Issues in submit.php (master) - Issues in master - mambax7/smartfaq - Measure and Improve Code Quality continuously with Scrutinizer

Issues (299)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

submit.php (3 issues)

Labels

Bug 3

Severity

Major 3

<?php declare(strict_types=1);

/**
 * Module: SmartFAQ
 * Author: The SmartFactory <www.smartfactory.ca>
 * Licence: GNU
 */

use Xmf\Request;
use XoopsModules\Smartfaq;
use XoopsModules\Smartfaq\Constants;
use XoopsModules\Smartfaq\Helper;

$GLOBALS['xoopsOption']['template_main'] = 'smartfaq_submit.tpl';

require_once __DIR__ . '/header.php';

global $xoopsUser, $xoopsConfig, $xoopsModule;
/** @var Smartfaq\Helper $helper */
$helper = Helper::getInstance();

// Creating the category handler object
/** @var \XoopsModules\Smartfaq\CategoryHandler $categoryHandler */
$categoryHandler = Helper::getInstance()->getHandler('Category');

// Creating the FAQ handler object
/** @var \XoopsModules\Smartfaq\FaqHandler $faqHandler */
$faqHandler = Helper::getInstance()->getHandler('Faq');

// Creating the answer handler object
/** @var \XoopsModules\Smartfaq\AnswerHandler $answerHandler */
$answerHandler = Helper::getInstance()->getHandler('Answer');

// Get the total number of categories
$totalCategories = count($categoryHandler->getCategories());

if (0 == $totalCategories) {
    redirect_header('index.php', 1, _AM_SF_NOCOLEXISTS);
}

// Find if the user is admin of the module
$isAdmin = Smartfaq\Utility::userIsAdmin();
// If the user is not admin AND we don't allow user submission, exit
if (!($isAdmin
      || (null !== $helper->getConfig('allowsubmit') && 1 == $helper->getConfig('allowsubmit')
          && (is_object($xoopsUser)
              || (null !== $helper->getConfig('anonpost')
                  && 1 == $helper->getConfig('anonpost')))))) {
    redirect_header('index.php', 1, _NOPERM);
}

$op = 'form';

if (Request::hasVar('post', 'POST')) {
    $op = 'post';
} elseif (Request::hasVar('preview', 'POST')) {
    $op = 'preview';
}

switch ($op) {
    case 'preview':
        global $xoopsUser, $xoopsConfig, $xoopsModule, $xoopsDB;

        $faqObj      = $faqHandler->create();
        $answerObj   = $answerHandler->create();
        $categoryObj = $categoryHandler->get($_POST['categoryid']);

        if ($xoopsUser) {
            $uid = $xoopsUser->uid();
        } else {
            if (1 == $helper->getConfig('anonpost')) {
                $uid = 0;
            } else {
                redirect_header('index.php', 3, _NOPERM);
            }
        }

        $notifypub = Request::getInt('notifypub', 0, 'POST');

        // Putting the values about the FAQ in the FAQ object
        $faqObj->setVar('categoryid', $_POST['categoryid']);
        $faqObj->setVar('uid', $uid);
        $faqObj->setVar('question', $_POST['question']);
        $faqObj->setVar('howdoi', $_POST['howdoi']);
        $faqObj->setVar('diduno', $_POST['diduno']);
        $faqObj->setVar('datesub', time());

        // Putting the values in the answer object
        $answerObj->setVar('status', Constants::SF_AN_STATUS_APPROVED);
        $answerObj->setVar('faqid', $faqObj->faqid());
        $answerObj->setVar('answer', $_POST['answer']);
        $answerObj->setVar('uid', $uid);

        global $xoopsUser, $myts;

        require_once XOOPS_ROOT_PATH . '/header.php';
        require_once __DIR__ . '/footer.php';

        $name = $xoopsUser ? ucwords($xoopsUser->getVar('uname')) : 'Anonymous';

        $moduleName          = &$myts->displayTarea($xoopsModule->getVar('name'));
        $faq                 = $faqObj->toArray(null, $categoryObj, false);
        $faq['categoryPath'] = $categoryObj->getCategoryPath(true);
        $faq['answer']       = $answerObj->answer();
        $faq['who_when']     = $faqObj->getWhoAndWhen();

        $faq['comments'] = -1;
        $xoopsTpl->assign('faq', $faq);
        $xoopsTpl->assign('op', 'preview');
        $xoopsTpl->assign('whereInSection', $moduleName);
        $xoopsTpl->assign('lang_submit', _MD_SF_SUB_SNEWNAME);

        $xoopsTpl->assign('lang_intro_title', sprintf(_MD_SF_SUB_SNEWNAME, ucwords($xoopsModule->name())));
        $xoopsTpl->assign('lang_intro_text', _MD_SF_GOODDAY . "<b>$name</b>, " . _MD_SF_SUB_INTRO);

        require_once __DIR__ . '/include/submit.inc.php';

        require_once XOOPS_ROOT_PATH . '/footer.php';

        exit();
    case 'post':
        global $xoopsUser, $xoopsConfig, $xoopsModule, $xoopsDB;

        $newFaqObj    = $faqHandler->create();
        $newAnswerObj = $answerHandler->create();

        if ($xoopsUser) {
            $uid = $xoopsUser->uid();
        } else {
            if (1 == $helper->getConfig('anonpost')) {
                $uid = 0;
            } else {
                redirect_header('index.php', 3, _NOPERM);
            }
        }

        $notifypub = Request::getInt('notifypub', 0, 'POST');

        // Putting the values about the FAQ in the FAQ object
        $newFaqObj->setVar('categoryid', $_POST['categoryid']);
        $newFaqObj->setVar('uid', $uid);
        $newFaqObj->setVar('question', $_POST['question']);
        $newFaqObj->setVar('howdoi', $_POST['howdoi']);
        $newFaqObj->setVar('diduno', $_POST['diduno']);
        $newFaqObj->setVar('notifypub', $notifypub);
        //$newFaqObj->setVar('modulelink', $_POST['modulelink']);
        //$newFaqObj->setVar('contextpage', $_POST['contextpage']);

        // Setting the status of the FAQ

        // if user is admin, FAQ are automatically published
        $isAdmin = Smartfaq\Utility::userIsAdmin();
        if ($isAdmin) {
            $newFaqObj->setVar('status', Constants::SF_STATUS_PUBLISHED);
        } elseif (1 == $helper->getConfig('autoapprove_submitted_faq')) {
            $newFaqObj->setVar('status', Constants::SF_STATUS_PUBLISHED);
        } else {
            $newFaqObj->setVar('status', Constants::SF_STATUS_SUBMITTED);
        }

        // Storing the FAQ object in the database
        if (!$newFaqObj->store()) {
            redirect_header('<script>javascript:history.go(-1)</script>', 2, _MD_SF_SUBMIT_ERROR);
        }

        // Putting the values in the answer object
        $newAnswerObj->setVar('status', Constants::SF_AN_STATUS_APPROVED);
        $newAnswerObj->setVar('faqid', $newFaqObj->faqid());
        $newAnswerObj->setVar('answer', $_POST['answer']);
        $newAnswerObj->setVar('uid', $uid);

        //====================================================================================
        //TODO post Attachment
        $attachments_tmp = [];
        if (Request::hasVar('attachments_tmp', 'POST')) {
            $attachments_tmp = unserialize(base64_decode($_POST['attachments_tmp'], true));
            if (Request::hasVar('delete_tmp', 'POST') && count($_POST['delete_tmp'])) {
                foreach ($_POST['delete_tmp'] as $key) {
                    unlink(XOOPS_ROOT_PATH . '/' . $helper->getConfig('dir_attachments') . '/' . $attachments_tmp[$key][0]);
                    unset($attachments_tmp[$key]);
                }
            }
        }
        if (count($attachments_tmp)) {
            foreach ($attachments_tmp as $key => $attach) {
                if (rename(XOOPS_CACHE_PATH . '/' . $attach[0], XOOPS_ROOT_PATH . '/' . $helper->getConfig('dir_attachments') . '/' . $attach[0])) {
                    $post_obj->setAttachment($attach[0], $attach[1], $attach[2]);
                }
            }
        }
        $error_upload = '';

        if (isset($_FILES['userfile']['name']) && '' != $_FILES['userfile']['name']
            && $topicHandler->getPermission($forum_obj, $topic_status, 'attach')) {
            require_once XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->getVar('dirname', 'n') . '/class/uploader.php';
            $maxfilesize = $forum_obj->getVar('attach_maxkb') * 1024;
            $uploaddir   = XOOPS_CACHE_PATH;

            $uploader = new Smartfaq\Uploader($uploaddir, $newAnswerObj->getVar('attach_ext'), (int)$maxfilesize, (int)$helper->getConfig('max_img_width'), (int)$helper->getConfig('max_img_height'));

            if ($_FILES['userfile']['error'] > 0) {
                switch ($_FILES['userfile']['error']) {
                    case 1:
                        $error_message[] = _MD_NEWBB_MAXUPLOADFILEINI;

                        break;
                    case 2:
                        $error_message[] = sprintf(_MD_NEWBB_MAXKB, $forum_obj->getVar('attach_maxkb'));

                        break;
                    default:
                        $error_message[] = _MD_NEWBB_UPLOAD_ERRNODEF;

                        break;
                }
            } else {
                $uploader->setCheckMediaTypeByExt();

                if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
                    $prefix = is_object($xoopsUser) ? $xoopsUser->uid() . '_' : 'newbb_';
                    $uploader->setPrefix($prefix);
                    if (!$uploader->upload()) {
                        $error_message[] = $error_upload = &$uploader->getErrors();
                    } elseif (is_file($uploader->getSavedDestination())) {
                            if (rename(XOOPS_CACHE_PATH . '/' . $uploader->getSavedFileName(), XOOPS_ROOT_PATH . '/' . $helper->getConfig('dir_attachments') . '/' . $uploader->getSavedFileName())) {
                                $post_obj->setAttachment($uploader->getSavedFileName(), $uploader->getMediaName(), $uploader->getMediaType());
                            }
                    }
                } else {
                    $error_message[] = $error_upload = &$uploader->getErrors();
                }
            }
        }

        //====================================================

        // Storing the answer object in the database
        if (!$newAnswerObj->store()) {
            redirect_header('<script>javascript:history.go(-1)</script>', 2, _MD_SF_SUBMIT_ERROR);
        }

        // Get the cateopry object related to that FAQ
        $categoryObj = $newFaqObj->category();

        // If autoapprove_submitted_faq
        if ($isAdmin) {
            // We do not subscribe user to notification on publish since we publish it right away

            // Send notifications
            $newFaqObj->sendNotifications([Constants::SF_NOT_FAQ_PUBLISHED]);

            $redirect_msg = _MD_SF_SUBMIT_FROM_ADMIN;
        } elseif (1 == $helper->getConfig('autoapprove_submitted_faq')) {
            // We do not subscribe user to notification on publish since we publish it right away

            // Send notifications
            $newFaqObj->sendNotifications([Constants::SF_NOT_FAQ_PUBLISHED]);

            $redirect_msg = _MD_SF_QNA_RECEIVED_AND_PUBLISHED;
        } else {
            // Subscribe the user to On Published notification, if requested
            if (1 == $notifypub) {
                require_once XOOPS_ROOT_PATH . '/include/notification_constants.php';
                /** @var \XoopsNotificationHandler $notificationHandler */
                $notificationHandler = xoops_getHandler('notification');
                $notificationHandler->subscribe('faq', $newFaqObj->faqid(), 'approved', XOOPS_NOTIFICATION_MODE_SENDONCETHENDELETE);
            }
            // Send notifications
            $newFaqObj->sendNotifications([Constants::SF_NOT_FAQ_SUBMITTED]);

            $redirect_msg = _MD_SF_QNA_RECEIVED_NEED_APPROVAL;
        }

        redirect_header('index.php', 2, $redirect_msg);
        break;
    case 'form':
    default:
        global $xoopsUser, $myts;

        $faqObj      = $faqHandler->create();
        $answerObj   = $answerHandler->create();
        $categoryObj = $categoryHandler->create();

        require_once XOOPS_ROOT_PATH . '/header.php';
        require_once __DIR__ . '/footer.php';

        $name       = $xoopsUser ? ucwords($xoopsUser->getVar('uname')) : 'Anonymous';
        $notifypub  = 1;
        $moduleName = &$myts->displayTarea($xoopsModule->getVar('name'));
        $xoopsTpl->assign('whereInSection', $moduleName);
        $xoopsTpl->assign('lang_submit', _MD_SF_SUB_SNEWNAME);

        $xoopsTpl->assign('lang_intro_title', sprintf(_MD_SF_SUB_SNEWNAME, ucwords($xoopsModule->name())));
        $xoopsTpl->assign('lang_intro_text', _MD_SF_GOODDAY . "<b>$name</b>, " . _MD_SF_SUB_INTRO);

        require_once __DIR__ . '/include/submit.inc.php';

        require_once XOOPS_ROOT_PATH . '/footer.php';
        break;
}


1			<?php declare(strict_types=1);
2
3			/**
4			* Module: SmartFAQ
5			* Author: The SmartFactory <www.smartfactory.ca>
6			* Licence: GNU
7			*/
8
9			use Xmf\Request;
10			use XoopsModules\Smartfaq;
11			use XoopsModules\Smartfaq\Constants;
12			use XoopsModules\Smartfaq\Helper;
13
14			$GLOBALS['xoopsOption']['template_main'] = 'smartfaq_submit.tpl';
15
16			require_once __DIR__ . '/header.php';
17
18			global $xoopsUser, $xoopsConfig, $xoopsModule;
19			/** @var Smartfaq\Helper $helper */
20			$helper = Helper::getInstance();
21
22			// Creating the category handler object
23			/** @var \XoopsModules\Smartfaq\CategoryHandler $categoryHandler */
24			$categoryHandler = Helper::getInstance()->getHandler('Category');
25
26			// Creating the FAQ handler object
27			/** @var \XoopsModules\Smartfaq\FaqHandler $faqHandler */
28			$faqHandler = Helper::getInstance()->getHandler('Faq');
29
30			// Creating the answer handler object
31			/** @var \XoopsModules\Smartfaq\AnswerHandler $answerHandler */
32			$answerHandler = Helper::getInstance()->getHandler('Answer');
33
34			// Get the total number of categories
35			$totalCategories = count($categoryHandler->getCategories());
36
37			if (0 == $totalCategories) {
38			redirect_header('index.php', 1, _AM_SF_NOCOLEXISTS);
39			}
40
41			// Find if the user is admin of the module
42			$isAdmin = Smartfaq\Utility::userIsAdmin();
43			// If the user is not admin AND we don't allow user submission, exit
44			if (!($isAdmin
45			\|\| (null !== $helper->getConfig('allowsubmit') && 1 == $helper->getConfig('allowsubmit')
46			&& (is_object($xoopsUser)
47			\|\| (null !== $helper->getConfig('anonpost')
48			&& 1 == $helper->getConfig('anonpost')))))) {
49			redirect_header('index.php', 1, _NOPERM);
50			}
51
52			$op = 'form';
53
54			if (Request::hasVar('post', 'POST')) {
55			$op = 'post';
56			} elseif (Request::hasVar('preview', 'POST')) {
57			$op = 'preview';
58			}
59
60			switch ($op) {
61			case 'preview':
62			global $xoopsUser, $xoopsConfig, $xoopsModule, $xoopsDB;
63
64			$faqObj = $faqHandler->create();
65			$answerObj = $answerHandler->create();
66			$categoryObj = $categoryHandler->get($_POST['categoryid']);
67
68			if ($xoopsUser) {
69			$uid = $xoopsUser->uid();
70			} else {
71			if (1 == $helper->getConfig('anonpost')) {
72			$uid = 0;
73			} else {
74			redirect_header('index.php', 3, _NOPERM);
75			}
76			}
77
78			$notifypub = Request::getInt('notifypub', 0, 'POST');
79
80			// Putting the values about the FAQ in the FAQ object
81			$faqObj->setVar('categoryid', $_POST['categoryid']);
82			$faqObj->setVar('uid', $uid);
83			$faqObj->setVar('question', $_POST['question']);
84			$faqObj->setVar('howdoi', $_POST['howdoi']);
85			$faqObj->setVar('diduno', $_POST['diduno']);
86			$faqObj->setVar('datesub', time());
87
88			// Putting the values in the answer object
89			$answerObj->setVar('status', Constants::SF_AN_STATUS_APPROVED);
90			$answerObj->setVar('faqid', $faqObj->faqid());
91			$answerObj->setVar('answer', $_POST['answer']);
92			$answerObj->setVar('uid', $uid);
93
94			global $xoopsUser, $myts;
95
96			require_once XOOPS_ROOT_PATH . '/header.php';
97			require_once __DIR__ . '/footer.php';
98
99			$name = $xoopsUser ? ucwords($xoopsUser->getVar('uname')) : 'Anonymous';
100
101			$moduleName = &$myts->displayTarea($xoopsModule->getVar('name'));
102			$faq = $faqObj->toArray(null, $categoryObj, false);
103			$faq['categoryPath'] = $categoryObj->getCategoryPath(true);
104			$faq['answer'] = $answerObj->answer();
105			$faq['who_when'] = $faqObj->getWhoAndWhen();
106
107			$faq['comments'] = -1;
108			$xoopsTpl->assign('faq', $faq);
109			$xoopsTpl->assign('op', 'preview');
110			$xoopsTpl->assign('whereInSection', $moduleName);
111			$xoopsTpl->assign('lang_submit', _MD_SF_SUB_SNEWNAME);
112
113			$xoopsTpl->assign('lang_intro_title', sprintf(_MD_SF_SUB_SNEWNAME, ucwords($xoopsModule->name())));
114			$xoopsTpl->assign('lang_intro_text', _MD_SF_GOODDAY . "<b>$name</b>, " . _MD_SF_SUB_INTRO);
115
116			require_once __DIR__ . '/include/submit.inc.php';
117
118			require_once XOOPS_ROOT_PATH . '/footer.php';
119
120			exit();
121			case 'post':
122			global $xoopsUser, $xoopsConfig, $xoopsModule, $xoopsDB;
123
124			$newFaqObj = $faqHandler->create();
125			$newAnswerObj = $answerHandler->create();
126
127			if ($xoopsUser) {
128			$uid = $xoopsUser->uid();
129			} else {
130			if (1 == $helper->getConfig('anonpost')) {
131			$uid = 0;
132			} else {
133			redirect_header('index.php', 3, _NOPERM);
134			}
135			}
136
137			$notifypub = Request::getInt('notifypub', 0, 'POST');
138
139			// Putting the values about the FAQ in the FAQ object
140			$newFaqObj->setVar('categoryid', $_POST['categoryid']);
141			$newFaqObj->setVar('uid', $uid);
142			$newFaqObj->setVar('question', $_POST['question']);
143			$newFaqObj->setVar('howdoi', $_POST['howdoi']);
144			$newFaqObj->setVar('diduno', $_POST['diduno']);
145			$newFaqObj->setVar('notifypub', $notifypub);
146			//$newFaqObj->setVar('modulelink', $_POST['modulelink']);
147			//$newFaqObj->setVar('contextpage', $_POST['contextpage']);
148
149			// Setting the status of the FAQ
150
151			// if user is admin, FAQ are automatically published
152			$isAdmin = Smartfaq\Utility::userIsAdmin();
153			if ($isAdmin) {
154			$newFaqObj->setVar('status', Constants::SF_STATUS_PUBLISHED);
155			} elseif (1 == $helper->getConfig('autoapprove_submitted_faq')) {
156			$newFaqObj->setVar('status', Constants::SF_STATUS_PUBLISHED);
157			} else {
158			$newFaqObj->setVar('status', Constants::SF_STATUS_SUBMITTED);
159			}
160
161			// Storing the FAQ object in the database
162			if (!$newFaqObj->store()) {
163			redirect_header('<script>javascript:history.go(-1)</script>', 2, _MD_SF_SUBMIT_ERROR);
164			}
165
166			// Putting the values in the answer object
167			$newAnswerObj->setVar('status', Constants::SF_AN_STATUS_APPROVED);
168			$newAnswerObj->setVar('faqid', $newFaqObj->faqid());
169			$newAnswerObj->setVar('answer', $_POST['answer']);
170			$newAnswerObj->setVar('uid', $uid);
171
172			//====================================================================================
173			//TODO post Attachment
174			$attachments_tmp = [];
175			if (Request::hasVar('attachments_tmp', 'POST')) {
176			$attachments_tmp = unserialize(base64_decode($_POST['attachments_tmp'], true));
177			if (Request::hasVar('delete_tmp', 'POST') && count($_POST['delete_tmp'])) {
178			foreach ($_POST['delete_tmp'] as $key) {
179			unlink(XOOPS_ROOT_PATH . '/' . $helper->getConfig('dir_attachments') . '/' . $attachments_tmp[$key][0]);
180			unset($attachments_tmp[$key]);
181			}
182			}
183			}
184			if (count($attachments_tmp)) {
185			foreach ($attachments_tmp as $key => $attach) {
186			if (rename(XOOPS_CACHE_PATH . '/' . $attach[0], XOOPS_ROOT_PATH . '/' . $helper->getConfig('dir_attachments') . '/' . $attach[0])) {
187			$post_obj->setAttachment($attach[0], $attach[1], $attach[2]);
188			}
189			}
190			}
191			$error_upload = '';
192
193			if (isset($_FILES['userfile']['name']) && '' != $_FILES['userfile']['name']
194			&& $topicHandler->getPermission($forum_obj, $topic_status, 'attach')) {
195			require_once XOOPS_ROOT_PATH . '/modules/' . $xoopsModule->getVar('dirname', 'n') . '/class/uploader.php';
196			$maxfilesize = $forum_obj->getVar('attach_maxkb') * 1024;
197			$uploaddir = XOOPS_CACHE_PATH;
198
199			$uploader = new Smartfaq\Uploader($uploaddir, $newAnswerObj->getVar('attach_ext'), (int)$maxfilesize, (int)$helper->getConfig('max_img_width'), (int)$helper->getConfig('max_img_height'));
200
201			if ($_FILES['userfile']['error'] > 0) {
202			switch ($_FILES['userfile']['error']) {
203			case 1:
204			$error_message[] = _MD_NEWBB_MAXUPLOADFILEINI;
			0 ignored issues – show Bug introduced 2018-03-13 22:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_MD_NEWBB_MAXUPLOADFILEINI` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
205			break;
206			case 2:
207			$error_message[] = sprintf(_MD_NEWBB_MAXKB, $forum_obj->getVar('attach_maxkb'));
			0 ignored issues – show Bug introduced 2018-03-13 22:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_MD_NEWBB_MAXKB` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
208			break;
209			default:
210			$error_message[] = _MD_NEWBB_UPLOAD_ERRNODEF;
			0 ignored issues – show Bug introduced 2018-03-13 22:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_MD_NEWBB_UPLOAD_ERRNODEF` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
211			break;
212			}
213			} else {
214			$uploader->setCheckMediaTypeByExt();
215
216			if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
217			$prefix = is_object($xoopsUser) ? $xoopsUser->uid() . '_' : 'newbb_';
218			$uploader->setPrefix($prefix);
219			if (!$uploader->upload()) {
220			$error_message[] = $error_upload = &$uploader->getErrors();
221			} elseif (is_file($uploader->getSavedDestination())) {
222			if (rename(XOOPS_CACHE_PATH . '/' . $uploader->getSavedFileName(), XOOPS_ROOT_PATH . '/' . $helper->getConfig('dir_attachments') . '/' . $uploader->getSavedFileName())) {
223			$post_obj->setAttachment($uploader->getSavedFileName(), $uploader->getMediaName(), $uploader->getMediaType());
224			}
225			}
226			} else {
227			$error_message[] = $error_upload = &$uploader->getErrors();
228			}
229			}
230			}
231
232			//====================================================
233
234			// Storing the answer object in the database
235			if (!$newAnswerObj->store()) {
236			redirect_header('<script>javascript:history.go(-1)</script>', 2, _MD_SF_SUBMIT_ERROR);
237			}
238
239			// Get the cateopry object related to that FAQ
240			$categoryObj = $newFaqObj->category();
241
242			// If autoapprove_submitted_faq
243			if ($isAdmin) {
244			// We do not subscribe user to notification on publish since we publish it right away
245
246			// Send notifications
247			$newFaqObj->sendNotifications([Constants::SF_NOT_FAQ_PUBLISHED]);
248
249			$redirect_msg = _MD_SF_SUBMIT_FROM_ADMIN;
250			} elseif (1 == $helper->getConfig('autoapprove_submitted_faq')) {
251			// We do not subscribe user to notification on publish since we publish it right away
252
253			// Send notifications
254			$newFaqObj->sendNotifications([Constants::SF_NOT_FAQ_PUBLISHED]);
255
256			$redirect_msg = _MD_SF_QNA_RECEIVED_AND_PUBLISHED;
257			} else {
258			// Subscribe the user to On Published notification, if requested
259			if (1 == $notifypub) {
260			require_once XOOPS_ROOT_PATH . '/include/notification_constants.php';
261			/** @var \XoopsNotificationHandler $notificationHandler */
262			$notificationHandler = xoops_getHandler('notification');
263			$notificationHandler->subscribe('faq', $newFaqObj->faqid(), 'approved', XOOPS_NOTIFICATION_MODE_SENDONCETHENDELETE);
264			}
265			// Send notifications
266			$newFaqObj->sendNotifications([Constants::SF_NOT_FAQ_SUBMITTED]);
267
268			$redirect_msg = _MD_SF_QNA_RECEIVED_NEED_APPROVAL;
269			}
270
271			redirect_header('index.php', 2, $redirect_msg);
272			break;
273			case 'form':
274			default:
275			global $xoopsUser, $myts;
276
277			$faqObj = $faqHandler->create();
278			$answerObj = $answerHandler->create();
279			$categoryObj = $categoryHandler->create();
280
281			require_once XOOPS_ROOT_PATH . '/header.php';
282			require_once __DIR__ . '/footer.php';
283
284			$name = $xoopsUser ? ucwords($xoopsUser->getVar('uname')) : 'Anonymous';
285			$notifypub = 1;
286			$moduleName = &$myts->displayTarea($xoopsModule->getVar('name'));
287			$xoopsTpl->assign('whereInSection', $moduleName);
288			$xoopsTpl->assign('lang_submit', _MD_SF_SUB_SNEWNAME);
289
290			$xoopsTpl->assign('lang_intro_title', sprintf(_MD_SF_SUB_SNEWNAME, ucwords($xoopsModule->name())));
291			$xoopsTpl->assign('lang_intro_text', _MD_SF_GOODDAY . "<b>$name</b>, " . _MD_SF_SUB_INTRO);
292
293			require_once __DIR__ . '/include/submit.inc.php';
294
295			require_once XOOPS_ROOT_PATH . '/footer.php';
296			break;
297			}
298

mambax7 / smartfaq

Issues (299)

Security Analysis not enabled

submit.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like