This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | |||||
3 | /* |
||||
4 | You may not change or alter any portion of this comment or credits |
||||
5 | of supporting developers from this source code or any supporting source code |
||||
6 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||
7 | |||||
8 | This program is distributed in the hope that it will be useful, |
||||
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
11 | */ |
||||
12 | |||||
13 | /** |
||||
14 | * Wgevents module for xoops |
||||
15 | * |
||||
16 | * @copyright module for xoops |
||||
17 | * @license GPL 2.0 or later |
||||
18 | * @package wgevents |
||||
19 | * @author Wedega - Email:<[email protected]> - Website:<https://wedega.com> |
||||
20 | * @version $Id: 1.0 images.php 1 Mon 2018-03-19 10:04:51Z XOOPS Project (www.xoops.org) $ |
||||
21 | */ |
||||
22 | |||||
23 | use Xmf\Request; |
||||
24 | |||||
25 | require __DIR__ . '/header.php'; |
||||
26 | // It recovered the value of argument op in URL$ |
||||
27 | $op = Request::getString('op', 'list'); |
||||
28 | |||||
29 | $templateMain = 'wgevents_admin_clone.tpl'; |
||||
30 | |||||
31 | switch ($op) { |
||||
32 | case 'list': |
||||
33 | default: |
||||
34 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('clone.php')); |
||||
35 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||
36 | $form = new \XoopsThemeForm(\sprintf(\_AM_WGEVENTS_CLONE_TITLE, $helper->getModule()->getVar('name', 'E')), 'clone', 'clone.php', 'post', true); |
||||
37 | $clone = new \XoopsFormText(\_AM_WGEVENTS_CLONE_NAME, 'clone', 20, 20, ''); |
||||
38 | $clone->setDescription(\_AM_WGEVENTS_CLONE_NAME_DSC); |
||||
39 | $form->addElement($clone, true); |
||||
40 | $form->addElement(new \XoopsFormHidden('op', 'submit')); |
||||
41 | $form->addElement(new \XoopsFormButton('', '', \_SUBMIT, 'submit')); |
||||
42 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||||
43 | |||||
44 | break; |
||||
45 | case 'submit': |
||||
46 | // Security Check |
||||
47 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||
48 | \redirect_header('clone.php', 3, \implode(',', $GLOBALS['xoopsSecurity']->getErrors())); |
||||
49 | } |
||||
50 | $clone = Request::getString('clone', '', 'POST'); |
||||
51 | //check if name is valid |
||||
52 | if (empty($clone) || \preg_match('/[^a-zA-Z0-9\_\-]/', $clone)) { |
||||
53 | \redirect_header('clone.php', 3, \sprintf(\_AM_WGEVENTS_CLONE_INVALIDNAME, $clone)); |
||||
54 | } |
||||
55 | |||||
56 | // Check wether the cloned module exists or not |
||||
57 | $dirClone = $GLOBALS['xoops']->path('modules/' . $clone); |
||||
58 | if ($clone && \is_dir($dirClone)) { |
||||
59 | \redirect_header('clone.php', 3, \sprintf(\_AM_WGEVENTS_CLONE_EXISTS, $clone)); |
||||
60 | } |
||||
61 | |||||
62 | $patterns = [ |
||||
63 | \mb_strtolower(\WGEVENTS_DIRNAME) => \mb_strtolower($clone), |
||||
64 | \mb_strtoupper(\WGEVENTS_DIRNAME) => \mb_strtoupper($clone), |
||||
65 | \ucfirst(\mb_strtolower(\WGEVENTS_DIRNAME)) => \ucfirst(\mb_strtolower($clone)), |
||||
66 | ]; |
||||
67 | |||||
68 | $patKeys = \array_keys($patterns); |
||||
69 | $patValues = \array_values($patterns); |
||||
70 | cloneFileFolder(\WGEVENTS_PATH); |
||||
71 | $logocreated = createLogo(\mb_strtolower($clone)); |
||||
72 | |||||
73 | //change module name in modinfo.php |
||||
74 | // file, read it |
||||
75 | $content = \file_get_contents($dirClone . '/language/english/modinfo.php'); |
||||
76 | $content = \str_replace('Wgevents', \mb_strtolower($clone), $content); |
||||
77 | \file_put_contents($dirClone . '/language/english/modinfo.php', $content); |
||||
78 | |||||
79 | $msg = ''; |
||||
80 | if (\is_dir($GLOBALS['xoops']->path('modules/' . \mb_strtolower($clone)))) { |
||||
81 | $msg .= \sprintf(\_AM_WGEVENTS_CLONE_CONGRAT, "<a href='" . \XOOPS_URL . "/modules/system/admin.php?fct=modulesadmin&op=installlist'>" . \ucfirst(\mb_strtolower($clone)) . '</a>') . "<br>\n"; |
||||
82 | if (!$logocreated) { |
||||
83 | $msg .= \_AM_WGEVENTS_CLONE_IMAGEFAIL; |
||||
84 | } |
||||
85 | } else { |
||||
86 | $msg .= \_AM_WGEVENTS_CLONE_FAIL; |
||||
87 | } |
||||
88 | $GLOBALS['xoopsTpl']->assign('result', $msg); |
||||
89 | break; |
||||
90 | } |
||||
91 | require __DIR__ . '/footer.php'; |
||||
92 | |||||
93 | // recursive cloning script |
||||
94 | /** |
||||
95 | * @param $path |
||||
96 | */ |
||||
97 | function cloneFileFolder($path) |
||||
98 | { |
||||
99 | global $patKeys; |
||||
100 | global $patValues; |
||||
101 | |||||
102 | //remove \XOOPS_ROOT_PATH and add after replace, otherwise there can be a bug if \XOOPS_ROOT_PATH contains same pattern |
||||
103 | $newPath = \XOOPS_ROOT_PATH . \str_replace($patKeys[0], $patValues[0], \substr($path, \strlen(\XOOPS_ROOT_PATH))); |
||||
104 | |||||
105 | if (\is_dir($path)) { |
||||
106 | // create new dir |
||||
107 | if (!\mkdir($newPath) && !\is_dir($newPath)) { |
||||
108 | throw new \RuntimeException(\sprintf('Directory "%s" was not created', $newPath)); |
||||
109 | } |
||||
110 | |||||
111 | // check all files in dir, and process it |
||||
112 | $handle = \opendir($path); |
||||
113 | if ($handle) { |
||||
0 ignored issues
–
show
introduced
by
![]() |
|||||
114 | while (false !== ($file = \readdir($handle))) { |
||||
115 | if (0 !== \mb_strpos($file, '.')) { |
||||
116 | cloneFileFolder("$path/$file"); |
||||
117 | } |
||||
118 | } |
||||
119 | \closedir($handle); |
||||
120 | } |
||||
121 | } else { |
||||
122 | $noChangeExtensions = ['jpeg', 'jpg', 'gif', 'png', 'zip', 'ttf']; |
||||
123 | if (\in_array(\mb_strtolower(\pathinfo($path, \PATHINFO_EXTENSION)), $noChangeExtensions, true)) { |
||||
0 ignored issues
–
show
It seems like
pathinfo($path, PATHINFO_EXTENSION) can also be of type array ; however, parameter $string of mb_strtolower() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
124 | // image |
||||
125 | \copy($path, $newPath); |
||||
126 | } else { |
||||
127 | // file, read it |
||||
128 | $content = \file_get_contents($path); |
||||
129 | $content = \str_replace($patKeys, $patValues, $content); |
||||
130 | \file_put_contents($newPath, $content); |
||||
131 | } |
||||
132 | } |
||||
133 | } |
||||
134 | |||||
135 | /** |
||||
136 | * @param $dirname |
||||
137 | * |
||||
138 | * @return bool |
||||
139 | */ |
||||
140 | function createLogo($dirname) |
||||
141 | { |
||||
142 | if (!\extension_loaded('gd')) { |
||||
143 | return false; |
||||
144 | } |
||||
145 | $requiredFunctions = [ |
||||
146 | 'imagecreatefrompng', |
||||
147 | 'imagecolorallocate', |
||||
148 | 'imagefilledrectangle', |
||||
149 | 'imagepng', |
||||
150 | 'imagedestroy', |
||||
151 | 'imagefttext', |
||||
152 | 'imagealphablending', |
||||
153 | 'imagesavealpha', |
||||
154 | ]; |
||||
155 | foreach ($requiredFunctions as $func) { |
||||
156 | if (!\function_exists($func)) { |
||||
157 | return false; |
||||
158 | } |
||||
159 | } |
||||
160 | // unset($func); |
||||
161 | |||||
162 | if (!\file_exists($imageBase = $GLOBALS['xoops']->path('modules/' . $dirname . '/assets/images/logoModule.png')) |
||||
163 | || !\file_exists($font = $GLOBALS['xoops']->path('modules/' . $dirname . '/assets/images/VeraBd.ttf'))) { |
||||
164 | return false; |
||||
165 | } |
||||
166 | |||||
167 | $imageModule = \imagecreatefrompng($imageBase); |
||||
168 | // save existing alpha channel |
||||
169 | \imagealphablending($imageModule, false); |
||||
170 | \imagesavealpha($imageModule, true); |
||||
171 | |||||
172 | //Erase old text |
||||
173 | $greyColor = \imagecolorallocate($imageModule, 237, 237, 237); |
||||
174 | \imagefilledrectangle($imageModule, 5, 35, 85, 46, $greyColor); |
||||
175 | |||||
176 | // Write text |
||||
177 | $textColor = \imagecolorallocate($imageModule, 0, 0, 0); |
||||
178 | $spaceToBorder = (int)((80 - \mb_strlen($dirname) * 6.5) / 2); |
||||
179 | \imagefttext($imageModule, 8.5, 0, $spaceToBorder, 45, $textColor, $font, \ucfirst($dirname), []); |
||||
180 | |||||
181 | // Set transparency color |
||||
182 | //$white = imagecolorallocatealpha($imageModule, 255, 255, 255, 127); |
||||
183 | //imagefill($imageModule, 0, 0, $white); |
||||
184 | //imagecolortransparent($imageModule, $white); |
||||
185 | |||||
186 | \imagepng($imageModule, $GLOBALS['xoops']->path('modules/' . $dirname . '/assets/images/logoModule.png')); |
||||
187 | \imagedestroy($imageModule); |
||||
188 | |||||
189 | return true; |
||||
190 | } |