This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php declare(strict_types=1); |
||||||
2 | |||||||
3 | /* |
||||||
4 | You may not change or alter any portion of this comment or credits |
||||||
5 | of supporting developers from this source code or any supporting source code |
||||||
6 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||||
7 | |||||||
8 | This program is distributed in the hope that it will be useful, |
||||||
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||||
11 | */ |
||||||
12 | |||||||
13 | /** |
||||||
14 | * wgEvents module for xoops |
||||||
15 | * |
||||||
16 | * @copyright 2021 XOOPS Project (https://xoops.org) |
||||||
17 | * @license GPL 2.0 or later |
||||||
18 | * @package wgevents |
||||||
19 | * @author Goffy - Wedega - Email:[email protected] - Website:https://xoops.wedega.com |
||||||
20 | */ |
||||||
21 | |||||||
22 | use Xmf\Request; |
||||||
23 | use XoopsModules\Wgevents; |
||||||
24 | use XoopsModules\Wgevents\ { |
||||||
25 | Constants, |
||||||
26 | Common, |
||||||
27 | Utility |
||||||
28 | }; |
||||||
29 | |||||||
30 | require __DIR__ . '/header.php'; |
||||||
31 | // Get all request values |
||||||
32 | $op = Request::getCmd('op', 'list'); |
||||||
33 | $regId = Request::getInt('id'); |
||||||
34 | $evId = Request::getInt('evid'); |
||||||
35 | $start = Request::getInt('start'); |
||||||
36 | $limit = Request::getInt('limit', $helper->getConfig('adminpager')); |
||||||
37 | $GLOBALS['xoopsTpl']->assign('start', $start); |
||||||
38 | $GLOBALS['xoopsTpl']->assign('limit', $limit); |
||||||
39 | |||||||
40 | $moduleDirName = \basename(\dirname(__DIR__)); |
||||||
41 | |||||||
42 | $GLOBALS['xoopsTpl']->assign('mod_url', XOOPS_URL . '/modules/' . $moduleDirName); |
||||||
43 | |||||||
44 | switch ($op) { |
||||||
45 | case 'list': |
||||||
46 | default: |
||||||
47 | // Define Stylesheet |
||||||
48 | $GLOBALS['xoTheme']->addStylesheet($style, null); |
||||||
49 | $templateMain = 'wgevents_admin_registration.tpl'; |
||||||
50 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('registration.php')); |
||||||
51 | if ($evId > 0) { |
||||||
52 | $adminObject->addItemButton(\_AM_WGEVENTS_ADD_REGISTRATION, 'registration.php?op=new&evid=' . $evId); |
||||||
53 | $adminObject->addItemButton(\_AM_WGEVENTS_GOTO_FORMSELECT, 'registration.php', 'list'); |
||||||
54 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||||||
55 | $crRegistration = new \CriteriaCompo(); |
||||||
56 | $crRegistration->add(new \Criteria('evid', $evId)); |
||||||
57 | $registrationCount = $registrationHandler->getCount($crRegistration); |
||||||
58 | $GLOBALS['xoopsTpl']->assign('registrationCount', $registrationCount); |
||||||
59 | $GLOBALS['xoopsTpl']->assign('wgevents_url', \WGEVENTS_URL); |
||||||
60 | $GLOBALS['xoopsTpl']->assign('wgevents_upload_url', \WGEVENTS_UPLOAD_URL); |
||||||
61 | // Table view registrations |
||||||
62 | if ($registrationCount > 0) { |
||||||
63 | $crRegistration->setSort('id'); |
||||||
64 | $crRegistration->setOrder('DESC'); |
||||||
65 | //$crRegistration->setStart($start); |
||||||
66 | //$crRegistration->setLimit($limit); |
||||||
67 | $registrationAll = $registrationHandler->getAll($crRegistration); |
||||||
68 | foreach (\array_keys($registrationAll) as $i) { |
||||||
69 | $registration = $registrationAll[$i]->getValuesRegistrations(); |
||||||
70 | $GLOBALS['xoopsTpl']->append('registrations_list', $registration); |
||||||
71 | unset($registration); |
||||||
72 | } |
||||||
73 | } else { |
||||||
74 | $GLOBALS['xoopsTpl']->assign('error', \_AM_WGEVENTS_THEREARENT_REGISTRATIONS); |
||||||
75 | } |
||||||
76 | } else { |
||||||
77 | $GLOBALS['xoopsTpl']->assign('eventsHeader', \sprintf(_AM_WGEVENTS_LIST_EVENTS_LAST, $limit)); |
||||||
78 | $eventCount = $eventHandler->getCountEvents(); |
||||||
79 | $GLOBALS['xoopsTpl']->append('eventCount', $eventCount); |
||||||
80 | // Table view events |
||||||
81 | if ($eventCount > 0) { |
||||||
82 | $eventAll = $eventHandler->getAllEvents($start, $limit); |
||||||
83 | foreach (\array_keys($eventAll) as $i) { |
||||||
84 | $event = $eventAll[$i]->getValuesEvents(); |
||||||
85 | $crRegistration = new \CriteriaCompo(); |
||||||
86 | $crRegistration->add(new \Criteria('evid', $i)); |
||||||
87 | $registrationCount = $registrationHandler->getCount($crRegistration); |
||||||
88 | $event['registrations'] = $registrationCount; |
||||||
89 | $GLOBALS['xoopsTpl']->append('events_list', $event); |
||||||
90 | unset($event); |
||||||
91 | } |
||||||
92 | } |
||||||
93 | } |
||||||
94 | break; |
||||||
95 | case 'new': |
||||||
96 | $templateMain = 'wgevents_admin_registration.tpl'; |
||||||
97 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('registration.php')); |
||||||
98 | $adminObject->addItemButton(\_AM_WGEVENTS_LIST_REGISTRATIONS, 'registration.php', 'list'); |
||||||
99 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||||||
100 | // Form Create |
||||||
101 | $registrationObj = $registrationHandler->create(); |
||||||
102 | $registrationObj->setVar('evid', $evId); |
||||||
103 | $form = $registrationObj->getForm(); |
||||||
104 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||||||
105 | break; |
||||||
106 | case 'clone': |
||||||
107 | $templateMain = 'wgevents_admin_registration.tpl'; |
||||||
108 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('registration.php')); |
||||||
109 | $adminObject->addItemButton(\_AM_WGEVENTS_LIST_REGISTRATIONS, 'registration.php', 'list'); |
||||||
110 | $adminObject->addItemButton(\_AM_WGEVENTS_ADD_REGISTRATION, 'registration.php?op=new'); |
||||||
111 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||||||
112 | // Request source |
||||||
113 | $regIdSource = Request::getInt('id_source'); |
||||||
114 | // Get Form |
||||||
115 | $registrationObjSource = $registrationHandler->get($regIdSource); |
||||||
116 | $registrationObj = $registrationObjSource->xoopsClone(); |
||||||
117 | $form = $registrationObj->getForm(); |
||||||
118 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||||||
119 | break; |
||||||
120 | case 'save': |
||||||
121 | // Security Check |
||||||
122 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
123 | \redirect_header('registration.php', 3, \implode(',', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
124 | } |
||||||
125 | if ($regId > 0) { |
||||||
126 | $registrationObj = $registrationHandler->get($regId); |
||||||
127 | } else { |
||||||
128 | $registrationObj = $registrationHandler->create(); |
||||||
129 | } |
||||||
130 | // Set Vars |
||||||
131 | $regEvid = Request::getInt('evid'); |
||||||
132 | $registrationObj->setVar('evid', $regEvid); |
||||||
133 | $registrationObj->setVar('salutation', Request::getInt('salutation')); |
||||||
134 | $registrationObj->setVar('firstname', Request::getString('firstname')); |
||||||
135 | $registrationObj->setVar('lastname', Request::getString('lastname')); |
||||||
136 | $registrationObj->setVar('email', Request::getString('email')); |
||||||
137 | $registrationObj->setVar('email_send', Request::getInt('email_send')); |
||||||
138 | $registrationObj->setVar('gdpr', Request::getInt('gdpr')); |
||||||
139 | $registrationObj->setVar('ip', Request::getString('ip')); |
||||||
140 | $registrationObj->setVar('status', Request::getInt('status')); |
||||||
141 | $registrationObj->setVar('financial', Request::getInt('financial')); |
||||||
142 | $regPaidamount = Utility::StringToFloat(Request::getString('paidamount')); |
||||||
143 | $registrationObj->setVar('paidamount', $regPaidamount); |
||||||
144 | $registrationObj->setVar('listwait', Request::getInt('listwait')); |
||||||
145 | $registrationDatecreatedObj = \DateTime::createFromFormat(\_SHORTDATESTRING, Request::getString('datecreated')); |
||||||
146 | $registrationObj->setVar('datecreated', $registrationDatecreatedObj->getTimestamp()); |
||||||
147 | $regSubmitter = Request::getInt('submitter'); |
||||||
148 | $registrationObj->setVar('submitter', $regSubmitter); |
||||||
149 | $answersValueArr = []; |
||||||
150 | $answersIdArr = Request::getArray('ans_id'); |
||||||
151 | $answersTypeArr = Request::getArray('type'); |
||||||
152 | // Insert Data |
||||||
153 | if ($registrationHandler->insert($registrationObj)) { |
||||||
154 | $newRegId = $registrationObj->getNewInsertedId(); |
||||||
155 | if ($regId > 0) { |
||||||
156 | // create copy before deleting |
||||||
157 | // get all questions for this event |
||||||
158 | $questionsArr = $questionHandler->getQuestionsByEvent($regEvid); |
||||||
159 | // get old answers for this questions |
||||||
160 | $answersOld = $answerHandler->getAnswersDetailsByRegistration($newRegId, $questionsArr); |
||||||
161 | // delete all existing answers |
||||||
162 | $answerHandler->cleanupAnswers($regEvid, $regId); |
||||||
163 | } |
||||||
164 | // get all questions |
||||||
165 | if (\count($answersIdArr) > 0) { |
||||||
166 | foreach (\array_keys($answersIdArr) as $queId) { |
||||||
167 | $answer = ''; |
||||||
168 | if (Request::hasVar('ans_id_' . $queId) && '' !== Request::getString('ans_id_' . $queId)) { |
||||||
169 | switch ($answersTypeArr[$queId]) { |
||||||
170 | case Constants::FIELD_CHECKBOX: |
||||||
171 | case Constants::FIELD_COMBOBOX: |
||||||
172 | $answer = serialize(Request::getArray('ans_id_' . $queId)); |
||||||
173 | break; |
||||||
174 | case Constants::FIELD_SELECTBOX: //selectbox expect/gives single value, but stored as array |
||||||
175 | $answer = serialize(Request::getString('ans_id_' . $queId)); |
||||||
176 | break; |
||||||
177 | default: |
||||||
178 | $answer = Request::getString('ans_id_' . $queId); |
||||||
179 | break; |
||||||
180 | } |
||||||
181 | $answersValueArr[$queId] = $answer; |
||||||
182 | } |
||||||
183 | } |
||||||
184 | } |
||||||
185 | // create items in table answers |
||||||
186 | foreach ($answersValueArr as $key => $answer) { |
||||||
187 | if ('' !== (string)$answer) { |
||||||
188 | $answerObj = $answerHandler->create(); |
||||||
189 | $answerObj->setVar('regid', $newRegId); |
||||||
190 | $answerObj->setVar('queid', $key); |
||||||
191 | $answerObj->setVar('evid', $regEvid); |
||||||
192 | $answerObj->setVar('text', $answer); |
||||||
193 | $answerObj->setVar('datecreated', \time()); |
||||||
194 | $answerObj->setVar('submitter', $regSubmitter); |
||||||
195 | // Insert Data |
||||||
196 | $answerHandler->insert($answerObj); |
||||||
197 | } |
||||||
198 | } |
||||||
199 | $permId = isset($_REQUEST['id']) ? $regId : $newRegId; |
||||||
200 | $grouppermHandler = \xoops_getHandler('groupperm'); |
||||||
201 | $mid = $GLOBALS['xoopsModule']->getVar('mid'); |
||||||
202 | // Permission to view_registrations |
||||||
203 | $grouppermHandler->deleteByModule($mid, 'wgevents_view_registrations', $permId); |
||||||
0 ignored issues
–
show
|
|||||||
204 | if (isset($_POST['groups_view_registrations'])) { |
||||||
205 | foreach ($_POST['groups_view_registrations'] as $onegroupId) { |
||||||
206 | $grouppermHandler->addRight('wgevents_view_registrations', $permId, $onegroupId, $mid); |
||||||
0 ignored issues
–
show
The method
addRight() does not exist on XoopsObjectHandler . It seems like you code against a sub-type of XoopsObjectHandler such as XoopsGroupPermHandler or XoopsPersistableObjectHandler .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||||
207 | } |
||||||
208 | } |
||||||
209 | // Permission to submit_registrations |
||||||
210 | $grouppermHandler->deleteByModule($mid, 'wgevents_submit_registrations', $permId); |
||||||
211 | if (isset($_POST['groups_submit_registrations'])) { |
||||||
212 | foreach ($_POST['groups_submit_registrations'] as $onegroupId) { |
||||||
213 | $grouppermHandler->addRight('wgevents_submit_registrations', $permId, $onegroupId, $mid); |
||||||
214 | } |
||||||
215 | } |
||||||
216 | // Permission to approve_registrations |
||||||
217 | $grouppermHandler->deleteByModule($mid, 'wgevents_approve_registrations', $permId); |
||||||
218 | if (isset($_POST['groups_approve_registrations'])) { |
||||||
219 | foreach ($_POST['groups_approve_registrations'] as $onegroupId) { |
||||||
220 | $grouppermHandler->addRight('wgevents_approve_registrations', $permId, $onegroupId, $mid); |
||||||
221 | } |
||||||
222 | } |
||||||
223 | \redirect_header('registration.php?op=list&start=' . $start . '&limit=' . $limit, 2, \_MA_WGEVENTS_FORM_OK); |
||||||
224 | } |
||||||
225 | // Get Form |
||||||
226 | $GLOBALS['xoopsTpl']->assign('error', $registrationObj->getHtmlErrors()); |
||||||
227 | $form = $registrationObj->getForm(); |
||||||
228 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||||||
229 | break; |
||||||
230 | case 'edit': |
||||||
231 | $templateMain = 'wgevents_admin_registration.tpl'; |
||||||
232 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('registration.php')); |
||||||
233 | $adminObject->addItemButton(\_AM_WGEVENTS_ADD_REGISTRATION, 'registration.php?op=new'); |
||||||
234 | $adminObject->addItemButton(\_AM_WGEVENTS_LIST_REGISTRATIONS, 'registration.php', 'list'); |
||||||
235 | $GLOBALS['xoopsTpl']->assign('buttons', $adminObject->displayButton('left')); |
||||||
236 | // Get Form |
||||||
237 | $registrationObj = $registrationHandler->get($regId); |
||||||
238 | $registrationObj->setStart = $start; |
||||||
239 | $registrationObj->setLimit = $limit; |
||||||
240 | $form = $registrationObj->getForm(); |
||||||
241 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||||||
242 | break; |
||||||
243 | case 'delete': |
||||||
244 | $templateMain = 'wgevents_admin_registration.tpl'; |
||||||
245 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation('registration.php')); |
||||||
246 | $registrationObj = $registrationHandler->get($regId); |
||||||
247 | $regEvid = $registrationObj->getVar('evid'); |
||||||
248 | if (isset($_REQUEST['ok']) && 1 === (int)$_REQUEST['ok']) { |
||||||
249 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||||
250 | \redirect_header('registration.php', 3, \implode(', ', $GLOBALS['xoopsSecurity']->getErrors())); |
||||||
251 | } |
||||||
252 | if ($registrationHandler->delete($registrationObj)) { |
||||||
253 | //delete existing answers |
||||||
254 | $answerHandler->cleanupAnswers($regEvid, $regId); |
||||||
255 | \redirect_header('registration.php', 3, \_MA_WGEVENTS_FORM_DELETE_OK); |
||||||
256 | } else { |
||||||
257 | $GLOBALS['xoopsTpl']->assign('error', $registrationObj->getHtmlErrors()); |
||||||
258 | } |
||||||
259 | } else { |
||||||
260 | $customConfirm = new Common\Confirm( |
||||||
261 | ['ok' => 1, 'id' => $regId, 'start' => $start, 'limit' => $limit, 'op' => 'delete'], |
||||||
262 | $_SERVER['REQUEST_URI'], |
||||||
263 | \sprintf(\_MA_WGEVENTS_FORM_SURE_DELETE, $registrationObj->getVar('firstname'). ' ' . $registrationObj->getVar('lastname'))); |
||||||
264 | $form = $customConfirm->getFormConfirm(); |
||||||
265 | $GLOBALS['xoopsTpl']->assign('form', $form->render()); |
||||||
266 | } |
||||||
267 | break; |
||||||
268 | } |
||||||
269 | require __DIR__ . '/footer.php'; |
||||||
270 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.