This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | use template_manager\classes\Template; |
||
0 ignored issues
–
show
|
|||
4 | |||
5 | if (!defined('BASEPATH')) { |
||
6 | exit('No direct script access allowed'); |
||
7 | } |
||
8 | |||
9 | /** |
||
10 | * @property CI_Cache $cache |
||
11 | * @property Cms_admin $cms_admin |
||
12 | * @property Lib_admin $lib_admin |
||
13 | * @property SiteInfo $siteinfo |
||
14 | * @property Lib_category $lib_category |
||
15 | */ |
||
16 | class Settings extends BaseAdminController |
||
17 | { |
||
18 | |||
19 | /** |
||
20 | * If TRUE then data will be save for each locale separately |
||
21 | * @var boolean |
||
22 | */ |
||
23 | protected $siteInfoLocales = FALSE; |
||
24 | |||
25 | /** |
||
26 | * Upload path for images (logo and favicon) |
||
27 | * @var string |
||
28 | */ |
||
29 | protected $uploadPath = 'uploads/images/'; |
||
30 | |||
31 | View Code Duplication | public function __construct() { |
|
32 | |||
33 | parent::__construct(); |
||
34 | |||
35 | $this->load->library('DX_Auth'); |
||
36 | admin_or_redirect(); |
||
37 | |||
38 | $this->load->library('lib_admin'); |
||
39 | $this->load->library('lib_category'); |
||
40 | $this->lib_admin->init_settings(); |
||
41 | } |
||
42 | |||
43 | public function index() { |
||
44 | |||
45 | $settings = $this->cms_admin->get_settings(); |
||
46 | unset($settings['siteinfo']); |
||
47 | |||
48 | $locale = $this->db->select('identif')->where('default', 1)->get('languages')->row_array(); |
||
49 | $this->load->library('SiteInfo', $locale['identif']); |
||
50 | |||
51 | $siteinfo = $siteinfo = $this->siteinfo->getSiteInfoData(TRUE); |
||
52 | |||
53 | /// Вибірка сторінок по мові \\\\\\\ |
||
54 | $language = MY_Controller::getCurrentLanguage(); |
||
55 | $query = $this->db->select('*')->where('lang', $language['id'])->get('content'); |
||
56 | $pages = $query->result_array(); |
||
57 | $this->template->assign('pages', $pages); |
||
58 | |||
59 | if (is_array($siteinfo)) { |
||
60 | $this->template->add_array($siteinfo); |
||
61 | } |
||
62 | |||
63 | $this->template->assign('pageSetting', $settings['main_page_id']); |
||
64 | $this->template->add_array($settings); |
||
65 | $this->template->assign('templates', $this->_get_templates()); |
||
66 | $this->template->assign('template_selected', $settings['site_template']); |
||
67 | |||
68 | // Передає змінну статусу роботів |
||
69 | |||
70 | $this->template->assign('robots_settings_status', $settings['robots_settings_status']); |
||
71 | $this->template->assign('robots_settings', $settings['robots_settings']); |
||
72 | $this->template->assign('robots_status', $settings['robots_status']); |
||
73 | |||
74 | $this->template->assign('work_values', ['yes' => lang('Yes', 'admin'), 'no' => lang('No', 'admin')]); |
||
75 | $this->template->assign('site_offline', $settings['site_offline']); |
||
76 | |||
77 | $this->config->set_item('cur_lang', $this->load->module('core')->def_lang[0]['id']); |
||
78 | $this->template->assign('tree', $this->lib_category->build()); |
||
79 | |||
80 | $this->template->assign('parent_id', $settings['main_page_cat']); |
||
81 | $this->template->assign('www_redirect', $settings['www_redirect']); |
||
82 | $this->template->assign('id', 0); |
||
83 | |||
84 | ///++++++++++++++++++++ |
||
85 | |||
86 | $langs = $this->db->get('languages')->result_array(); |
||
87 | $lang_meta = []; |
||
88 | foreach ($langs as $lang) { |
||
89 | $meta = $this->db->where('lang_ident', $lang['id'])->limit(1)->get('settings_i18n')->result_array(); |
||
90 | if (count($meta) > 0) { |
||
91 | $lang_meta[$lang['id']] = $meta[0]; |
||
92 | } else { |
||
93 | $lang_meta[$lang['id']] = null; |
||
94 | } |
||
95 | } |
||
96 | |||
97 | $this->template->assign('langs', $langs); |
||
98 | |||
99 | $this->template->assign('meta_langs', $lang_meta); |
||
100 | $this->template->assign('users_roles', Permitions::getRoles()); |
||
101 | $this->template->assign('users_registration_role_id', $settings['users_registration_role_id']); |
||
102 | |||
103 | $this->template->assign('url_settings', json_decode($settings['url'], true)); |
||
104 | |||
105 | //++++++++++++++++++++ |
||
106 | // Load modules list |
||
107 | $notAvailableModules = [ |
||
108 | 'mainsaas', |
||
109 | 'saas', |
||
110 | 'translator', |
||
111 | 'auth', |
||
112 | 'user_manager', |
||
113 | 'comments', |
||
114 | 'navigation', |
||
115 | 'tags', |
||
116 | 'rss', |
||
117 | 'menu', |
||
118 | 'sitemap', |
||
119 | 'search', |
||
120 | 'template_editor', |
||
121 | 'filter', |
||
122 | 'cfcm', |
||
123 | 'sample_mail', |
||
124 | 'mailer', |
||
125 | 'share', |
||
126 | 'banners', |
||
127 | 'new_level', |
||
128 | 'shop_news', |
||
129 | 'categories_settings', |
||
130 | 'exchange', |
||
131 | 'cmsemail', |
||
132 | 'mod_stats', |
||
133 | 'mod_seo', |
||
134 | 'mod_discount', |
||
135 | 'smart_filter', |
||
136 | 'mobile', |
||
137 | 'trash', |
||
138 | 'language_switch', |
||
139 | 'star_rating', |
||
140 | 'imagebox', |
||
141 | 'sample_module', |
||
142 | 'template_manager', |
||
143 | 'payment_method_2checkout', |
||
144 | 'payment_method_oschadbank', |
||
145 | 'payment_method_robokassa', |
||
146 | 'payment_method_webmoney', |
||
147 | 'payment_method_paypal', |
||
148 | 'payment_method_liqpay', |
||
149 | 'payment_method_privat24', |
||
150 | 'payment_method_sberbank', |
||
151 | 'payment_method_qiwi', |
||
152 | 'payment_method_interkassa', |
||
153 | 'import_export', |
||
154 | 'admin_menu', |
||
155 | 'related_products', |
||
156 | 'ymarket', |
||
157 | 'xbanners', |
||
158 | 'moy_sklad', |
||
159 | 'custom_scripts', |
||
160 | 'ga_dashboard', |
||
161 | 'seo_snippets', |
||
162 | 'payment_method_yakassa', |
||
163 | ]; |
||
164 | $this->template->assign('modules', $this->db->where_not_in('name', $notAvailableModules)->get('components')->result_array()); |
||
165 | |||
166 | $this->template->show('settings_site', FALSE); |
||
167 | } |
||
168 | |||
169 | //++++++++++++++ |
||
170 | |||
171 | public function translate_meta() { |
||
172 | |||
173 | $this->load->library('form_validation'); |
||
174 | |||
175 | $this->form_validation->set_rules('name', lang('Name', 'admin'), 'trim|required|xss_clean'); |
||
176 | $this->form_validation->set_rules('short_name', lang('Short name', 'admin'), 'trim|required|xss_clean'); |
||
177 | $this->form_validation->set_rules('description', lang('Description', 'admin'), 'trim|xss_clean'); |
||
178 | $this->form_validation->set_rules('keywords', lang('Keywords', 'admin'), 'trim|xss_clean'); |
||
179 | |||
180 | if ($this->form_validation->run($this) == FALSE) { |
||
181 | showMessage(validation_errors(), false, 'r'); |
||
182 | } else { |
||
183 | $name = $this->input->post('name'); |
||
184 | $short_name = $this->input->post('short_name'); |
||
185 | $desk = $this->input->post('description'); |
||
186 | $key = $this->input->post('keywords'); |
||
187 | $lang = $this->input->post('lang_ident'); |
||
188 | if (count($this->db->where('lang_ident', $lang)->get('settings_i18n')->result_array())) { |
||
189 | $this->db->query( |
||
190 | "UPDATE settings_i18n |
||
191 | SET |
||
192 | name = '$name', |
||
193 | short_name = '$short_name', |
||
194 | description = '$desk', |
||
195 | keywords = '$key' |
||
196 | WHERE lang_ident = '$lang'" |
||
197 | ); |
||
198 | } else { |
||
199 | $this->db->query( |
||
200 | "INSERT INTO settings_i18n( |
||
201 | lang_ident, |
||
202 | name, |
||
203 | short_name, |
||
204 | description, |
||
205 | keywords |
||
206 | ) |
||
207 | VALUES( |
||
208 | '$lang', |
||
209 | '$name', |
||
210 | '$short_name', |
||
211 | '$desk', |
||
212 | '$key')" |
||
213 | ); |
||
214 | } |
||
215 | } |
||
216 | } |
||
217 | |||
218 | //+++++++++++++++++++++++++++++++++++++++++ |
||
219 | |||
220 | /** |
||
221 | * Main Page settings |
||
222 | */ |
||
223 | public function main_page() { |
||
224 | |||
225 | $this->template->assign('tree', $this->lib_category->build()); |
||
226 | |||
227 | $settings = $this->cms_admin->get_settings(); |
||
228 | |||
229 | $this->template->add_array($settings); |
||
230 | $this->template->assign('parent_id', $settings['main_page_cat']); |
||
231 | $this->template->assign('id', 0); |
||
232 | |||
233 | $this->template->show('settings_main_page', FALSE); |
||
234 | } |
||
235 | |||
236 | /** |
||
237 | * Search templates in TEMPLATES_PATH folder |
||
238 | * |
||
239 | * @access private |
||
240 | * @return array |
||
0 ignored issues
–
show
Should the return type not be
array|false ? Also, consider making the array more specific, something like array<String> , or String[] .
This check compares the return type specified in the If the return type contains the type array, this check recommends the use of
a more specific type like ![]() |
|||
241 | */ |
||
242 | public function _get_templates() { |
||
243 | |||
244 | return get_templates(); |
||
245 | } |
||
246 | |||
247 | /** |
||
248 | * Save site settings |
||
249 | * |
||
250 | * @access public |
||
251 | */ |
||
252 | public function save() { |
||
253 | //cp_check_perm('cp_site_settings'); |
||
254 | |||
255 | $this->form_validation->set_rules('siteinfo_adminemail', lang('Admin email', 'admin'), 'trim|valid_email'); |
||
256 | View Code Duplication | if (!$this->form_validation->run($this)) { |
|
257 | showMessage(validation_errors(), lang('Error', 'admin'), 'r'); |
||
258 | return; |
||
259 | } |
||
260 | switch ($this->input->post('main_type')) { |
||
261 | case 'category': |
||
262 | $data = [ |
||
263 | 'main_type' => 'category', |
||
264 | 'main_page_cat' => $this->input->post('main_page_cat'), |
||
265 | ]; |
||
266 | |||
267 | $this->cms_admin->save_settings($data); |
||
268 | break; |
||
269 | |||
270 | case 'page': |
||
271 | if ($this->cms_admin->page_exists($this->input->post('main_page_pid'))) { |
||
272 | $data = [ |
||
273 | 'main_type' => 'page', |
||
274 | 'main_page_id' => $this->input->post('main_page_pid'), |
||
275 | ]; |
||
276 | |||
277 | $this->cms_admin->save_settings($data); |
||
278 | } else { |
||
279 | showMessage(lang('Page has not been found', 'admin'), false, 'r'); |
||
280 | exit; |
||
281 | } |
||
282 | break; |
||
283 | |||
284 | case 'module': |
||
285 | $data = [ |
||
286 | 'main_type' => 'module', |
||
287 | 'main_page_module' => $this->input->post('main_page_module'), |
||
288 | ]; |
||
289 | $this->cms_admin->save_settings($data); |
||
290 | break; |
||
291 | } |
||
292 | |||
293 | $this->processSiteInfo(); |
||
294 | |||
295 | $data_m = [ |
||
296 | 'create_keywords' => $this->input->post('create_keywords'), |
||
297 | 'create_description' => $this->input->post('create_description'), |
||
298 | 'create_cat_keywords' => $this->input->post('create_cat_keywords'), |
||
299 | 'create_cat_description' => $this->input->post('create_cat_description'), |
||
300 | 'add_site_name' => $this->input->post('add_site_name'), |
||
301 | 'add_site_name_to_cat' => $this->input->post('add_site_name_to_cat'), |
||
302 | 'delimiter' => $this->input->post('delimiter'), |
||
303 | 'cat_list' => $this->input->post('cat_list'), |
||
304 | 'editor_theme' => $this->input->post('editor_theme'), |
||
305 | 'site_offline' => $this->input->post('site_offline'), |
||
306 | 'google_analytics_id' => $this->input->post('google_analytics_id'), |
||
307 | 'google_webmaster' => $this->input->post('google_webmaster'), |
||
308 | 'yandex_webmaster' => $this->input->post('yandex_webmaster'), |
||
309 | 'yandex_metric' => $this->input->post('yandex_metric'), |
||
310 | 'site_template' => $this->input->post('template'), |
||
311 | 'lang_sel' => $this->input->post('lang_sel'), |
||
312 | 'text_editor' => $this->input->post('text_editor'), |
||
313 | 'robots_status' => (int) $this->input->post('robots_status'), |
||
314 | 'robots_settings_status' => (int) $this->input->post('robots_settings_status'), |
||
315 | 'robots_settings' => $this->input->post('robots_settings'), |
||
316 | 'google_analytics_ee' => $this->input->post('google_analytics_ee') == 'on' ? 1 : 0, |
||
317 | 'www_redirect' => $this->input->post('www_redirect'), |
||
318 | 'users_registration_role_id' => $this->input->post('users_registration_role_id'), |
||
319 | ]; |
||
320 | |||
321 | /** Save template path for shop * */ |
||
322 | if ($this->db->table_exists('shop_settings')) { |
||
323 | $shopTemplatePath = './templates/' . $this->input->post('template') . '/shop/'; |
||
324 | $this->db->where('name', 'systemTemplatePath')->update('shop_settings', ['value' => $shopTemplatePath]); |
||
325 | } |
||
326 | |||
327 | $this->translate_meta(); |
||
328 | |||
329 | $this->cms_admin->save_settings($data_m); |
||
330 | |||
331 | $this->cache->delete_all(); |
||
332 | |||
333 | $this->lib_admin->log(lang('Changed wesite settings', 'admin')); |
||
334 | |||
335 | echo "<script>var textEditor = '{$data_m['text_editor']}';</script>"; |
||
336 | if (!validation_errors()) { |
||
337 | showMessage(lang('Settings have been saved', 'admin')); |
||
338 | } |
||
339 | } |
||
340 | |||
341 | /** |
||
342 | * Getting values of "siteinfo" from POST |
||
343 | * Uploads logo and favicon (if present) |
||
344 | * @return boolean whatever data was saved or not |
||
345 | */ |
||
346 | protected function processSiteInfo() { |
||
347 | |||
348 | $this->load->library('SiteInfo', $this->input->post('siteinfo_locale')); |
||
349 | |||
350 | // getting all parameters with keys |
||
351 | $siteInfo = []; |
||
352 | $postData = $this->input->post(); |
||
353 | unset($postData['siteinfo_locale']); |
||
354 | foreach ($postData as $key => $value) { |
||
355 | if (0 === strpos($key, 'siteinfo_')) { |
||
356 | $siteInfo[$key] = $value; |
||
357 | unset($postData[$key]); |
||
358 | } |
||
359 | } |
||
360 | |||
361 | // remap additional fields |
||
362 | $additional = []; |
||
363 | $countKeys = count($siteInfo['siteinfo_contactkey']); |
||
364 | $countValues = count($siteInfo['siteinfo_contactvalue']); |
||
365 | if ($countKeys == $countValues & $countValues > 0) { |
||
0 ignored issues
–
show
Consider adding parentheses for clarity. Current Interpretation:
($countKeys == $countValues) & $countValues > 0 , Probably Intended Meaning: $countKeys == ($countValues & $countValues > 0)
When comparing the result of a bit operation, we suggest to add explicit parenthesis and not to rely on PHP’s built-in operator precedence to ensure the code behaves as intended and to make it more readable. Let’s take a look at these examples: // Returns always int(0).
return 0 === $foo & 4;
return (0 === $foo) & 4;
// More likely intended return: true/false
return 0 === ($foo & 4);
![]() |
|||
366 | for ($i = 0; $i < $countKeys; $i++) { |
||
367 | if (!empty($siteInfo['siteinfo_contactkey'][$i])) { |
||
368 | $additional[$siteInfo['siteinfo_contactkey'][$i]] = $siteInfo['siteinfo_contactvalue'][$i]; |
||
369 | } |
||
370 | } |
||
371 | } |
||
372 | |||
373 | unset($siteInfo['siteinfo_contactkey']); |
||
374 | unset($siteInfo['siteinfo_contactvalue']); |
||
375 | |||
376 | $siteInfo['contacts'] = $additional; |
||
377 | |||
378 | $upload_path = rtrim(FCPATH, '/') . $this->siteinfo->imagesPath; |
||
379 | |||
380 | $config['upload_path'] = $upload_path; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$config was never initialized. Although not strictly required by PHP, it is generally a good practice to add $config = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
381 | $config['allowed_types'] = 'jpg|jpeg|png|ico|gif'; |
||
382 | $config['overwrite'] = TRUE; |
||
383 | $this->load->library('upload', $config); |
||
384 | |||
385 | // upload or delete (or do nothing) favicon and logo |
||
386 | View Code Duplication | if ($this->input->post('si_delete_favicon') == 1) { |
|
387 | if (isset($siteInfo['siteinfo_favicon'])) { |
||
388 | unset($siteInfo['siteinfo_favicon']); |
||
389 | } |
||
390 | } else { |
||
391 | $this->processLogoOrFavicon('siteinfo_favicon', $siteInfo); |
||
392 | } |
||
393 | |||
394 | View Code Duplication | if ($this->input->post('si_delete_logo') == 1) { |
|
395 | if (isset($siteInfo['siteinfo_logo'])) { |
||
396 | unset($siteInfo['siteinfo_logo']); |
||
397 | } |
||
398 | } else { |
||
399 | $this->processLogoOrFavicon('siteinfo_logo', $siteInfo); |
||
400 | } |
||
401 | |||
402 | // saving admin's email in application/config/auth.php |
||
403 | $authFullPath = './application/config/auth.php'; |
||
404 | $authContents = file_get_contents($authFullPath); |
||
405 | $pattern = '/(\$config\[\'DX_webmaster_email\'\][\s\=]{1,})[\'\"0-9A-Za-z\@\.\-\_]+/i'; |
||
406 | $replacement = '$1\'' . $siteInfo['siteinfo_adminemail'] . '\''; |
||
407 | $newAuthContents = preg_replace($pattern, $replacement, $authContents); |
||
408 | if (is_writable($authFullPath)) { |
||
409 | $this->load->helper('file'); |
||
410 | write_file($authFullPath, $newAuthContents); |
||
411 | } |
||
412 | |||
413 | $this->siteinfo->setSiteInfoData($siteInfo); |
||
414 | if ($this->input->post('si_delete_favicon') == 1) { |
||
415 | $this->siteinfo->deleteSiteInfoValue('favicon'); |
||
416 | } |
||
417 | if ($this->input->post('si_delete_logo') == 1) { |
||
418 | $this->siteinfo->deleteSiteInfoValue('logo'); |
||
419 | } |
||
420 | return $this->siteinfo->save(); |
||
421 | } |
||
422 | |||
423 | public function getSiteInfoDataJson() { |
||
424 | |||
425 | $this->load->library('SiteInfo', $this->input->post('locale')); |
||
426 | $data = $this->siteinfo->getSiteInfoData(TRUE); |
||
427 | echo json_encode(array_merge($data, ['locale' => $this->input->post('locale')])); |
||
428 | } |
||
429 | |||
430 | /** |
||
431 | * |
||
432 | * @param string $paramName |
||
433 | * @param array $siteinfo |
||
434 | */ |
||
435 | protected function processLogoOrFavicon($paramName, &$siteinfo) { |
||
436 | |||
437 | // setting old value |
||
438 | $oldValue = $this->siteinfo->getSiteInfo($paramName); |
||
439 | $siteinfo[$paramName] = !empty($oldValue) ? $oldValue : ''; |
||
440 | View Code Duplication | if (isset($_FILES[$paramName])) { |
|
441 | if (!$this->upload->do_upload($paramName)) { |
||
442 | echo $this->upload->display_errors('', ''); |
||
443 | } else { |
||
444 | $uploadData = $this->upload->data(); |
||
445 | $siteinfo[$paramName] = $uploadData['file_name']; |
||
446 | } |
||
447 | } |
||
448 | } |
||
449 | |||
450 | public function switch_admin_lang($lang) { |
||
451 | |||
452 | if ($lang) { |
||
453 | $this->db->set('lang_sel', $lang) |
||
454 | ->update('settings'); |
||
455 | $this->session->set_userdata('language', $lang); |
||
456 | } |
||
457 | redirect($this->input->server('HTTP_REFERER') ?: '/admin/dashboard'); |
||
458 | } |
||
459 | |||
460 | /** |
||
461 | * Returns license agreement from template, or default agreement |
||
462 | * @return string |
||
0 ignored issues
–
show
|
|||
463 | */ |
||
464 | public function license_agreement() { |
||
465 | |||
466 | header('Content-Type: text/plain; charset=utf-8'); |
||
467 | $template = new Template($this->input->get('template_name')); |
||
468 | echo $template->getLicenseAgreement(); |
||
469 | } |
||
470 | |||
471 | /** |
||
472 | * @param null|string $templateName |
||
473 | */ |
||
474 | public function template_has_license($templateName = null) { |
||
475 | |||
476 | if (!$templateName) { |
||
477 | $templateName = $this->input->get('template_name'); |
||
478 | } |
||
479 | |||
480 | if (empty($templateName)) { |
||
481 | echo 0; |
||
482 | return; |
||
483 | } |
||
484 | if (false == class_exists('\\template_manager\\classes\\Template')) { |
||
485 | echo 0; |
||
486 | return; |
||
487 | } |
||
488 | $template = new Template($templateName); |
||
489 | $license = $template->getLicenseAgreement(); |
||
490 | echo empty($license) ? 0 : 1; |
||
491 | } |
||
492 | |||
493 | } |
||
494 | |||
495 | /* End of settings.php */ |
Let’s assume that you have a directory layout like this:
and let’s assume the following content of
Bar.php
:If both files
OtherDir/Foo.php
andSomeDir/Foo.php
are loaded in the same runtime, you will see a PHP error such as the following:PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php
However, as
OtherDir/Foo.php
does not necessarily have to be loaded and the error is only triggered if it is loaded beforeOtherDir/Bar.php
, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: