This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php declare(strict_types=1); |
||||
2 | /* |
||||
3 | You may not change or alter any portion of this comment or credits |
||||
4 | of supporting developers from this source code or any supporting source code |
||||
5 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||
6 | |||||
7 | This program is distributed in the hope that it will be useful, |
||||
8 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
9 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
10 | */ |
||||
11 | |||||
12 | /** |
||||
13 | * Contact module |
||||
14 | * |
||||
15 | * @copyright XOOPS Project (https://xoops.org) |
||||
16 | * @license https://www.fsf.org/copyleft/gpl.html GNU public license |
||||
17 | * @author Kazumi Ono (aka Onokazu) |
||||
18 | * @author Trabis <[email protected]> |
||||
19 | * @author Hossein Azizabadi (AKA Voltan) |
||||
20 | */ |
||||
21 | |||||
22 | use Xmf\Request; |
||||
23 | use XoopsModules\Contact\{ |
||||
24 | Contact, |
||||
25 | ContactHandler, |
||||
26 | Helper |
||||
27 | }; |
||||
28 | |||||
29 | /** @var ContactHandler $contactHandler */ |
||||
30 | /** @var Admin $adminObject */ |
||||
31 | |||||
32 | // Call header |
||||
33 | require_once __DIR__ . '/admin_header.php'; |
||||
34 | |||||
35 | // Display Admin header |
||||
36 | xoops_cp_header(); |
||||
37 | |||||
38 | $helper = Helper::getInstance(); |
||||
39 | global $xoopsModuleConfig; |
||||
40 | // Define default value |
||||
41 | $level = ''; |
||||
42 | |||||
43 | $saveinfo = $helper->getConfig('saveinfo'); |
||||
44 | $sendmail = $helper->getConfig('sendmail'); |
||||
45 | |||||
46 | $op = Request::getString('op', 'list'); |
||||
47 | $contact_id = Request::getInt('id', 0); |
||||
48 | |||||
49 | // Define scripts |
||||
50 | $GLOBALS['xoTheme']->addScript('browse.php?Frameworks/jquery/jquery.js'); |
||||
51 | $GLOBALS['xoTheme']->addScript('browse.php?Frameworks/jquery/plugins/jquery.ui.js'); |
||||
52 | $GLOBALS['xoTheme']->addScript(XOOPS_URL . '/modules/contact/assets/js/admin.js'); |
||||
53 | // Add module stylesheet |
||||
54 | $GLOBALS['xoTheme']->addStylesheet(XOOPS_URL . '/modules/contact/assets/css/admin.css'); |
||||
55 | $GLOBALS['xoTheme']->addStylesheet(XOOPS_URL . '/modules/system/css/ui/' . xoops_getModuleOption('jquery_theme', 'system') . '/ui.all.css'); |
||||
0 ignored issues
–
show
Deprecated Code
introduced
by
Loading history...
|
|||||
56 | $GLOBALS['xoTheme']->addStylesheet(XOOPS_URL . '/modules/system/css/admin.css'); |
||||
57 | |||||
58 | switch ($op) { |
||||
59 | case 'list': |
||||
60 | $contact = []; |
||||
61 | $contact['perpage'] = xoops_getModuleOption('admin_perpage', 'contact'); |
||||
0 ignored issues
–
show
The function
xoops_getModuleOption() has been deprecated.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
62 | $contact['order'] = 'DESC'; |
||||
63 | $contact['sort'] = 'contact_id'; |
||||
64 | |||||
65 | // get limited information |
||||
66 | $contact['limit'] = Request::getInt('limit', 0); |
||||
67 | |||||
68 | // get start information |
||||
69 | $contact['start'] = Request::getInt('start', 0); |
||||
70 | |||||
71 | $contact_numrows = $contactHandler->contactGetCount('contact_cid'); |
||||
72 | $contacts = $contactHandler->contactGetAdminList($contact, 'contact_cid'); |
||||
73 | |||||
74 | if ($contact_numrows > $contact['limit']) { |
||||
75 | $contact_pagenav = new \XoopsPageNav($contact_numrows, $contact['limit'], $contact['start'], 'start', 'limit=' . $contact['limit']); |
||||
76 | $contact_pagenav = $contact_pagenav->renderNav(4); |
||||
77 | } else { |
||||
78 | $contact_pagenav = ''; |
||||
79 | } |
||||
80 | |||||
81 | $GLOBALS['xoopsTpl']->assign('contacts', $contacts); |
||||
82 | $GLOBALS['xoopsTpl']->assign('contact_pagenav', $contact_pagenav); |
||||
83 | $level = 'list'; |
||||
84 | break; |
||||
85 | case 'reply': |
||||
86 | if ($contact_id > 0) { |
||||
87 | /** @var Contact $obj */ |
||||
88 | $obj = $contactHandler->get($contact_id); |
||||
89 | if (0 != $obj->getVar('contact_cid')) { |
||||
90 | redirect_header('main.php', 3, _AM_CONTACT_CANTREPLY); |
||||
91 | } |
||||
92 | $form = $obj->contactReplyForm(); |
||||
93 | $GLOBALS['xoopsTpl']->assign('replyform', $form->render()); |
||||
94 | $GLOBALS['xoopsTpl']->assign('replylist', $contactHandler->contactGetReply($contact_id)); |
||||
95 | } else { |
||||
96 | redirect_header('main.php', 3, _AM_CONTACT_MSG_EXIST); |
||||
97 | } |
||||
98 | $level = 'reply'; |
||||
99 | break; |
||||
100 | case 'doreply': |
||||
101 | // check email |
||||
102 | if ('' === Request::getString('contact_mailto', '', 'POST')) { |
||||
103 | redirect_header('main.php', 3, _MD_CONTACT_MES_NOVALIDEMAIL); |
||||
104 | } |
||||
105 | |||||
106 | // Info Processing |
||||
107 | $contact = $contactHandler->contactInfoProcessing(); |
||||
108 | |||||
109 | // insert in DB |
||||
110 | if (1 === $saveinfo) { |
||||
111 | $obj = $contactHandler->create(); |
||||
112 | $obj->setVars($contact); |
||||
113 | |||||
114 | if (!$contactHandler->insert($obj)) { |
||||
115 | redirect_header('main.php', 3, '4'); |
||||
116 | } |
||||
117 | |||||
118 | $contactHandler->contactAddReply($contact['contact_cid']); |
||||
119 | } |
||||
120 | |||||
121 | // send mail can seet message |
||||
122 | $message = _MD_CONTACT_MES_SENDERROR; |
||||
123 | if (1 === $sendmail) { |
||||
124 | $message = $contactHandler->contactReplyMail($contact); |
||||
125 | } elseif (1 === $saveinfo) { |
||||
126 | $message = _MD_CONTACT_MES_SAVEINDB; |
||||
127 | } |
||||
128 | |||||
129 | redirect_header('main.php', 3, $message); |
||||
130 | |||||
131 | $level = 'doreply'; |
||||
132 | break; |
||||
133 | case 'view': |
||||
134 | $obj = $contactHandler->get($contact_id); |
||||
135 | |||||
136 | if (!$obj) { |
||||
137 | redirect_header('main.php', 3, _AM_CONTACT_MSG_EXIST); |
||||
138 | } |
||||
139 | |||||
140 | $contact = []; |
||||
141 | $contact = $obj->toArray(); |
||||
142 | $contact['contact_id'] = $obj->getVar('contact_id'); |
||||
143 | $contact['contact_uid'] = $obj->getVar('contact_uid'); |
||||
144 | $contact['contact_name'] = $obj->getVar('contact_name'); |
||||
145 | $contact['contact_owner'] = \XoopsUser::getUnameFromId($obj->getVar('contact_uid')); |
||||
146 | $contact['contact_subject'] = $obj->getVar('contact_subject'); |
||||
147 | $contact['contact_mail'] = $obj->getVar('contact_mail'); |
||||
148 | $contact['contact_url'] = $obj->getVar('contact_url'); |
||||
149 | $contact['contact_create'] = formatTimestamp($obj->getVar('contact_create'), _MEDIUMDATESTRING); |
||||
150 | $contact['contact_icq'] = $obj->getVar('contact_icq'); |
||||
151 | $contact['contact_company'] = $obj->getVar('contact_company'); |
||||
152 | $contact['contact_location'] = $obj->getVar('contact_location'); |
||||
153 | $contact['contact_phone'] = $obj->getVar('contact_phone'); |
||||
154 | $contact['contact_department'] = $obj->getVar('contact_department'); |
||||
155 | $contact['contact_ip'] = $obj->getVar('contact_ip'); |
||||
156 | $contact['contact_message'] = $obj->getVar('contact_message'); |
||||
157 | $contact['contact_address'] = $obj->getVar('contact_address'); |
||||
158 | |||||
159 | $GLOBALS['xoopsTpl']->assign('contact', $contact); |
||||
160 | $GLOBALS['xoopsTpl']->assign('replylist', $contactHandler->contactGetReply($contact_id)); |
||||
161 | |||||
162 | $level = 'view'; |
||||
163 | break; |
||||
164 | case 'delete': |
||||
165 | if ($contact_id > 0) { |
||||
166 | // Prompt message |
||||
167 | xoops_confirm(['id' => $contact_id], 'main.php?op=dodelete', _AM_CONTACT_MSG_DELETE); |
||||
168 | } else { |
||||
169 | redirect_header('main.php', 3, _AM_CONTACT_MSG_EXIST); |
||||
170 | } |
||||
171 | |||||
172 | $level = 'delete'; |
||||
173 | break; |
||||
174 | case 'dodelete': |
||||
175 | if (!$contact_id > 0) { |
||||
176 | redirect_header('main.php', 3, _AM_CONTACT_MSG_EXIST); |
||||
177 | // xoops_cp_footer(); |
||||
178 | // exit(); |
||||
179 | } |
||||
180 | |||||
181 | $criteria = new \CriteriaCompo(); |
||||
182 | $criteria->add(new \Criteria('contact_id', $contact_id)); |
||||
183 | $criteria->add(new \Criteria('contact_cid', $contact_id), 'OR'); |
||||
184 | |||||
185 | if (!$contactHandler->deleteAll($criteria)) { |
||||
186 | redirect_header('main.php', 1, _AM_CONTACT_MSG_DELETEERROR); |
||||
187 | // xoops_cp_footer(); |
||||
188 | // exit(); |
||||
189 | } |
||||
190 | |||||
191 | redirect_header('main.php', 1, _AM_CONTACT_MSG_DELETED); |
||||
192 | // xoops_cp_footer(); |
||||
193 | // exit(); |
||||
194 | // break; |
||||
195 | } |
||||
196 | |||||
197 | $GLOBALS['xoopsTpl']->assign('navigation', $adminObject->displayNavigation(basename(__FILE__))); |
||||
198 | $GLOBALS['xoopsTpl']->assign('level', $level); |
||||
199 | |||||
200 | // Call template file |
||||
201 | $GLOBALS['xoopsTpl']->display(XOOPS_ROOT_PATH . '/modules/contact/templates/admin/contact_main.tpl'); |
||||
202 | // Call footer |
||||
203 | require_once __DIR__ . '/admin_footer.php'; |
||||
204 |