Issues in item.php (master) - Issues in master - mambax7/publisher - Measure and Improve Code Quality continuously with Scrutinizer

Issues (371)

Security Analysis no vulnerabilities found

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

item.php (2 issues)

Severity

<?php declare(strict_types=1);
/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright       XOOPS Project (https://xoops.org)
 * @license         https://www.fsf.org/copyleft/gpl.html GNU public license
 * @since           1.0
 * @author          trabis <[email protected]>
 * @author          The SmartFactory <www.smartfactory.ca>
 */

use Xmf\Request;
use XoopsModules\Publisher\{
    Category,
    Constants,
    Helper,
    Item,
    Jsonld,
    Metagen,
    Utility,
    VoteHandler
};
use XoopsModules\Tag\Tagbar;

/** @var Category $categoryObj */
require_once __DIR__ . '/header.php';

$itemId     = Request::getInt('itemid', 0, 'GET');
$itemPageId = Request::getInt('page', -1, 'GET');

if (0 == $itemId) {
    //    redirect_header('<script>javascript:history.go(-1)</script>', 1, _MD_PUBLISHER_NOITEMSELECTED);
}

$helper = Helper::getInstance();

// Creating the item object for the selected item
/** @var Item $itemObj */
$itemObj = $helper->getHandler('Item')
                  ->get($itemId);

// if the selected item was not found, exit
if (null === $itemObj) {
        redirect_header('<script>javascript:history.go(-1)</script>', 1, _MD_PUBLISHER_NOITEMSELECTED);
}

// Creating the category object that holds the selected item
$categoryObj = $helper->getHandler('Category')
                      ->get($itemObj->categoryid());

$categoryid = (int)$categoryObj->getVar('categoryid');

$GLOBALS['xoopsOption']['template_main'] = 'publisher_item.tpl'; //default template

//Option for a custom template for a category
$catItemTemplate = $categoryObj->getVar('template_item');
if (!empty($catItemTemplate)) {
    $GLOBALS['xoopsOption']['template_main'] = 'publisher_category_item_custom.tpl';
}

require_once XOOPS_ROOT_PATH . '/header.php';

//$xoTheme->addScript(XOOPS_URL . '/browse.php?Frameworks/jquery/jquery.js');
//$xoTheme->addScript(PUBLISHER_URL . '/assets/js/jquery.popeye-2.1.js');
//$xoTheme->addScript(PUBLISHER_URL . '/assets/js/publisher.js');
//
//$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/jquery.popeye.css');
//$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/jquery.popeye.style.css');
$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/publisher.css');
$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/rating.css');

$xoopsTpl->assign('customitemtemplate', $catItemTemplate); //assign custom template

require_once PUBLISHER_ROOT_PATH . '/footer.php';

// Check user permissions to access that category of the selected item
if (!$itemObj->accessGranted()) {
    redirect_header('<script>javascript:history.go(-1)</script>', 1, _NOPERM);
}
$com_replytitle = $itemObj->getTitle();

// Update the read counter of the selected item
if (!$GLOBALS['xoopsUser']
    || ($GLOBALS['xoopsUser']
        && !$GLOBALS['xoopsUser']->isAdmin(
            $helper->getModule()
                   ->mid()
        ))
    || ($GLOBALS['xoopsUser']->isAdmin(
            $helper->getModule()
                   ->mid()
        )
        && 1 == $helper->getConfig('item_admin_hits'))) {
    $itemObj->updateCounter();
}

// creating the Item objects that belong to the selected category
switch ($helper->getConfig('format_order_by')) {
    case 'title':
        $sort  = 'title';
        $order = 'ASC';
        break;
    case 'date':
        $sort  = 'datesub';
        $order = 'DESC';
        break;
    case 'counter':
        $sort  = 'counter';
        $order = 'DESC';
        break;
    case 'rating':
        $sort  = 'rating';
        $order = 'DESC';
        break;
    case 'votes':
        $sort  = 'votes';
        $order = 'DESC';
        break;
    case 'comments':
        $sort  = 'comments';
        $order = 'DESC';
        break;
    default:
        $sort  = 'weight';
        $order = 'ASC';
        break;
}

if ('previous_next' === $helper->getConfig('item_other_items_type')) {
    // Retrieving the next and previous object
    $previousItemLink = '';
    $previousItemUrl  = '';
    $nextItemLink     = '';
    $nextItemUrl      = '';

    $previousObj = $helper->getHandler('Item')
                          ->getPreviousPublished($itemObj);
    $nextObj     = $helper->getHandler('Item')
                          ->getNextPublished($itemObj);
    if (is_object($previousObj)) {

        $previousItemLink = $previousObj->getItemLink();
        $previousItemUrl  = $previousObj->getItemUrl();
    }

    if (is_object($nextObj)) {

        $nextItemLink = $nextObj->getItemLink();
        $nextItemUrl  = $nextObj->getItemUrl();
    }
    unset($previousObj, $nextObj);
    $xoopsTpl->assign('previousItemLink', $previousItemLink);
    $xoopsTpl->assign('nextItemLink', $nextItemLink);
    $xoopsTpl->assign('previousItemUrl', $previousItemUrl);
    $xoopsTpl->assign('nextItemUrl', $nextItemUrl);
}

//CAREFUL!! with many items this will exhaust memory
if ('all' === $helper->getConfig('item_other_items_type')) {
    $itemsObj = $helper->getHandler('Item')
                       ->getAllPublished(0, 0, $categoryObj->categoryid, $sort, $order, '', true, true);
    $items    = [];
    foreach ($itemsObj[''] as $theItemObj) {
        $theItem              = [];
        $theItem['body']      = $theItemObj->getBody();
        $theItem['title']     = $theItemObj->getTitle();
        $theItem['titlelink'] = $theItemObj->getItemLink();
        $theItem['itemid']    = $theItemObj->itemid();
        $theItem['itemurl']   = $theItemObj->getItemUrl();
        $theItem['datesub']   = $theItemObj->getDatesub();
        $theItem['counter']   = $theItemObj->counter();
        $theItem['who']       = $theItemObj->getWho();
        $theItem['category']  = $theItemObj->getCategoryLink();
        $theItem['more']      = '<a href="' . $theItemObj->getItemUrl() . '">' . _MD_PUBLISHER_READMORE . '</a>';

        $summary = $theItemObj->getSummary(300);
        if (!$summary) {
            $summary = $theItemObj->getBody(300);
        }
        $theItem['summary'] = $summary;

        $theItem['cancomment'] = $theItemObj->cancomment();
        $comments              = $theItemObj->comments();
        if ($comments > 0) {
            //shows 1 comment instead of 1 comm. if comments ==1
            //langugage file modified accordingly
            if (1 == $comments) {
                $theItem['comments'] = '&nbsp;' . _MD_PUBLISHER_ONECOMMENT . '&nbsp;';
            } else {
                $theItem['comments'] = '&nbsp;' . $comments . '&nbsp;' . _MD_PUBLISHER_COMMENTS . '&nbsp;';
            }
        } else {
            $theItem['comments'] = '&nbsp;' . _MD_PUBLISHER_NO_COMMENTS . '&nbsp;';
        }

        $mainImage = $theItemObj->getMainImage();
        // check to see if GD function exist
        $theItem['item_image'] = $mainImage['image_path'];
        if (!empty($mainImage['image_path']) && function_exists('imagecreatetruecolor')) {
            $theItem['item_image'] = PUBLISHER_URL . '/thumb.php?src=' . $mainImage['image_path'] . '&amp;w=100';
            $theItem['image_path'] = $mainImage['image_path'];
        }

        if ($theItemObj->itemid == $itemObj->itemid()) {
            $theItem['titlelink'] = $theItemObj->getItemLink();
        }
        $items[] = $theItem;
        unset($theItem);
    }
    unset($itemsObj);
    $xoopsTpl->assign('items', $items);
    unset($items);
}

// Populating the smarty variables with information related to the selected item
$item = $itemObj->toArraySimple($itemPageId);
$xoopsTpl->assign('show_subtitle', $helper->getConfig('item_disp_subtitle'));

if ($itemObj->pagescount() > 0) {
    if (-1 == $itemPageId) {
        $itemPageId = 0;
    }
    require_once $GLOBALS['xoops']->path('class/pagenav.php');
    //    $pagenav = new \XoopsPageNav($itemObj->pagescount(), 1, $itemPageId, 'page', 'itemid=' . $itemObj->itemid());

    $pagenav = new \XoopsPageNav($itemObj->pagescount(), 1, $itemPageId, 'page', 'itemid=' . $itemObj->itemid()); //SMEDrieben changed ->itemId to ->itemid

    $xoopsTpl->assign('pagenav', $pagenav->renderNav());
}

// Creating the files object associated with this item
$file         = [];
$files        = [];
$embededFiles = [];
$filesObj     = $itemObj->getFiles();

// check if user has permission to modify files
$hasFilePermissions = true;
if (!(Utility::userIsAdmin() || Utility::userIsModerator($itemObj))) {
    $hasFilePermissions = false;
}
if (null !== $filesObj) {
    foreach ($filesObj as $fileObj) {
        $file        = [];
        $file['mod'] = false;
        if ($hasFilePermissions || (is_object($GLOBALS['xoopsUser']) && $fileObj->getVar('uid') == $GLOBALS['xoopsUser']->getVar('uid'))) {
            $file['mod'] = true;
        }

        if ('application/x-shockwave-flash' === $fileObj->mimetype()) {
            $file['content'] = $fileObj->displayFlash();
            if (mb_strpos($item['maintext'], '[flash-' . $fileObj->getVar('fileid') . ']')) {
                $item['maintext'] = str_replace('[flash-' . $fileObj->getVar('fileid') . ']', $file['content'], $item['maintext']);
            } else {
                $embededFiles[] = $file;
            }
        } else {
            $file['fileid']      = $fileObj->fileid();
            $file['name']        = $fileObj->name();
            $file['description'] = $fileObj->description();
            $file['filename']    = $fileObj->filename();
            $file['type']        = $fileObj->mimetype();
            $file['datesub']     = $fileObj->getDatesub();
            $file['hits']        = $fileObj->counter();
            $files[]             = $file;
        }
    }
}

$item['files']         = $files;
$item['embeded_files'] = $embededFiles;
unset($file, $embededFiles, $filesObj, $fileObj);

// Language constants
$xoopsTpl->assign('mail_link', 'mailto:?subject=' . sprintf(_CO_PUBLISHER_INTITEM, $GLOBALS['xoopsConfig']['sitename']) . '&amp;body=' . sprintf(_CO_PUBLISHER_INTITEMFOUND, $GLOBALS['xoopsConfig']['sitename']) . ': ' . $itemObj->getItemUrl());
$xoopsTpl->assign('itemid', $itemObj->itemid());
$xoopsTpl->assign(
    'sectionname', $helper->getModule()
                          ->getVar('name')
);
$xoopsTpl->assign('module_dirname', $helper->getDirname());
$xoopsTpl->assign('module_home', Utility::moduleHome($helper->getConfig('format_linked_path')));
$xoopsTpl->assign('categoryPath', '<li>' . $item['categoryPath'] . '</li><li> ' . $item['title'] . '</li>');
$xoopsTpl->assign('commentatarticlelevel', $helper->getConfig('perm_com_art_level'));
$xoopsTpl->assign('com_rule', $helper->getConfig('com_rule'));
$xoopsTpl->assign('other_items', $helper->getConfig('item_other_items_type'));
$xoopsTpl->assign('itemfooter', $myts->displayTarea($helper->getConfig('item_footer'), 1));
$xoopsTpl->assign('perm_author_items', $helper->getConfig('perm_author_items'));

// tags support
if (xoops_isActiveModule('tag')) {
    $tagbar = new Tagbar();
    $xoopsTpl->assign('tagbar', $tagbar->getTagbar($itemId, $categoryid = 0));
}

/**
 * Generating meta information for this page
 */
$publisherMetagen = new Metagen($itemObj->getVar('title'), $itemObj->getVar('meta_keywords', 'n'), $itemObj->getVar('meta_description', 'n'), $itemObj->getCategoryPath());
$publisherMetagen->createMetaTags();

// generate JSON-LD and add to page
if ($helper->getConfig('generate_jsonld')) {
    $jsonld = Jsonld::getItem($itemObj, $categoryObj);
    echo $jsonld;
}

// Include the comments if the selected ITEM supports comments
if ((0 != $helper->getConfig('com_rule')) && ((1 == $itemObj->cancomment()) || !$helper->getConfig('perm_com_art_level'))) {
    require_once \dirname(__DIR__, 2) . '/include/comment_view.php';
    // Problem with url_rewrite and posting comments :
    //    $xoopsTpl->assign(
    //        [
    //            'editcomment_link'   => PUBLISHER_URL . '/comment_edit.php?com_itemid=' . $com_itemid . '&amp;com_order=' . $com_order . '&amp;com_mode=' . $com_mode . $link_extra,
    //            'deletecomment_link' => PUBLISHER_URL . '/comment_delete.php?com_itemid=' . $com_itemid . '&amp;com_order=' . $com_order . '&amp;com_mode=' . $com_mode . $link_extra,
    //            'replycomment_link'  => PUBLISHER_URL . '/comment_reply.php?com_itemid=' . $com_itemid . '&amp;com_order=' . $com_order . '&amp;com_mode=' . $com_mode . $link_extra,
    //        ]
    //    );
    $commentsnav = $xoopsTpl->getTemplateVars('commentsnav');
    $commentsnav = str_replace(
        "self.location.href='",
        "self.location.href='" . PUBLISHER_URL . '/',
        $commentsnav ?? ''
    );
    $xoopsTpl->assign('commentsnav', $commentsnav);
}

// Original AJAX rating
if ($helper->getConfig('perm_rating')) {
    $xoopsTpl->assign('rating_enabled', true);
    $item['ratingbar'] = Utility::ratingBar($itemId);

    //    $xoTheme->addScript(PUBLISHER_URL . '/assets/js/behavior.js');
    //    $xoTheme->addScript(PUBLISHER_URL . '/assets/js/rating.js');
    //}

    //=============== START VOTE RATING ======================================

    $start = Request::getInt('start', 0);
    $limit = Request::getInt('limit', $helper->getConfig('userpager'));
    $id    = Request::getInt('itemid', 0, 'GET');

    //    $ratingbars = (int)$helper->getConfig('ratingbars'); //from Preferences

    $voteType = $itemObj->votetype();

    if ($voteType > 0) {
        $GLOBALS['xoTheme']->addStylesheet(PUBLISHER_URL . '/assets/css/rating.css', null);
        $GLOBALS['xoopsTpl']->assign('rating', $voteType);
        $GLOBALS['xoopsTpl']->assign('rating_5stars', (Constants::RATING_5STARS === $voteType));
        $GLOBALS['xoopsTpl']->assign('rating_10stars', (Constants::RATING_10STARS === $voteType));
        $GLOBALS['xoopsTpl']->assign('rating_10num', (Constants::RATING_10NUM === $voteType));
        $GLOBALS['xoopsTpl']->assign('rating_likes', (Constants::RATING_LIKES === $voteType));
        $GLOBALS['xoopsTpl']->assign('rating_reaction', (Constants::RATING_REACTION === $voteType));
        $GLOBALS['xoopsTpl']->assign('itemid', 'itemid');
        $GLOBALS['xoopsTpl']->assign('blog_icon_url_16', PUBLISHER_URL . '/' . $modPathIcon16);
    }

    /** @var VoteHandler $voteHandler */
    $voteHandler = $helper->getHandler('Vote');

    $rating5 = $voteHandler->getItemRating5($itemObj, Constants::TABLE_ARTICLE);
    $xoopsTpl->assign('rating', $rating5);
    $item['rating'] = $rating5;

    //    $GLOBALS['xoopsTpl']->assign('article', $article);
    //        $xoopsTpl->assign('article', $article);
    $xoopsTpl->assign('item2', $item);
    //        $xoopsTpl->assign('rating', $rating);
    //        unset($article);
    //    }

    $GLOBALS['xoopsTpl']->assign('type', $helper->getConfig('table_type'));
    $GLOBALS['xoopsTpl']->assign('divideby', $helper->getConfig('divideby'));
    $GLOBALS['xoopsTpl']->assign('numb_col', $helper->getConfig('numb_col'));
}

//=================== END VOTE RATING =========================================

//$xoopsTpl->assign('article', $article);
$xoopsTpl->assign('item', $item);
$GLOBALS['xoopsTpl']->assign('mod_path', $helper->path());
require_once XOOPS_ROOT_PATH . '/footer.php';


1			<?php declare(strict_types=1);
2			/*
3			You may not change or alter any portion of this comment or credits
4			of supporting developers from this source code or any supporting source code
5			which is considered copyrighted (c) material of the original comment or credit authors.
6
7			This program is distributed in the hope that it will be useful,
8			but WITHOUT ANY WARRANTY; without even the implied warranty of
9			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* @copyright XOOPS Project (https://xoops.org)
14			* @license https://www.fsf.org/copyleft/gpl.html GNU public license
15			* @since 1.0
16			* @author trabis <[email protected]>
17			* @author The SmartFactory <www.smartfactory.ca>
18			*/
19
20			use Xmf\Request;
21			use XoopsModules\Publisher\{
22			Category,
23			Constants,
24			Helper,
25			Item,
26			Jsonld,
27			Metagen,
28			Utility,
29			VoteHandler
30			};
31			use XoopsModules\Tag\Tagbar;
32
33			/** @var Category $categoryObj */
34			require_once __DIR__ . '/header.php';
35
36			$itemId = Request::getInt('itemid', 0, 'GET');
37			$itemPageId = Request::getInt('page', -1, 'GET');
38
39			if (0 == $itemId) {
40			// redirect_header('<script>javascript:history.go(-1)</script>', 1, _MD_PUBLISHER_NOITEMSELECTED);
41			}
42
43			$helper = Helper::getInstance();
44
45			// Creating the item object for the selected item
46			/** @var Item $itemObj */
47			$itemObj = $helper->getHandler('Item')
48			->get($itemId);
49
50			// if the selected item was not found, exit
51			if (null === $itemObj) {
52			redirect_header('<script>javascript:history.go(-1)</script>', 1, _MD_PUBLISHER_NOITEMSELECTED);
53			}
54
55			// Creating the category object that holds the selected item
56			$categoryObj = $helper->getHandler('Category')
57			->get($itemObj->categoryid());
58
59			$categoryid = (int)$categoryObj->getVar('categoryid');
60
61			$GLOBALS['xoopsOption']['template_main'] = 'publisher_item.tpl'; //default template
62
63			//Option for a custom template for a category
64			$catItemTemplate = $categoryObj->getVar('template_item');
65			if (!empty($catItemTemplate)) {
66			$GLOBALS['xoopsOption']['template_main'] = 'publisher_category_item_custom.tpl';
67			}
68
69			require_once XOOPS_ROOT_PATH . '/header.php';
70
71			//$xoTheme->addScript(XOOPS_URL . '/browse.php?Frameworks/jquery/jquery.js');
72			//$xoTheme->addScript(PUBLISHER_URL . '/assets/js/jquery.popeye-2.1.js');
73			//$xoTheme->addScript(PUBLISHER_URL . '/assets/js/publisher.js');
74			//
75			//$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/jquery.popeye.css');
76			//$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/jquery.popeye.style.css');
77			$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/publisher.css');
78			$xoTheme->addStylesheet(PUBLISHER_URL . '/assets/css/rating.css');
79
80			$xoopsTpl->assign('customitemtemplate', $catItemTemplate); //assign custom template
81
82			require_once PUBLISHER_ROOT_PATH . '/footer.php';
83
84			// Check user permissions to access that category of the selected item
85			if (!$itemObj->accessGranted()) {
86			redirect_header('<script>javascript:history.go(-1)</script>', 1, _NOPERM);
87			}
88			$com_replytitle = $itemObj->getTitle();
89
90			// Update the read counter of the selected item
91			if (!$GLOBALS['xoopsUser']
92			\|\| ($GLOBALS['xoopsUser']
93			&& !$GLOBALS['xoopsUser']->isAdmin(
94			$helper->getModule()
95			->mid()
96			))
97			\|\| ($GLOBALS['xoopsUser']->isAdmin(
98			$helper->getModule()
99			->mid()
100			)
101			&& 1 == $helper->getConfig('item_admin_hits'))) {
102			$itemObj->updateCounter();
103			}
104
105			// creating the Item objects that belong to the selected category
106			switch ($helper->getConfig('format_order_by')) {
107			case 'title':
108			$sort = 'title';
109			$order = 'ASC';
110			break;
111			case 'date':
112			$sort = 'datesub';
113			$order = 'DESC';
114			break;
115			case 'counter':
116			$sort = 'counter';
117			$order = 'DESC';
118			break;
119			case 'rating':
120			$sort = 'rating';
121			$order = 'DESC';
122			break;
123			case 'votes':
124			$sort = 'votes';
125			$order = 'DESC';
126			break;
127			case 'comments':
128			$sort = 'comments';
129			$order = 'DESC';
130			break;
131			default:
132			$sort = 'weight';
133			$order = 'ASC';
134			break;
135			}
136
137			if ('previous_next' === $helper->getConfig('item_other_items_type')) {
138			// Retrieving the next and previous object
139			$previousItemLink = '';
140			$previousItemUrl = '';
141			$nextItemLink = '';
142			$nextItemUrl = '';
143
144			$previousObj = $helper->getHandler('Item')
145			->getPreviousPublished($itemObj);
146			$nextObj = $helper->getHandler('Item')
147			->getNextPublished($itemObj);
148			if (is_object($previousObj)) {
			0 ignored issues – show introduced 2020-07-06 02:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_object($previousObj)` is always `false`. Loading history...
149			$previousItemLink = $previousObj->getItemLink();
150			$previousItemUrl = $previousObj->getItemUrl();
151			}
152
153			if (is_object($nextObj)) {
			0 ignored issues – show introduced 2020-07-06 02:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_object($nextObj)` is always `false`. Loading history...
154			$nextItemLink = $nextObj->getItemLink();
155			$nextItemUrl = $nextObj->getItemUrl();
156			}
157			unset($previousObj, $nextObj);
158			$xoopsTpl->assign('previousItemLink', $previousItemLink);
159			$xoopsTpl->assign('nextItemLink', $nextItemLink);
160			$xoopsTpl->assign('previousItemUrl', $previousItemUrl);
161			$xoopsTpl->assign('nextItemUrl', $nextItemUrl);
162			}
163
164			//CAREFUL!! with many items this will exhaust memory
165			if ('all' === $helper->getConfig('item_other_items_type')) {
166			$itemsObj = $helper->getHandler('Item')
167			->getAllPublished(0, 0, $categoryObj->categoryid, $sort, $order, '', true, true);
168			$items = [];
169			foreach ($itemsObj[''] as $theItemObj) {
170			$theItem = [];
171			$theItem['body'] = $theItemObj->getBody();
172			$theItem['title'] = $theItemObj->getTitle();
173			$theItem['titlelink'] = $theItemObj->getItemLink();
174			$theItem['itemid'] = $theItemObj->itemid();
175			$theItem['itemurl'] = $theItemObj->getItemUrl();
176			$theItem['datesub'] = $theItemObj->getDatesub();
177			$theItem['counter'] = $theItemObj->counter();
178			$theItem['who'] = $theItemObj->getWho();
179			$theItem['category'] = $theItemObj->getCategoryLink();
180			$theItem['more'] = '<a href="' . $theItemObj->getItemUrl() . '">' . _MD_PUBLISHER_READMORE . '</a>';
181
182			$summary = $theItemObj->getSummary(300);
183			if (!$summary) {
184			$summary = $theItemObj->getBody(300);
185			}
186			$theItem['summary'] = $summary;
187
188			$theItem['cancomment'] = $theItemObj->cancomment();
189			$comments = $theItemObj->comments();
190			if ($comments > 0) {
191			//shows 1 comment instead of 1 comm. if comments ==1
192			//langugage file modified accordingly
193			if (1 == $comments) {
194			$theItem['comments'] = ' ' . _MD_PUBLISHER_ONECOMMENT . ' ';
195			} else {
196			$theItem['comments'] = ' ' . $comments . ' ' . _MD_PUBLISHER_COMMENTS . ' ';
197			}
198			} else {
199			$theItem['comments'] = ' ' . _MD_PUBLISHER_NO_COMMENTS . ' ';
200			}
201
202			$mainImage = $theItemObj->getMainImage();
203			// check to see if GD function exist
204			$theItem['item_image'] = $mainImage['image_path'];
205			if (!empty($mainImage['image_path']) && function_exists('imagecreatetruecolor')) {
206			$theItem['item_image'] = PUBLISHER_URL . '/thumb.php?src=' . $mainImage['image_path'] . '&w=100';
207			$theItem['image_path'] = $mainImage['image_path'];
208			}
209
210			if ($theItemObj->itemid == $itemObj->itemid()) {
211			$theItem['titlelink'] = $theItemObj->getItemLink();
212			}
213			$items[] = $theItem;
214			unset($theItem);
215			}
216			unset($itemsObj);
217			$xoopsTpl->assign('items', $items);
218			unset($items);
219			}
220
221			// Populating the smarty variables with information related to the selected item
222			$item = $itemObj->toArraySimple($itemPageId);
223			$xoopsTpl->assign('show_subtitle', $helper->getConfig('item_disp_subtitle'));
224
225			if ($itemObj->pagescount() > 0) {
226			if (-1 == $itemPageId) {
227			$itemPageId = 0;
228			}
229			require_once $GLOBALS['xoops']->path('class/pagenav.php');
230			// $pagenav = new \XoopsPageNav($itemObj->pagescount(), 1, $itemPageId, 'page', 'itemid=' . $itemObj->itemid());
231
232			$pagenav = new \XoopsPageNav($itemObj->pagescount(), 1, $itemPageId, 'page', 'itemid=' . $itemObj->itemid()); //SMEDrieben changed ->itemId to ->itemid
233
234			$xoopsTpl->assign('pagenav', $pagenav->renderNav());
235			}
236
237			// Creating the files object associated with this item
238			$file = [];
239			$files = [];
240			$embededFiles = [];
241			$filesObj = $itemObj->getFiles();
242
243			// check if user has permission to modify files
244			$hasFilePermissions = true;
245			if (!(Utility::userIsAdmin() \|\| Utility::userIsModerator($itemObj))) {
246			$hasFilePermissions = false;
247			}
248			if (null !== $filesObj) {
249			foreach ($filesObj as $fileObj) {
250			$file = [];
251			$file['mod'] = false;
252			if ($hasFilePermissions \|\| (is_object($GLOBALS['xoopsUser']) && $fileObj->getVar('uid') == $GLOBALS['xoopsUser']->getVar('uid'))) {
253			$file['mod'] = true;
254			}
255
256			if ('application/x-shockwave-flash' === $fileObj->mimetype()) {
257			$file['content'] = $fileObj->displayFlash();
258			if (mb_strpos($item['maintext'], '[flash-' . $fileObj->getVar('fileid') . ']')) {
259			$item['maintext'] = str_replace('[flash-' . $fileObj->getVar('fileid') . ']', $file['content'], $item['maintext']);
260			} else {
261			$embededFiles[] = $file;
262			}
263			} else {
264			$file['fileid'] = $fileObj->fileid();
265			$file['name'] = $fileObj->name();
266			$file['description'] = $fileObj->description();
267			$file['filename'] = $fileObj->filename();
268			$file['type'] = $fileObj->mimetype();
269			$file['datesub'] = $fileObj->getDatesub();
270			$file['hits'] = $fileObj->counter();
271			$files[] = $file;
272			}
273			}
274			}
275
276			$item['files'] = $files;
277			$item['embeded_files'] = $embededFiles;
278			unset($file, $embededFiles, $filesObj, $fileObj);
279
280			// Language constants
281			$xoopsTpl->assign('mail_link', 'mailto:?subject=' . sprintf(_CO_PUBLISHER_INTITEM, $GLOBALS['xoopsConfig']['sitename']) . '&body=' . sprintf(_CO_PUBLISHER_INTITEMFOUND, $GLOBALS['xoopsConfig']['sitename']) . ': ' . $itemObj->getItemUrl());
282			$xoopsTpl->assign('itemid', $itemObj->itemid());
283			$xoopsTpl->assign(
284			'sectionname', $helper->getModule()
285			->getVar('name')
286			);
287			$xoopsTpl->assign('module_dirname', $helper->getDirname());
288			$xoopsTpl->assign('module_home', Utility::moduleHome($helper->getConfig('format_linked_path')));
289			$xoopsTpl->assign('categoryPath', '<li>' . $item['categoryPath'] . '</li><li> ' . $item['title'] . '</li>');
290			$xoopsTpl->assign('commentatarticlelevel', $helper->getConfig('perm_com_art_level'));
291			$xoopsTpl->assign('com_rule', $helper->getConfig('com_rule'));
292			$xoopsTpl->assign('other_items', $helper->getConfig('item_other_items_type'));
293			$xoopsTpl->assign('itemfooter', $myts->displayTarea($helper->getConfig('item_footer'), 1));
294			$xoopsTpl->assign('perm_author_items', $helper->getConfig('perm_author_items'));
295
296			// tags support
297			if (xoops_isActiveModule('tag')) {
298			$tagbar = new Tagbar();
299			$xoopsTpl->assign('tagbar', $tagbar->getTagbar($itemId, $categoryid = 0));
300			}
301
302			/**
303			* Generating meta information for this page
304			*/
305			$publisherMetagen = new Metagen($itemObj->getVar('title'), $itemObj->getVar('meta_keywords', 'n'), $itemObj->getVar('meta_description', 'n'), $itemObj->getCategoryPath());
306			$publisherMetagen->createMetaTags();
307
308			// generate JSON-LD and add to page
309			if ($helper->getConfig('generate_jsonld')) {
310			$jsonld = Jsonld::getItem($itemObj, $categoryObj);
311			echo $jsonld;
312			}
313
314			// Include the comments if the selected ITEM supports comments
315			if ((0 != $helper->getConfig('com_rule')) && ((1 == $itemObj->cancomment()) \|\| !$helper->getConfig('perm_com_art_level'))) {
316			require_once \dirname(__DIR__, 2) . '/include/comment_view.php';
317			// Problem with url_rewrite and posting comments :
318			// $xoopsTpl->assign(
319			// [
320			// 'editcomment_link' => PUBLISHER_URL . '/comment_edit.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode . $link_extra,
321			// 'deletecomment_link' => PUBLISHER_URL . '/comment_delete.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode . $link_extra,
322			// 'replycomment_link' => PUBLISHER_URL . '/comment_reply.php?com_itemid=' . $com_itemid . '&com_order=' . $com_order . '&com_mode=' . $com_mode . $link_extra,
323			// ]
324			// );
325			$commentsnav = $xoopsTpl->getTemplateVars('commentsnav');
326			$commentsnav = str_replace(
327			"self.location.href='",
328			"self.location.href='" . PUBLISHER_URL . '/',
329			$commentsnav ?? ''
330			);
331			$xoopsTpl->assign('commentsnav', $commentsnav);
332			}
333
334			// Original AJAX rating
335			if ($helper->getConfig('perm_rating')) {
336			$xoopsTpl->assign('rating_enabled', true);
337			$item['ratingbar'] = Utility::ratingBar($itemId);
338
339			// $xoTheme->addScript(PUBLISHER_URL . '/assets/js/behavior.js');
340			// $xoTheme->addScript(PUBLISHER_URL . '/assets/js/rating.js');
341			//}
342
343			//=============== START VOTE RATING ======================================
344
345			$start = Request::getInt('start', 0);
346			$limit = Request::getInt('limit', $helper->getConfig('userpager'));
347			$id = Request::getInt('itemid', 0, 'GET');
348
349			// $ratingbars = (int)$helper->getConfig('ratingbars'); //from Preferences
350
351			$voteType = $itemObj->votetype();
352
353			if ($voteType > 0) {
354			$GLOBALS['xoTheme']->addStylesheet(PUBLISHER_URL . '/assets/css/rating.css', null);
355			$GLOBALS['xoopsTpl']->assign('rating', $voteType);
356			$GLOBALS['xoopsTpl']->assign('rating_5stars', (Constants::RATING_5STARS === $voteType));
357			$GLOBALS['xoopsTpl']->assign('rating_10stars', (Constants::RATING_10STARS === $voteType));
358			$GLOBALS['xoopsTpl']->assign('rating_10num', (Constants::RATING_10NUM === $voteType));
359			$GLOBALS['xoopsTpl']->assign('rating_likes', (Constants::RATING_LIKES === $voteType));
360			$GLOBALS['xoopsTpl']->assign('rating_reaction', (Constants::RATING_REACTION === $voteType));
361			$GLOBALS['xoopsTpl']->assign('itemid', 'itemid');
362			$GLOBALS['xoopsTpl']->assign('blog_icon_url_16', PUBLISHER_URL . '/' . $modPathIcon16);
363			}
364
365			/** @var VoteHandler $voteHandler */
366			$voteHandler = $helper->getHandler('Vote');
367
368			$rating5 = $voteHandler->getItemRating5($itemObj, Constants::TABLE_ARTICLE);
369			$xoopsTpl->assign('rating', $rating5);
370			$item['rating'] = $rating5;
371
372			// $GLOBALS['xoopsTpl']->assign('article', $article);
373			// $xoopsTpl->assign('article', $article);
374			$xoopsTpl->assign('item2', $item);
375			// $xoopsTpl->assign('rating', $rating);
376			// unset($article);
377			// }
378
379			$GLOBALS['xoopsTpl']->assign('type', $helper->getConfig('table_type'));
380			$GLOBALS['xoopsTpl']->assign('divideby', $helper->getConfig('divideby'));
381			$GLOBALS['xoopsTpl']->assign('numb_col', $helper->getConfig('numb_col'));
382			}
383
384			//=================== END VOTE RATING =========================================
385
386			//$xoopsTpl->assign('article', $article);
387			$xoopsTpl->assign('item', $item);
388			$GLOBALS['xoopsTpl']->assign('mod_path', $helper->path());
389			require_once XOOPS_ROOT_PATH . '/footer.php';
390

mambax7 / publisher

Issues (371)

Security Analysis no vulnerabilities found

item.php (2 issues)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like