Issues in seo_url.php - New Issues - Inspection of "cleanup" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 0405fd...a3f27c )

by Michael

created 2019-04-15 08:48 UTC

seo_url.php (2 issues)

Labels

Bug 2

Severity

Minor 2

1			<?php
2			/*
3			-------------------------------------------------------------------------
4			ADSLIGHT 2 : Module for Xoops
5
6			Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7			Started with the Classifieds module and made MANY changes
8			Website : http://www.luc-bizet.fr
9			Contact : [email protected]
10			-------------------------------------------------------------------------
11			Original credits below Version History
12			##########################################################################
13			# Classified Module for Xoops #
14			# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15			# Started with the MyAds module and made MANY changes #
16			##########################################################################
17			Original Author: Pascal Le Boustouller
18			Author Website : [email protected]
19			Licence Type : GPL
20			-------------------------------------------------------------------------
21			*/
22			/////////////////////////////////////
23			// AdsLight UrlRewrite By Nikita //
24			// http://www.aideordi.com //
25			/////////////////////////////////////
26
27			// defined('XOOPS_ROOT_PATH') \|\| die('Restricted access');
28
29			define('REAL_MODULE_NAME', 'adslight');
30			define('SEO_MODULE_NAME', 'annonces');
31
32			ob_start('seo_urls');
33
34			/**
35			* @param $s
36			*
37			* @return mixed
38			*/
39			function seo_urls($s)
40			{
41			$XPS_URL = str_replace('/', '\/', quotemeta(XOOPS_URL));
42			$s = adslight_absolutize($s); // Fix URLs and HTML.
43
44			$module_name = REAL_MODULE_NAME;
45
46			$search = [
47			// Search URLs of modules' directry.
48			'/<(a\|meta)([^>])(href\|url)=([\'\"]{0,1})' . $XPS_URL . '\/modules\/' . $module_name . '\/(viewcats.php)([^>\'\"])([\'\"]{1})([^>]*)>/i',
49			'/<(a\|meta)([^>])(href\|url)=([\'\"]{0,1})' . $XPS_URL . '\/modules\/' . $module_name . '\/(viewads.php)([^>\'\"])([\'\"]{1})([^>]*)>/i',
50			'/<(a\|meta)([^>])(href\|url)=([\'\"]{0,1})' . $XPS_URL . '\/modules\/' . $module_name . '\/(index.php)([^>\'\"])([\'\"]{1})([^>]*)>/i',
51			// '/<(a\|meta)([^>])(href\|url)=([\'\"]{0,1})'.$XPS_URL.'\/modules\/'.$module_name.'\/()([^>\'\"])([\'\"]{1})([^>]*)>/i',
52			];
53			$s = preg_replace_callback($search, 'replace_links', $s);
54
55			return $s;
56			}
57
58			/**
59			* @param $matches
60			*
61			* @return string
62			*/
63			function replace_links($matches)
64			{
65			$req_string = [];
66			$add_to_url = '';
67			switch ($matches[5]) {
68			case 'viewcats.php':
69			// $add_to_url = '';
70			$req_string = $matches[6];
71			if (!empty($matches[6])) {
72			// replacing cid=x
73			if (preg_match('/cid=([0-9]+)/', $matches[6], $mvars)) {
74			$add_to_url = 'c' . $mvars[1] . '/' . adslight_seo_cat($mvars[1]) . '.html';
75			$req_string = preg_replace('/cid=[0-9]+/', '', $matches[6]);
76			} else {
77			return $matches['0'];
78			}
79			}
80			break;
81			case 'viewads.php':
82			// $add_to_url = '';
83			$req_string = $matches[6];
84			if (!empty($matches[6])) {
85			// replacing lid=x
86			if (preg_match('/lid=([0-9]+)/', $matches[6], $mvars)) {
87			$add_to_url = 'p' . $mvars[1] . '/' . adslight_seo_titre($mvars[1]) . '.html';
88			$req_string = preg_replace('/lid=[0-9]+/', '', $matches[6]);
89			} else {
90			return $matches['0'];
91			}
92			}
93			break;
94			default:
95			break;
96			}
97			if ('?' === $req_string) {
98			$req_string = '';
99			}
100			$ret = '<' . $matches[1] . $matches[2] . $matches[3] . '=' . $matches[4] . XOOPS_URL . '/' . SEO_MODULE_NAME . '/' . $add_to_url . $req_string . $matches[7] . $matches[8] . '>';
101
102			return $ret;
103			}
104
105			/**
106			* @param $cid
107			*
108			* @return mixed\|string
109			*/
110			function adslight_seo_cat($cid)
111			{
112			/** @var \XoopsMySQLDatabase $xoopsDB */
113			$xoopsDB = \XoopsDatabaseFactory::getDatabaseConnection();
114			$query = '
115			SELECT
116			title
117			FROM
118			' . $xoopsDB->prefix('adslight_categories') . '
119			WHERE
120			cid = ' . $cid . ' ';
121			$result = $xoopsDB->query($query);
			0 ignored issues – show Bug introduced 2019-04-15 08:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$result` is correct as `$xoopsDB->query($query)` targeting `XoopsMySQLDatabase::query()` seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
122			$res = $xoopsDB->fetchArray($result);
123			$ret = adslight_seo_title($res['title']);
124
125			return $ret;
126			}
127
128			/**
129			* @param $lid
130			*
131			* @return mixed\|string
132			*/
133			function adslight_seo_titre($lid)
134			{
135			/** @var \XoopsMySQLDatabase $xoopsDB */
136			$xoopsDB = \XoopsDatabaseFactory::getDatabaseConnection();
137			$query = '
138			SELECT
139			title
140			FROM
141			' . $xoopsDB->prefix('adslight_listing') . '
142			WHERE
143			lid = ' . $lid . ' ';
144			$result = $xoopsDB->query($query);
			0 ignored issues – show Bug introduced 2019-04-15 08:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$result` is correct as `$xoopsDB->query($query)` targeting `XoopsMySQLDatabase::query()` seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
145			$res = $xoopsDB->fetchArray($result);
146			$ret = adslight_seo_title($res['title']);
147
148			return $ret;
149			}
150
151			/**
152			* @param string $title
153			* @param bool $withExt
154			*
155			* @return mixed\|string
156			*/
157			function adslight_seo_title($title = '', $withExt = false)
158			{
159			/**
160			* if XOOPS ML is present, let's sanitize the title with the current language
161			*/
162			$myts = \MyTextSanitizer::getInstance();
163			if (method_exists($myts, 'formatForML')) {
164			$title = $myts->formatForML($title);
165			}
166
167			// Transformation de la chaine en minuscule
168			// Codage de la chaine afin d'�viter les erreurs 500 en cas de caract�res impr�vus
169			$title = rawurlencode(mb_strtolower($title));
170
171			// Transformation des ponctuations
172			// Tab Space ! " # % & ' ( ) , / : ; < = > ? @ [ \ ] ^ { \| } ~ . +
173			$pattern = [
174			'/%09/', // Tab
175			'/%20/', // Space
176			'/%21/', // !
177			'/%22/', // "
178			'/%23/', // #
179			'/%25/', // %
180			'/%26/', // &
181			'/%27/', // '
182			'/%28/', // (
183			'/%29/', // )
184			'/%2C/', // ,
185			'/%2F/', // /
186			'/%3A/', // :
187			'/%3B/', // ;
188			'/%3C/', // <
189			'/%3D/', // =
190			'/%3E/', // >
191			'/%3F/', // ?
192			'/%40/', // @
193			'/%5B/', // [
194			'/%5C/', // \
195			'/%5D/', // ]
196			'/%5E/', // ^
197			'/%7B/', // {
198			'/%7C/', // \|
199			'/%7D/', // }
200			'/%7E/', // ~
201			"/\./", // .
202			'/%2A/',
203			'/%2B/',
204			'/quot/',
205			];
206			$rep_pat = [
207			'-',
208			'-',
209			'',
210			'',
211			'',
212			'-100',
213			'',
214			'-',
215			'',
216			'',
217			'',
218			'-',
219			'',
220			'',
221			'',
222			'-',
223			'',
224			'',
225			'-at-',
226			'',
227			'-',
228			'',
229			'-',
230			'',
231			'-',
232			'',
233			'-',
234			'',
235			'',
236			'+',
237			'',
238			];
239			$title = preg_replace($pattern, $rep_pat, $title);
240
241			// Transformation of characters with accents
242			// ° è é ê ë ç à â ä î ï ù ü û ô ö
243			$pattern = [
244			'/%B0/', // °
245			'/%E8/', // è
246			'/%E9/', // é
247			'/%EA/', // ê
248			'/%EB/', // ë
249			'/%E7/', // ç
250			'/%E0/', // à
251			'/%E2/', // â
252			'/%E4/', // ä
253			'/%EE/', // î
254			'/%EF/', // ï
255			'/%F9/', // ù
256			'/%FC/', // ü
257			'/%FB/', // û
258			'/%F4/', // ô
259			'/%F6/', // ö
260			'/%E3%A8/',
261			'/%E3%A9/',
262			'/%E3%A0/',
263			'/%E3%AA/',
264			'/%E3%A2/',
265			'/a%80%9C/',
266			'/a%80%9D/',
267			'/%E3%A7/',
268			];
269			$rep_pat = [
270			'-',
271			'e',
272			'e',
273			'e',
274			'e',
275			'c',
276			'a',
277			'a',
278			'a',
279			'i',
280			'i',
281			'u',
282			'u',
283			'u',
284			'o',
285			'o',
286			'e',
287			'e',
288			'a',
289			'e',
290			'a',
291			'-',
292			'-',
293			'c',
294			];
295			$title = preg_replace($pattern, $rep_pat, $title);
296
297			if (count($title) > 0) {
298			if ($withExt) {
299			$title .= '.html';
300			}
301
302			return $title;
303			}
304
305			return '';
306			}
307
308			/**
309			* @param $s
310			*
311			* @return mixed
312			*/
313			function adslight_absolutize($s)
314			{
315			if (preg_match('/\/$/', $_SERVER['REQUEST_URI'])) {
316			$req_dir = preg_replace('/\/$/', '', $_SERVER['REQUEST_URI']);
317			$req_php = '';
318			} else {
319			$req_dir = dirname($_SERVER['REQUEST_URI']);
320			$req_php = preg_replace('/.(\/[a-zA-Z0-9_\-]+)\.php./', '\\1.php', $_SERVER['REQUEST_URI']);
321			}
322			$req_dir = ('\\' === $req_dir \|\| '/' === $req_dir) ? '' : $req_dir;
323			$dir_arr = explode('/', $req_dir);
324			$m = count($dir_arr) - 1;
325			$d1 = @str_replace('/' . $dir_arr[$m], '', $req_dir);
326			$d2 = @str_replace('/' . $dir_arr[$m - 1], '', $d1);
327			$d3 = @str_replace('/' . $dir_arr[$m - 2], '', $d2);
328			$d4 = @str_replace('/' . $dir_arr[$m - 3], '', $d3);
329			$d5 = @str_replace('/' . $dir_arr[$m - 4], '', $d4);
330			$host = 'http://' . $_SERVER['HTTP_HOST'];
331			$in = [
332			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([^\"\' >]+)([^>])>/i',
333			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})\.\.\/\.\.\/\.\.\/([^\"\'])([\"\']{1})([^>]*)>/i',
334			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})\.\.\/\.\.\/([^\"\'])([\"\']{1})([^>]*)>/i',
335			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})\.\.\/([^\"\'])([\"\']{1})([^>]*)>/i',
336			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})\/([^\"\'])([\"\']{1})([^>]*)>/i',
337			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})\?([^\"\'])([\"\']{1})([^>]*)>/i'//This dir
338			,
339			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})([^#]{1}[^\/\"\'>])([\"\']{1})([^>]*)>/i',
340			'/<([^>\?\&])(href\|src\|action\|background\|window\.location)=([\"\']{1})(?:\.\/)?([^\"\'\/:]\/)?([^\"\'\/:]\/)?([^\"\'\/:]\/)?([a-zA-Z0-9_\-]+)\.([^\"\'>])([\"\']{1})([^>]*)>/i',
341			'/[^"\'a-zA-Z_0-9](window\.open\|url)$([\"\']{0,1})(?:\.\/)?([^\"\'\/])\.([^\"\'\/]+)([\"\'])([^$]*)/i',
342			'/<meta([^>])url=([a-zA-Z0-9_\-]+)\.([^\"\'>])([\"\']{1})([^>]*)>/i',
343			];
344			$out = [
345			'<\\1\\2="\\3"\\4>',
346			'<\\1\\2=\\3' . $host . $d3 . '/\\4\\5\\6>',
347			'<\\1\\2=\\3' . $host . $d2 . '/\\4\\5\\6>',
348			'<\\1\\2=\\3' . $host . $d1 . '/\\4\\5\\6>',
349			'<\\1\\2=\\3' . $host . '/\\4\\5\\6>',
350			'<\\1\\2=\\3' . $host . $_SERVER['PHP_SELF'] . '?\\4\\5\\6>'//This dir.
351			,
352			'<\\1\\2=\\3' . $host . $req_dir . '/\\4\\5\\6\\7>',
353			'<\\1\\2=\\3' . $host . $req_dir . '/\\4\\5\\6\\7.\\8\\9\\10>',
354			'$1($2' . $host . $req_dir . '/$3.$4$5$6',
355			'<meta$1url=' . $host . $req_dir . '/$2.$3$4$5>',
356			];
357			$s = preg_replace($in, $out, $s);
358
359			return $s;
360			}
361

mambax7 / adslight

Push — master ( 0405fd...a3f27c )

seo_url.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like