This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | if (!defined('BASEPATH')) { |
||
4 | exit('No direct script access allowed'); |
||
5 | } |
||
6 | |||
7 | /** |
||
8 | * Class Dashboard |
||
9 | * @property Cms_admin cms_admin |
||
10 | */ |
||
11 | class Dashboard extends BaseAdminController |
||
12 | { |
||
13 | |||
14 | public function __construct() { |
||
15 | parent::__construct(); |
||
16 | |||
17 | $this->load->library('DX_Auth'); |
||
18 | admin_or_redirect(); |
||
19 | |||
20 | $this->load->library('lib_admin'); |
||
21 | $this->lib_admin->init_settings(); |
||
22 | } |
||
23 | |||
24 | public function index() { |
||
25 | $language = $this->cms_admin->get_default_lang(); |
||
26 | |||
27 | // get latest pages |
||
28 | $this->db->limit(5); |
||
29 | $this->db->select('IF(route.parent_url <> \'\', concat(route.parent_url, \'/\', route.url), route.url) as full_url, content.*', FALSE); |
||
30 | $this->db->join('route', 'route.id=content.route_id'); |
||
31 | $this->db->order_by('created', 'DESC'); |
||
32 | $this->db->where('lang_alias', 0); |
||
33 | $latest = $this->db->get('content')->result_array(); |
||
34 | |||
35 | // get recently updated pages |
||
36 | $this->db->limit(5); |
||
37 | $this->db->select('IF(route.parent_url <> \'\', concat(route.parent_url, \'/\', route.url), route.url) as full_url, content.*', FALSE); |
||
38 | $this->db->join('route', 'route.id=content.route_id'); |
||
39 | $this->db->order_by('updated', 'DESC'); |
||
40 | $this->db->where('updated >', 0); |
||
41 | $this->db->where('lang_alias', 0); |
||
42 | $updated = $this->db->get('content')->result_array(); |
||
43 | |||
44 | // get comments |
||
45 | if ($this->db->get_where('components', ['name' => 'comments'])->row()) { |
||
46 | $comments = $this->db->where('status', '0') |
||
47 | ->or_where('status', '1') |
||
48 | ->order_by('date', 'DESC') |
||
49 | ->get('comments') |
||
50 | ->result_array(); |
||
51 | $total_comments = count($comments); |
||
52 | $comments = array_slice($comments, 0, 5); |
||
53 | } else { |
||
54 | $total_comments = 0; |
||
55 | } |
||
56 | |||
57 | // total pages |
||
58 | $this->db->where('post_status', 'publish')->where('lang', $language['id']); |
||
59 | $this->db->from('content'); |
||
60 | $total_pages = $this->db->count_all_results(); |
||
61 | |||
62 | // total categories |
||
63 | $this->db->from('category'); |
||
64 | $total_cats = $this->db->count_all_results(); |
||
65 | |||
66 | $this->template->add_array( |
||
67 | [ |
||
68 | 'latest' => $latest, |
||
69 | 'updated' => $updated, |
||
70 | 'comments' => $comments, |
||
71 | 'total_cats' => $total_cats, |
||
72 | 'total_pages' => $total_pages, |
||
73 | 'total_comments' => $total_comments, |
||
74 | ] |
||
75 | ); |
||
76 | |||
77 | // If we are online - load system news. |
||
78 | $s_ip = substr($this->input->server('SERVER_ADDR'), 0, strrpos($this->input->server('SERVER_ADDR'), '.')); |
||
79 | |||
80 | switch ($s_ip) { |
||
81 | case '127.0.0': |
||
82 | case '127.0.1': |
||
83 | case '10.0.0': |
||
84 | case '172.16.0': |
||
85 | case '192.168.0': |
||
86 | $on_local = TRUE; |
||
87 | break; |
||
88 | } |
||
89 | |||
90 | if (($api_news = $this->cache->fetch('api_news_cache')) !== FALSE) { |
||
91 | $this->template->assign('api_news', $api_news); |
||
92 | } else { |
||
93 | if ($on_local !== TRUE) { |
||
94 | $this->config->load('api'); |
||
95 | |||
96 | $api_news = $this->_curl_post($this->config->item('imagecms_latest_news'), ['for' => IMAGECMS_NUMBER]); |
||
97 | |||
98 | if (count(unserialize($api_news['result'])) > 1 AND $api_news['code'] == '200') { |
||
99 | $this->template->assign('api_news', unserialize($api_news['result'])); |
||
100 | $this->cache->store('api_news_cache', unserialize($api_news['result'])); |
||
101 | } else { |
||
102 | $this->cache->store('api_news_cache', 'false'); |
||
103 | } |
||
104 | } |
||
105 | } |
||
106 | |||
107 | // Get system upgrade info |
||
108 | // $this->load->module('admin/sys_upgrade'); |
||
109 | // $status = $this->sys_upgrade->_check_status(); |
||
110 | // Get next version number |
||
111 | $next_v = explode('_', $status['upgrade_file']); |
||
0 ignored issues
–
show
|
|||
112 | |||
113 | if (isset($next_v[2])) { |
||
114 | $this->template->assign('next_v', str_replace('.zip', '', $next_v[2])); |
||
115 | } |
||
116 | |||
117 | $this->template->add_array( |
||
118 | [ |
||
119 | 'cms_number' => IMAGECMS_NUMBER, |
||
120 | 'sys_status' => $status, |
||
121 | ] |
||
122 | ); |
||
123 | |||
124 | \CMSFactory\Events::create()->registerEvent('', 'Dashboard:show'); |
||
125 | \CMSFactory\Events::runFactory(); |
||
126 | |||
127 | $this->template->show('dashboard', FALSE); |
||
128 | } |
||
129 | |||
130 | private function _curl_post($url = '', $data = []) { |
||
131 | $options = []; |
||
132 | $options[CURLOPT_HEADER] = FALSE; |
||
133 | $options[CURLOPT_RETURNTRANSFER] = TRUE; |
||
134 | $options[CURLOPT_POST] = FALSE; |
||
135 | $options[CURLOPT_POSTFIELDS] = $data; |
||
136 | $options[CURLOPT_REFERER] = base_url(); |
||
137 | |||
138 | $handler = curl_init($url); |
||
139 | |||
140 | curl_setopt_array($handler, $options); |
||
141 | $resp = curl_exec($handler); |
||
142 | |||
143 | $result['code'] = curl_getinfo($handler, CURLINFO_HTTP_CODE); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$result was never initialized. Although not strictly required by PHP, it is generally a good practice to add $result = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
144 | $result['result'] = $resp; |
||
145 | $result['error'] = curl_errno($handler); |
||
146 | |||
147 | curl_close($handler); |
||
148 | return $result; |
||
149 | } |
||
150 | |||
151 | } |
||
152 | |||
153 | /* End of dashboard.php */ |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.