Issues in ajaximgedit.php - New Issues - Inspection of "Merge branch 'master' of https://github.com/mambax..." - mambax7/gwiki - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 7e38e2...812d3d )

by Michael

created 2017-02-01 04:09 UTC

ajaximgedit.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * ajaximgedit.php - backend upload images and update image info
 *
 * @copyright  Copyright © 2013 geekwright, LLC. All rights reserved.
 * @license    gwiki/docs/license.txt  GNU General Public License (GPL)
 * @since      1.0
 * @author     Richard Griffith <[email protected]>
 * @package    gwiki
 */
include __DIR__ . '/../../mainfile.php';
$xoopsLogger->activated = false;
// provide error logging for our sanity in debugging ajax use (won't see xoops logger)
restore_error_handler();
error_reporting(-1);

$dir = basename(__DIR__);
require_once XOOPS_ROOT_PATH . '/modules/' . $dir . '/class/GwikiPage.php';
global $wikiPage;
$wikiPage = new GwikiPage;

$uploadpath = XOOPS_ROOT_PATH . "/uploads/{$dir}/";
$uploadurl  = XOOPS_URL . "/uploads/{$dir}/";

$newimage = (isset($_SERVER['HTTP_GW_FILENAME']) ? $_SERVER['HTTP_GW_FILENAME'] : false);
$jsondata = (isset($_SERVER['HTTP_GW_JSONDATA']) ? $_SERVER['HTTP_GW_JSONDATA'] : false);

//if (function_exists('xdebug_disable')) { xdebug_disable(); }
//foreach ($_SERVER as $k => $v) {
//    trigger_error($k.':'.$v);
//}

/**
 * @param $string
 *
 * @return string
 */
function cleaner($string)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    $string = stripcslashes($string);
    $string = html_entity_decode($string);
    $string = strip_tags($string); // DANGER -- kills wiki text
    $string = trim($string);
    $string = stripslashes($string);

    return $string;
}

/**
 * @param $input
 *
 * @return mixed
 */
function deleteData(&$input)
{
    global $xoopsDB, $uploadpath, $wikiPage;

    $q_image_id = (int)$input['image_id'];
    $q_keyword  = $wikiPage->escapeForDB($input['page']); // use keyword in delete so we know id and edit authority are connected

    // look up the name and delete the image file
    $sql = 'SELECT image_file FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";

    $result = $xoopsDB->query($sql);
    if ($result) {
        $rows = $xoopsDB->getRowsNum($result);
        if ($rows) {
            $myrow = $xoopsDB->fetchArray($result);
            if (!empty($myrow['image_file'])) {
                $oldfilename = $uploadpath . $myrow['image_file'];
                unlink($oldfilename);
            }
        }
    }

    // delete the row
    $sql = 'DELETE FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";

    $result = $xoopsDB->queryF($sql);
    $cnt    = $xoopsDB->getAffectedRows();
    if ($cnt) {
        $input['message'] = _MD_GWIKI_AJAX_IMGEDIT_DEL_OK;
    }

    return $result;
}

/**
 * @param $input
 *
 * @return mixed
 */
function updateData(&$input)
{
    global $xoopsDB, $wikiPage;

    $q_image_id       = (int)$input['image_id'];
    $q_keyword        = $wikiPage->escapeForDB($input['page']);
    $q_image_name     = $wikiPage->escapeForDB($input['image_name']);
    $q_image_alt_text = $wikiPage->escapeForDB($input['image_alt_text']);
    //  image_file only changed by image upload
    $q_use_to_represent = (int)$input['use_to_represent'];
    $q_image_file       = empty($input['image_file']) ? '' : $wikiPage->escapeForDB($input['image_file']);

    //  if(!$q_image_id) return false; // only updates

    // if we are setting this, clear it on all other images
    if ($q_use_to_represent) {
        $sql = 'UPDATE ' . $xoopsDB->prefix('gwiki_page_images') . " set use_to_represent = 0 where keyword = '{$q_keyword}' ";

        $result = $xoopsDB->queryF($sql);
    }

    $sql = 'UPDATE ' . $xoopsDB->prefix('gwiki_page_images');
    $sql .= " set image_name = '{$q_image_name}' ";
    $sql .= " , image_alt_text = '{$q_image_alt_text}' ";
    $sql .= " , use_to_represent = '{$q_use_to_represent}' ";
    if (!empty($q_image_file)) {
        $sql .= " , image_file = '{$q_image_file}' ";
    }
    $sql .= " where image_id = '{$q_image_id}' ";

    $result = $xoopsDB->queryF($sql);
    if (!$result) {
        $input['message'] = $xoopsDB->error();

        return 0;
    }
    $cnt = $xoopsDB->getAffectedRows();
    if (!$cnt) {
        $input['message'] = _MD_GWIKI_AJAX_IMGEDIT_NOT_DEFINED;
    } else {
        $input['message'] = _MD_GWIKI_AJAX_IMGEDIT_UPD_OK;
    }

    if ($result && !$cnt && !empty($q_image_file)) { // database is OK but nothing to update - require image_file
        $sql = 'insert into ' . $xoopsDB->prefix('gwiki_page_images');
        $sql .= ' (keyword, image_name, image_alt_text, use_to_represent, image_file) ';
        $sql .= " values ('{$q_keyword}', '{$q_image_name}', '{$q_image_alt_text}', '{$q_use_to_represent}', '{$q_image_file}' )";
        $result            = $xoopsDB->queryF($sql);
        $input['image_id'] = $xoopsDB->getInsertId();
        $input['message']  = _MD_GWIKI_AJAX_IMGEDIT_ADD_OK;
    }

    return $input['image_id'];
}

/**
 * @param $newimage
 * @param $input
 *
 * @return mixed
 */
function updateImage($newimage, &$input)
{
    global $uploadpath, $xoopsDB;
    // For now, images are stored in individual directories for each page.
    // We can change the directory distribution later, as the entire path
    // relative to /uploads/gwiki/ ($relpath) is stored in the database.

    // We get rid of any colons in the page name in case the filesystem has
    // issues with them. (undescore is illegal in page name, so it stays unique.)
    $relpath  = 'pages/' . str_replace(':', '_', $input['page']) . '/img/';
    $ourpath  = $uploadpath . $relpath;
    $oldUmask = umask(0);
    @mkdir($ourpath, 0755, true);
    umask($oldUmask);
    $tempfn = tempnam($ourpath, 'WIKIIMG_');
    $image  = file_get_contents('php://input');
    file_put_contents($tempfn, $image);

    $ogimage_parts = pathinfo($newimage);

    // we are intentionally ignoring $ogimage_parts['dirname']
    // get rid of extra dots, commas and spaces
    $ogimage  = str_replace(array('.', ' ', ','), '_', $ogimage_parts['basename']) . '.' . strtolower($ogimage_parts['extension']);
    $filename = $tempfn . '_' . $ogimage;
    $justfn   = basename($filename);
    if (empty($input['image_name'])) {
        $input['image_name'] = $justfn;
    }
    $input['image_file'] = $relpath . $justfn;

    rename($tempfn, $filename);
    chmod($filename, 0644);
    $q_image_id = (int)$input['image_id'];
    $sql        = 'SELECT image_file FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' ";

    $result = $xoopsDB->query($sql);
    if ($result) {
        $rows = $xoopsDB->getRowsNum($result);
        if ($rows) {
            $myrow = $xoopsDB->fetchArray($result);
            if (!empty($myrow['image_file'])) {
                $oldfilename = $uploadpath . $myrow['image_file'];
                unlink($oldfilename);
            }
            // update
        } else {
            // new row
        }
    }
    // $result=$xoopsDB->getInsertId();
    //$rows=$xoopsDB->getRowsNum($result);
    return updateData($input);
}

if ($jsondata === false) {
    header('Status: 500 Internal Error - No Data Passed');
    exit;
}
$input = json_decode($jsondata, true);
//file_put_contents ( XOOPS_ROOT_PATH.'/uploads/debug.txt', print_r($input,true));

if (!empty($input['image_id'])) {
    $q_image_id = (int)$input['image_id'];
    $sql        = 'SELECT keyword FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id = '{$q_image_id}' ";
    $result     = $xoopsDB->query($sql);
    if ($row = $xoopsDB->fetcharray($result)) {
        $input['page'] = $row['keyword'];
    }
}

if (empty($input['page'])) {
    header('Status: 500 Internal Error - No Page');
    exit;
}
$input['page'] = strtolower($wikiPage->normalizeKeyword($input['page']));
$pageX         = $wikiPage->getPage($input['page']);
$mayEdit       = $wikiPage->checkEdit();

if (!$mayEdit) {
    header('Status: 403 Forbidden - No Permission');
    if (!$mayEdit) {
        $out['message'] = _MD_GWIKI_AJAX_IMGEDIT_NO_AUTH;
    }
    echo json_encode($out);
    exit;
}

/*
 * This creates issues if page being edited has not been saved yet, so let's not be anal about it
    if (!$pageX) {
        header("Status: 403 Forbidden - No Page");
        if(!$pageX) $out['message']='Page does not exist';
        echo json_encode($out);
        exit;
    }
*/

if ($newimage) {
    $input['image_id'] = updateImage($newimage, $input);
    if ($input['image_id']) {
        $input['message'] = 'Image Saved';
        $input['link']    = $uploadurl . $input['image_file'];
    }
} else {
    if (!empty($input['op']) && $input['op'] === 'delete') {
        deleteData($input);
    } else {
        updateData($input);
    }
}
echo json_encode($input);
exit;


1		<?php
2		/**
3		* ajaximgedit.php - backend upload images and update image info
4		*
5		* @copyright Copyright © 2013 geekwright, LLC. All rights reserved.
6		* @license gwiki/docs/license.txt GNU General Public License (GPL)
7		* @since 1.0
8		* @author Richard Griffith <[email protected]>
9		* @package gwiki
10		*/
11		include __DIR__ . '/../../mainfile.php';
12		$xoopsLogger->activated = false;
13		// provide error logging for our sanity in debugging ajax use (won't see xoops logger)
14		restore_error_handler();
15		error_reporting(-1);
16
17		$dir = basename(__DIR__);
18		require_once XOOPS_ROOT_PATH . '/modules/' . $dir . '/class/GwikiPage.php';
19		global $wikiPage;
20		$wikiPage = new GwikiPage;
21
22		$uploadpath = XOOPS_ROOT_PATH . "/uploads/{$dir}/";
23		$uploadurl = XOOPS_URL . "/uploads/{$dir}/";
24
25		$newimage = (isset($_SERVER['HTTP_GW_FILENAME']) ? $_SERVER['HTTP_GW_FILENAME'] : false);
26		$jsondata = (isset($_SERVER['HTTP_GW_JSONDATA']) ? $_SERVER['HTTP_GW_JSONDATA'] : false);
27
28		//if (function_exists('xdebug_disable')) { xdebug_disable(); }
29		//foreach ($_SERVER as $k => $v) {
30		// trigger_error($k.':'.$v);
31		//}
32
33		/**
34		* @param $string
35		*
36		* @return string
37		*/
38	View Code Duplication	function cleaner($string)
		0 ignored issues – show Best Practice introduced 2017-02-01 04:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `cleaner()` has been defined more than once; this definition is ignored, only the first definition in `admin/prefixes.php` (L601-612) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
39		{
40		$string = stripcslashes($string);
41		$string = html_entity_decode($string);
42		$string = strip_tags($string); // DANGER -- kills wiki text
43		$string = trim($string);
44		$string = stripslashes($string);
45
46		return $string;
47		}
48
49		/**
50		* @param $input
51		*
52		* @return mixed
53		*/
54	View Code Duplication	function deleteData(&$input)
55		{
56		global $xoopsDB, $uploadpath, $wikiPage;
57
58		$q_image_id = (int)$input['image_id'];
59		$q_keyword = $wikiPage->escapeForDB($input['page']); // use keyword in delete so we know id and edit authority are connected
60
61		// look up the name and delete the image file
62		$sql = 'SELECT image_file FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";
63
64		$result = $xoopsDB->query($sql);
65		if ($result) {
66		$rows = $xoopsDB->getRowsNum($result);
67		if ($rows) {
68		$myrow = $xoopsDB->fetchArray($result);
69		if (!empty($myrow['image_file'])) {
70		$oldfilename = $uploadpath . $myrow['image_file'];
71		unlink($oldfilename);
72		}
73		}
74		}
75
76		// delete the row
77		$sql = 'DELETE FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' AND keyword = '{$q_keyword}' ";
78
79		$result = $xoopsDB->queryF($sql);
80		$cnt = $xoopsDB->getAffectedRows();
81		if ($cnt) {
82		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_DEL_OK;
83		}
84
85		return $result;
86		}
87
88		/**
89		* @param $input
90		*
91		* @return mixed
92		*/
93		function updateData(&$input)
94		{
95		global $xoopsDB, $wikiPage;
96
97		$q_image_id = (int)$input['image_id'];
98		$q_keyword = $wikiPage->escapeForDB($input['page']);
99		$q_image_name = $wikiPage->escapeForDB($input['image_name']);
100		$q_image_alt_text = $wikiPage->escapeForDB($input['image_alt_text']);
101		// image_file only changed by image upload
102		$q_use_to_represent = (int)$input['use_to_represent'];
103		$q_image_file = empty($input['image_file']) ? '' : $wikiPage->escapeForDB($input['image_file']);
104
105		// if(!$q_image_id) return false; // only updates
106
107		// if we are setting this, clear it on all other images
108		if ($q_use_to_represent) {
109		$sql = 'UPDATE ' . $xoopsDB->prefix('gwiki_page_images') . " set use_to_represent = 0 where keyword = '{$q_keyword}' ";
110
111		$result = $xoopsDB->queryF($sql);
112		}
113
114		$sql = 'UPDATE ' . $xoopsDB->prefix('gwiki_page_images');
115		$sql .= " set image_name = '{$q_image_name}' ";
116		$sql .= " , image_alt_text = '{$q_image_alt_text}' ";
117		$sql .= " , use_to_represent = '{$q_use_to_represent}' ";
118		if (!empty($q_image_file)) {
119		$sql .= " , image_file = '{$q_image_file}' ";
120		}
121		$sql .= " where image_id = '{$q_image_id}' ";
122
123		$result = $xoopsDB->queryF($sql);
124		if (!$result) {
125		$input['message'] = $xoopsDB->error();
126
127		return 0;
128		}
129		$cnt = $xoopsDB->getAffectedRows();
130		if (!$cnt) {
131		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_NOT_DEFINED;
132		} else {
133		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_UPD_OK;
134		}
135
136		if ($result && !$cnt && !empty($q_image_file)) { // database is OK but nothing to update - require image_file
137		$sql = 'insert into ' . $xoopsDB->prefix('gwiki_page_images');
138		$sql .= ' (keyword, image_name, image_alt_text, use_to_represent, image_file) ';
139		$sql .= " values ('{$q_keyword}', '{$q_image_name}', '{$q_image_alt_text}', '{$q_use_to_represent}', '{$q_image_file}' )";
140		$result = $xoopsDB->queryF($sql);
141		$input['image_id'] = $xoopsDB->getInsertId();
142		$input['message'] = _MD_GWIKI_AJAX_IMGEDIT_ADD_OK;
143		}
144
145		return $input['image_id'];
146		}
147
148		/**
149		* @param $newimage
150		* @param $input
151		*
152		* @return mixed
153		*/
154		function updateImage($newimage, &$input)
155		{
156		global $uploadpath, $xoopsDB;
157		// For now, images are stored in individual directories for each page.
158		// We can change the directory distribution later, as the entire path
159		// relative to /uploads/gwiki/ ($relpath) is stored in the database.
160
161		// We get rid of any colons in the page name in case the filesystem has
162		// issues with them. (undescore is illegal in page name, so it stays unique.)
163		$relpath = 'pages/' . str_replace(':', '_', $input['page']) . '/img/';
164		$ourpath = $uploadpath . $relpath;
165		$oldUmask = umask(0);
166		@mkdir($ourpath, 0755, true);
167		umask($oldUmask);
168		$tempfn = tempnam($ourpath, 'WIKIIMG_');
169		$image = file_get_contents('php://input');
170		file_put_contents($tempfn, $image);
171
172		$ogimage_parts = pathinfo($newimage);
173
174		// we are intentionally ignoring $ogimage_parts['dirname']
175		// get rid of extra dots, commas and spaces
176		$ogimage = str_replace(array('.', ' ', ','), '_', $ogimage_parts['basename']) . '.' . strtolower($ogimage_parts['extension']);
177		$filename = $tempfn . '_' . $ogimage;
178		$justfn = basename($filename);
179		if (empty($input['image_name'])) {
180		$input['image_name'] = $justfn;
181		}
182		$input['image_file'] = $relpath . $justfn;
183
184		rename($tempfn, $filename);
185		chmod($filename, 0644);
186		$q_image_id = (int)$input['image_id'];
187		$sql = 'SELECT image_file FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id='{$q_image_id}' ";
188
189		$result = $xoopsDB->query($sql);
190		if ($result) {
191		$rows = $xoopsDB->getRowsNum($result);
192		if ($rows) {
193		$myrow = $xoopsDB->fetchArray($result);
194		if (!empty($myrow['image_file'])) {
195		$oldfilename = $uploadpath . $myrow['image_file'];
196		unlink($oldfilename);
197		}
198		// update
199		} else {
200		// new row
201		}
202		}
203		// $result=$xoopsDB->getInsertId();
204		//$rows=$xoopsDB->getRowsNum($result);
205		return updateData($input);
206		}
207
208		if ($jsondata === false) {
209		header('Status: 500 Internal Error - No Data Passed');
210		exit;
211		}
212		$input = json_decode($jsondata, true);
213		//file_put_contents ( XOOPS_ROOT_PATH.'/uploads/debug.txt', print_r($input,true));
214
215		if (!empty($input['image_id'])) {
216		$q_image_id = (int)$input['image_id'];
217		$sql = 'SELECT keyword FROM ' . $xoopsDB->prefix('gwiki_page_images') . " where image_id = '{$q_image_id}' ";
218		$result = $xoopsDB->query($sql);
219		if ($row = $xoopsDB->fetcharray($result)) {
220		$input['page'] = $row['keyword'];
221		}
222		}
223
224		if (empty($input['page'])) {
225		header('Status: 500 Internal Error - No Page');
226		exit;
227		}
228		$input['page'] = strtolower($wikiPage->normalizeKeyword($input['page']));
229		$pageX = $wikiPage->getPage($input['page']);
230		$mayEdit = $wikiPage->checkEdit();
231
232	View Code Duplication	if (!$mayEdit) {
233		header('Status: 403 Forbidden - No Permission');
234		if (!$mayEdit) {
235		$out['message'] = _MD_GWIKI_AJAX_IMGEDIT_NO_AUTH;
236		}
237		echo json_encode($out);
238		exit;
239		}
240
241		/*
242		* This creates issues if page being edited has not been saved yet, so let's not be anal about it
243		if (!$pageX) {
244		header("Status: 403 Forbidden - No Page");
245		if(!$pageX) $out['message']='Page does not exist';
246		echo json_encode($out);
247		exit;
248		}
249		*/
250
251		if ($newimage) {
252		$input['image_id'] = updateImage($newimage, $input);
253		if ($input['image_id']) {
254		$input['message'] = 'Image Saved';
255		$input['link'] = $uploadurl . $input['image_file'];
256		}
257	View Code Duplication	} else {
258		if (!empty($input['op']) && $input['op'] === 'delete') {
259		deleteData($input);
260		} else {
261		updateData($input);
262		}
263		}
264		echo json_encode($input);
265		exit;
266

mambax7 / gwiki

Push — master ( 7e38e2...812d3d )

ajaximgedit.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like