Issues in ajaximgedit.php - Fixed Issues - Inspection of "updates" - mambax7/gwiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( e22ad1...12e8ae )

by Michael

created 2016-04-04 22:48 UTC

ajaximgedit.php (3 issues)

Labels

Best Practice 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * ajaximgedit.php - backend upload images and update image info
 *
 * @copyright  Copyright © 2013 geekwright, LLC. All rights reserved.
 * @license    gwiki/docs/license.txt  GNU General Public License (GPL)
 * @since      1.0
 * @author     Richard Griffith <[email protected]>
 * @package    gwiki
 * @version    $Id$
 */
include dirname(dirname(__DIR__)) . '/mainfile.php';
$xoopsLogger->activated = false;
// provide error logging for our sanity in debugging ajax use (won't see xoops logger)
restore_error_handler();
error_reporting(-1);

$dir = basename(__DIR__);
require_once XOOPS_ROOT_PATH . '/modules/' . $dir . '/class/gwikiPage.php';
global $wikiPage;
$wikiPage = new gwikiPage;

$uploadpath = XOOPS_ROOT_PATH . "/uploads/{$dir}/";
$uploadurl  = XOOPS_URL . "/uploads/{$dir}/";

$newimage = (isset($_SERVER['HTTP_GW_FILENAME']) ? $_SERVER['HTTP_GW_FILENAME'] : false);
$jsondata = (isset($_SERVER['HTTP_GW_JSONDATA']) ? $_SERVER['HTTP_GW_JSONDATA'] : false);

//if (function_exists('xdebug_disable')) { xdebug_disable(); }
//foreach ($_SERVER as $k => $v) {
//    trigger_error($k.':'.$v);
//}

/**
 * @param $string
 *
 * @return string
 */
function cleaner($string)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    $string = stripcslashes($string);
    $string = html_entity_decode($string);
    $string = strip_tags($string); // DANGER -- kills wiki text
    $string = trim($string);
    $string = stripslashes($string);

    return $string;
}

/**
 * @param $input
 *
 * @return mixed
 */
function deleteData(&$input)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    global $xoopsDB, $uploadpath, $wikiPage;

    $q_image_id = (int)($input['image_id']);
    $q_keyword  = $wikiPage->escapeForDB($input['page']); // use keyword in delete so we know id and edit authority are connected

    // look up the name and delete the image file
    $sql = "SELECT image_file FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";

    $result = $xoopsDB->query($sql);
    if ($result) {
        $rows = $xoopsDB->getRowsNum($result);
        if ($rows) {
            $myrow = $xoopsDB->fetchArray($result);
            if (!empty($myrow['image_file'])) {
                $oldfilename = $uploadpath . $myrow['image_file'];
                unlink($oldfilename);
            }
        }
    }

    // delete the row
    $sql = "DELETE FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";

    $result = $xoopsDB->queryF($sql);
    $cnt    = $xoopsDB->getAffectedRows();
    if ($cnt) {
        $input['message'] = _MD_GWIKI_AJAX_IMGEDIT_DEL_OK;
    }

    return $result;
}

/**
 * @param $input
 *
 * @return mixed
 */
function updateData(&$input)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    global $xoopsDB, $wikiPage;

    $q_image_id       = (int)($input['image_id']);
    $q_keyword        = $wikiPage->escapeForDB($input['page']);
    $q_image_name     = $wikiPage->escapeForDB($input['image_name']);
    $q_image_alt_text = $wikiPage->escapeForDB($input['image_alt_text']);
    //  image_file only changed by image upload
    $q_use_to_represent = (int)($input['use_to_represent']);
    $q_image_file       = empty($input['image_file']) ? '' : $wikiPage->escapeForDB($input['image_file']);

    //  if(!$q_image_id) return false; // only updates

    // if we are setting this, clear it on all other images
    if ($q_use_to_represent) {
        $sql = "UPDATE " . $xoopsDB->prefix('gwiki_page_images') . " set use_to_represent = 0 where keyword = '{$q_keyword}' ";

        $result = $xoopsDB->queryF($sql);
    }

    $sql = "UPDATE " . $xoopsDB->prefix('gwiki_page_images');
    $sql .= " set image_name = '{$q_image_name}' ";
    $sql .= " , image_alt_text = '{$q_image_alt_text}' ";
    $sql .= " , use_to_represent = '{$q_use_to_represent}' ";
    if (!empty($q_image_file)) {
        $sql .= " , image_file = '{$q_image_file}' ";
    }
    $sql .= " where image_id = '{$q_image_id}' ";

    $result = $xoopsDB->queryF($sql);
    if (!$result) {
        $input['message'] = $xoopsDB->error();

        return (0);
    }
    $cnt = $xoopsDB->getAffectedRows();
    if (!$cnt) {
        $input['message'] = _MD_GWIKI_AJAX_IMGEDIT_NOT_DEFINED;
    } else {
        $input['message'] = _MD_GWIKI_AJAX_IMGEDIT_UPD_OK;
    }

    if ($result && !$cnt && !empty($q_image_file)) { // database is OK but nothing to update - require image_file
        $sql = "insert into " . $xoopsDB->prefix('gwiki_page_images');
        $sql .= " (keyword, image_name, image_alt_text, use_to_represent, image_file) ";
        $sql .= " values ('{$q_keyword}', '{$q_image_name}', '{$q_image_alt_text}', '{$q_use_to_represent}', '{$q_image_file}' )";
        $result            = $xoopsDB->queryF($sql);
        $input['image_id'] = $xoopsDB->getInsertId();
        $input['message']  = _MD_GWIKI_AJAX_IMGEDIT_ADD_OK;
    }

    return $input['image_id'];
}

/**
 * @param $newimage
 * @param $input
 *
 * @return mixed
 */
function updateImage($newimage, &$input)
{
    global $uploadpath, $xoopsDB;
    // For now, images are stored in individual directories for each page.
    // We can change the directory distribution later, as the entire path
    // relative to /uploads/gwiki/ ($relpath) is stored in the database.

    // We get rid of any colons in the page name in case the filesystem has
    // issues with them. (undescore is illegal in page name, so it stays unique.)
    $relpath  = 'pages/' . str_replace(':', '_', $input['page']) . '/img/';
    $ourpath  = $uploadpath . $relpath;
    $oldUmask = umask(0);
    @mkdir($ourpath, 0755, true);
    umask($oldUmask);
    $tempfn = tempnam($ourpath, 'WIKIIMG_');
    $image  = file_get_contents('php://input');
    file_put_contents($tempfn, $image);

    $ogimage_parts = pathinfo($newimage);

    // we are intentionally ignoring $ogimage_parts['dirname']
    // get rid of extra dots, commas and spaces
    $ogimage  = str_replace(array('.', ' ', ','), '_', $ogimage_parts['basename']) . '.' . strtolower($ogimage_parts['extension']);
    $filename = $tempfn . '_' . $ogimage;
    $justfn   = basename($filename);
    if (empty($input['image_name'])) {
        $input['image_name'] = $justfn;
    }
    $input['image_file'] = $relpath . $justfn;

    rename($tempfn, $filename);
    chmod($filename, 0644);
    $q_image_id = (int)($input['image_id']);
    $sql        = "SELECT image_file FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' ";

    $result = $xoopsDB->query($sql);
    if ($result) {
        $rows = $xoopsDB->getRowsNum($result);
        if ($rows) {
            $myrow = $xoopsDB->fetchArray($result);
            if (!empty($myrow['image_file'])) {
                $oldfilename = $uploadpath . $myrow['image_file'];
                unlink($oldfilename);
            }
            // update
        } else {
            // new row
        }
    }
    // $result=$xoopsDB->getInsertId();
    //$rows=$xoopsDB->getRowsNum($result);
    return updateData($input);
}

if ($jsondata === false) {
    header("Status: 500 Internal Error - No Data Passed");
    exit;
}
$input = json_decode($jsondata, true);
//file_put_contents ( XOOPS_ROOT_PATH.'/uploads/debug.txt', print_r($input,true));

if (!empty($input['image_id'])) {
    $q_image_id = (int)($input['image_id']);
    $sql        = "SELECT keyword FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id = '{$q_image_id}' ";
    $result     = $xoopsDB->query($sql);
    if ($row = $xoopsDB->fetcharray($result)) {
        $input['page'] = $row['keyword'];
    }
}

if (empty($input['page'])) {
    header("Status: 500 Internal Error - No Page");
    exit;
}
$input['page'] = strtolower($wikiPage->normalizeKeyword($input['page']));
$pageX         = $wikiPage->getPage($input['page']);
$mayEdit       = $wikiPage->checkEdit();

if (!$mayEdit) {
    header("Status: 403 Forbidden - No Permission");
    if (!$mayEdit) {
        $out['message'] = _MD_GWIKI_AJAX_IMGEDIT_NO_AUTH;
    }
    echo json_encode($out);
    exit;
}

/*
 * This creates issues if page being edited has not been saved yet, so let's not be anal about it
    if (!$pageX) {
        header("Status: 403 Forbidden - No Page");
        if(!$pageX) $out['message']='Page does not exist';
        echo json_encode($out);
        exit;
    }
*/

if ($newimage) {
    $input['image_id'] = updateImage($newimage, $input);
    if ($input['image_id']) {
        $input['message'] = 'Image Saved';
        $input['link']    = $uploadurl . $input['image_file'];
    }
} else {
    if (!empty($input['op']) && $input['op'] === 'delete') {
        deleteData($input);
    } else {
        updateData($input);
    }
}
echo json_encode($input);
exit;


1		<?php
2		/**
3		* ajaximgedit.php - backend upload images and update image info
4		*
5		* @copyright Copyright © 2013 geekwright, LLC. All rights reserved.
6		* @license gwiki/docs/license.txt GNU General Public License (GPL)
7		* @since 1.0
8		* @author Richard Griffith <[email protected]>
9		* @package gwiki
10		* @version $Id$
11		*/
12		include dirname(dirname(__DIR__)) . '/mainfile.php';
13		$xoopsLogger->activated = false;
14		// provide error logging for our sanity in debugging ajax use (won't see xoops logger)
15		restore_error_handler();
16		error_reporting(-1);
17
18		$dir = basename(__DIR__);
19		require_once XOOPS_ROOT_PATH . '/modules/' . $dir . '/class/gwikiPage.php';
20		global $wikiPage;
21		$wikiPage = new gwikiPage;
22
23		$uploadpath = XOOPS_ROOT_PATH . "/uploads/{$dir}/";
24		$uploadurl = XOOPS_URL . "/uploads/{$dir}/";
25
26		$newimage = (isset($_SERVER['HTTP_GW_FILENAME']) ? $_SERVER['HTTP_GW_FILENAME'] : false);
27		$jsondata = (isset($_SERVER['HTTP_GW_JSONDATA']) ? $_SERVER['HTTP_GW_JSONDATA'] : false);
28
29		//if (function_exists('xdebug_disable')) { xdebug_disable(); }
30		//foreach ($_SERVER as $k => $v) {
31		// trigger_error($k.':'.$v);
32		//}
33
34		/**
35		* @param $string
36		*
37		* @return string
38		*/
39	View Code Duplication	function cleaner($string)
		0 ignored issues – show Best Practice introduced 2016-01-18 06:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `cleaner()` has been defined more than once; this definition is ignored, only the first definition in `admin/attachments.php` (L27-38) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
40		{
41		$string = stripcslashes($string);
42		$string = html_entity_decode($string);
43		$string = strip_tags($string); // DANGER -- kills wiki text
44		$string = trim($string);
45		$string = stripslashes($string);
46
47		return $string;
48		}
49
50		/**
51		* @param $input
52		*
53		* @return mixed
54		*/
55	View Code Duplication	function deleteData(&$input)
		0 ignored issues – show Best Practice introduced 2016-01-18 06:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `deleteData()` has been defined more than once; this definition is ignored, only the first definition in `ajaxfileedit.php` (L209-242) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
56		{
57		global $xoopsDB, $uploadpath, $wikiPage;
58
59		$q_image_id = (int)($input['image_id']);
60		$q_keyword = $wikiPage->escapeForDB($input['page']); // use keyword in delete so we know id and edit authority are connected
61
62		// look up the name and delete the image file
63		$sql = "SELECT image_file FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";
64
65		$result = $xoopsDB->query($sql);
66		if ($result) {
67		$rows = $xoopsDB->getRowsNum($result);
68		if ($rows) {
69		$myrow = $xoopsDB->fetchArray($result);
70		if (!empty($myrow['image_file'])) {
71		$oldfilename = $uploadpath . $myrow['image_file'];
72		unlink($oldfilename);
73		}
74		}
75		}
76
77		// delete the row
78		$sql = "DELETE FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";
79
80		$result = $xoopsDB->queryF($sql);
81		$cnt = $xoopsDB->getAffectedRows();
82		if ($cnt) {
83		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_DEL_OK;
84		}
85
86		return $result;
87		}
88
89		/**
90		* @param $input
91		*
92		* @return mixed
93		*/
94		function updateData(&$input)
		0 ignored issues – show Best Practice introduced 2016-01-18 06:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `updateData()` has been defined more than once; this definition is ignored, only the first definition in `ajaxfileedit.php` (L249-306) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
95		{
96		global $xoopsDB, $wikiPage;
97
98		$q_image_id = (int)($input['image_id']);
99		$q_keyword = $wikiPage->escapeForDB($input['page']);
100		$q_image_name = $wikiPage->escapeForDB($input['image_name']);
101		$q_image_alt_text = $wikiPage->escapeForDB($input['image_alt_text']);
102		// image_file only changed by image upload
103		$q_use_to_represent = (int)($input['use_to_represent']);
104		$q_image_file = empty($input['image_file']) ? '' : $wikiPage->escapeForDB($input['image_file']);
105
106		// if(!$q_image_id) return false; // only updates
107
108		// if we are setting this, clear it on all other images
109		if ($q_use_to_represent) {
110		$sql = "UPDATE " . $xoopsDB->prefix('gwiki_page_images') . " set use_to_represent = 0 where keyword = '{$q_keyword}' ";
111
112		$result = $xoopsDB->queryF($sql);
113		}
114
115		$sql = "UPDATE " . $xoopsDB->prefix('gwiki_page_images');
116		$sql .= " set image_name = '{$q_image_name}' ";
117		$sql .= " , image_alt_text = '{$q_image_alt_text}' ";
118		$sql .= " , use_to_represent = '{$q_use_to_represent}' ";
119		if (!empty($q_image_file)) {
120		$sql .= " , image_file = '{$q_image_file}' ";
121		}
122		$sql .= " where image_id = '{$q_image_id}' ";
123
124		$result = $xoopsDB->queryF($sql);
125		if (!$result) {
126		$input['message'] = $xoopsDB->error();
127
128		return (0);
129		}
130		$cnt = $xoopsDB->getAffectedRows();
131		if (!$cnt) {
132		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_NOT_DEFINED;
133		} else {
134		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_UPD_OK;
135		}
136
137		if ($result && !$cnt && !empty($q_image_file)) { // database is OK but nothing to update - require image_file
138		$sql = "insert into " . $xoopsDB->prefix('gwiki_page_images');
139		$sql .= " (keyword, image_name, image_alt_text, use_to_represent, image_file) ";
140		$sql .= " values ('{$q_keyword}', '{$q_image_name}', '{$q_image_alt_text}', '{$q_use_to_represent}', '{$q_image_file}' )";
141		$result = $xoopsDB->queryF($sql);
142		$input['image_id'] = $xoopsDB->getInsertId();
143		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_ADD_OK;
144		}
145
146		return $input['image_id'];
147		}
148
149		/**
150		* @param $newimage
151		* @param $input
152		*
153		* @return mixed
154		*/
155		function updateImage($newimage, &$input)
156		{
157		global $uploadpath, $xoopsDB;
158		// For now, images are stored in individual directories for each page.
159		// We can change the directory distribution later, as the entire path
160		// relative to /uploads/gwiki/ ($relpath) is stored in the database.
161
162		// We get rid of any colons in the page name in case the filesystem has
163		// issues with them. (undescore is illegal in page name, so it stays unique.)
164		$relpath = 'pages/' . str_replace(':', '_', $input['page']) . '/img/';
165		$ourpath = $uploadpath . $relpath;
166		$oldUmask = umask(0);
167		@mkdir($ourpath, 0755, true);
168		umask($oldUmask);
169		$tempfn = tempnam($ourpath, 'WIKIIMG_');
170		$image = file_get_contents('php://input');
171		file_put_contents($tempfn, $image);
172
173		$ogimage_parts = pathinfo($newimage);
174
175		// we are intentionally ignoring $ogimage_parts['dirname']
176		// get rid of extra dots, commas and spaces
177		$ogimage = str_replace(array('.', ' ', ','), '_', $ogimage_parts['basename']) . '.' . strtolower($ogimage_parts['extension']);
178		$filename = $tempfn . '_' . $ogimage;
179		$justfn = basename($filename);
180		if (empty($input['image_name'])) {
181		$input['image_name'] = $justfn;
182		}
183		$input['image_file'] = $relpath . $justfn;
184
185		rename($tempfn, $filename);
186		chmod($filename, 0644);
187		$q_image_id = (int)($input['image_id']);
188		$sql = "SELECT image_file FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' ";
189
190		$result = $xoopsDB->query($sql);
191		if ($result) {
192		$rows = $xoopsDB->getRowsNum($result);
193		if ($rows) {
194		$myrow = $xoopsDB->fetchArray($result);
195		if (!empty($myrow['image_file'])) {
196		$oldfilename = $uploadpath . $myrow['image_file'];
197		unlink($oldfilename);
198		}
199		// update
200		} else {
201		// new row
202		}
203		}
204		// $result=$xoopsDB->getInsertId();
205		//$rows=$xoopsDB->getRowsNum($result);
206		return updateData($input);
207		}
208
209		if ($jsondata === false) {
210		header("Status: 500 Internal Error - No Data Passed");
211		exit;
212		}
213		$input = json_decode($jsondata, true);
214		//file_put_contents ( XOOPS_ROOT_PATH.'/uploads/debug.txt', print_r($input,true));
215
216		if (!empty($input['image_id'])) {
217		$q_image_id = (int)($input['image_id']);
218		$sql = "SELECT keyword FROM " . $xoopsDB->prefix('gwiki_page_images') . " where image_id = '{$q_image_id}' ";
219		$result = $xoopsDB->query($sql);
220		if ($row = $xoopsDB->fetcharray($result)) {
221		$input['page'] = $row['keyword'];
222		}
223		}
224
225		if (empty($input['page'])) {
226		header("Status: 500 Internal Error - No Page");
227		exit;
228		}
229		$input['page'] = strtolower($wikiPage->normalizeKeyword($input['page']));
230		$pageX = $wikiPage->getPage($input['page']);
231		$mayEdit = $wikiPage->checkEdit();
232
233	View Code Duplication	if (!$mayEdit) {
234		header("Status: 403 Forbidden - No Permission");
235		if (!$mayEdit) {
236		$out['message'] = _MD_GWIKI_AJAX_IMGEDIT_NO_AUTH;
237		}
238		echo json_encode($out);
239		exit;
240		}
241
242		/*
243		* This creates issues if page being edited has not been saved yet, so let's not be anal about it
244		if (!$pageX) {
245		header("Status: 403 Forbidden - No Page");
246		if(!$pageX) $out['message']='Page does not exist';
247		echo json_encode($out);
248		exit;
249		}
250		*/
251
252		if ($newimage) {
253		$input['image_id'] = updateImage($newimage, $input);
254		if ($input['image_id']) {
255		$input['message'] = 'Image Saved';
256		$input['link'] = $uploadurl . $input['image_file'];
257		}
258	View Code Duplication	} else {
259		if (!empty($input['op']) && $input['op'] === 'delete') {
260		deleteData($input);
261		} else {
262		updateData($input);
263		}
264		}
265		echo json_encode($input);
266		exit;
267

mambax7 / gwiki

Push — master ( e22ad1...12e8ae )

ajaximgedit.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like