This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | |||
3 | namespace XoopsModules\Extgallery; |
||
4 | |||
5 | use CriteriaCompo; |
||
6 | use CriteriaElement; |
||
7 | use MyTextSanitizer; |
||
8 | use XoopsModelRead; |
||
9 | |||
10 | /** |
||
11 | * Extended object handlers |
||
12 | * |
||
13 | * You may not change or alter any portion of this comment or credits |
||
14 | * of supporting developers from this source code or any supporting source code |
||
15 | * which is considered copyrighted (c) material of the original comment or credit authors. |
||
16 | * This program is distributed in the hope that it will be useful, |
||
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||
19 | * |
||
20 | * @copyright XOOPS Project (https://xoops.org) |
||
21 | * @license http://www.fsf.org/copyleft/gpl.html GNU public license |
||
22 | * @package kernel |
||
23 | * @subpackage model |
||
24 | * @since 2.3.0 |
||
25 | * @author Taiwen Jiang <[email protected]> |
||
26 | */ |
||
27 | |||
28 | /** |
||
29 | * Object render handler class. |
||
30 | * |
||
31 | * @author Taiwen Jiang <[email protected]> |
||
32 | * @copyright XOOPS Project (https://xoops.org) |
||
33 | * |
||
34 | * {@link XoopsObjectAbstract} |
||
35 | */ |
||
36 | class ModelReadIterator extends XoopsModelRead |
||
37 | { |
||
38 | /** |
||
39 | * get all objects matching a condition |
||
40 | * |
||
41 | * @param \CriteriaElement $criteria {@link CriteriaElement} |
||
42 | * to match |
||
43 | * @param array $fields variables to fetch |
||
44 | * @param bool $asObject flag indicating as object, otherwise as array |
||
45 | * @param bool $id_as_key use the ID as key for the array |
||
46 | * @return array of objects/array {@link XoopsObject} |
||
47 | */ |
||
48 | public function &getAll(CriteriaElement $criteria = null, $fields = null, $asObject = true, $id_as_key = true) |
||
49 | { |
||
50 | if ($fields && \is_array($fields)) { |
||
51 | if (!\in_array($this->handler->keyName, $fields)) { |
||
52 | $fields[] = $this->handler->keyName; |
||
53 | } |
||
54 | $select = '`' . \implode('`, `', $fields) . '`'; |
||
55 | } else { |
||
56 | $select = '*'; |
||
57 | } |
||
58 | $limit = null; |
||
59 | $start = null; |
||
60 | $sql = "SELECT {$select} FROM `{$this->handler->table}`"; |
||
61 | if (\is_object($criteria) && \is_subclass_of($criteria, \CriteriaElement::class)) { |
||
62 | $sql .= ' ' . $criteria->renderWhere(); |
||
0 ignored issues
–
show
|
|||
63 | $sort = $criteria->getSort(); |
||
64 | if ($sort) { |
||
65 | $sql .= " ORDER BY {$sort} " . $criteria->getOrder(); |
||
66 | $orderSet = true; |
||
67 | } |
||
68 | $limit = $criteria->getLimit(); |
||
69 | $start = $criteria->getStart(); |
||
70 | } |
||
71 | if (empty($orderSet)) { |
||
72 | $sql .= " ORDER BY `{$this->handler->keyName}` DESC"; |
||
73 | } |
||
74 | $result = $this->handler->db->query($sql, $limit, $start); |
||
75 | $ret = []; |
||
76 | if ($asObject) { |
||
77 | while (false !== ($myrow = $this->handler->db->fetchArray($result))) { |
||
78 | $object = $this->handler->create(false); |
||
79 | $object->assignVars($myrow); |
||
80 | if ($id_as_key) { |
||
81 | $ret[$myrow[$this->handler->keyName]] = $object; |
||
82 | } else { |
||
83 | $ret[] = $object; |
||
84 | } |
||
85 | unset($object); |
||
86 | } |
||
87 | } else { |
||
88 | $object = $this->handler->create(false); |
||
89 | while (false !== ($myrow = $this->handler->db->fetchArray($result))) { |
||
90 | $object->assignVars($myrow); |
||
91 | if ($id_as_key) { |
||
92 | $ret[$myrow[$this->handler->keyName]] = $object->getValues(\array_keys($myrow)); |
||
93 | } else { |
||
94 | $ret[] = $object->getValues(\array_keys($myrow)); |
||
95 | } |
||
96 | } |
||
97 | unset($object); |
||
98 | } |
||
99 | |||
100 | return $ret; |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * retrieve objects from the database |
||
105 | * |
||
106 | * For performance consideration, getAll() is recommended |
||
107 | * |
||
108 | * @param \CriteriaElement $criteria {@link CriteriaElement} |
||
109 | * conditions to be met |
||
110 | * @param bool $id_as_key use the ID as key for the array |
||
111 | * @param bool $as_object return an array of objects? |
||
112 | * |
||
113 | * @return array |
||
114 | */ |
||
115 | public function &getObjects(CriteriaElement $criteria = null, $id_as_key = false, $as_object = true) |
||
116 | { |
||
117 | $objects = &$this->getAll($criteria, null, $as_object, $id_as_key); |
||
118 | |||
119 | return $objects; |
||
120 | } |
||
121 | |||
122 | /** |
||
123 | * Retrieve a list of objects data |
||
124 | * |
||
125 | * @param \CriteriaElement $criteria {@link CriteriaElement} conditions to be met |
||
126 | * @param int $limit Max number of objects to fetch |
||
127 | * @param int $start Which record to start at |
||
128 | * |
||
129 | * @return array |
||
130 | */ |
||
131 | public function getList(CriteriaElement $criteria = null, $limit = 0, $start = 0) |
||
132 | { |
||
133 | $ret = []; |
||
134 | if (null === $criteria) { |
||
135 | $criteria = new CriteriaCompo(); |
||
136 | } |
||
137 | |||
138 | $sql = "SELECT `{$this->handler->keyName}`"; |
||
139 | if (!empty($this->handler->identifierName)) { |
||
140 | $sql .= ", `{$this->handler->identifierName}`"; |
||
141 | } |
||
142 | $sql .= " FROM `{$this->handler->table}`"; |
||
143 | if (\is_object($criteria) && \is_subclass_of($criteria, \CriteriaElement::class)) { |
||
144 | $sql .= ' ' . $criteria->renderWhere(); |
||
145 | $sort = $criteria->getSort(); |
||
146 | if ($sort) { |
||
147 | $sql .= ' ORDER BY ' . $sort . ' ' . $criteria->getOrder(); |
||
148 | } |
||
149 | $limit = $criteria->getLimit(); |
||
150 | $start = $criteria->getStart(); |
||
151 | } |
||
152 | $result = $this->handler->db->query($sql, $limit, $start); |
||
153 | if (!$result) { |
||
154 | return $ret; |
||
155 | } |
||
156 | |||
157 | $myts = MyTextSanitizer::getInstance(); |
||
0 ignored issues
–
show
|
|||
158 | while (false !== ($myrow = $this->handler->db->fetchArray($result))) { |
||
159 | //identifiers should be textboxes, so sanitize them like that |
||
160 | $ret[$myrow[$this->handler->keyName]] = empty($this->handler->identifierName) ? 1 : \htmlspecialchars($myrow[$this->handler->identifierName]); |
||
161 | } |
||
162 | |||
163 | return $ret; |
||
164 | } |
||
165 | |||
166 | /** |
||
167 | * get IDs of objects matching a condition |
||
168 | * |
||
169 | * @param \CriteriaElement $criteria {@link CriteriaElement} to match |
||
170 | * @return array of object IDs |
||
171 | */ |
||
172 | public function &getIds(CriteriaElement $criteria = null) |
||
173 | { |
||
174 | $ret = []; |
||
175 | $sql = "SELECT `{$this->handler->keyName}` FROM `{$this->handler->table}`"; |
||
176 | $limit = $start = null; |
||
177 | if (\is_object($criteria) && \is_subclass_of($criteria, \CriteriaElement::class)) { |
||
178 | $sql .= ' ' . $criteria->renderWhere(); |
||
179 | $limit = $criteria->getLimit(); |
||
180 | $start = $criteria->getStart(); |
||
181 | } |
||
182 | if (!$result = $this->handler->db->query($sql, $limit, $start)) { |
||
183 | return $ret; |
||
184 | } |
||
185 | while (false !== ($myrow = $this->handler->db->fetchArray($result))) { |
||
186 | $ret[] = $myrow[$this->handler->keyName]; |
||
187 | } |
||
188 | |||
189 | return $ret; |
||
190 | } |
||
191 | |||
192 | /** |
||
193 | * get a limited list of objects matching a condition |
||
194 | * |
||
195 | * {@link CriteriaCompo} |
||
196 | * |
||
197 | * @param int $limit Max number of objects to fetch |
||
198 | * @param int $start Which record to start at |
||
199 | * @param \CriteriaElement $criteria {@link CriteriaElement} to match |
||
200 | * @param array $fields variables to fetch |
||
201 | * @param bool $asObject flag indicating as object, otherwise as array |
||
202 | * @return array of objects {@link XoopsObject} |
||
203 | */ |
||
204 | public function &getByLimit( |
||
205 | $limit = 0, |
||
206 | $start = 0, |
||
207 | CriteriaElement $criteria = null, |
||
208 | $fields = null, |
||
209 | $asObject = true |
||
210 | ) { |
||
211 | $trace = \debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS, 1); |
||
212 | \trigger_error(__CLASS__ . '::' . __FUNCTION__ . '() is deprecated, please use getAll instead.' . ". Called from {$trace[0]['file']}line {$trace[0]['line']}", \E_USER_WARNING); |
||
213 | if (\is_object($criteria) && \is_subclass_of($criteria, \CriteriaElement::class)) { |
||
214 | $criteria->setLimit($limit); |
||
215 | $criteria->setStart($start); |
||
216 | } elseif (!empty($limit)) { |
||
217 | $criteria = new CriteriaCompo(); |
||
218 | $criteria->setLimit($limit); |
||
219 | $criteria->setStart($start); |
||
220 | } |
||
221 | $ret = $this->handler->getAll($criteria, $fields, $asObject); |
||
222 | |||
223 | return $ret; |
||
224 | } |
||
225 | |||
226 | /** |
||
227 | * Convert a database resultset to a returnable array |
||
228 | * |
||
229 | * @param database $result resultset |
||
0 ignored issues
–
show
|
|||
230 | * @param bool $id_as_key - should NOT be used with joint keys |
||
231 | * @param bool $as_object |
||
232 | * |
||
233 | * @return array |
||
234 | */ |
||
235 | public function convertResultSet($result, $id_as_key = false, $as_object = true) |
||
236 | { |
||
237 | $trace = \debug_backtrace(\DEBUG_BACKTRACE_IGNORE_ARGS, 1); |
||
238 | \trigger_error(__CLASS__ . '::' . __FUNCTION__ . '() is deprecated.' . ". Called from {$trace[0]['file']}line {$trace[0]['line']}", \E_USER_WARNING); |
||
239 | $ret = []; |
||
240 | while (false !== ($myrow = $this->handler->db->fetchArray($result))) { |
||
241 | $obj = $this->handler->create(false); |
||
242 | $obj->assignVars($myrow); |
||
243 | if (!$id_as_key) { |
||
244 | if ($as_object) { |
||
245 | $ret[] = &$obj; |
||
246 | } else { |
||
247 | $row = []; |
||
248 | $vars = $obj->getVars(); |
||
249 | foreach (\array_keys($vars) as $i) { |
||
250 | $row[$i] = $obj->getVar($i); |
||
251 | } |
||
252 | $ret[] = $row; |
||
253 | } |
||
254 | } else { |
||
255 | if ($as_object) { |
||
256 | $ret[$myrow[$this->handler->keyName]] = &$obj; |
||
257 | } else { |
||
258 | $row = []; |
||
259 | $vars = $obj->getVars(); |
||
260 | foreach (\array_keys($vars) as $i) { |
||
261 | $row[$i] = $obj->getVar($i); |
||
262 | } |
||
263 | $ret[$myrow[$this->handler->keyName]] = $row; |
||
264 | } |
||
265 | } |
||
266 | unset($obj); |
||
267 | } |
||
268 | |||
269 | return $ret; |
||
270 | } |
||
271 | } |
||
272 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.