This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | /* |
||
4 | You may not change or alter any portion of this comment or credits |
||
5 | of supporting developers from this source code or any supporting source code |
||
6 | which is considered copyrighted (c) material of the original comment or credit authors. |
||
7 | |||
8 | This program is distributed in the hope that it will be useful, |
||
9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
11 | */ |
||
12 | |||
13 | /** |
||
14 | * wgEvents module for xoops |
||
15 | * |
||
16 | * @copyright 2020 XOOPS Project (https://xooops.org) |
||
17 | * @license GPL 2.0 or later |
||
18 | * @package wgevents |
||
19 | * @author Goffy - XOOPS Development Team - Email:<[email protected]> - Website:<https://xoops.wedega.com> |
||
20 | */ |
||
21 | |||
22 | use Xmf\Request; |
||
23 | use XoopsModules\Wgevents; |
||
24 | use XoopsModules\Wgevents\{ |
||
25 | Constants, |
||
26 | Utility, |
||
27 | Export\Simplexlsxgen, |
||
28 | Export\Simplecsv, |
||
29 | }; |
||
30 | |||
31 | require __DIR__ . '/header.php'; |
||
32 | require_once \XOOPS_ROOT_PATH . '/header.php'; |
||
33 | $GLOBALS['xoopsTpl']->assign('template_sub', 'db:wgevents_output.tpl'); |
||
34 | |||
35 | $op = Request::getCmd('op', 'none'); |
||
36 | $evId = Request::getInt('id'); |
||
37 | $redir = Request::getString('redir'); |
||
38 | $outType = Request::getString('output_type', 'none'); |
||
39 | |||
40 | switch ($op) { |
||
41 | case 'none': |
||
42 | default: |
||
43 | echo 'Invalid op'; |
||
44 | break; |
||
45 | case 'reg_all'; |
||
46 | if (0 === $evId) { |
||
47 | \redirect_header('registration.php?op=list', 3, \_MA_WGEVENTS_INVALID_PARAM); |
||
48 | } |
||
49 | $eventObj = $eventHandler->get($evId); |
||
50 | if (!$permissionsHandler->getPermRegistrationsApprove($eventObj->getVar('submitter'), $eventObj->getVar('status'))) { |
||
51 | \redirect_header('index.php', 3, _NOPERM); |
||
52 | } |
||
53 | switch ($outType) { |
||
54 | case 'csv': |
||
55 | case 'xlsx': |
||
56 | $eventname = \preg_replace('/[^a-zA-Z0-9]/', '', (string)$eventObj->getVar('name')); |
||
57 | $filename = \date('Ymd_H_i_s_') . \_MA_WGEVENTS_REGISTRATIONS . '_' . $eventname . '.' . $outType; |
||
58 | |||
59 | $eventFee = (float)$eventObj->getVar('fee'); |
||
60 | $eventRegisterMax = (int)$eventObj->getVar('register_max'); |
||
61 | // Add data |
||
62 | $crRegistration = new \CriteriaCompo(); |
||
63 | $crRegistration->add(new \Criteria('evid', $evId)); |
||
64 | $registrationsCount = $registrationHandler->getCount($crRegistration); |
||
65 | $GLOBALS['xoopsTpl']->assign('registrationsCount', $registrationsCount); |
||
66 | |||
67 | if ($registrationsCount > 0) { |
||
68 | $i = 0; |
||
69 | // get all questions for this event |
||
70 | $questionsArr = $questionHandler->getQuestionsByEvent($evId); |
||
71 | //add field names |
||
72 | if ('xlsx' === $outType) { |
||
73 | $data[$i] = [\_MA_WGEVENTS_REGISTRATION_SALUTATION, \_MA_WGEVENTS_REGISTRATION_FIRSTNAME, \_MA_WGEVENTS_REGISTRATION_LASTNAME, |
||
74 | \_MA_WGEVENTS_REGISTRATION_EMAIL]; |
||
75 | foreach ($questionsArr as $question) { |
||
76 | $data[$i][] = $question['caption']; |
||
77 | } |
||
78 | if ($eventFee > 0) { |
||
79 | $data[$i][] = \_MA_WGEVENTS_REGISTRATION_FINANCIAL; |
||
80 | } |
||
81 | if ($eventRegisterMax > 0) { |
||
82 | $data[$i][] = \_MA_WGEVENTS_REGISTRATION_LISTWAIT; |
||
83 | } |
||
84 | $data[$i][] = \_MA_WGEVENTS_DATECREATED; |
||
85 | $data[$i][] = \_MA_WGEVENTS_SUBMITTER; |
||
86 | } else { |
||
87 | $data[$i] = [ |
||
88 | '"' . \_MA_WGEVENTS_REGISTRATION_SALUTATION . '"', |
||
89 | '"' . \_MA_WGEVENTS_REGISTRATION_FIRSTNAME . '"', |
||
90 | '"' . \_MA_WGEVENTS_REGISTRATION_LASTNAME . '"', |
||
91 | '"' . \_MA_WGEVENTS_REGISTRATION_EMAIL . '"' |
||
92 | ]; |
||
93 | foreach ($questionsArr as $question) { |
||
94 | $data[$i][] = '"' . $question['caption'] . '"'; |
||
95 | } |
||
96 | if ($eventFee > 0) { |
||
97 | $data[$i][] = '"' . \_MA_WGEVENTS_REGISTRATION_FINANCIAL . '"'; |
||
98 | } |
||
99 | if ($eventRegisterMax > 0) { |
||
100 | $data[$i][] = '"' . \_MA_WGEVENTS_REGISTRATION_LISTWAIT . '"'; |
||
101 | } |
||
102 | $data[$i][] = '"' . \_MA_WGEVENTS_DATECREATED . '"'; |
||
103 | $data[$i][] = '"' . \_MA_WGEVENTS_SUBMITTER . '"'; |
||
104 | } |
||
105 | //get list of existing registrations for current user/current IP |
||
106 | $registrations = $registrationHandler->getRegistrationDetailsByEvent($evId, $questionsArr, false); |
||
107 | // Get All Transactions |
||
108 | foreach ($registrations as $registration) { |
||
109 | $i++; |
||
110 | if ('xlsx' === $outType) { |
||
111 | $data[$i] = [ |
||
112 | $registration['salutation_text'], |
||
113 | $registration['firstname'], |
||
114 | $registration['lastname'], |
||
115 | $registration['email'] |
||
116 | ]; |
||
117 | foreach ($registration['answers'] as $answer) { |
||
118 | $data[$i][] = $answer; |
||
119 | } |
||
120 | if ($eventFee > 0) { |
||
121 | $data[$i][] = $registration['financial_text']; |
||
122 | } |
||
123 | if ($eventRegisterMax > 0) { |
||
124 | $data[$i][] = $registration['listwait_text']; |
||
125 | } |
||
126 | $data[$i][] = $registration['datecreated_text']; |
||
127 | $data[$i][] = $registration['submitter_text']; |
||
128 | } else { |
||
129 | $data[$i] = [ |
||
130 | '"' . $registration['salutation_text'] . '"', |
||
131 | '"' . $registration['firstname'] . '"', |
||
132 | '"' . $registration['lastname'] . '"', |
||
133 | '"' . $registration['email'] . '"' |
||
134 | ]; |
||
135 | foreach ($registration['answers'] as $answer) { |
||
136 | $data[$i][] = '"' . $answer . '"'; |
||
137 | } |
||
138 | if ($eventFee > 0) { |
||
139 | $data[$i][] = '"' . $registration['financial_text'] . '"'; |
||
140 | } |
||
141 | if ($eventRegisterMax > 0) { |
||
142 | $data[$i][] = '"' . $registration['listwait_text'] . '"'; |
||
143 | } |
||
144 | $data[$i][] = '"' . $registration['datecreated_text'] . '"'; |
||
145 | $data[$i][] = '"' . $registration['submitter_text'] . '"'; |
||
146 | } |
||
147 | } |
||
148 | unset($registrations); |
||
149 | } |
||
150 | if ('xlsx' === $outType) { |
||
151 | $xlsx = Simplexlsxgen\SimpleXLSXGen::fromArray($data); |
||
152 | $xlsx->downloadAs($filename); |
||
153 | } else { |
||
154 | $csv = Simplecsv\SimpleCSV::downloadAs( $data, $filename); |
||
155 | } |
||
156 | break; |
||
157 | case 'none': |
||
158 | default: |
||
159 | break; |
||
160 | } |
||
161 | break; |
||
162 | } |
||
163 | |||
164 | require __DIR__ . '/footer.php'; |
||
165 | |||
166 | /** |
||
167 | * function to clean output for csv |
||
168 | * |
||
169 | * @param $text |
||
170 | * @return string |
||
171 | */ |
||
172 | function cleanOutputCsv ($text) { |
||
173 | //replace possible column break in output |
||
174 | $cleanText = \str_replace(';', ',', $text); |
||
175 | |||
176 | //convert to utf8 |
||
177 | \mb_convert_encoding($cleanText, 'UTF-8'); |
||
178 | foreach(\mb_list_encodings() as $chr){ |
||
179 | $cleanText = \mb_convert_encoding($cleanText, 'UTF-8', $chr); |
||
180 | } |
||
181 | |||
182 | return $cleanText; |
||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||
183 | } |
||
184 | |||
185 | /** |
||
186 | * function to clean output for xlsx |
||
187 | * |
||
188 | * @param $text |
||
189 | * @return string |
||
190 | */ |
||
191 | function cleanOutputXlsx ($text) { |
||
192 | //replace line breaks by blank space |
||
193 | $cleanText = \str_replace(['<br>', '</p>'], ' ', $text); |
||
194 | //replace html code by clean char |
||
195 | return \html_entity_decode($cleanText); |
||
196 | } |
||
197 |