This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php declare(strict_types=1); |
||||
2 | /* |
||||
3 | You may not change or alter any portion of this comment or credits |
||||
4 | of supporting developers from this source code or any supporting source code |
||||
5 | which is considered copyrighted (c) material of the original comment or credit authors. |
||||
6 | |||||
7 | This program is distributed in the hope that it will be useful, |
||||
8 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
9 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
||||
10 | */ |
||||
11 | |||||
12 | /** |
||||
13 | * @copyright XOOPS Project (https://xoops.org) |
||||
14 | * @license https://www.fsf.org/copyleft/gpl.html GNU public license |
||||
15 | * @since 1.0 |
||||
16 | * @author trabis <[email protected]> |
||||
17 | * @author Kazumi Ono (AKA onokazu) |
||||
18 | */ |
||||
19 | |||||
20 | use Xmf\Request; |
||||
21 | use XoopsModules\Publisher\Helper; |
||||
22 | use XoopsModules\Publisher\Utility; |
||||
23 | |||||
24 | require_once __DIR__ . '/admin_header.php'; |
||||
25 | |||||
26 | $helper = Helper::getInstance(); |
||||
27 | |||||
28 | $module = $helper->getModule(); |
||||
29 | $modId = $module->mid(); |
||||
30 | $modname = $module->name(); |
||||
31 | $dirName = $helper->getDirname(); |
||||
32 | |||||
33 | /** @var \XoopsModuleHandler $moduleHandler */ |
||||
34 | $moduleHandler = xoops_getHandler('module'); |
||||
35 | $xoopsModule0 = $moduleHandler->getByDirname(basename(dirname(__DIR__))); |
||||
36 | global $xoopsModule; |
||||
37 | |||||
38 | xoops_loadLanguage('admin', 'system'); |
||||
39 | xoops_loadLanguage('admin/preferences', 'system'); |
||||
40 | |||||
41 | $op = 'showmod'; |
||||
42 | if (isset($_POST)) { |
||||
43 | foreach ($_POST as $k => $v) { |
||||
44 | ${$k} = $v; |
||||
45 | } |
||||
46 | } |
||||
47 | unset($k, $v); |
||||
48 | |||||
49 | $op = Request::getString('op', $op, 'GET'); |
||||
50 | |||||
51 | $configcat = Request::getString('configcat', '', 'GET'); |
||||
52 | |||||
53 | if ('showmod' === $op) { |
||||
54 | /** @var \XoopsConfigHandler $configHandler */ |
||||
55 | $configHandler = xoops_getHandler('config'); |
||||
56 | |||||
57 | $config = $configHandler->getConfigs(new \Criteria('conf_modid', $modId)); |
||||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||||
58 | $count = count($config); |
||||
59 | if ($count < 1) { |
||||
60 | redirect_header($module->getInfo('adminindex'), 1); |
||||
61 | } |
||||
62 | |||||
63 | $xv_configs = $module->getInfo('config'); |
||||
64 | $config_cats = $module->getInfo('configcat'); |
||||
65 | |||||
66 | if (is_array($config_cats) && !array_key_exists('others', $config_cats)) { |
||||
67 | $config_cats['others'] = [ |
||||
68 | 'name' => _MI_PUBLISHER_CONFCAT_OTHERS, |
||||
69 | 'description' => _MI_PUBLISHER_CONFCAT_OTHERS_DSC, |
||||
70 | ]; |
||||
71 | } |
||||
72 | $cat_others_used = false; |
||||
73 | |||||
74 | xoops_loadLanguage('modinfo', $module->getVar('dirname')); |
||||
0 ignored issues
–
show
It seems like
$module->getVar('dirname') can also be of type array and array ; however, parameter $domain of xoops_loadLanguage() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
75 | |||||
76 | if (1 == $module->getVar('hascomments')) { |
||||
77 | xoops_loadLanguage('comment'); |
||||
78 | } |
||||
79 | |||||
80 | if (1 == $module->getVar('hasnotification')) { |
||||
81 | xoops_loadLanguage('notification'); |
||||
82 | } |
||||
83 | |||||
84 | xoops_load('XoopsFormLoader'); |
||||
85 | |||||
86 | if (is_array($config_cats)) { |
||||
87 | foreach ($config_cats as $formCat => $info) { |
||||
88 | $$formCat = new \XoopsThemeForm($info['name'], 'pref_form_' . $formCat, 'preferences.php', 'post', true); |
||||
89 | } |
||||
90 | unset($formCat); |
||||
91 | } |
||||
92 | |||||
93 | for ($i = 0; $i < $count; ++$i) { |
||||
94 | foreach ($xv_configs as $xv_config) { |
||||
95 | if ($config[$i]->getVar('conf_name') == $xv_config['name']) { |
||||
96 | break; |
||||
97 | } |
||||
98 | } |
||||
99 | |||||
100 | $formCat = @$xv_config['category']; |
||||
101 | $formCat = $xv_config['category'] ?? ''; |
||||
102 | unset($xv_config); |
||||
103 | |||||
104 | if (is_array($config_cats) && !array_key_exists($formCat, $config_cats)) { |
||||
105 | $formCat = 'others'; |
||||
106 | $cat_others_used = true; |
||||
107 | } |
||||
108 | |||||
109 | $title = (!defined($config[$i]->getVar('conf_desc')) |
||||
110 | || '' == constant($config[$i]->getVar('conf_desc'))) ? constant($config[$i]->getVar('conf_title')) : constant($config[$i]->getVar('conf_title')) . '<br><br><span style="font-weight:normal;">' . constant($config[$i]->getVar('conf_desc')) . '</span>'; |
||||
111 | switch ($config[$i]->getVar('conf_formtype')) { |
||||
112 | case 'textarea': |
||||
113 | $myts = \MyTextSanitizer::getInstance(); |
||||
114 | if ('array' === $config[$i]->getVar('conf_valuetype')) { |
||||
115 | // this is exceptional.. only when value type is arrayneed a smarter way for this |
||||
116 | $ele = ('' != $config[$i]->getVar('conf_value')) ? new \XoopsFormTextArea($title, $config[$i]->getVar('conf_name'), htmlspecialchars(implode('|', $config[$i]->getConfValueForOutput()), ENT_QUOTES | ENT_HTML5), 5, 50) : new \XoopsFormTextArea($title, $config[$i]->getVar('conf_name'), '', 5, 50); |
||||
117 | } else { |
||||
118 | $ele = new \XoopsFormTextArea($title, $config[$i]->getVar('conf_name'), htmlspecialchars($config[$i]->getConfValueForOutput(), ENT_QUOTES | ENT_HTML5), 5, 50); |
||||
119 | } |
||||
120 | break; |
||||
121 | case 'select': |
||||
122 | $ele = new \XoopsFormSelect($title, $config[$i]->getVar('conf_name'), $config[$i]->getConfValueForOutput()); |
||||
123 | $options = $configHandler->getConfigOptions(new \Criteria('conf_id', $config[$i]->getVar('conf_id'))); |
||||
124 | $opcount = count($options); |
||||
125 | for ($j = 0; $j < $opcount; ++$j) { |
||||
126 | $optval = defined($options[$j]->getVar('confop_value')) ? constant($options[$j]->getVar('confop_value')) : $options[$j]->getVar('confop_value'); |
||||
127 | $optkey = defined($options[$j]->getVar('confop_name')) ? constant($options[$j]->getVar('confop_name')) : $options[$j]->getVar('confop_name'); |
||||
128 | $ele->addOption($optval, $optkey); |
||||
129 | } |
||||
130 | break; |
||||
131 | case 'select_multi': |
||||
132 | $ele = new \XoopsFormSelect($title, $config[$i]->getVar('conf_name'), $config[$i]->getConfValueForOutput(), 5, true); |
||||
133 | $options = $configHandler->getConfigOptions(new \Criteria('conf_id', $config[$i]->getVar('conf_id'))); |
||||
134 | $opcount = count($options); |
||||
135 | for ($j = 0; $j < $opcount; ++$j) { |
||||
136 | $optval = defined($options[$j]->getVar('confop_value')) ? constant($options[$j]->getVar('confop_value')) : $options[$j]->getVar('confop_value'); |
||||
137 | $optkey = defined($options[$j]->getVar('confop_name')) ? constant($options[$j]->getVar('confop_name')) : $options[$j]->getVar('confop_name'); |
||||
138 | $ele->addOption($optval, $optkey); |
||||
139 | } |
||||
140 | break; |
||||
141 | case 'yesno': |
||||
142 | $ele = new \XoopsFormRadioYN($title, $config[$i]->getVar('conf_name'), $config[$i]->getConfValueForOutput(), _YES, _NO); |
||||
143 | break; |
||||
144 | case 'group': |
||||
145 | require_once $GLOBALS['xoops']->path('class/xoopslists.php'); |
||||
146 | $ele = new \XoopsFormSelectGroup($title, $config[$i]->getVar('conf_name'), false, $config[$i]->getConfValueForOutput(), 1, false); |
||||
147 | break; |
||||
148 | case 'group_multi': |
||||
149 | require_once $GLOBALS['xoops']->path('class/xoopslists.php'); |
||||
150 | $ele = new \XoopsFormSelectGroup($title, $config[$i]->getVar('conf_name'), false, $config[$i]->getConfValueForOutput(), 5, true); |
||||
151 | break; |
||||
152 | case 'user': |
||||
153 | require_once $GLOBALS['xoops']->path('class/xoopslists.php'); |
||||
154 | $ele = new \XoopsFormSelectUser($title, $config[$i]->getVar('conf_name'), false, $config[$i]->getConfValueForOutput(), 1, false); |
||||
155 | break; |
||||
156 | case 'user_multi': |
||||
157 | require_once $GLOBALS['xoops']->path('class/xoopslists.php'); |
||||
158 | $ele = new \XoopsFormSelectUser($title, $config[$i]->getVar('conf_name'), false, $config[$i]->getConfValueForOutput(), 5, true); |
||||
159 | break; |
||||
160 | case 'password': |
||||
161 | $myts = \MyTextSanitizer::getInstance(); |
||||
162 | $ele = new \XoopsFormPassword($title, $config[$i]->getVar('conf_name'), 50, 255, htmlspecialchars($config[$i]->getConfValueForOutput(), ENT_QUOTES | ENT_HTML5)); |
||||
163 | break; |
||||
164 | case 'color': |
||||
165 | $myts = \MyTextSanitizer::getInstance(); |
||||
166 | $ele = new \XoopsFormColorPicker($title, $config[$i]->getVar('conf_name'), htmlspecialchars($config[$i]->getConfValueForOutput(), ENT_QUOTES | ENT_HTML5)); |
||||
167 | break; |
||||
168 | case 'hidden': |
||||
169 | $myts = \MyTextSanitizer::getInstance(); |
||||
170 | $ele = new \XoopsFormHidden($config[$i]->getVar('conf_name'), htmlspecialchars($config[$i]->getConfValueForOutput(), ENT_QUOTES | ENT_HTML5)); |
||||
171 | break; |
||||
172 | case 'textbox': |
||||
173 | default: |
||||
174 | $myts = \MyTextSanitizer::getInstance(); |
||||
175 | $ele = new \XoopsFormText($title, $config[$i]->getVar('conf_name'), 50, 255, htmlspecialchars($config[$i]->getConfValueForOutput(), ENT_QUOTES | ENT_HTML5)); |
||||
176 | break; |
||||
177 | } |
||||
178 | $hidden = new \XoopsFormHidden('conf_ids[]', $config[$i]->getVar('conf_id')); |
||||
179 | if (isset($$formCat) && null !== $$formCat) { |
||||
180 | $$formCat->addElement($ele); |
||||
181 | $$formCat->addElement($hidden); |
||||
182 | unset($ele, $hidden); |
||||
183 | } |
||||
184 | } |
||||
185 | |||||
186 | Utility::cpHeader(); |
||||
187 | //publisher_adminMenu(5, _PREFERENCES); |
||||
188 | foreach ($config_cats as $formCat => $info) { |
||||
189 | if ('others' === $formCat && !$cat_others_used) { |
||||
190 | continue; |
||||
191 | } |
||||
192 | $$formCat->addElement(new \XoopsFormHidden('op', 'save')); |
||||
193 | $$formCat->addElement(new \XoopsFormButton('', 'button', _GO, 'submit')); |
||||
194 | Utility::openCollapsableBar($formCat . '_table', $formCat . '_icon', $info['name'], $info['description']); |
||||
195 | $$formCat->display(); |
||||
196 | Utility::closeCollapsableBar($formCat . '_table', $formCat . '_icon'); |
||||
197 | } |
||||
198 | unset($formCat); |
||||
199 | xoops_cp_footer(); |
||||
200 | exit(); |
||||
201 | } |
||||
202 | |||||
203 | if ('save' === $op) { |
||||
204 | if (!$GLOBALS['xoopsSecurity']->check()) { |
||||
205 | redirect_header($module->getInfo('adminindex'), 3, implode('<br>', $GLOBALS['xoopsSecurity']->getErrors())); |
||||
206 | } |
||||
207 | $count = count($confIds); |
||||
208 | /** @var \XoopsConfigHandler $configHandler */ |
||||
209 | $configHandler = xoops_getHandler('config'); |
||||
210 | if ($count > 0) { |
||||
211 | for ($i = 0; $i < $count; ++$i) { |
||||
212 | /** @var \XoopsConfigItem $config */ |
||||
213 | $config = $configHandler->getConfig($confIds[$i]); |
||||
214 | $newValue = ${$config->getVar('conf_name')}; |
||||
215 | if (is_array($newValue) || $newValue != $config->getVar('conf_value')) { |
||||
216 | $config->setConfValueForInput($newValue); |
||||
217 | $configHandler->insertConfig($config); |
||||
218 | } |
||||
219 | unset($newValue); |
||||
220 | } |
||||
221 | } |
||||
222 | redirect_header('preferences.php', 2, _AM_DBUPDATED); |
||||
223 | } |
||||
224 |