This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | // |
||||
3 | // ------------------------------------------------------------------------ // |
||||
4 | // XOOPS - PHP Content Management System // |
||||
5 | // Copyright (c) 2000-2020 XOOPS.org // |
||||
6 | // <https://xoops.org> // |
||||
7 | // ------------------------------------------------------------------------ // |
||||
8 | // This program is free software; you can redistribute it and/or modify // |
||||
9 | // it under the terms of the GNU General Public License as published by // |
||||
10 | // the Free Software Foundation; either version 2 of the License, or // |
||||
11 | // (at your option) any later version. // |
||||
12 | // // |
||||
13 | // You may not change or alter any portion of this comment or credits // |
||||
14 | // of supporting developers from this source code or any supporting // |
||||
15 | // source code which is considered copyrighted (c) material of the // |
||||
16 | // original comment or credit authors. // |
||||
17 | // // |
||||
18 | // This program is distributed in the hope that it will be useful, // |
||||
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of // |
||||
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // |
||||
21 | // GNU General Public License for more details. // |
||||
22 | // // |
||||
23 | // You should have received a copy of the GNU General Public License // |
||||
24 | // along with this program; if not, write to the Free Software // |
||||
25 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // |
||||
26 | // ------------------------------------------------------------------------ // |
||||
27 | // Author: Kazumi Ono (AKA onokazu) // |
||||
28 | // URL: http://www.myweb.ne.jp/, https://xoops.org/, http://jp.xoops.org/ // |
||||
29 | // Project: XOOPS Project // |
||||
30 | // ------------------------------------------------------------------------- // |
||||
31 | |||||
32 | use Xmf\Request; |
||||
33 | use XoopsModules\Newbb; |
||||
34 | |||||
35 | require_once __DIR__ . '/admin_header.php'; |
||||
36 | require_once dirname(__DIR__) . '/include/functions.render.php'; |
||||
37 | |||||
38 | xoops_cp_header(); |
||||
39 | |||||
40 | $op = Request::getCmd('op', Request::getCmd('op', '', 'POST'), 'GET'); //!empty($_GET['op'])? $_GET['op'] : (!empty($_POST['op'])?$_POST['op']:""); |
||||
41 | $cat_id = Request::getInt('cat_id', Request::getInt('cat_id', 0, 'POST'), 'GET'); // (int)( !empty($_GET['cat_id']) ? $_GET['cat_id'] : @$_POST['cat_id'] ); |
||||
42 | |||||
43 | /** @var Newbb\CategoryHandler $categoryHandler */ |
||||
44 | //$categoryHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Category'); |
||||
45 | |||||
46 | /** |
||||
47 | * newCategory() |
||||
48 | */ |
||||
49 | function newCategory() |
||||
50 | { |
||||
51 | editCategory(); |
||||
52 | } |
||||
53 | |||||
54 | /** |
||||
55 | * editCategory() |
||||
56 | * |
||||
57 | * @param null|\XoopsObject $categoryObject |
||||
58 | * @internal param int $catid |
||||
59 | */ |
||||
60 | function editCategory(\XoopsObject $categoryObject = null) |
||||
61 | { |
||||
62 | global $xoopsModule; |
||||
63 | $categoryHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler('Category'); |
||||
64 | if (null === $categoryObject) { |
||||
65 | $categoryObject = $categoryHandler->create(); |
||||
66 | } |
||||
67 | $groups_cat_access = null; |
||||
0 ignored issues
–
show
Unused Code
introduced
by
![]() |
|||||
68 | require_once $GLOBALS['xoops']->path('class/xoopsformloader.php'); |
||||
69 | |||||
70 | if (!$categoryObject->isNew()) { |
||||
71 | $sform = new \XoopsThemeForm(_AM_NEWBB_EDITCATEGORY . ' ' . $categoryObject->getVar('cat_title'), 'op', xoops_getenv('SCRIPT_NAME')); |
||||
72 | } else { |
||||
73 | $sform = new \XoopsThemeForm(_AM_NEWBB_CREATENEWCATEGORY, 'op', xoops_getenv('SCRIPT_NAME')); |
||||
74 | $categoryObject->setVar('cat_title', ''); |
||||
75 | $categoryObject->setVar('cat_image', ''); |
||||
76 | $categoryObject->setVar('cat_description', ''); |
||||
77 | $categoryObject->setVar('cat_order', 0); |
||||
78 | $categoryObject->setVar('cat_url', 'https://xoops.org/modules/newbb/ newBB Support'); |
||||
79 | } |
||||
80 | |||||
81 | $sform->addElement(new \XoopsFormText(_AM_NEWBB_SETCATEGORYORDER, 'cat_order', 5, 10, $categoryObject->getVar('cat_order')), false); |
||||
0 ignored issues
–
show
It seems like
$categoryObject->getVar('cat_order') can also be of type array and array ; however, parameter $value of XoopsFormText::__construct() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
82 | $sform->addElement(new \XoopsFormText(_AM_NEWBB_CATEGORY, 'title', 50, 80, $categoryObject->getVar('cat_title', 'E')), true); |
||||
83 | $sform->addElement(new \XoopsFormDhtmlTextArea(_AM_NEWBB_CATEGORYDESC, 'cat_description', $categoryObject->getVar('cat_description', 'E'), 10, 60), false); |
||||
0 ignored issues
–
show
It seems like
$categoryObject->getVar('cat_description', 'E') can also be of type array and array ; however, parameter $value of XoopsFormDhtmlTextArea::__construct() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
84 | |||||
85 | $imgdir = '/modules/' . $xoopsModule->getVar('dirname') . '/assets/images/category'; |
||||
86 | $cat_image = $categoryObject->getVar('cat_image'); |
||||
87 | $cat_image = empty($cat_image) ? 'assets/images/category/blank.gif' : $cat_image; |
||||
88 | $graph_array = \XoopsLists::getImgListAsArray(XOOPS_ROOT_PATH . $imgdir . '/'); |
||||
89 | array_unshift($graph_array, _NONE); |
||||
90 | $cat_image_select = new \XoopsFormSelect('', 'cat_image', $categoryObject->getVar('cat_image')); |
||||
91 | $cat_image_select->addOptionArray($graph_array); |
||||
92 | $cat_image_select->setExtra("onchange=\"showImgSelected('img', 'cat_image', '/" . $imgdir . "/', '', '" . XOOPS_URL . "')\""); |
||||
93 | $cat_image_tray = new \XoopsFormElementTray(_AM_NEWBB_IMAGE, ' '); |
||||
94 | $cat_image_tray->addElement($cat_image_select); |
||||
95 | $cat_image_tray->addElement(new \XoopsFormLabel('', "<br><img src='" . XOOPS_URL . $imgdir . '/' . $cat_image . " 'name='img' id='img' alt='' >")); |
||||
96 | $sform->addElement($cat_image_tray); |
||||
97 | |||||
98 | $sform->addElement(new \XoopsFormText(_AM_NEWBB_SPONSORLINK, 'cat_url', 50, 80, $categoryObject->getVar('cat_url', 'E')), false); |
||||
99 | $sform->addElement(new \XoopsFormHidden('cat_id', $categoryObject->getVar('cat_id'))); |
||||
0 ignored issues
–
show
It seems like
$categoryObject->getVar('cat_id') can also be of type array and array ; however, parameter $value of XoopsFormHidden::__construct() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
100 | |||||
101 | $buttonTray = new \XoopsFormElementTray('', ''); |
||||
102 | $buttonTray->addElement(new \XoopsFormHidden('op', 'save')); |
||||
103 | |||||
104 | $butt_save = new \XoopsFormButton('', '', _SUBMIT, 'submit'); |
||||
105 | $butt_save->setExtra('onclick="this.form.elements.op.value=\'save\'"'); |
||||
106 | $buttonTray->addElement($butt_save); |
||||
107 | if ($categoryObject->getVar('cat_id')) { |
||||
108 | $butt_delete = new \XoopsFormButton('', '', _CANCEL, 'submit'); |
||||
109 | $butt_delete->setExtra('onclick="this.form.elements.op.value=\'default\'"'); |
||||
110 | $buttonTray->addElement($butt_delete); |
||||
111 | } |
||||
112 | $sform->addElement($buttonTray); |
||||
113 | $sform->display(); |
||||
114 | } |
||||
115 | |||||
116 | switch ($op) { |
||||
117 | case 'mod': |
||||
118 | $categoryObject = ($cat_id > 0) ? $categoryHandler->get($cat_id) : $categoryHandler->create(); |
||||
119 | // if (!$newXoopsModuleGui) { |
||||
120 | // //loadModuleAdminMenu(1, ( $cat_id > 0) ? _AM_NEWBB_EDITCATEGORY . $categoryObject->getVar('cat_title') : _AM_NEWBB_CREATENEWCATEGORY); |
||||
121 | // echo "<legend style='font-weight: bold; color: #900;'>" . _AM_NEWBB_EDITCATEGORY . '</legend>'; |
||||
122 | // } else { |
||||
123 | $adminObject->displayNavigation(basename(__FILE__)); |
||||
124 | // } |
||||
125 | echo '<br>'; |
||||
126 | editCategory($categoryObject); |
||||
127 | break; |
||||
128 | case 'del': |
||||
129 | if (!Request::getBool('confirm', '', 'POST')) { |
||||
0 ignored issues
–
show
'' of type string is incompatible with the type boolean expected by parameter $default of Xmf\Request::getBool() .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
130 | xoops_confirm(['op' => 'del', 'cat_id' => Request::getInt('cat_id', 0, 'GET'), 'confirm' => 1], 'admin_cat_manager.php', _AM_NEWBB_WAYSYWTDTTAL); |
||||
131 | break; |
||||
132 | } |
||||
133 | $categoryObject = $categoryHandler->create(false); |
||||
134 | $categoryObject->setVar('cat_id', Request::getInt('cat_id', 0, 'POST')); |
||||
135 | $categoryHandler->delete($categoryObject); |
||||
136 | |||||
137 | redirect_header('admin_cat_manager.php', 2, _AM_NEWBB_CATEGORYDELETED); |
||||
138 | |||||
139 | break; |
||||
140 | case 'save': |
||||
141 | $cacheHelper = new \Xmf\Module\Helper\Cache('newbb'); |
||||
142 | $cacheHelper->delete('permission_category'); |
||||
143 | if ($cat_id) { |
||||
144 | $categoryObject = $categoryHandler->get($cat_id); |
||||
145 | $message = _AM_NEWBB_CATEGORYUPDATED; |
||||
146 | } else { |
||||
147 | $categoryObject = $categoryHandler->create(); |
||||
148 | $message = _AM_NEWBB_CATEGORYCREATED; |
||||
149 | } |
||||
150 | |||||
151 | $categoryObject->setVar('cat_title', Request::getString('title', '', 'POST')); |
||||
152 | $categoryObject->setVar('cat_image', Request::getString('cat_image', '', 'POST')); |
||||
153 | $categoryObject->setVar('cat_order', Request::getInt('cat_order', 0, 'POST')); |
||||
154 | $categoryObject->setVar('cat_description', Request::getText('cat_description', '', 'POST')); |
||||
155 | $categoryObject->setVar('cat_url', Request::getString('cat_url', '', 'POST')); |
||||
156 | |||||
157 | $cat_isNew = $categoryObject->isNew(); |
||||
158 | if (!$categoryHandler->insert($categoryObject)) { |
||||
159 | $message = _AM_NEWBB_DATABASEERROR; |
||||
160 | } |
||||
161 | if (($cat_id = $categoryObject->getVar('cat_id')) && $cat_isNew) { |
||||
162 | $categoryHandler->applyPermissionTemplate($categoryObject); |
||||
163 | } |
||||
164 | redirect_header('admin_cat_manager.php', 2, $message); |
||||
165 | break; |
||||
166 | default: |
||||
167 | if (!$categories = $categoryHandler->getByPermission('all')) { |
||||
168 | $adminObject->addItemButton(_AM_NEWBB_CREATENEWCATEGORY, 'admin_cat_manager.php?op=mod', $icon = 'add'); |
||||
169 | $adminObject->displayButton('left'); |
||||
170 | |||||
171 | echo '<br>'; |
||||
172 | newCategory(); |
||||
173 | break; |
||||
174 | } |
||||
175 | $adminObject->displayNavigation(basename(__FILE__)); |
||||
176 | $adminObject->addItemButton(_AM_NEWBB_CREATENEWCATEGORY, 'admin_cat_manager.php?op=mod', $icon = 'add'); |
||||
177 | $adminObject->displayButton('left'); |
||||
178 | |||||
179 | echo "<table width='100%' border='0' cellspacing='1' class='outer'>" . "<tr><td class='odd'>"; |
||||
180 | echo "<table border='0' cellpadding='4' cellspacing='1' width='100%' class='outer'>"; |
||||
181 | echo "<tr align='center'>"; |
||||
182 | echo "<th align='left' class='bg3'>" . _AM_NEWBB_CATEGORY1 . '</th>'; |
||||
183 | echo "<th class='bg3' width='10%'>" . _AM_NEWBB_EDIT . '</th>'; |
||||
184 | echo "<th class='bg3' width='10%'>" . _AM_NEWBB_DELETE . '</th>'; |
||||
185 | echo '</tr>'; |
||||
186 | |||||
187 | /** @var XoopsModules\Newbb\Category $onecat */ |
||||
188 | foreach ($categories as $key => $onecat) { |
||||
189 | $cat_edit_link = '<a href="admin_cat_manager.php?op=mod&cat_id=' . $onecat->getVar('cat_id') . '">' . newbbDisplayImage('admin_edit', _EDIT) . '</a>'; |
||||
190 | $cat_del_link = '<a href="admin_cat_manager.php?op=del&cat_id=' . $onecat->getVar('cat_id') . '">' . newbbDisplayImage('admin_delete', _DELETE) . '</a>'; |
||||
191 | $cat_title_link = '<a href="' . XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . '/index.php?cat=' . $onecat->getVar('cat_id') . '">' . $onecat->getVar('cat_title') . '</a>'; |
||||
192 | |||||
193 | echo "<tr class='odd' align='left'>"; |
||||
194 | echo '<td>' . $cat_title_link . '</td>'; |
||||
195 | echo "<td align='center'>" . $cat_edit_link . '</td>'; |
||||
196 | echo "<td align='center'>" . $cat_del_link . '</td>'; |
||||
197 | echo '</tr>'; |
||||
198 | } |
||||
199 | echo '</table>'; |
||||
200 | echo '</td></tr></table>'; |
||||
201 | echo '<fieldset>'; |
||||
202 | echo '<legend> ' . _MI_NEWBB_ADMENU_CATEGORY . ' </legend>'; |
||||
203 | echo _AM_NEWBB_HELP_CATEGORY_TAB; |
||||
204 | echo '<br>' . newbbDisplayImage('admin_edit', _EDIT) . ' - ' . _EDIT; |
||||
205 | echo '<br>' . newbbDisplayImage('admin_delete', _DELETE) . ' - ' . _DELETE; |
||||
206 | echo '</fieldset>'; |
||||
207 | break; |
||||
208 | } |
||||
209 | |||||
210 | $cacheHelper = Newbb\Utility::cleanCache(); |
||||
0 ignored issues
–
show
Are you sure the assignment to
$cacheHelper is correct as XoopsModules\Newbb\Utility::cleanCache() targeting XoopsModules\Newbb\Utility::cleanCache() seems to always return null.
This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A
{
function getObject()
{
return null;
}
}
$a = new A();
$object = $a->getObject();
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. ![]() |
|||||
211 | //$cacheHelper->delete('permission_category'); |
||||
212 | |||||
213 | require_once __DIR__ . '/admin_footer.php'; |
||||
214 |