extension;\n";
327			$ifelse .= $this->getAxcSetPrefix('uploader', '$imgName', $t . "\t") . ";\n";
328			$ifelse .= $t . "\t{$fetchMedia};\n";
329			$contIf = $this->xc->getXcSetVarObj($tableName, $fieldName, '$uploader->getSavedFileName()', $t . "\t\t");
330			$contElseInt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
331			$ifelse .= $this->pc->getPhpCodeConditions('$uploader->upload()', '', '', $contIf, $contElseInt, $t . "\t");
332			$ifelseExt = $this->xc->getXcEqualsOperator('$uploaderErrors', "'<br>' . \$uploader->getErrors()", '.', $t . "\t\t");
333			$contElseExt = $this->pc->getPhpCodeConditions("\$filename", ' > ', "''", $ifelseExt, false, $t . "\t");
334			$contElseExt .= $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}')", $t . "\t");
335
336			$ret .= $this->pc->getPhpCodeConditions($fetchMedia, '', '', $ifelse, $contElseExt, $t);
337
338			return $ret;
339			}
340
341			/**
342			* @public function getAxcSetVarPassword
343			* @param $tableName
344			* @param $fieldName
345			* @param string $t
346			* @return string
347			*/
348			public function getAxcSetVarPassword($tableName, $fieldName, $t = '')
349			{
350			$cf = Modulebuilder\Files\CreateFile::getInstance();
351			$ccFieldId = $cf->getCamelCase($fieldName, false, true);
352			$ret = $this->xc->getXcEqualsOperator("\${$ccFieldId}", "Request::getString('{$fieldName}', '')", '',$t);
353			$contIf = $this->xc->getXcSetVarObj($tableName, $fieldName, "password_hash(\${$ccFieldId}, PASSWORD_DEFAULT)", $t . "\t");
354			$ret .= $this->pc->getPhpCodeConditions("\${$ccFieldId}", ' !== ', "''", $contIf, false, $t);
355
356			return $ret;
357			}
358
359
360			/**
361			* @public function getAxcSetVarMisc
362			* @param $tableName
363			* @param $fieldName
364			* @param $fieldType
365			* @param $fieldElement
366			* @param string $t
367			* @return string
368			*/
369			public function getAxcSetVarMisc($tableName, $fieldName, $fieldType, $fieldElement, $t = '')
370			{
371			switch ((int)$fieldType){
372			case 2:
373			case 3:
374			case 4:
375			case 5:
376			$ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getInt('{$fieldName}', 0)", $t);
377			break;
378			case 6:
379			case 7:
380			case 8:
381			$ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getFloat('{$fieldName}', 0)", $t);
382			break;
383			case 13:
384			case 14:
385			case 15:
386			case 16:
387			case 17:
388			case 18:
389			if ((int)$fieldElement == 4) {
390			$ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getText('{$fieldName}', '')", $t);
391			} else {
392			$ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "Request::getString('{$fieldName}', '')", $t);
393			}
394			break;
395			case 0:
396			default:
397			//TODO: should be finally
398			$ret = $this->xc->getXcSetVarObj($tableName, $fieldName, "\$_POST['{$fieldName}']", $t);
399			break;
400			}
401
402			return $ret;
403			}
404
405			/**
406			* @public function getAxcFetchMedia
407			*
408			* @param $anchor
409			* @param $var
410			*
411			* @param string $t
412			* @return string
413			*/
414			public function getAxcFetchMedia($anchor, $var, $t = '')
415			{
416			return "{$t}\${$anchor}->fetchMedia({$var})";
417			}
418
419			/**
420			* @public function getAxcSetPrefix
421			*
422			* @param $anchor
423			* @param $var
424			*
425			* @param string $t
426			* @return string
427			*/
428			public function getAxcSetPrefix($anchor, $var, $t = '')
429			{
430			return "{$t}\${$anchor}->setPrefix({$var})";
431			}
432			}
433

ggoffy / modulebuilder

Issues (314)

Security Analysis not enabled

class/Files/admin/AdminXoopsCode.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like