Issues in block.php (master) - Issues in master - mambax7/planet - Measure and Improve Code Quality continuously with Scrutinizer

Issues (212)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

blocks/block.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
//
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify     //
// it under the terms of the GNU General Public License as published by     //
// the Free Software Foundation; either version 2 of the License, or        //
// (at your option) any later version.                                      //
//                                                                          //
// You may not change or alter any portion of this comment or credits       //
// of supporting developers from this source code or any supporting         //
// source code which is considered copyrighted (c) material of the          //
// original comment or credit authors.                                      //
//                                                                          //
// This program is distributed in the hope that it will be useful,          //
// but WITHOUT ANY WARRANTY; without even the implied warranty of           //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
// GNU General Public License for more details.                             //
//                                                                          //
// You should have received a copy of the GNU General Public License        //
// along with this program; if not, write to the Free Software              //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
// ------------------------------------------------------------------------ //
// Author: phppp (D.J., [email protected])                                  //
// URL: https://xoops.org                         //
// Project: Article Project                                                 //
// ------------------------------------------------------------------------ //

// defined('XOOPS_ROOT_PATH') || die('Restricted access');

$current_path = __FILE__;
if (DIRECTORY_SEPARATOR !== '/') {

    $current_path = str_replace(strpos($current_path, "\\\\", 2) ? "\\\\" : DIRECTORY_SEPARATOR, '/', $current_path);
}
$url_arr = explode('/', strstr($current_path, '/modules/'));
include XOOPS_ROOT_PATH . '/modules/' . $url_arr[2] . '/include/vars.php';
include XOOPS_ROOT_PATH . '/modules/' . $url_arr[2] . '/class/Utility.php';
//require_once XOOPS_ROOT_PATH . '/modules/' . $GLOBALS['moddirname'] . '/include/functions.php';

/**
 * Functions handling module blocks
 * @package   module::article
 *
 * @author    D.J. (phppp)
 * @copyright copyright &copy; 2000 XOOPS Project
 *
 * @param VAR_PREFIX variable prefix for the function name
 */

PlanetUtility::planetParseFunction('
/**#@+
 * Function to display articles
 *
 * {@link article}
 *
 * @param   array   $options:
 *                      0 - criteria for fetching articles;
 *                      1 - limit for article count;
 *                      2 - title length;
 *                      3 - summary length;
 */
function [VAR_PREFIX]_article_show($options)
{
    global $xoopsDB;
    planet_define_url_delimiter();

    $blogs = array();
    $block = array();
    $select = "art_id";
    $disp_tag = "";
    $from = "";
    $where = "";
    $order = "art_time DESC";
    switch ($options[0]) {
        case "views":
            $select .= ", art_views";
            $order = "art_views DESC";
            $disp_tag = "art_views";
            break;
        case "rates":
            $select .= ", art_rates";
            $order = "art_rates DESC";
            $disp_tag = "art_rates";
            break;
        case "rating":
            $select .= ", art_rating/art_rates AS ave_rating";
            $order = "ave_rating DESC";
            $disp_tag = "ave_rating";
            break;
        case "random":
            $order = "RAND()";
            $mysql_version = substr(trim(mysqli_get_server_info()), 0, 3);
            /* for MySQL 4.1+ */
            if ($mysql_version >= "4.1") {
                $from = " LEFT JOIN (SELECT art_id AS aid FROM ".planet_DB_prefix("article")." LIMIT 1000 ORDER BY art_id DESC) AS random ON art_id = random.aid";
            }
            break;
        case "time":
        default:
            $order = "art_time DESC";
            break;
    }
    $select .= ", blog_id, art_title, art_time";
    if ($options[3]>0) {
        $select .=", art_content";
    }

    $query = "SELECT $select FROM " . planet_DB_prefix("article"). $from;
    $query .= " ORDER BY " . $order;
    $result = $xoopsDB->query($query, $options[1], 0);
    if (!$result) {
        return false;
    }
    $rows = array();
    $articleHandler = xoops_getModuleHandler("article", $GLOBALS["moddirname"]);
    while (false !== ($row = $xoopsDB->fetchArray($result))) {
        if(!empty($row["ave_rating"])) $row["art_rating"] = $row["ave_rating"];
        $article = $articleHandler->create(false);
        $article->assignVars($row);
        $_art = array();
        foreach ($row as $tag=>$val) {
            $_art[$tag] = @$article->getVar($tag);
        }
        $_art["time"] = $article->getTime();
        if (!empty($disp_tag)) {
            $_art["disp"] = @$article->getVar($disp_tag);
            if(!empty($row[$disp_tag]) && empty($_art["disp"])) $_art["disp"] = $row[$disp_tag];
        }
        if (!empty($options[2])) {
            $_art["art_title"] = xoops_substr($_art["art_title"], 0, $options[2]);
        }
        if (!empty($options[3])) {
            $_art["summary"] = $article->getSummary($options[3]);
        }
        $arts[] = $_art;
        unset($article, $_art);
        $bids[$row["blog_id"]] = 1;
    }

    $blogHandler = xoops_getModuleHandler("blog", $GLOBALS["moddirname"]);
    $blogs = $blogHandler->getList(new \Criteria("blog_id", "(".implode(",", array_keys($bids)).")", "IN"));

    for ($i=0;$i<count($arts);++$i) {
        $arts[$i]["blog"] = @$blogs[$arts[$i]["blog_id"]];
    }
    $block["articles"] = $arts;

    $block["dirname"] = $GLOBALS["moddirname"];

    return $block;
}

function [VAR_PREFIX]_article_edit($options)
{
    $form = planet_constant("MB_TYPE")."&nbsp;&nbsp;<select name=\"options[0]\">";
    $form .= "<option value=\"time\"";
        if($options[0]=="time") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_TIME")."</option>\n";
    $form .= "<option value=\"views\"";
        if($options[0]=="views") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_VIEWS")."</option>\n";
    $form .= "<option value=\"rates\"";
        if($options[0]=="rates") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_RATES")."</option>\n";
    $form .= "<option value=\"rating\"";
        if($options[0]=="rating") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_RATING")."</option>\n";
    $form .= "<option value=\"random\"";
        if($options[0]=="random") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_RANDOM")."</option>\n";
    $form .= "</select><br><br>";

    $form .= planet_constant("MB_ITEMS")."&nbsp;&nbsp;<input type=\"text\" name=\"options[1]\" value=\"" . $options[1] . "\"><br><br>";
    $form .= planet_constant("MB_TITLE_LENGTH")."&nbsp;&nbsp;<input type=\"text\" name=\"options[2]\" value=\"" . $options[2] . "\"><br><br>";
    $form .= planet_constant("MB_SUMMARY_LENGTH")."&nbsp;&nbsp;<input type=\"text\" name=\"options[3]\" value=\"" . $options[3] . "\"><br><br>";

    return $form;
}

/**#@+
 * Function to display blogs
 *
 * {@link blog}
 *
 * @param   array   $options:
 *                      0 - criteria for fetching blogs;
 *                      1 - limit for blog count;
 *                      2 - title length;
 *                      3 - show desc;
 */
function [VAR_PREFIX]_blog_show($options)
{
    global $xoopsDB;
    planet_define_url_delimiter();

    $block = array();
    $select = "blog_id";
    $disp_tag = "";
    $from = "";
    $where = "AND blog_status > 0";
    $order = "blog_id DESC";
    switch ($options[0]) {
        case "featured":
            $where = "AND blog_status=2";
            break;
        case "bookmark":
            $select .= ", blog_marks";
            $order = "blog_marks DESC";
            $disp_tag = "blog_marks";
            break;
        case "time":
            $select .= ", blog_time";
            $order = "blog_time DESC";
            break;
        case "rates":
            $select .= ", blog_rates";
            $order = "blog_rates DESC";
            $disp_tag = "blog_rates";
            break;
        case "rating":
            $select .= ", blog_rating/blog_rates AS ave_rating";
            $order = "ave_rating DESC";
            $disp_tag = "ave_rating";
            break;
        case "random":
            $order = "RAND()";
            $mysql_version = substr(trim(mysqli_get_server_info()), 0, 3);
            /* for MySQL 4.1+ */
            if ($mysql_version >= "4.1") {
                $from = " LEFT JOIN (SELECT blog_id AS aid FROM ".planet_DB_prefix("blog")." LIMIT 1000 ORDER BY blog_id DESC) AS random ON blog_id = random.aid";
            }
            break;
        default:
            $order = "blog_id DESC";
            break;
    }
    $select .= ", blog_title";
    if (!empty($options[3])) {
        $select .=", blog_desc";
    }

    $query = "SELECT $select FROM " . planet_DB_prefix("blog"). $from;
    $query .= " WHERE 1=1 " . $where;
    $query .= " ORDER BY " . $order;
    $result = $xoopsDB->query($query, $options[1], 0);
    if (!$result) {
        return false;
    }
    $rows = array();
    $blogHandler = xoops_getModuleHandler("blog", $GLOBALS["moddirname"]);
    while (false !== ($row = $xoopsDB->fetchArray($result))) {
        if(!empty($row["ave_rating"])) $row["art_rating"] = $row["ave_rating"];
        $blog = $blogHandler->create(false);
        $blog->assignVars($row);
        $_art = array();
        foreach ($row as $tag=>$val) {
            $_art[$tag] = @$blog->getVar($tag);
        }
        $_art["time"] = $blog->getTime();
        if (!empty($disp_tag)) {
            $_art["disp"] = @$blog->getVar($disp_tag);
            if(!empty($row[$disp_tag]) && empty($_art["disp"])) $_art["disp"] = $row[$disp_tag];
        }
        if (!empty($options[2])) {
            $_art["blog_title"] = xoops_substr($_art["blog_title"], 0, $options[2]);
        }
        if (!empty($options[3])) {
            $_art["summary"] = $_art["blog_desc"];
        }
        $blogs[] = $_art;
        unset($blog, $_art);
    }
if (isset($block["blogs"])) {
    $block["blogs"] = $blogs;
    }
    $block["dirname"] = $GLOBALS["moddirname"];

    return $block;
}

function [VAR_PREFIX]_blog_edit($options)
{
    $form = planet_constant("MB_TYPE")."&nbsp;&nbsp;<select name=\"options[0]\">";
    $form .= "<option value=\"featured\"";
        if($options[0]=="featured") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_FEATURED")."</option>\n";
    $form .= "<option value=\"bookmarks\"";
        if($options[0]=="bookmarks") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_BOOKMARKS")."</option>\n";
    $form .= "<option value=\"time\"";
        if($options[0]=="time") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_TIME")."</option>\n";
    $form .= "<option value=\"views\"";
        if($options[0]=="views") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_VIEWS")."</option>\n";
    $form .= "<option value=\"rates\"";
        if($options[0]=="rates") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_RATES")."</option>\n";
    $form .= "<option value=\"rating\"";
        if($options[0]=="rating") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_RATING")."</option>\n";
    $form .= "<option value=\"random\"";
        if($options[0]=="random") $form .= " selected=\"selected\" ";
        $form .= ">".planet_constant("MB_TYPE_RANDOM")."</option>\n";
    $form .= "</select><br><br>";

    $form .= planet_constant("MB_ITEMS")."&nbsp;&nbsp;<input type=\"text\" name=\"options[1]\" value=\"" . $options[1] . "\"><br><br>";
    $form .= planet_constant("MB_TITLE_LENGTH")."&nbsp;&nbsp;<input type=\"text\" name=\"options[2]\" value=\"" . $options[2] . "\"><br><br>";
    $form .= planet_constant("MB_SHOWDESC")."&nbsp;&nbsp;<input type=\"text\" name=\"options[3]\" value=\"" . $options[3] . "\"><br><br>";

    return $form;
}

/**#@-*/

/**#@+
 * Function to display categories
 *
 * {@link Xcategory}
 * {@link config}
 *
 * @param   array   $options (not used)
 */
function [VAR_PREFIX]_category_show($options)
{
    planet_define_url_delimiter();
    $block = array();
    $categoryHandler = xoops_getModuleHandler("category", $GLOBALS["moddirname"]);
    $blogHandler = xoops_getModuleHandler("blog", $GLOBALS["moddirname"]);
    $crit = new \Criteria("1", 1);
    $crit->setSort("cat_order");
    $crit->setOrder("ASC");
    $categories = $categoryHandler->getList($crit);
    $blog_counts = $blogHandler->getCountsByCategory();
    foreach ($categories as $id=>$cat) {
        $block["categories"][]=array("id"=>$id, "title"=>$cat, "blogs"=> @(int)($blog_counts[$id]));
    }
    $block["dirname"] = $GLOBALS["moddirname"];
    unset($categories, $cats_stats);

    return $block;
}
/**#@-*/
');


1		<?php
2		//
3		// ------------------------------------------------------------------------ //
4		// This program is free software; you can redistribute it and/or modify //
5		// it under the terms of the GNU General Public License as published by //
6		// the Free Software Foundation; either version 2 of the License, or //
7		// (at your option) any later version. //
8		// //
9		// You may not change or alter any portion of this comment or credits //
10		// of supporting developers from this source code or any supporting //
11		// source code which is considered copyrighted (c) material of the //
12		// original comment or credit authors. //
13		// //
14		// This program is distributed in the hope that it will be useful, //
15		// but WITHOUT ANY WARRANTY; without even the implied warranty of //
16		// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
17		// GNU General Public License for more details. //
18		// //
19		// You should have received a copy of the GNU General Public License //
20		// along with this program; if not, write to the Free Software //
21		// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
22		// ------------------------------------------------------------------------ //
23		// Author: phppp (D.J., [email protected]) //
24		// URL: https://xoops.org //
25		// Project: Article Project //
26		// ------------------------------------------------------------------------ //
27
28		// defined('XOOPS_ROOT_PATH') \|\| die('Restricted access');
29
30		$current_path = __FILE__;
31	View Code Duplication	if (DIRECTORY_SEPARATOR !== '/') {
		0 ignored issues – show Duplication introduced 2016-08-01 22:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
32		$current_path = str_replace(strpos($current_path, "\\\\", 2) ? "\\\\" : DIRECTORY_SEPARATOR, '/', $current_path);
33		}
34		$url_arr = explode('/', strstr($current_path, '/modules/'));
35		include XOOPS_ROOT_PATH . '/modules/' . $url_arr[2] . '/include/vars.php';
36		include XOOPS_ROOT_PATH . '/modules/' . $url_arr[2] . '/class/Utility.php';
37		//require_once XOOPS_ROOT_PATH . '/modules/' . $GLOBALS['moddirname'] . '/include/functions.php';
38
39		/**
40		* Functions handling module blocks
41		* @package module::article
42		*
43		* @author D.J. (phppp)
44		* @copyright copyright © 2000 XOOPS Project
45		*
46		* @param VAR_PREFIX variable prefix for the function name
47		*/
48
49		PlanetUtility::planetParseFunction('
50		/**#@+
51		* Function to display articles
52		*
53		* {@link article}
54		*
55		* @param array $options:
56		* 0 - criteria for fetching articles;
57		* 1 - limit for article count;
58		* 2 - title length;
59		* 3 - summary length;
60		*/
61		function [VAR_PREFIX]_article_show($options)
62		{
63		global $xoopsDB;
64		planet_define_url_delimiter();
65
66		$blogs = array();
67		$block = array();
68		$select = "art_id";
69		$disp_tag = "";
70		$from = "";
71		$where = "";
72		$order = "art_time DESC";
73		switch ($options[0]) {
74		case "views":
75		$select .= ", art_views";
76		$order = "art_views DESC";
77		$disp_tag = "art_views";
78		break;
79		case "rates":
80		$select .= ", art_rates";
81		$order = "art_rates DESC";
82		$disp_tag = "art_rates";
83		break;
84		case "rating":
85		$select .= ", art_rating/art_rates AS ave_rating";
86		$order = "ave_rating DESC";
87		$disp_tag = "ave_rating";
88		break;
89		case "random":
90		$order = "RAND()";
91		$mysql_version = substr(trim(mysqli_get_server_info()), 0, 3);
92		/* for MySQL 4.1+ */
93		if ($mysql_version >= "4.1") {
94		$from = " LEFT JOIN (SELECT art_id AS aid FROM ".planet_DB_prefix("article")." LIMIT 1000 ORDER BY art_id DESC) AS random ON art_id = random.aid";
95		}
96		break;
97		case "time":
98		default:
99		$order = "art_time DESC";
100		break;
101		}
102		$select .= ", blog_id, art_title, art_time";
103		if ($options[3]>0) {
104		$select .=", art_content";
105		}
106
107		$query = "SELECT $select FROM " . planet_DB_prefix("article"). $from;
108		$query .= " ORDER BY " . $order;
109		$result = $xoopsDB->query($query, $options[1], 0);
110		if (!$result) {
111		return false;
112		}
113		$rows = array();
114		$articleHandler = xoops_getModuleHandler("article", $GLOBALS["moddirname"]);
115		while (false !== ($row = $xoopsDB->fetchArray($result))) {
116		if(!empty($row["ave_rating"])) $row["art_rating"] = $row["ave_rating"];
117		$article = $articleHandler->create(false);
118		$article->assignVars($row);
119		$_art = array();
120		foreach ($row as $tag=>$val) {
121		$_art[$tag] = @$article->getVar($tag);
122		}
123		$_art["time"] = $article->getTime();
124		if (!empty($disp_tag)) {
125		$_art["disp"] = @$article->getVar($disp_tag);
126		if(!empty($row[$disp_tag]) && empty($_art["disp"])) $_art["disp"] = $row[$disp_tag];
127		}
128		if (!empty($options[2])) {
129		$_art["art_title"] = xoops_substr($_art["art_title"], 0, $options[2]);
130		}
131		if (!empty($options[3])) {
132		$_art["summary"] = $article->getSummary($options[3]);
133		}
134		$arts[] = $_art;
135		unset($article, $_art);
136		$bids[$row["blog_id"]] = 1;
137		}
138
139		$blogHandler = xoops_getModuleHandler("blog", $GLOBALS["moddirname"]);
140		$blogs = $blogHandler->getList(new \Criteria("blog_id", "(".implode(",", array_keys($bids)).")", "IN"));
141
142		for ($i=0;$i<count($arts);++$i) {
143		$arts[$i]["blog"] = @$blogs[$arts[$i]["blog_id"]];
144		}
145		$block["articles"] = $arts;
146
147		$block["dirname"] = $GLOBALS["moddirname"];
148
149		return $block;
150		}
151
152		function [VAR_PREFIX]_article_edit($options)
153		{
154		$form = planet_constant("MB_TYPE")."  <select name=\"options[0]\">";
155		$form .= "<option value=\"time\"";
156		if($options[0]=="time") $form .= " selected=\"selected\" ";
157		$form .= ">".planet_constant("MB_TYPE_TIME")."</option>\n";
158		$form .= "<option value=\"views\"";
159		if($options[0]=="views") $form .= " selected=\"selected\" ";
160		$form .= ">".planet_constant("MB_TYPE_VIEWS")."</option>\n";
161		$form .= "<option value=\"rates\"";
162		if($options[0]=="rates") $form .= " selected=\"selected\" ";
163		$form .= ">".planet_constant("MB_TYPE_RATES")."</option>\n";
164		$form .= "<option value=\"rating\"";
165		if($options[0]=="rating") $form .= " selected=\"selected\" ";
166		$form .= ">".planet_constant("MB_TYPE_RATING")."</option>\n";
167		$form .= "<option value=\"random\"";
168		if($options[0]=="random") $form .= " selected=\"selected\" ";
169		$form .= ">".planet_constant("MB_TYPE_RANDOM")."</option>\n";
170		$form .= "</select><br><br>";
171
172		$form .= planet_constant("MB_ITEMS")."  <input type=\"text\" name=\"options[1]\" value=\"" . $options[1] . "\"><br><br>";
173		$form .= planet_constant("MB_TITLE_LENGTH")."  <input type=\"text\" name=\"options[2]\" value=\"" . $options[2] . "\"><br><br>";
174		$form .= planet_constant("MB_SUMMARY_LENGTH")."  <input type=\"text\" name=\"options[3]\" value=\"" . $options[3] . "\"><br><br>";
175
176		return $form;
177		}
178
179		/**#@+
180		* Function to display blogs
181		*
182		* {@link blog}
183		*
184		* @param array $options:
185		* 0 - criteria for fetching blogs;
186		* 1 - limit for blog count;
187		* 2 - title length;
188		* 3 - show desc;
189		*/
190		function [VAR_PREFIX]_blog_show($options)
191		{
192		global $xoopsDB;
193		planet_define_url_delimiter();
194
195		$block = array();
196		$select = "blog_id";
197		$disp_tag = "";
198		$from = "";
199		$where = "AND blog_status > 0";
200		$order = "blog_id DESC";
201		switch ($options[0]) {
202		case "featured":
203		$where = "AND blog_status=2";
204		break;
205		case "bookmark":
206		$select .= ", blog_marks";
207		$order = "blog_marks DESC";
208		$disp_tag = "blog_marks";
209		break;
210		case "time":
211		$select .= ", blog_time";
212		$order = "blog_time DESC";
213		break;
214		case "rates":
215		$select .= ", blog_rates";
216		$order = "blog_rates DESC";
217		$disp_tag = "blog_rates";
218		break;
219		case "rating":
220		$select .= ", blog_rating/blog_rates AS ave_rating";
221		$order = "ave_rating DESC";
222		$disp_tag = "ave_rating";
223		break;
224		case "random":
225		$order = "RAND()";
226		$mysql_version = substr(trim(mysqli_get_server_info()), 0, 3);
227		/* for MySQL 4.1+ */
228		if ($mysql_version >= "4.1") {
229		$from = " LEFT JOIN (SELECT blog_id AS aid FROM ".planet_DB_prefix("blog")." LIMIT 1000 ORDER BY blog_id DESC) AS random ON blog_id = random.aid";
230		}
231		break;
232		default:
233		$order = "blog_id DESC";
234		break;
235		}
236		$select .= ", blog_title";
237		if (!empty($options[3])) {
238		$select .=", blog_desc";
239		}
240
241		$query = "SELECT $select FROM " . planet_DB_prefix("blog"). $from;
242		$query .= " WHERE 1=1 " . $where;
243		$query .= " ORDER BY " . $order;
244		$result = $xoopsDB->query($query, $options[1], 0);
245		if (!$result) {
246		return false;
247		}
248		$rows = array();
249		$blogHandler = xoops_getModuleHandler("blog", $GLOBALS["moddirname"]);
250		while (false !== ($row = $xoopsDB->fetchArray($result))) {
251		if(!empty($row["ave_rating"])) $row["art_rating"] = $row["ave_rating"];
252		$blog = $blogHandler->create(false);
253		$blog->assignVars($row);
254		$_art = array();
255		foreach ($row as $tag=>$val) {
256		$_art[$tag] = @$blog->getVar($tag);
257		}
258		$_art["time"] = $blog->getTime();
259		if (!empty($disp_tag)) {
260		$_art["disp"] = @$blog->getVar($disp_tag);
261		if(!empty($row[$disp_tag]) && empty($_art["disp"])) $_art["disp"] = $row[$disp_tag];
262		}
263		if (!empty($options[2])) {
264		$_art["blog_title"] = xoops_substr($_art["blog_title"], 0, $options[2]);
265		}
266		if (!empty($options[3])) {
267		$_art["summary"] = $_art["blog_desc"];
268		}
269		$blogs[] = $_art;
270		unset($blog, $_art);
271		}
272		if (isset($block["blogs"])) {
273		$block["blogs"] = $blogs;
274		}
275		$block["dirname"] = $GLOBALS["moddirname"];
276
277		return $block;
278		}
279
280		function [VAR_PREFIX]_blog_edit($options)
281		{
282		$form = planet_constant("MB_TYPE")."  <select name=\"options[0]\">";
283		$form .= "<option value=\"featured\"";
284		if($options[0]=="featured") $form .= " selected=\"selected\" ";
285		$form .= ">".planet_constant("MB_TYPE_FEATURED")."</option>\n";
286		$form .= "<option value=\"bookmarks\"";
287		if($options[0]=="bookmarks") $form .= " selected=\"selected\" ";
288		$form .= ">".planet_constant("MB_TYPE_BOOKMARKS")."</option>\n";
289		$form .= "<option value=\"time\"";
290		if($options[0]=="time") $form .= " selected=\"selected\" ";
291		$form .= ">".planet_constant("MB_TYPE_TIME")."</option>\n";
292		$form .= "<option value=\"views\"";
293		if($options[0]=="views") $form .= " selected=\"selected\" ";
294		$form .= ">".planet_constant("MB_TYPE_VIEWS")."</option>\n";
295		$form .= "<option value=\"rates\"";
296		if($options[0]=="rates") $form .= " selected=\"selected\" ";
297		$form .= ">".planet_constant("MB_TYPE_RATES")."</option>\n";
298		$form .= "<option value=\"rating\"";
299		if($options[0]=="rating") $form .= " selected=\"selected\" ";
300		$form .= ">".planet_constant("MB_TYPE_RATING")."</option>\n";
301		$form .= "<option value=\"random\"";
302		if($options[0]=="random") $form .= " selected=\"selected\" ";
303		$form .= ">".planet_constant("MB_TYPE_RANDOM")."</option>\n";
304		$form .= "</select><br><br>";
305
306		$form .= planet_constant("MB_ITEMS")."  <input type=\"text\" name=\"options[1]\" value=\"" . $options[1] . "\"><br><br>";
307		$form .= planet_constant("MB_TITLE_LENGTH")."  <input type=\"text\" name=\"options[2]\" value=\"" . $options[2] . "\"><br><br>";
308		$form .= planet_constant("MB_SHOWDESC")."  <input type=\"text\" name=\"options[3]\" value=\"" . $options[3] . "\"><br><br>";
309
310		return $form;
311		}
312
313		/*#@-/
314
315		/**#@+
316		* Function to display categories
317		*
318		* {@link Xcategory}
319		* {@link config}
320		*
321		* @param array $options (not used)
322		*/
323		function [VAR_PREFIX]_category_show($options)
324		{
325		planet_define_url_delimiter();
326		$block = array();
327		$categoryHandler = xoops_getModuleHandler("category", $GLOBALS["moddirname"]);
328		$blogHandler = xoops_getModuleHandler("blog", $GLOBALS["moddirname"]);
329		$crit = new \Criteria("1", 1);
330		$crit->setSort("cat_order");
331		$crit->setOrder("ASC");
332		$categories = $categoryHandler->getList($crit);
333		$blog_counts = $blogHandler->getCountsByCategory();
334		foreach ($categories as $id=>$cat) {
335		$block["categories"][]=array("id"=>$id, "title"=>$cat, "blogs"=> @(int)($blog_counts[$id]));
336		}
337		$block["dirname"] = $GLOBALS["moddirname"];
338		unset($categories, $cats_stats);
339
340		return $block;
341		}
342		/*#@-/
343		');
344

mambax7 / planet

Issues (212)

Security Analysis not enabled

blocks/block.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like