This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | /* |
||
3 | You may not change or alter any portion of this comment or credits |
||
4 | of supporting developers from this source code or any supporting source code |
||
5 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
6 | |||
7 | This program is distributed in the hope that it will be useful, |
||
8 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
9 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
10 | */ |
||
11 | |||
12 | /** |
||
13 | * wgEvents module for xoops |
||
14 | * |
||
15 | * @copyright module for xoops |
||
16 | * @license GPL 2.0 or later |
||
17 | * @package wgevents |
||
18 | * @author Wedega - Email:<[email protected]> - Website:<https://wedega.com> |
||
19 | */ |
||
20 | |||
21 | use Xmf\Request; |
||
22 | use XoopsModules\Wgevents; |
||
23 | use XoopsModules\Wgevents\{ |
||
24 | Constants, |
||
25 | Forms |
||
26 | }; |
||
27 | |||
28 | require __DIR__ . '/header.php'; |
||
29 | |||
30 | $op = Request::getString('op', 'list'); |
||
31 | |||
32 | $GLOBALS['xoopsTpl']->assign('wgevents_icon_url_16', \WGEVENTS_ICONS_URL . '16/'); |
||
33 | |||
34 | \xoops_load('XoopsFormLoader'); |
||
35 | // create form for data anonymization |
||
36 | $formGdpr = new Forms\FormInline('', 'form', '', 'post', true); |
||
37 | $formGdpr->setExtra('enctype="multipart/form-data"'); |
||
38 | // suggest 6 months before now |
||
39 | $regDatelimit = strtotime(date('Y-m-t', \time() - (6 * 30 * 24 * 60 * 60 + 5))); |
||
40 | $formGdpr->addElement(new \XoopsFormTextDateSelect(\_AM_WGEVENTS_MAINTENANCE_ANON_DATA_DATELIMIT, 'datelimit', '', $regDatelimit)); |
||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||
41 | $formGdpr->addElement(new \XoopsFormButton('', 'submit', \_MA_WGEVENTS_EXEC, 'submit')); |
||
42 | $formGdpr->addElement(new \XoopsFormHidden('op', 'anon_data_exec')); |
||
43 | $GLOBALS['xoopsTpl']->assign('formGdpr', $formGdpr->render()); |
||
44 | |||
45 | //$maintainance_dui_desc = \str_replace('%p', \WGEVENTS_UPLOAD_IMAGE_PATH, \_AM_WGEVENTS_MAINTENANCE_DELETE_UNUSED_DESC); |
||
46 | |||
47 | |||
48 | switch ($op) { |
||
49 | case 'invalid_regs_exec': |
||
50 | $errors = []; |
||
51 | $templateMain = 'wgevents_admin_maintenance.tpl'; |
||
52 | $err_text = ''; |
||
53 | |||
54 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '.* '; |
||
55 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . ' LEFT JOIN ' . $GLOBALS['xoopsDB']->prefix('wgevents_event') . ' ON ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '.evid = ' . $GLOBALS['xoopsDB']->prefix('wgevents_event') . '.id '; |
||
56 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_event') . '.id) Is Null))'; |
||
57 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
58 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
59 | } |
||
60 | if (\count($errors) > 0) { |
||
61 | foreach ($errors as $error) { |
||
62 | $err_text .= '<br>' . $error; |
||
63 | } |
||
64 | } |
||
65 | $GLOBALS['xoopsTpl']->assign('result_success', \_AM_WGEVENTS_MAINTENANCE_CHECKTABLE_SUCCESS); |
||
66 | $GLOBALS['xoopsTpl']->assign('result_error', $err_text); |
||
67 | $GLOBALS['xoopsTpl']->assign('invalid_regs_show', true); |
||
68 | $GLOBALS['xoopsTpl']->assign('show_result', true); |
||
69 | break; |
||
70 | case 'invalid_adds_exec': |
||
71 | $errors = []; |
||
72 | $templateMain = 'wgevents_admin_maintenance.tpl'; |
||
73 | $err_text = ''; |
||
74 | |||
75 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . '.* '; |
||
76 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . ' LEFT JOIN ' . $GLOBALS['xoopsDB']->prefix('wgevents_event') . ' ON ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . '.evid = ' . $GLOBALS['xoopsDB']->prefix('wgevents_event') . '.id '; |
||
77 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_event') . '.id) Is Null))'; |
||
78 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
79 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
80 | } |
||
81 | if (\count($errors) > 0) { |
||
82 | foreach ($errors as $error) { |
||
83 | $err_text .= '<br>' . $error; |
||
84 | } |
||
85 | } |
||
86 | $GLOBALS['xoopsTpl']->assign('result_success', \_AM_WGEVENTS_MAINTENANCE_CHECKTABLE_SUCCESS); |
||
87 | $GLOBALS['xoopsTpl']->assign('result_error', $err_text); |
||
88 | $GLOBALS['xoopsTpl']->assign('invalid_adds_show', true); |
||
89 | $GLOBALS['xoopsTpl']->assign('show_result', true); |
||
90 | break; |
||
91 | case 'invalid_answers_exec': |
||
92 | $errors = []; |
||
93 | $templateMain = 'wgevents_admin_maintenance.tpl'; |
||
94 | $err_text = ''; |
||
95 | |||
96 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer') . '.* '; |
||
97 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer') . ' LEFT JOIN ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . ' ON ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer') . '.queid = ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . '.id '; |
||
98 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . '.id) Is Null));'; |
||
99 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
100 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
101 | } |
||
102 | if (\count($errors) > 0) { |
||
103 | foreach ($errors as $error) { |
||
104 | $err_text .= '<br>' . $error; |
||
105 | } |
||
106 | } |
||
107 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer_hist') . '.* '; |
||
108 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer_hist') . ' LEFT JOIN ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . ' ON ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer_hist') . '.queid = ' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . '.id '; |
||
109 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_question') . '.id) Is Null));'; |
||
110 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
111 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
112 | } |
||
113 | if (\count($errors) > 0) { |
||
114 | foreach ($errors as $error) { |
||
115 | $err_text .= '<br>' . $error; |
||
116 | } |
||
117 | } |
||
118 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer') . '.* '; |
||
119 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer') . ' LEFT JOIN ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . ' ON ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer') . '.regid = ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '.id '; |
||
120 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '.id) Is Null));'; |
||
121 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
122 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
123 | } |
||
124 | if (\count($errors) > 0) { |
||
125 | foreach ($errors as $error) { |
||
126 | $err_text .= '<br>' . $error; |
||
127 | } |
||
128 | } |
||
129 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer_hist') . '.* '; |
||
130 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer_hist') . ' LEFT JOIN ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . ' ON ' . $GLOBALS['xoopsDB']->prefix('wgevents_answer_hist') . '.regid = ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '.id '; |
||
131 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '.id) Is Null));'; |
||
132 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
133 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
134 | } |
||
135 | if (\count($errors) > 0) { |
||
136 | foreach ($errors as $error) { |
||
137 | $err_text .= '<br>' . $error; |
||
138 | } |
||
139 | } |
||
140 | $GLOBALS['xoopsTpl']->assign('result_success', \_AM_WGEVENTS_MAINTENANCE_CHECKTABLE_SUCCESS); |
||
141 | $GLOBALS['xoopsTpl']->assign('result_error', $err_text); |
||
142 | $GLOBALS['xoopsTpl']->assign('invalid_adds_show', true); |
||
143 | $GLOBALS['xoopsTpl']->assign('show_result', true); |
||
144 | break; |
||
145 | case 'anon_data_exec': |
||
146 | $errors = []; |
||
147 | $templateMain = 'wgevents_admin_maintenance.tpl'; |
||
148 | $err_text = ''; |
||
149 | $dateLimitObj = \DateTime::createFromFormat(\_SHORTDATESTRING, Request::getString('datelimit')); |
||
150 | |||
151 | $crRegistration = new \CriteriaCompo(); |
||
152 | $crRegistration->add(new \Criteria('datecreated', $dateLimitObj->getTimestamp(), '<=')); |
||
153 | $numberReg = $registrationHandler->getCount($crRegistration); |
||
154 | if ($numberReg > 0) { |
||
155 | $registrationsAll = $registrationHandler->getAll($crRegistration); |
||
156 | foreach (\array_keys($registrationsAll) as $i) { |
||
157 | $regUpdateObj = $registrationHandler->get($i); |
||
158 | $regUpdateObj->setVar('salutation', 0); |
||
159 | $regUpdateObj->setVar('firstname', '*****'); |
||
160 | $regUpdateObj->setVar('lastname', '*****'); |
||
161 | $regUpdateObj->setVar('email', '*@*.*'); |
||
162 | $regUpdateObj->setVar('ip', '*.*.*.*'); |
||
163 | if($registrationHandler->insert($regUpdateObj, true)) { |
||
164 | $crAnswer = new \CriteriaCompo(); |
||
165 | $crAnswer->add(new \Criteria('regid', $i)); |
||
166 | $answerHandler->deleteAll($crAnswer); |
||
167 | $answerhistHandler->deleteAll($crAnswer); |
||
168 | } |
||
169 | unset($regUpdateObj, $crAnswer); |
||
170 | } |
||
171 | $registrationhistHandler->deleteAll($crRegistration); |
||
172 | } |
||
173 | |||
174 | |||
175 | /* |
||
176 | $sql = 'UPDATE `' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . '` '; |
||
177 | $sql .= "SET `salutation` = 0, `firstname` = '*****', `lastname` = '*****', `email` = '*@*.*', `ip` = '*.*.*.*' "; |
||
178 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_registration') . ".datecreated)<='" . $dateLimitObj->getTimestamp() . "'))"; |
||
179 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
180 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
181 | } |
||
182 | |||
183 | $sql = 'DELETE ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration_hist') . '.* '; |
||
184 | $sql .= 'FROM ' . $GLOBALS['xoopsDB']->prefix('wgevents_registration_hist') . ' '; |
||
185 | $sql .= 'WHERE (((' . $GLOBALS['xoopsDB']->prefix('wgevents_registration_hist') . ".hist_datecreated)<='" . $dateLimitObj->getTimestamp() . "'))"; |
||
186 | if (!$result = $GLOBALS['xoopsDB']->queryF($sql)) { |
||
187 | $errors[] = $GLOBALS['xoopsDB']->error(); |
||
188 | } |
||
189 | if (\count($errors) > 0) { |
||
190 | foreach ($errors as $error) { |
||
191 | $err_text .= '<br>' . $error; |
||
192 | } |
||
193 | }*/ |
||
194 | $GLOBALS['xoopsTpl']->assign('result_success', \_AM_WGEVENTS_MAINTENANCE_ANON_DATA_SUCCESS); |
||
195 | $GLOBALS['xoopsTpl']->assign('result_error', $err_text); |
||
196 | $GLOBALS['xoopsTpl']->assign('anon_data_show', true); |
||
197 | $GLOBALS['xoopsTpl']->assign('show_result', true); |
||
198 | break; |
||
199 | case 'list': |
||
200 | default: |
||
201 | $templateMain = 'wgevents_admin_maintenance.tpl'; |
||
202 | |||
203 | $GLOBALS['xoopsTpl']->assign('invalid_adds_show', true); |
||
204 | $GLOBALS['xoopsTpl']->assign('invalid_answers_show', true); |
||
205 | $GLOBALS['xoopsTpl']->assign('invalid_regs_show', true); |
||
206 | $GLOBALS['xoopsTpl']->assign('anon_data_show', true); |
||
207 | |||
208 | break; |
||
209 | } |
||
210 | |||
211 | /** |
||
212 | * @param $val |
||
213 | * @return float|int |
||
214 | */ |
||
215 | function returnCleanBytes($val) |
||
216 | { |
||
217 | switch (mb_substr($val, -1)) { |
||
218 | case 'K': |
||
219 | case 'k': |
||
220 | return (int)$val * 1024; |
||
221 | case 'M': |
||
222 | case 'm': |
||
223 | return (int)$val * 1048576; |
||
224 | case 'G': |
||
225 | case 'g': |
||
226 | return (int)$val * 1073741824; |
||
227 | default: |
||
228 | return $val; |
||
229 | } |
||
230 | } |
||
231 | |||
232 | /** |
||
233 | * get unused images of given directory |
||
234 | * @param $unused |
||
235 | * @param $directory |
||
236 | * @return bool |
||
237 | */ |
||
238 | function getUnusedImages(&$unused, $directory) |
||
239 | { |
||
240 | // Get instance of module |
||
241 | $helper = \XoopsModules\Wgevents\Helper::getInstance(); |
||
242 | $imagesHandler = $helper->getHandler('Images'); |
||
243 | $albumsHandler = $helper->getHandler('Albums'); |
||
244 | |||
245 | if (\is_dir($directory)) { |
||
246 | $handle = \opendir($directory); |
||
247 | if ($handle) { |
||
0 ignored issues
–
show
|
|||
248 | while (false !== ($entry = \readdir($handle))) { |
||
249 | switch ($entry) { |
||
250 | case 'blank.gif': |
||
251 | case 'index.html': |
||
252 | case 'noimage.png': |
||
253 | case '..': |
||
254 | case '.': |
||
255 | break; |
||
256 | case 'default': |
||
257 | default: |
||
258 | if (\WGEVENTS_UPLOAD_IMAGE_PATH . '/temp' === $directory) { |
||
0 ignored issues
–
show
|
|||
259 | $unused[] = ['name' => $entry, 'path' => $directory . '/' . $entry]; |
||
260 | } else { |
||
261 | $crImages = new \CriteriaCompo(); |
||
262 | $crImages->add(new \Criteria('img_name', $entry)); |
||
263 | $crImages->add(new \Criteria('img_namelarge', $entry), 'OR'); |
||
264 | $crImages->add(new \Criteria('img_nameorig', $entry), 'OR'); |
||
265 | $imageCount = $imagesHandler->getCount($crImages); |
||
266 | $crAlbums = new \CriteriaCompo(); |
||
267 | $crAlbums->add(new \Criteria('alb_image', $entry)); |
||
268 | $imageCount += $albumsHandler->getCount($crAlbums); |
||
269 | if (0 === $imageCount) { |
||
270 | $unused[] = ['name' => $entry, 'path' => $directory . '/' . $entry]; |
||
271 | } |
||
272 | unset($crImages, $crAlbums); |
||
273 | } |
||
274 | break; |
||
275 | } |
||
276 | } |
||
277 | \closedir($handle); |
||
278 | } else { |
||
279 | return false; |
||
280 | } |
||
281 | } else { |
||
282 | return false; |
||
283 | } |
||
284 | |||
285 | return true; |
||
286 | } |
||
287 | |||
288 | /** |
||
289 | * get size of given directory |
||
290 | * @param $path |
||
291 | * @return int |
||
292 | */ |
||
293 | function wgg_foldersize($path) |
||
294 | { |
||
295 | $total_size = 0; |
||
296 | $files = \scandir($path, SCANDIR_SORT_NONE); |
||
297 | |||
298 | foreach ($files as $t) { |
||
299 | if (\is_dir(\rtrim($path, '/') . '/' . $t)) { |
||
300 | if ('.' !== (string)$t && '..' !== (string)$t) { |
||
301 | $size = wgg_foldersize(\rtrim($path, '/') . '/' . $t); |
||
302 | $total_size += $size; |
||
303 | } |
||
304 | } else { |
||
305 | $size = filesize(\rtrim($path, '/') . '/' . $t); |
||
306 | $total_size += $size; |
||
307 | } |
||
308 | } |
||
309 | |||
310 | return $total_size; |
||
311 | } |
||
312 | |||
313 | /** |
||
314 | * format size |
||
315 | * @param $size |
||
316 | * @return string |
||
317 | */ |
||
318 | function wgg_format_size($size) |
||
319 | { |
||
320 | $mod = 1024; |
||
321 | $units = \explode(' ', 'B KB MB GB TB PB'); |
||
322 | for ($i = 0; $size > $mod; $i++) { |
||
323 | $size /= $mod; |
||
324 | } |
||
325 | |||
326 | return \round($size, 2) . ' ' . $units[$i]; |
||
327 | } |
||
328 | |||
329 | require __DIR__ . '/footer.php'; |
||
330 |