This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <? extend('left_panel_master.php') ?> |
||
0 ignored issues
–
show
|
|||
2 | <?php error_reporting(E_ERROR); ?> |
||
3 | <? startblock('extra_head') ?> |
||
4 | <script type="text/javascript" language="javascript"> |
||
5 | function showdiv(key1,key2) { |
||
6 | document.getElementById(key1).style.display = "none"; |
||
7 | document.getElementById(key2).style.display = "block"; |
||
8 | } |
||
9 | function save_speed_dial(speed_num){ |
||
10 | var accountid= "<?= $account_data['id'] ?>"; |
||
11 | var speed_dial="speed_dial_"+speed_num; |
||
12 | var speeddial_number =document.getElementById(speed_dial).value; |
||
13 | if (!/^[0-9]+$/.test(speeddial_number)) { |
||
14 | $('#error_'+speed_dial).text( "Please enter only numeric value" ); |
||
15 | document.getElementById(speed_dial).focus(); |
||
16 | return false; |
||
17 | } |
||
18 | $.ajax({ |
||
19 | type: "POST", |
||
20 | url: "<?= base_url() ?>/accounts/customer_speeddial_save/"+speeddial_number+'/'+accountid+'/'+speed_num+"/", |
||
21 | data:'', |
||
22 | success:function() { |
||
23 | location.reload(true); |
||
24 | } |
||
25 | }); |
||
26 | } |
||
27 | function remove_save_speed_dial(speed_num){ |
||
28 | var accountid= "<?= $account_data['id'] ?>"; |
||
29 | $.ajax({ |
||
30 | type: "POST", |
||
31 | url: "<?= base_url() ?>/accounts/customer_speeddial_remove/"+accountid+'/'+speed_num, |
||
32 | data:'', |
||
33 | success:function() { |
||
34 | location.reload(true); |
||
35 | } |
||
36 | }); |
||
37 | } |
||
38 | /************************************************************************/ |
||
39 | |||
40 | </script> |
||
41 | <style> |
||
42 | label.error { |
||
43 | float: left; color: red; |
||
44 | padding-left: .3em; vertical-align: top; |
||
45 | padding-left:40px; |
||
46 | margin-top:20px; |
||
47 | width:1500% !important; |
||
48 | } |
||
49 | .form-control |
||
50 | { |
||
51 | height:33px; |
||
52 | } |
||
53 | </style> |
||
54 | <?php endblock() ?> |
||
55 | <? startblock('page-title') ?> |
||
56 | <?= $page_title ?> |
||
57 | <? endblock() ?> |
||
58 | <?php startblock('content') ?> |
||
59 | <div id="main-wrapper" class="tabcontents"> |
||
60 | <div id="content"> |
||
61 | <div class="row"> |
||
62 | <div class="col-md-12 no-padding color-three border_box"> |
||
63 | <div class="pull-left"> |
||
64 | <ul class="breadcrumb"> |
||
65 | <li><a href="<?= base_url()."accounts/".strtolower($accounttype)."_list/"; ?>"><?= ucfirst($accounttype); ?>s </a></li> |
||
66 | <li> |
||
67 | <a href="<?= base_url()."accounts/".strtolower($accounttype)."_edit/".$edit_id."/"; ?>"> Profile </a> |
||
68 | </li> |
||
69 | <li class="active"> |
||
70 | <a href="<?= base_url()."accounts/".strtolower($accounttype)."_speeddial/".$edit_id."/"; ?>"> Speed Dial </a> |
||
71 | </li> |
||
72 | </ul> |
||
73 | </div> |
||
74 | <div class="pull-right"> |
||
75 | <ul class="breadcrumb"> |
||
76 | <li class="active pull-right"> |
||
77 | <a href="<?= base_url()."accounts/".strtolower($accounttype)."_edit/".$edit_id."/"; ?>"> <i class="fa fa-fast-backward" aria-hidden="true"></i> Back</a></li> |
||
78 | </ul> |
||
79 | </div> |
||
80 | </div> |
||
81 | |||
82 | |||
83 | <div class="padding-15 col-md-12"> |
||
84 | <div class="slice color-three pull-left content_border"> |
||
85 | <div id='speed_dial'> |
||
86 | <div class="col-md-12 color-three padding-b-20 padding-t-20"> |
||
87 | <form method="post" name="myform_speed" id="myform_speed" action="#" enctype="multipart/form-data"> |
||
88 | <div class="col-md-12"> |
||
89 | <div class="col-md-1 no-padding">Speed Dial<br/>(#Digits)</div> |
||
90 | <div class="col-md-3">Extension</div> |
||
91 | <div class="col-md-4">Action</div> |
||
92 | </div> |
||
93 | <?php |
||
94 | $res = $this->db_model->getSelect("*", "speed_dial", array("accountid" => $account_data[0]['id'])); |
||
95 | if ($res->num_rows() > 0) { |
||
96 | $result = $res->result_array(); |
||
97 | } else { |
||
98 | $result = 0; |
||
99 | } |
||
100 | for ($i = 0; $i <= 9; $i++) { |
||
101 | ?> |
||
102 | <div class="col-md-12"> |
||
103 | <div id="key<?php echo $i; ?><?php echo $i + 1; ?>" style="display:block;"> |
||
104 | <div class="col-md-1"> |
||
105 | <label class="col-md-2"> |
||
106 | <?php echo $i; ?> |
||
107 | </label> |
||
108 | </div> |
||
109 | <div class="col-md-3"> |
||
110 | <label class="col-md-2" name="speed_dial" size="16"> |
||
111 | <?php |
||
112 | echo $result[$i]['number']; |
||
113 | ?> |
||
114 | </label> |
||
115 | </div> |
||
116 | <div class="col-md-4 margin-b-10"> |
||
117 | <div class="col-md-2 no-padding"> |
||
118 | <a class="btn btn-warning" onclick="showdiv('key<?php echo $i; ?><?php echo $i + 1; ?>','key<?php echo $i; ?><?php echo $i + 2; ?>')" title="Edit">Edit</a> |
||
119 | </div> |
||
120 | <div class="col-md-2 no-padding"> |
||
121 | <a class="btn btn-line-sky margin-x-10" onclick="remove_save_speed_dial('<?php echo $i; ?>')" title="Delete" name="click0<?php echo $i; ?>" id="click0<?php echo $i; ?>">Delete</a> |
||
122 | </div> |
||
123 | </div> |
||
124 | </div> |
||
125 | |||
126 | <div id="key<?php echo $i; ?><?php echo $i + 2; ?>" style="display:none;"> |
||
127 | <div class="col-md-1"> |
||
128 | <label class="col-md-2"> |
||
129 | |||
130 | <?php echo $i; ?> |
||
131 | </label> |
||
132 | </div> |
||
133 | <div class="col-md-3"> |
||
134 | <input class="col-md-2 form-control" name="speed_dial_<?php echo $i; ?>" id="speed_dial_<?php echo $i; ?>" size="16" type="text" value="<?php if (isset($speeddial[$i]) && !empty($speeddial[$i])) { |
||
135 | echo $speeddial[$i]; |
||
136 | } ?>"> |
||
137 | </div> |
||
138 | <div class="col-md-4"> |
||
139 | <div class="col-md-2 no-padding"> |
||
140 | <a onclick="save_speed_dial('<?php echo $i; ?>')" class="btn btn-line-parrot" title="Save" name="click<?php echo $i; ?>" id="click<?php echo $i; ?>">Save</a> |
||
141 | </div> |
||
142 | <div class="col-md-2 no-padding"> |
||
143 | <a onclick="remove_save_speed_dial('<?php echo $i; ?>')" class="btn btn-line-sky margin-x-10" title="Delete" name="click0<?php echo $i; ?>" id="click0<?php echo $i; ?>">Delete</a> |
||
144 | </div> |
||
145 | |||
146 | </div> |
||
147 | </div> |
||
148 | </div> |
||
149 | <div class="col-md-12"> |
||
150 | <span style="color:red;float:left;margin-top:-10px; margin-left:115px;" id="error_speed_dial_<?php echo $i; ?>"></span> |
||
151 | </div> |
||
152 | <?php } ?> |
||
153 | </form> |
||
154 | </div> |
||
155 | </div> |
||
156 | </div> |
||
157 | </div> |
||
158 | </div> |
||
159 | </div> |
||
160 | </div> |
||
161 | <? endblock() ?> |
||
162 | <? startblock('sidebar') ?> |
||
163 | Filter by |
||
164 | <? endblock() ?> |
||
165 | <? end_extend() ?> |
||
166 |
Short opening tags are disabled in PHP’s default configuration. In such a case, all content of this file is output verbatim to the browser without being parsed, or executed.
As a precaution to avoid these problems better use the long opening tag
<?php
.