Issues in viewforum.php (master) - Issues in master - mambax7/newbb - Measure and Improve Code Quality continuously with Scrutinizer

Issues (340)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

viewforum.php (1 issue)

Severity

Unknown 1

<?php declare(strict_types=1);

/**
 * NewBB,  the forum module for XOOPS project
 *
 * @copyright      XOOPS Project (https://xoops.org)
 * @license        GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @author         Taiwen Jiang (phppp or D.J.) <[email protected]>
 * @since          4.00
 */

use Xmf\Request;
use XoopsModules\Newbb\{
    Forum,
    ForumHandler,
    OnlineHandler,
    TypeHandler,
    PermissionHandler
};
/** @var OnlineHandler $onlineHandler */
/** @var ForumHandler $forumHandler */
require_once __DIR__ . '/header.php';

if (!Request::getInt('forum', 0, 'GET')) {
    redirect_header(XOOPS_URL . '/index.php', 2, _MD_NEWBB_ERRORFORUM);
}
require_once __DIR__ . '/include/functions.read.php';

global $xoopsModule;

/*
 * Build the page query
 */
$query_vars  = ['forum', 'type', 'status', 'sort', 'order', 'start', 'since'];
$query_array = [];
foreach ($query_vars as $var) {
    if (Request::getString($var, '', 'GET')) {
        $query_array[$var] = "{$var}=" . Request::getString($var, '', 'GET');
    }
}
$page_query = implode('&amp;', array_values($query_array));

if (Request::getInt('mark', 0, 'GET')) {
    if (1 === Request::getInt('mark', 0, 'GET')) { // marked as read
        $markvalue  = 1;
        $markresult = _MD_NEWBB_MARK_READ;
    } else { // marked as unread
        $markvalue  = 0;
        $markresult = _MD_NEWBB_MARK_UNREAD;
    }
    newbbSetReadTopic($markvalue, Request::getInt('forum', 0, 'GET'));
    $url = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/viewforum.php?' . $page_query;
    redirect_header($url, 2, _MD_NEWBB_ALL_TOPIC_MARKED . ' ' . $markresult);
}

$forum_id = Request::getInt('forum', 0, 'GET');
$type     = Request::getInt('type', 0, 'GET');
$status   = (Request::getString('status', '', 'GET')
             && in_array(
                 Request::getString('status', '', 'GET'),
                 [
                     'active',
                     'pending',
                     'deleted',
                     'digest',
                     'unreplied',
                     'unread',
                 ],
                 true
             )) ? Request::getString('status', '', 'GET') : '';

$mode = (Request::getString('status', '', 'GET')
         && in_array(
             Request::getString('status', '', 'GET'),
             [
                 'active',
                 'pending',
                 'deleted',
             ],
             true
         )) ? 2 : Request::getInt('mode', 0, 'GET');

//$forumHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Forum');
/** @var Forum $forumObject */
$forumObject = $forumHandler->get($forum_id);

if (!$forumObject) {

    redirect_header(XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/index.php', 2, _MD_NEWBB_ERRORFORUM);
}

if (!$forumHandler->getPermission($forumObject)) {
    redirect_header(XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/index.php', 2, _NOPERM);
}
newbbSetRead('forum', $forum_id, $forumObject->getVar('forum_last_post_id'));

$xoopsPageTitle = $forumObject->getVar('forum_name') . ' [' . $xoopsModule->getVar('name') . ']';

$xoopsOption['template_main']   = 'newbb_viewforum.tpl';
$xoopsOption['xoops_pagetitle'] = $xoopsPageTitle;

require_once $GLOBALS['xoops']->path('header.php');
require_once __DIR__ . '/include/functions.render.php';

if (!empty($GLOBALS['xoopsModuleConfig']['rss_enable'])) {
    $xoopsTpl->assign(
        'xoops_module_header',
        '
    <link rel="alternate" type="application/xml+rss" title="' . $xoopsModule->getVar('name') . '-' . $forumObject->getVar('forum_name') . '" href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/rss.php?f=' . $forum_id . '" >
    ' . @$xoopsTpl->get_template_vars('xoops_module_header')
    );
}
$forumDescription = $forumObject->getVar('forum_desc');
$xoopsTpl->assign('forumDescription', $forumDescription);

//$xoopsTpl->assign('xoops_module_header', $xoops_module_header);
$xoopsTpl->assign('forum_id', $forum_id);
$xoopsTpl->assign('version', $xoopsModule->getVar('version'));

$isAdmin = newbbIsAdmin($forumObject);
$xoopsTpl->assign('viewer_level', $isAdmin ? 2 : 0);
/* Only admin has access to admin mode */
if (!$isAdmin) {
    $status = (!empty($status) && in_array($status, ['active', 'pending', 'deleted'], true)) ? '' : $status;
    // irmtfan add mode
    $mode = 0;
}
// irmtfan add mode
$xoopsTpl->assign('mode', $mode);
$xoopsTpl->assign('status', $status);
if ($isAdmin) {
    $xoopsTpl->assign('forum_index_cpanel', ['link' => 'admin/index.php', 'name' => _MD_NEWBB_ADMINCP]);
}

if ($GLOBALS['xoopsModuleConfig']['wol_enabled']) {
    //    $onlineHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Online');
    $onlineHandler->init($forumObject);
    $xoopsTpl->assign('online', $onlineHandler->showOnline());
}

if ($forumHandler->getPermission($forumObject, 'post')) {
    $xoopsTpl->assign('viewer_level', $isAdmin ? 2 : 1);
    $xoopsTpl->assign('forum_post_or_register', '<a href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/newtopic.php?forum={$forum_id}\">" . newbbDisplayImage('t_new', _MD_NEWBB_POSTNEW) . '</a>');
    if ($pollmodules && $forumHandler->getPermission($forumObject, 'addpoll')) {
        $t_poll = newbbDisplayImage('t_poll', _MD_NEWBB_ADDPOLL);
        $xoopsTpl->assign('forum_addpoll', '<a href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/polls.php?op=add&amp;forum={$forum_id}\">{$t_poll}</a>");
    }
} else {
    $xoopsTpl->assign('viewer_level', 0);
    if (!is_object($GLOBALS['xoopsUser']) && !empty($GLOBALS['xoopsModuleConfig']['show_reg'])) {
        $redirect = preg_replace('|(.*)\/modules\/Newbb\/(.*)|', '\\1/modules/newbb/newtopic.php?forum=' . $forum_id, htmlspecialchars((string)$xoopsRequestUri, ENT_QUOTES | ENT_HTML5));
        $xoopsTpl->assign('forum_post_or_register', "<a href='" . XOOPS_URL . "/user.php?xoops_redirect={$redirect}'>" . _MD_NEWBB_REGTOPOST . '</a>');
    } else {
        $xoopsTpl->assign('forum_post_or_register', '');
    }
    $xoopsTpl->assign('forum_addpoll', '');
}
$parentforum = $forumHandler->getParents($forumObject);
$xoopsTpl->assign_by_ref('parentforum', $parentforum);

$criteria = new \CriteriaCompo(new \Criteria('parent_forum', $forum_id));
$criteria->add(new \Criteria('forum_id', '(' . implode(', ', $forumHandler->getIdsByPermission('access')) . ')', 'IN'));
$criteria->setSort('forum_order');

$forums = $forumHandler->getAll($criteria, null, false);
if ($forums) {
    $subforum_array = $forumHandler->display($forums, $GLOBALS['xoopsModuleConfig']['length_title_index'], $GLOBALS['xoopsModuleConfig']['count_subforum']);
    $subforum       = array_values($subforum_array[$forum_id]);
    unset($subforum_array);
    $xoopsTpl->assign_by_ref('subforum', $subforum);
}

//$categoryHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Category');
$categoryObject = $categoryHandler->get($forumObject->getVar('cat_id'), ['cat_title']);
$xoopsTpl->assign('category', ['id' => $forumObject->getVar('cat_id'), 'title' => $categoryObject->getVar('cat_title')]);

$xoopsTpl->assign('forum_index_title', sprintf(_MD_NEWBB_FORUMINDEX, htmlspecialchars((string)$GLOBALS['xoopsConfig']['sitename'], ENT_QUOTES)));
$xoopsTpl->assign('forum_name', $forumObject->getVar('forum_name'));
$xoopsTpl->assign('forum_moderators', $forumObject->dispForumModerators());

// irmtfan - add and edit: u.uname => t.topic_poster | t.topic_time => t.topic_id | "t.rating"=>_MD_NEWBB_RATINGS, | p.post_time => t.topic_last_post_id
$sel_sort_array = [
    't.topic_title'        => _MD_NEWBB_TOPICTITLE,
    't.topic_poster'       => _MD_NEWBB_TOPICPOSTER,
    't.topic_id'           => _MD_NEWBB_TOPICTIME,
    't.topic_replies'      => _MD_NEWBB_NUMBERREPLIES,
    't.topic_views'        => _MD_NEWBB_VIEWS,
    't.rating'             => _MD_NEWBB_RATINGS,
    't.topic_last_post_id' => _MD_NEWBB_LASTPOSTTIME,
];
if (!Request::getString('sort', '', 'GET') || !array_key_exists(Request::getString('sort', '', 'GET'), $sel_sort_array)) {
    $sort = 't.topic_last_post_id';
} else {
    $sort = Request::getString('sort', '', 'GET');
}

$forum_selection_sort = '<select name="sort">';
foreach ($sel_sort_array as $sort_k => $sort_v) {
    $forum_selection_sort .= '<option value="' . $sort_k . '"' . (($sort == $sort_k) ? ' selected="selected"' : '') . '>' . $sort_v . '</option>';
}
$forum_selection_sort .= '</select>';

$xoopsTpl->assign_by_ref('forum_selection_sort', $forum_selection_sort);

$order                 = (!Request::getString('order', '', 'GET')
                          || 'ASC' !== Request::getString('order', '', 'GET')) ? 'DESC' : 'ASC';
$forum_selection_order = '<select name="order">';
$forum_selection_order .= '<option value="ASC"' . (('ASC' === $order) ? ' selected' : '') . '>' . _MD_NEWBB_ASCENDING . '</option>';
$forum_selection_order .= '<option value="DESC"' . (('DESC' === $order) ? ' selected' : '') . '>' . _MD_NEWBB_DESCENDING . '</option>';
$forum_selection_order .= '</select>';

$xoopsTpl->assign_by_ref('forum_selection_order', $forum_selection_order);

$since = Request::getInt('since', $GLOBALS['xoopsModuleConfig']['since_default'], 'GET');
require_once __DIR__ . '/include/functions.time.php';
$forum_selection_since = newbbSinceSelectBox($since);
$xoopsTpl->assign_by_ref('forum_selection_since', $forum_selection_since);

$query_sort = $query_array;
unset($query_sort['sort'], $query_sort['order']);
$page_query_sort = implode('&amp;', array_values($query_sort));
unset($query_sort);
// irmtfan - edit: u.uname => t.topic_poster | t.topic_time => t.topic_id | p.post_time => t.topic_last_post_id
$xoopsTpl->assign('h_topic_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.topic_title&amp;order=" . (('t.topic_title' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
$xoopsTpl->assign('h_reply_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.topic_replies&amp;order=" . (('t.topic_replies' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
$xoopsTpl->assign('h_poster_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.topic_poster&amp;order=" . (('t.topic_poster' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
$xoopsTpl->assign('h_views_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.topic_views&amp;order=" . (('t.topic_views' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
$xoopsTpl->assign(
    'h_rating_link',
    XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.rating&amp;order=" . (('t.rating' === $sort
                                                                                                   && 'DESC' === $order) ? 'ASC' : 'DESC')
); // irmtfan t.topic_ratings to t.rating
$xoopsTpl->assign('h_date_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.topic_last_post_id&amp;order=" . (('t.topic_last_post_id' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
$xoopsTpl->assign(
    'h_publish_link',
    XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&amp;sort=t.topic_id&amp;order=" . (('t.topic_id' === $sort
                                                                                                     && 'DESC' === $order) ? 'ASC' : 'DESC')
);
$xoopsTpl->assign('forum_since', $since); // For $since in search.php

// irmtfan - if no since it should be 0
$since     = Request::getInt('since', 0, 'GET');
$startdate = empty($since) ? 0 : (time() - newbbGetSinceTime($since));
$start     = Request::getInt('start', 0, 'GET');

$criteria_vars = ['startdate', 'start', 'sort', 'order', 'type', 'status', 'excerpt'];
$criteria_topic = null;
foreach ($criteria_vars as $var) {
    $criteria_topic[$var] = @${$var};
}
/** @var array $criteria_topic */
$criteria_topic['excerpt'] = $GLOBALS['xoopsModuleConfig']['post_excerpt'];

[$allTopics, $sticky] = $forumHandler->getAllTopics($forumObject, $criteria_topic);

$xoopsTpl->assign_by_ref('topics', $allTopics);
$xoopsTpl->assign('sticky', $sticky);
$xoopsTpl->assign('rating_enable', $GLOBALS['xoopsModuleConfig']['rating_enabled']);
$xoopsTpl->assign('img_newposts', newbbDisplayImage('topic_new', _MD_NEWBB_NEWPOSTS));
$xoopsTpl->assign('img_hotnewposts', newbbDisplayImage('topic_hot_new', _MD_NEWBB_MORETHAN));
$xoopsTpl->assign('img_folder', newbbDisplayImage('topic', _MD_NEWBB_NONEWPOSTS));
$xoopsTpl->assign('img_hotfolder', newbbDisplayImage('topic_hot', _MD_NEWBB_MORETHAN2));
$xoopsTpl->assign('img_locked', newbbDisplayImage('topic_locked', _MD_NEWBB_TOPICLOCKED));

$xoopsTpl->assign('img_sticky', newbbDisplayImage('topic_sticky', _MD_NEWBB_TOPICSTICKY));
$xoopsTpl->assign('img_digest', newbbDisplayImage('topic_digest', _MD_NEWBB_TOPICDIGEST));
$xoopsTpl->assign('img_poll', newbbDisplayImage('poll', _MD_NEWBB_TOPICHASPOLL));

$xoopsTpl->assign('mark_read', XOOPS_URL . "/modules/newbb/viewforum.php?mark=1&amp;{$page_query}");
$xoopsTpl->assign('mark_unread', XOOPS_URL . "/modules/newbb/viewforum.php?mark=2&amp;{$page_query}");

$xoopsTpl->assign('post_link', XOOPS_URL . '/modules/newbb/viewpost.php?forum=' . $forum_id);
$xoopsTpl->assign('newpost_link', XOOPS_URL . '/modules/newbb/viewpost.php?status=new&amp;forum=' . $forum_id);

$query_type = $query_array;
unset($query_type['type']);
$page_query_type = implode('&amp;', array_values($query_type));
unset($query_type);
///** @var TypeHandler $typeHandler */
//$typeHandler = Helper::getInstance()->getHandler('Type');
$typeOptions = null;
$types       = [];
$types       = $typeHandler->getByForum($forum_id);
if ($types) {
    $typeOptions[] = ['title' => _ALL, 'link' => XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_type}"];
    foreach ($types as $key => $item) {
        $typeOptions[] = [
            'title' => $item['type_name'],
            'link'  => XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_type}&amp;type={$key}",
        ];
    }
}
if ($type > 0) {
    require_once __DIR__ . '/include/functions.topic.php';
    $xoopsTpl->assign('forum_topictype', getTopicTitle('', $types[$type]['type_name'], $types[$type]['type_color']));
}
$xoopsTpl->assign_by_ref('typeOptions', $typeOptions);

$query_status = $query_array;
unset($query_status['status']);
$page_query_status = implode('&amp;', array_values($query_status));
unset($query_status);
$xoopsTpl->assign('newpost_link', XOOPS_URL . '/modules/newbb/viewpost.php?status=new&amp;forum=' . $forumObject->getVar('forum_id'));
$xoopsTpl->assign('all_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}");
$xoopsTpl->assign('digest_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}&amp;status=digest");
$xoopsTpl->assign('unreplied_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}&amp;status=unreplied");
$xoopsTpl->assign('unread_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}&amp;status=unread");
switch ($status) {
    case 'digest':
        $current_status = _MD_NEWBB_DIGEST;
        break;
    case 'unreplied':
        $current_status = _MD_NEWBB_UNREPLIED;
        break;
    case 'unread':
        $current_status = _MD_NEWBB_UNREAD;
        break;
    case 'active':
        $current_status = _MD_NEWBB_TYPE_ADMIN;
        break;
    case 'pending':
        $current_status = _MD_NEWBB_TYPE_PENDING;
        break;
    case 'deleted':
        $current_status = _MD_NEWBB_TYPE_DELETED;
        break;
    default:
        $current_status = '';
        break;
}
$xoopsTpl->assign('forum_topicstatus', $current_status);

$all_topics = $forumHandler->getTopicCount($forumObject, $startdate, $status);
if ($all_topics > $GLOBALS['xoopsModuleConfig']['topics_per_page']) {
    require_once $GLOBALS['xoops']->path('class/pagenav.php');
    $query_nav = $query_array;
    unset($query_nav['start']);
    $page_query_nav = implode('&amp;', array_values($query_nav));
    unset($query_nav);
    $nav = new \XoopsPageNav($all_topics, $GLOBALS['xoopsModuleConfig']['topics_per_page'], $start, 'start', $page_query_nav);
    if ('select' === $GLOBALS['xoopsModuleConfig']['pagenav_display']) {
        $navi = $nav->renderSelect();
    } elseif ('image' === $GLOBALS['xoopsModuleConfig']['pagenav_display']) {
        $navi = $nav->renderImageNav(4);
    } else {
        $navi = $nav->renderNav(4);
    }

    $xoopsTpl->assign('forum_pagenav', $navi);
} else {
    $xoopsTpl->assign('forum_pagenav', '');
}

if (!empty($GLOBALS['xoopsModuleConfig']['show_jump'])) {
    require_once __DIR__ . '/include/functions.forum.php';
    $xoopsTpl->assign('forum_jumpbox', newbbMakeJumpbox($forum_id));
}

if ($GLOBALS['xoopsModuleConfig']['show_permissiontable']) {
    //    /** var PermissionHandler $permHandler */
    //    $permHandler      = Helper::getInstance()->getHandler('Permission');
    $permission_table = $permHandler->getPermissionTable($forum_id, false, $isAdmin);
    $xoopsTpl->assign_by_ref('permission_table', $permission_table);
    unset($permission_table);
}

if (1 == $GLOBALS['xoopsModuleConfig']['rss_enable']) {
    $xoopsTpl->assign('rss_button', "<div style='text-align:right;'><a href='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/rss.php?f=' . $forum_id . "' title='RSS feed' target='_blank'>" . newbbDisplayImage('rss', 'RSS feed') . '</a></div>');
}
// irmtfan move to footer.php
require_once __DIR__ . '/footer.php';
require_once $GLOBALS['xoops']->path('footer.php');
//added missing php closing tag
?>
<script>
    //Added by BigKev73 to force the reloading of this page when the browser back button is used. Otherwise the unread envelope status wont update
    if (!!window.performance && window.performance.navigation.type === 2) {
        //console.log('Reloading');
        window.location.reload();
    }
</script>


1			<?php declare(strict_types=1);
2
3			/**
4			* NewBB, the forum module for XOOPS project
5			*
6			* @copyright XOOPS Project (https://xoops.org)
7			* @license GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
8			* @author Taiwen Jiang (phppp or D.J.) <[email protected]>
9			* @since 4.00
10			*/
11
12			use Xmf\Request;
13			use XoopsModules\Newbb\{
14			Forum,
15			ForumHandler,
16			OnlineHandler,
17			TypeHandler,
18			PermissionHandler
19			};
20			/** @var OnlineHandler $onlineHandler */
21			/** @var ForumHandler $forumHandler */
22			require_once __DIR__ . '/header.php';
23
24			if (!Request::getInt('forum', 0, 'GET')) {
25			redirect_header(XOOPS_URL . '/index.php', 2, _MD_NEWBB_ERRORFORUM);
26			}
27			require_once __DIR__ . '/include/functions.read.php';
28
29			global $xoopsModule;
30
31			/*
32			* Build the page query
33			*/
34			$query_vars = ['forum', 'type', 'status', 'sort', 'order', 'start', 'since'];
35			$query_array = [];
36			foreach ($query_vars as $var) {
37			if (Request::getString($var, '', 'GET')) {
38			$query_array[$var] = "{$var}=" . Request::getString($var, '', 'GET');
39			}
40			}
41			$page_query = implode('&', array_values($query_array));
42
43			if (Request::getInt('mark', 0, 'GET')) {
44			if (1 === Request::getInt('mark', 0, 'GET')) { // marked as read
45			$markvalue = 1;
46			$markresult = _MD_NEWBB_MARK_READ;
47			} else { // marked as unread
48			$markvalue = 0;
49			$markresult = _MD_NEWBB_MARK_UNREAD;
50			}
51			newbbSetReadTopic($markvalue, Request::getInt('forum', 0, 'GET'));
52			$url = XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/viewforum.php?' . $page_query;
53			redirect_header($url, 2, _MD_NEWBB_ALL_TOPIC_MARKED . ' ' . $markresult);
54			}
55
56			$forum_id = Request::getInt('forum', 0, 'GET');
57			$type = Request::getInt('type', 0, 'GET');
58			$status = (Request::getString('status', '', 'GET')
59			&& in_array(
60			Request::getString('status', '', 'GET'),
61			[
62			'active',
63			'pending',
64			'deleted',
65			'digest',
66			'unreplied',
67			'unread',
68			],
69			true
70			)) ? Request::getString('status', '', 'GET') : '';
71
72			$mode = (Request::getString('status', '', 'GET')
73			&& in_array(
74			Request::getString('status', '', 'GET'),
75			[
76			'active',
77			'pending',
78			'deleted',
79			],
80			true
81			)) ? 2 : Request::getInt('mode', 0, 'GET');
82
83			//$forumHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Forum');
84			/** @var Forum $forumObject */
85			$forumObject = $forumHandler->get($forum_id);
86
87			if (!$forumObject) {
			0 ignored issues – show introduced 2022-11-15 15:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$forumObject` is of type `Forum`, thus it always evaluated to `true`. Loading history...
88			redirect_header(XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/index.php', 2, _MD_NEWBB_ERRORFORUM);
89			}
90
91			if (!$forumHandler->getPermission($forumObject)) {
92			redirect_header(XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/index.php', 2, _NOPERM);
93			}
94			newbbSetRead('forum', $forum_id, $forumObject->getVar('forum_last_post_id'));
95
96			$xoopsPageTitle = $forumObject->getVar('forum_name') . ' [' . $xoopsModule->getVar('name') . ']';
97
98			$xoopsOption['template_main'] = 'newbb_viewforum.tpl';
99			$xoopsOption['xoops_pagetitle'] = $xoopsPageTitle;
100
101			require_once $GLOBALS['xoops']->path('header.php');
102			require_once __DIR__ . '/include/functions.render.php';
103
104			if (!empty($GLOBALS['xoopsModuleConfig']['rss_enable'])) {
105			$xoopsTpl->assign(
106			'xoops_module_header',
107			'
108			<link rel="alternate" type="application/xml+rss" title="' . $xoopsModule->getVar('name') . '-' . $forumObject->getVar('forum_name') . '" href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/rss.php?f=' . $forum_id . '" >
109			' . @$xoopsTpl->get_template_vars('xoops_module_header')
110			);
111			}
112			$forumDescription = $forumObject->getVar('forum_desc');
113			$xoopsTpl->assign('forumDescription', $forumDescription);
114
115			//$xoopsTpl->assign('xoops_module_header', $xoops_module_header);
116			$xoopsTpl->assign('forum_id', $forum_id);
117			$xoopsTpl->assign('version', $xoopsModule->getVar('version'));
118
119			$isAdmin = newbbIsAdmin($forumObject);
120			$xoopsTpl->assign('viewer_level', $isAdmin ? 2 : 0);
121			/* Only admin has access to admin mode */
122			if (!$isAdmin) {
123			$status = (!empty($status) && in_array($status, ['active', 'pending', 'deleted'], true)) ? '' : $status;
124			// irmtfan add mode
125			$mode = 0;
126			}
127			// irmtfan add mode
128			$xoopsTpl->assign('mode', $mode);
129			$xoopsTpl->assign('status', $status);
130			if ($isAdmin) {
131			$xoopsTpl->assign('forum_index_cpanel', ['link' => 'admin/index.php', 'name' => _MD_NEWBB_ADMINCP]);
132			}
133
134			if ($GLOBALS['xoopsModuleConfig']['wol_enabled']) {
135			// $onlineHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Online');
136			$onlineHandler->init($forumObject);
137			$xoopsTpl->assign('online', $onlineHandler->showOnline());
138			}
139
140			if ($forumHandler->getPermission($forumObject, 'post')) {
141			$xoopsTpl->assign('viewer_level', $isAdmin ? 2 : 1);
142			$xoopsTpl->assign('forum_post_or_register', '<a href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/newtopic.php?forum={$forum_id}\">" . newbbDisplayImage('t_new', _MD_NEWBB_POSTNEW) . '</a>');
143			if ($pollmodules && $forumHandler->getPermission($forumObject, 'addpoll')) {
144			$t_poll = newbbDisplayImage('t_poll', _MD_NEWBB_ADDPOLL);
145			$xoopsTpl->assign('forum_addpoll', '<a href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/polls.php?op=add&forum={$forum_id}\">{$t_poll}</a>");
146			}
147			} else {
148			$xoopsTpl->assign('viewer_level', 0);
149			if (!is_object($GLOBALS['xoopsUser']) && !empty($GLOBALS['xoopsModuleConfig']['show_reg'])) {
150			$redirect = preg_replace('\|(.)\/modules\/Newbb\/(.)\|', '\\1/modules/newbb/newtopic.php?forum=' . $forum_id, htmlspecialchars((string)$xoopsRequestUri, ENT_QUOTES \| ENT_HTML5));
151			$xoopsTpl->assign('forum_post_or_register', "<a href='" . XOOPS_URL . "/user.php?xoops_redirect={$redirect}'>" . _MD_NEWBB_REGTOPOST . '</a>');
152			} else {
153			$xoopsTpl->assign('forum_post_or_register', '');
154			}
155			$xoopsTpl->assign('forum_addpoll', '');
156			}
157			$parentforum = $forumHandler->getParents($forumObject);
158			$xoopsTpl->assign_by_ref('parentforum', $parentforum);
159
160			$criteria = new \CriteriaCompo(new \Criteria('parent_forum', $forum_id));
161			$criteria->add(new \Criteria('forum_id', '(' . implode(', ', $forumHandler->getIdsByPermission('access')) . ')', 'IN'));
162			$criteria->setSort('forum_order');
163
164			$forums = $forumHandler->getAll($criteria, null, false);
165			if ($forums) {
166			$subforum_array = $forumHandler->display($forums, $GLOBALS['xoopsModuleConfig']['length_title_index'], $GLOBALS['xoopsModuleConfig']['count_subforum']);
167			$subforum = array_values($subforum_array[$forum_id]);
168			unset($subforum_array);
169			$xoopsTpl->assign_by_ref('subforum', $subforum);
170			}
171
172			//$categoryHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Category');
173			$categoryObject = $categoryHandler->get($forumObject->getVar('cat_id'), ['cat_title']);
174			$xoopsTpl->assign('category', ['id' => $forumObject->getVar('cat_id'), 'title' => $categoryObject->getVar('cat_title')]);
175
176			$xoopsTpl->assign('forum_index_title', sprintf(_MD_NEWBB_FORUMINDEX, htmlspecialchars((string)$GLOBALS['xoopsConfig']['sitename'], ENT_QUOTES)));
177			$xoopsTpl->assign('forum_name', $forumObject->getVar('forum_name'));
178			$xoopsTpl->assign('forum_moderators', $forumObject->dispForumModerators());
179
180			// irmtfan - add and edit: u.uname => t.topic_poster \| t.topic_time => t.topic_id \| "t.rating"=>_MD_NEWBB_RATINGS, \| p.post_time => t.topic_last_post_id
181			$sel_sort_array = [
182			't.topic_title' => _MD_NEWBB_TOPICTITLE,
183			't.topic_poster' => _MD_NEWBB_TOPICPOSTER,
184			't.topic_id' => _MD_NEWBB_TOPICTIME,
185			't.topic_replies' => _MD_NEWBB_NUMBERREPLIES,
186			't.topic_views' => _MD_NEWBB_VIEWS,
187			't.rating' => _MD_NEWBB_RATINGS,
188			't.topic_last_post_id' => _MD_NEWBB_LASTPOSTTIME,
189			];
190			if (!Request::getString('sort', '', 'GET') \|\| !array_key_exists(Request::getString('sort', '', 'GET'), $sel_sort_array)) {
191			$sort = 't.topic_last_post_id';
192			} else {
193			$sort = Request::getString('sort', '', 'GET');
194			}
195
196			$forum_selection_sort = '<select name="sort">';
197			foreach ($sel_sort_array as $sort_k => $sort_v) {
198			$forum_selection_sort .= '<option value="' . $sort_k . '"' . (($sort == $sort_k) ? ' selected="selected"' : '') . '>' . $sort_v . '</option>';
199			}
200			$forum_selection_sort .= '</select>';
201
202			$xoopsTpl->assign_by_ref('forum_selection_sort', $forum_selection_sort);
203
204			$order = (!Request::getString('order', '', 'GET')
205			\|\| 'ASC' !== Request::getString('order', '', 'GET')) ? 'DESC' : 'ASC';
206			$forum_selection_order = '<select name="order">';
207			$forum_selection_order .= '<option value="ASC"' . (('ASC' === $order) ? ' selected' : '') . '>' . _MD_NEWBB_ASCENDING . '</option>';
208			$forum_selection_order .= '<option value="DESC"' . (('DESC' === $order) ? ' selected' : '') . '>' . _MD_NEWBB_DESCENDING . '</option>';
209			$forum_selection_order .= '</select>';
210
211			$xoopsTpl->assign_by_ref('forum_selection_order', $forum_selection_order);
212
213			$since = Request::getInt('since', $GLOBALS['xoopsModuleConfig']['since_default'], 'GET');
214			require_once __DIR__ . '/include/functions.time.php';
215			$forum_selection_since = newbbSinceSelectBox($since);
216			$xoopsTpl->assign_by_ref('forum_selection_since', $forum_selection_since);
217
218			$query_sort = $query_array;
219			unset($query_sort['sort'], $query_sort['order']);
220			$page_query_sort = implode('&', array_values($query_sort));
221			unset($query_sort);
222			// irmtfan - edit: u.uname => t.topic_poster \| t.topic_time => t.topic_id \| p.post_time => t.topic_last_post_id
223			$xoopsTpl->assign('h_topic_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.topic_title&order=" . (('t.topic_title' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
224			$xoopsTpl->assign('h_reply_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.topic_replies&order=" . (('t.topic_replies' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
225			$xoopsTpl->assign('h_poster_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.topic_poster&order=" . (('t.topic_poster' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
226			$xoopsTpl->assign('h_views_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.topic_views&order=" . (('t.topic_views' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
227			$xoopsTpl->assign(
228			'h_rating_link',
229			XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.rating&order=" . (('t.rating' === $sort
230			&& 'DESC' === $order) ? 'ASC' : 'DESC')
231			); // irmtfan t.topic_ratings to t.rating
232			$xoopsTpl->assign('h_date_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.topic_last_post_id&order=" . (('t.topic_last_post_id' === $sort && 'DESC' === $order) ? 'ASC' : 'DESC'));
233			$xoopsTpl->assign(
234			'h_publish_link',
235			XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_sort}&sort=t.topic_id&order=" . (('t.topic_id' === $sort
236			&& 'DESC' === $order) ? 'ASC' : 'DESC')
237			);
238			$xoopsTpl->assign('forum_since', $since); // For $since in search.php
239
240			// irmtfan - if no since it should be 0
241			$since = Request::getInt('since', 0, 'GET');
242			$startdate = empty($since) ? 0 : (time() - newbbGetSinceTime($since));
243			$start = Request::getInt('start', 0, 'GET');
244
245			$criteria_vars = ['startdate', 'start', 'sort', 'order', 'type', 'status', 'excerpt'];
246			$criteria_topic = null;
247			foreach ($criteria_vars as $var) {
248			$criteria_topic[$var] = @${$var};
249			}
250			/** @var array $criteria_topic */
251			$criteria_topic['excerpt'] = $GLOBALS['xoopsModuleConfig']['post_excerpt'];
252
253			[$allTopics, $sticky] = $forumHandler->getAllTopics($forumObject, $criteria_topic);
254
255			$xoopsTpl->assign_by_ref('topics', $allTopics);
256			$xoopsTpl->assign('sticky', $sticky);
257			$xoopsTpl->assign('rating_enable', $GLOBALS['xoopsModuleConfig']['rating_enabled']);
258			$xoopsTpl->assign('img_newposts', newbbDisplayImage('topic_new', _MD_NEWBB_NEWPOSTS));
259			$xoopsTpl->assign('img_hotnewposts', newbbDisplayImage('topic_hot_new', _MD_NEWBB_MORETHAN));
260			$xoopsTpl->assign('img_folder', newbbDisplayImage('topic', _MD_NEWBB_NONEWPOSTS));
261			$xoopsTpl->assign('img_hotfolder', newbbDisplayImage('topic_hot', _MD_NEWBB_MORETHAN2));
262			$xoopsTpl->assign('img_locked', newbbDisplayImage('topic_locked', _MD_NEWBB_TOPICLOCKED));
263
264			$xoopsTpl->assign('img_sticky', newbbDisplayImage('topic_sticky', _MD_NEWBB_TOPICSTICKY));
265			$xoopsTpl->assign('img_digest', newbbDisplayImage('topic_digest', _MD_NEWBB_TOPICDIGEST));
266			$xoopsTpl->assign('img_poll', newbbDisplayImage('poll', _MD_NEWBB_TOPICHASPOLL));
267
268			$xoopsTpl->assign('mark_read', XOOPS_URL . "/modules/newbb/viewforum.php?mark=1&{$page_query}");
269			$xoopsTpl->assign('mark_unread', XOOPS_URL . "/modules/newbb/viewforum.php?mark=2&{$page_query}");
270
271			$xoopsTpl->assign('post_link', XOOPS_URL . '/modules/newbb/viewpost.php?forum=' . $forum_id);
272			$xoopsTpl->assign('newpost_link', XOOPS_URL . '/modules/newbb/viewpost.php?status=new&forum=' . $forum_id);
273
274			$query_type = $query_array;
275			unset($query_type['type']);
276			$page_query_type = implode('&', array_values($query_type));
277			unset($query_type);
278			///** @var TypeHandler $typeHandler */
279			//$typeHandler = Helper::getInstance()->getHandler('Type');
280			$typeOptions = null;
281			$types = [];
282			$types = $typeHandler->getByForum($forum_id);
283			if ($types) {
284			$typeOptions[] = ['title' => _ALL, 'link' => XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_type}"];
285			foreach ($types as $key => $item) {
286			$typeOptions[] = [
287			'title' => $item['type_name'],
288			'link' => XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_type}&type={$key}",
289			];
290			}
291			}
292			if ($type > 0) {
293			require_once __DIR__ . '/include/functions.topic.php';
294			$xoopsTpl->assign('forum_topictype', getTopicTitle('', $types[$type]['type_name'], $types[$type]['type_color']));
295			}
296			$xoopsTpl->assign_by_ref('typeOptions', $typeOptions);
297
298			$query_status = $query_array;
299			unset($query_status['status']);
300			$page_query_status = implode('&', array_values($query_status));
301			unset($query_status);
302			$xoopsTpl->assign('newpost_link', XOOPS_URL . '/modules/newbb/viewpost.php?status=new&forum=' . $forumObject->getVar('forum_id'));
303			$xoopsTpl->assign('all_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}");
304			$xoopsTpl->assign('digest_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}&status=digest");
305			$xoopsTpl->assign('unreplied_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}&status=unreplied");
306			$xoopsTpl->assign('unread_link', XOOPS_URL . "/modules/newbb/viewforum.php?{$page_query_status}&status=unread");
307			switch ($status) {
308			case 'digest':
309			$current_status = _MD_NEWBB_DIGEST;
310			break;
311			case 'unreplied':
312			$current_status = _MD_NEWBB_UNREPLIED;
313			break;
314			case 'unread':
315			$current_status = _MD_NEWBB_UNREAD;
316			break;
317			case 'active':
318			$current_status = _MD_NEWBB_TYPE_ADMIN;
319			break;
320			case 'pending':
321			$current_status = _MD_NEWBB_TYPE_PENDING;
322			break;
323			case 'deleted':
324			$current_status = _MD_NEWBB_TYPE_DELETED;
325			break;
326			default:
327			$current_status = '';
328			break;
329			}
330			$xoopsTpl->assign('forum_topicstatus', $current_status);
331
332			$all_topics = $forumHandler->getTopicCount($forumObject, $startdate, $status);
333			if ($all_topics > $GLOBALS['xoopsModuleConfig']['topics_per_page']) {
334			require_once $GLOBALS['xoops']->path('class/pagenav.php');
335			$query_nav = $query_array;
336			unset($query_nav['start']);
337			$page_query_nav = implode('&', array_values($query_nav));
338			unset($query_nav);
339			$nav = new \XoopsPageNav($all_topics, $GLOBALS['xoopsModuleConfig']['topics_per_page'], $start, 'start', $page_query_nav);
340			if ('select' === $GLOBALS['xoopsModuleConfig']['pagenav_display']) {
341			$navi = $nav->renderSelect();
342			} elseif ('image' === $GLOBALS['xoopsModuleConfig']['pagenav_display']) {
343			$navi = $nav->renderImageNav(4);
344			} else {
345			$navi = $nav->renderNav(4);
346			}
347
348			$xoopsTpl->assign('forum_pagenav', $navi);
349			} else {
350			$xoopsTpl->assign('forum_pagenav', '');
351			}
352
353			if (!empty($GLOBALS['xoopsModuleConfig']['show_jump'])) {
354			require_once __DIR__ . '/include/functions.forum.php';
355			$xoopsTpl->assign('forum_jumpbox', newbbMakeJumpbox($forum_id));
356			}
357
358			if ($GLOBALS['xoopsModuleConfig']['show_permissiontable']) {
359			// /** var PermissionHandler $permHandler */
360			// $permHandler = Helper::getInstance()->getHandler('Permission');
361			$permission_table = $permHandler->getPermissionTable($forum_id, false, $isAdmin);
362			$xoopsTpl->assign_by_ref('permission_table', $permission_table);
363			unset($permission_table);
364			}
365
366			if (1 == $GLOBALS['xoopsModuleConfig']['rss_enable']) {
367			$xoopsTpl->assign('rss_button', "<div style='text-align:right;'><a href='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/rss.php?f=' . $forum_id . "' title='RSS feed' target='_blank'>" . newbbDisplayImage('rss', 'RSS feed') . '</a></div>');
368			}
369			// irmtfan move to footer.php
370			require_once __DIR__ . '/footer.php';
371			require_once $GLOBALS['xoops']->path('footer.php');
372			//added missing php closing tag
373			?>
374			<script>
375			//Added by BigKev73 to force the reloading of this page when the browser back button is used. Otherwise the unread envelope status wont update
376			if (!!window.performance && window.performance.navigation.type === 2) {
377			//console.log('Reloading');
378			window.location.reload();
379			}
380			</script>
381

mambax7 / newbb

Issues (340)

Security Analysis not enabled

viewforum.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like