Issues in report-abuse.php - New Issues - Inspection of "xoopsSecurity part2" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( deac0a...054aa6 )

by Michael

created 2017-07-22 04:01 UTC

report-abuse.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

use Xmf\Request;

require_once __DIR__ . '/header.php';
//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';

//include XOOPS_ROOT_PATH . '/modules/adslight/class/utility.php';

/**
 * @param $lid
 *
 * @return void
 */
function ReportAbuse($lid)
{
    global $xoopsConfig, $xoopsDB, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    include XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    include XOOPS_ROOT_PATH . '/header.php';

    $lid    = (int)$lid;
    $idd    = $idde = $iddee = '';
    $result = $xoopsDB->query('SELECT lid, title, type FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($lid, $title, $type) = $xoopsDB->fetchRow($result);

    $GLOBALS['xoTheme']->addMeta('meta', 'robots', 'noindex, nofollow');

    echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
    echo '<strong>' . _ADSLIGHT_REPORTSENDTO . " $lid </strong>: \" $type : $title \"<br><br>
        <form action=\"report-abuse.php\" method=post>
        <input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
    if ($GLOBALS['xoopsUser']) {
        $idd   = $GLOBALS['xoopsUser']->getVar('uname', 'E');
        $idde  = $GLOBALS['xoopsUser']->getVar('email', 'E');
        $iddee = $xoopsConfig['adminmail'];
    } else {
        $iddee = $xoopsConfig['adminmail'];
    }

    echo "
    <table width='99%' class='outer' cellspacing='1'>
    <tr>
      <td class='head' width='30%'>" . _ADSLIGHT_NAME . " </td>
      <td class='even'><input class=\"textbox\" type=\"text\" name=\"yname\" value=\"$idd\" ></td>
    </tr>
    <tr>
      <td class='head'>" . _ADSLIGHT_MAIL . " </td>
      <td class='even'><input class=\"textbox\" type=\"text\" name=\"ymail\" value=\"$idde\" ></td>
    </tr>
    <tr>
      <td class='head'></td>
      <td class='even'><input class=\"textbox\" type=\"hidden\" name=\"fmail\" value=\"$iddee\"></td>
    </tr>";

    if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_captcha']) {
        echo "<tr><td class='head'>" . _ADSLIGHT_CAPTCHA . " </td><td class='even'>";
        $jlm_captcha = '';
        $jlm_captcha = new XoopsFormCaptcha(_ADSLIGHT_CAPTCHA, 'xoopscaptcha', false);
        echo $jlm_captcha->render();
        echo '</td></tr>';
    }

    echo '</table><br>
    <input type=hidden name=op value=MailAd>
    <input type=submit value=' . _ADSLIGHT_SENDFR . '>
    </form>     ';
    echo '</td></tr></table>';
}

/**
 * @param $lid
 * @param $yname
 * @param $ymail
 * @param $fname
 * @param $fmail
 */
function MailAd($lid, $yname, $ymail, $fname, $fmail)
{
    global $xoopsConfig, $xoopsTpl, $xoopsDB, $xoopsModule, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_captcha']) {
        xoops_load('xoopscaptcha');
        $xoopsCaptcha = XoopsCaptcha::getInstance();
        if (!$xoopsCaptcha->verify()) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 2, $xoopsCaptcha->getMessage());
        }
    }

    $lid    = (int)$lid;
    $result = $xoopsDB->query('SELECT lid, title, expire, type, desctext, tel, price, typeprice, date, email, submitter, town, country, photo FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' WHERE lid='
                              . $xoopsDB->escape($lid));
    list($lid, $title, $expire, $type, $desctext, $tel, $price, $typeprice, $date, $email, $submitter, $town, $country, $photo) = $xoopsDB->fetchRow($result);

    $title     = $myts->addSlashes($title);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = $myts->addSlashes($price);
    $typeprice = $myts->addSlashes($typeprice);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);

    $tags                       = array();
    $tags['YNAME']              = stripslashes($yname);
    $tags['YMAIL']              = $ymail;
    $tags['FNAME']              = stripslashes($fname);
    $tags['FMAIL']              = $fmail;
    $tags['HELLO']              = _ADSLIGHT_HELLO;
    $tags['LID']                = $lid;
    $tags['LISTING_NUMBER']     = _ADSLIGHT_LISTING_NUMBER;
    $tags['TITLE']              = $title;
    $tags['TYPE']               = AdslightUtility::getNameType($type);
    $tags['DESCTEXT']           = $desctext;
    $tags['PRICE']              = $price;
    $tags['TYPEPRICE']          = $typeprice;
    $tags['TEL']                = $tel;
    $tags['TOWN']               = $town;
    $tags['COUNTRY']            = $country;
    $tags['OTHER']              = '' . _ADSLIGHT_INTERESS . '' . $xoopsConfig['sitename'] . '';
    $tags['LISTINGS']           = '' . XOOPS_URL . '/modules/adslight/';
    $tags['LINK_URL']           = '' . XOOPS_URL . '/modules/adslight/viewads.php?lid=' . $lid . '';
    $tags['THINKS_REPORT']      = '' . _ADSLIGHT_REPORTMESSAGE . '';
    $tags['NO_MAIL']            = '' . _ADSLIGHT_NOMAIL . '';
    $tags['YOU_CAN_VIEW_BELOW'] = '' . _ADSLIGHT_YOU_CAN_VIEW_BELOW . '';
    $tags['WEBMASTER']          = _ADSLIGHT_WEBMASTER;
    $tags['NO_REPLY']           = _ADSLIGHT_NOREPLY;
    $subject                    = '' . _ADSLIGHT_REPORTSUBJET . ' ' . $xoopsConfig['sitename'] . '';

    $xoopsMailer = xoops_getMailer();
    $xoopsMailer->multimailer->isHTML(true);
    $xoopsMailer->useMail();
    $xoopsMailer->setTemplateDir(XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/' . $xoopsConfig['language'] . '/mail_template/');
    $xoopsMailer->setTemplate('listing_report_abuse.tpl');
    $xoopsMailer->setFromEmail($ymail);
    $xoopsMailer->setToEmails($fmail);
    $xoopsMailer->setSubject($subject);
    $xoopsMailer->assign($tags);

    // $fmail = $xoopsConfig['adminmail'];
    // $xoopsMailer->setToEmails($xoopsConfig['adminmail']);
    // $idde = $xoopsUserIsAdmin->getVar("adminmail", "E");

    $xoopsMailer->send();
    echo $xoopsMailer->getErrors();

    redirect_header('index.php', 3, _ADSLIGHT_REPORTANNSEND);
}

##############################################################
$yname = Request::getString('yname', '', 'POST');
$ymail = Request::getString('ymail', '', 'POST');
$fname = Request::getString('fname', '', 'POST');
$fmail = Request::getString('fmail', '', 'POST');

$lid = Request::getInt('lid', 0);
$op  = Request::getString('op', '');

switch ($op) {
    case 'ReportAbuse':
        include XOOPS_ROOT_PATH . '/header.php';
        ReportAbuse($lid);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'MailAd':
        MailAd($lid, $yname, $ymail, $fname, $fmail);
        break;

    default:
        redirect_header('index.php', 1, _RETURNANN);
        break;
}


1		<?php
2		/*
3		-------------------------------------------------------------------------
4		ADSLIGHT 2 : Module for Xoops
5
6		Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7		Started with the Classifieds module and made MANY changes
8		Website : http://www.luc-bizet.fr
9		Contact : [email protected]
10		-------------------------------------------------------------------------
11		Original credits below Version History
12		##########################################################################
13		# Classified Module for Xoops #
14		# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15		# Started with the MyAds module and made MANY changes #
16		##########################################################################
17		Original Author: Pascal Le Boustouller
18		Author Website : [email protected]
19		Licence Type : GPL
20		-------------------------------------------------------------------------
21		*/
22
23		use Xmf\Request;
24
25		require_once __DIR__ . '/header.php';
26		//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-07-22 04:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this `36%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
27		//include XOOPS_ROOT_PATH . '/modules/adslight/class/utility.php';
28
29		/**
30		* @param $lid
31		*
32		* @return void
33		*/
34		function ReportAbuse($lid)
35		{
36		global $xoopsConfig, $xoopsDB, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
37
38		include XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
39		include XOOPS_ROOT_PATH . '/header.php';
40
41		$lid = (int)$lid;
42		$idd = $idde = $iddee = '';
43		$result = $xoopsDB->query('SELECT lid, title, type FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
44		list($lid, $title, $type) = $xoopsDB->fetchRow($result);
45
46		$GLOBALS['xoTheme']->addMeta('meta', 'robots', 'noindex, nofollow');
47
48		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
49		echo '<strong>' . _ADSLIGHT_REPORTSENDTO . " $lid </strong>: \" $type : $title \"<br><br>
50		<form action=\"report-abuse.php\" method=post>
51		<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
52		if ($GLOBALS['xoopsUser']) {
53		$idd = $GLOBALS['xoopsUser']->getVar('uname', 'E');
54		$idde = $GLOBALS['xoopsUser']->getVar('email', 'E');
55		$iddee = $xoopsConfig['adminmail'];
56		} else {
57		$iddee = $xoopsConfig['adminmail'];
58		}
59
60		echo "
61		<table width='99%' class='outer' cellspacing='1'>
62		<tr>
63		<td class='head' width='30%'>" . _ADSLIGHT_NAME . " </td>
64		<td class='even'><input class=\"textbox\" type=\"text\" name=\"yname\" value=\"$idd\" ></td>
65		</tr>
66		<tr>
67		<td class='head'>" . _ADSLIGHT_MAIL . " </td>
68		<td class='even'><input class=\"textbox\" type=\"text\" name=\"ymail\" value=\"$idde\" ></td>
69		</tr>
70		<tr>
71		<td class='head'></td>
72		<td class='even'><input class=\"textbox\" type=\"hidden\" name=\"fmail\" value=\"$iddee\"></td>
73		</tr>";
74
75	View Code Duplication	if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_captcha']) {
76		echo "<tr><td class='head'>" . _ADSLIGHT_CAPTCHA . " </td><td class='even'>";
77		$jlm_captcha = '';
78		$jlm_captcha = new XoopsFormCaptcha(_ADSLIGHT_CAPTCHA, 'xoopscaptcha', false);
79		echo $jlm_captcha->render();
80		echo '</td></tr>';
81		}
82
83		echo '</table><br>
84		<input type=hidden name=op value=MailAd>
85		<input type=submit value=' . _ADSLIGHT_SENDFR . '>
86		</form> ';
87		echo '</td></tr></table>';
88		}
89
90		/**
91		* @param $lid
92		* @param $yname
93		* @param $ymail
94		* @param $fname
95		* @param $fmail
96		*/
97		function MailAd($lid, $yname, $ymail, $fname, $fmail)
98		{
99		global $xoopsConfig, $xoopsTpl, $xoopsDB, $xoopsModule, $myts, $xoopsLogger, $moduleDirName, $main_lang;
100
101	View Code Duplication	if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_captcha']) {
102		xoops_load('xoopscaptcha');
103		$xoopsCaptcha = XoopsCaptcha::getInstance();
104		if (!$xoopsCaptcha->verify()) {
105		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 2, $xoopsCaptcha->getMessage());
106		}
107		}
108
109		$lid = (int)$lid;
110		$result = $xoopsDB->query('SELECT lid, title, expire, type, desctext, tel, price, typeprice, date, email, submitter, town, country, photo FROM '
111		. $xoopsDB->prefix('adslight_listing')
112		. ' WHERE lid='
113		. $xoopsDB->escape($lid));
114		list($lid, $title, $expire, $type, $desctext, $tel, $price, $typeprice, $date, $email, $submitter, $town, $country, $photo) = $xoopsDB->fetchRow($result);
115
116		$title = $myts->addSlashes($title);
117		$expire = $myts->addSlashes($expire);
118		$type = $myts->addSlashes($type);
119		$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
120		$tel = $myts->addSlashes($tel);
121		$price = $myts->addSlashes($price);
122		$typeprice = $myts->addSlashes($typeprice);
123		$submitter = $myts->addSlashes($submitter);
124		$town = $myts->addSlashes($town);
125		$country = $myts->addSlashes($country);
126
127		$tags = array();
128		$tags['YNAME'] = stripslashes($yname);
129		$tags['YMAIL'] = $ymail;
130		$tags['FNAME'] = stripslashes($fname);
131		$tags['FMAIL'] = $fmail;
132		$tags['HELLO'] = _ADSLIGHT_HELLO;
133		$tags['LID'] = $lid;
134		$tags['LISTING_NUMBER'] = _ADSLIGHT_LISTING_NUMBER;
135		$tags['TITLE'] = $title;
136		$tags['TYPE'] = AdslightUtility::getNameType($type);
137		$tags['DESCTEXT'] = $desctext;
138		$tags['PRICE'] = $price;
139		$tags['TYPEPRICE'] = $typeprice;
140		$tags['TEL'] = $tel;
141		$tags['TOWN'] = $town;
142		$tags['COUNTRY'] = $country;
143		$tags['OTHER'] = '' . _ADSLIGHT_INTERESS . '' . $xoopsConfig['sitename'] . '';
144		$tags['LISTINGS'] = '' . XOOPS_URL . '/modules/adslight/';
145		$tags['LINK_URL'] = '' . XOOPS_URL . '/modules/adslight/viewads.php?lid=' . $lid . '';
146		$tags['THINKS_REPORT'] = '' . _ADSLIGHT_REPORTMESSAGE . '';
147		$tags['NO_MAIL'] = '' . _ADSLIGHT_NOMAIL . '';
148		$tags['YOU_CAN_VIEW_BELOW'] = '' . _ADSLIGHT_YOU_CAN_VIEW_BELOW . '';
149		$tags['WEBMASTER'] = _ADSLIGHT_WEBMASTER;
150		$tags['NO_REPLY'] = _ADSLIGHT_NOREPLY;
151		$subject = '' . _ADSLIGHT_REPORTSUBJET . ' ' . $xoopsConfig['sitename'] . '';
152
153		$xoopsMailer = xoops_getMailer();
154		$xoopsMailer->multimailer->isHTML(true);
155		$xoopsMailer->useMail();
156		$xoopsMailer->setTemplateDir(XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/' . $xoopsConfig['language'] . '/mail_template/');
157		$xoopsMailer->setTemplate('listing_report_abuse.tpl');
158		$xoopsMailer->setFromEmail($ymail);
159		$xoopsMailer->setToEmails($fmail);
160		$xoopsMailer->setSubject($subject);
161		$xoopsMailer->assign($tags);
162
163		// $fmail = $xoopsConfig['adminmail'];
164		// $xoopsMailer->setToEmails($xoopsConfig['adminmail']);
165		// $idde = $xoopsUserIsAdmin->getVar("adminmail", "E");
166
167		$xoopsMailer->send();
168		echo $xoopsMailer->getErrors();
169
170		redirect_header('index.php', 3, _ADSLIGHT_REPORTANNSEND);
171		}
172
173		##############################################################
174		$yname = Request::getString('yname', '', 'POST');
175		$ymail = Request::getString('ymail', '', 'POST');
176		$fname = Request::getString('fname', '', 'POST');
177		$fmail = Request::getString('fmail', '', 'POST');
178
179		$lid = Request::getInt('lid', 0);
180		$op = Request::getString('op', '');
181
182	View Code Duplication	switch ($op) {
183		case 'ReportAbuse':
184		include XOOPS_ROOT_PATH . '/header.php';
185		ReportAbuse($lid);
186		include XOOPS_ROOT_PATH . '/footer.php';
187		break;
188
189		case 'MailAd':
190		MailAd($lid, $yname, $ymail, $fname, $fmail);
191		break;
192
193		default:
194		redirect_header('index.php', 1, _RETURNANN);
195		break;
196		}
197

mambax7 / adslight

Push — master ( deac0a...054aa6 )

report-abuse.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like