Issues in update.php (master) - Issues in master - mambax7/smartobject - Measure and Improve Code Quality continuously with Scrutinizer

Issues (496)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/update.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

mambax7 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright      {@link https://xoops.org/ XOOPS Project}
 * @license        {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @package
 * @since
 * @author         XOOPS Development Team
 */

// defined('XOOPS_ROOT_PATH') || die('Restricted access');

require_once XOOPS_ROOT_PATH . '/modules/smartobject/include/common.php';
//require_once XOOPS_ROOT_PATH . '/modules/smartobject/class/smartdbupdater.php';

/**
 * @param  XoopsModule $module
 * @return bool
 */
function xoops_module_update_smartobject(\XoopsModule $module)
{
    ob_start();

    $dbVersion = Smartobject\Utility::getMeta('version', 'smartobject');
    if (!$dbVersion) {
        $dbVersion = 0;
    }

    $dbupdater = new XoopsModules\Smartobject\Dbupdater();

    echo '<code>' . _SDU_UPDATE_UPDATING_DATABASE . '<br>';

    // db migrate version = 1
    $newDbVersion = 1;
    if ($dbVersion < $newDbVersion) {
        echo 'Database migrate to version ' . $newDbVersion . '<br>';

        // Create table smartobject_link
        $table = new XoopsModules\Smartobject\DbTable('smartobject_link');
        if (!$table->exists()) {
            $table->setStructure("CREATE TABLE `%s` (
              `linkid` int(11) NOT NULL auto_increment,
              `from_uid` int(11) NOT NULL default '0',
              `from_email` varchar(255) NOT NULL default '',
              `from_name` varchar(255) NOT NULL default '',
              `to_uid` int(11) NOT NULL default '0',
              `to_email` varchar(255) NOT NULL default '',
              `to_name` varchar(255) NOT NULL default '',
              `link` varchar(255) NOT NULL default '',
              `subject` varchar(255) NOT NULL default '',
              `body` TEXT NOT NULL,
              `mid` int(11) NOT NULL default '0',
              `mid_name` varchar(255) NOT NULL default '',

              PRIMARY KEY  (`linkid`)
            ) ENGINE=MyISAM COMMENT='SmartObject by The SmartFactory <www.smartfactory.ca>' AUTO_INCREMENT=1 ;");

            if (!$dbupdater->updateTable($table)) {
                /**
                 * @todo trap the errors
                 */
            }
        }
        unset($table);
        // Create table smartobject_link
        $table = new XoopsModules\Smartobject\DbTable('smartobject_link');
        if (!$table->fieldExists('date')) {
            $table->addNewField('date', "int(11) NOT NULL default '0'");
            if (!$dbupdater->updateTable($table)) {
                /**
                 * @todo trap the errors
                 */
            }
        }
        unset($table);

        // Create table smartobject_tag
        $table = new XoopsModules\Smartobject\DbTable('smartobject_tag');
        if (!$table->exists()) {
            $table->setStructure("CREATE TABLE %s (
              `tagid` int(11) NOT NULL auto_increment,
              `name` varchar(255) NOT NULL default '',
              `description` TEXT NOT NULL,
              PRIMARY KEY  (`id`)
            ) ENGINE=MyISAM COMMENT='SmartObject by The SmartFactory <www.smartfactory.ca>' AUTO_INCREMENT=1 ;");

            if (!$dbupdater->updateTable($table)) {
                /**
                 * @todo trap the errors
                 */
            }
        }

        // Create table smartobject_tag_text
        $table = new XoopsModules\Smartobject\DbTable('smartobject_tag_text');
        if (!$table->exists()) {
            $table->setStructure("CREATE TABLE %s (
              `tagid` int(11) NOT NULL default 0,
              `language` varchar(255) NOT NULL default '',
              `value` TEXT NOT NULL,
              PRIMARY KEY  (`id`, `language`)
            ) ENGINE=MyISAM COMMENT='SmartObject by The SmartFactory <www.smartfactory.ca>' AUTO_INCREMENT=1 ;");

            if (!$dbupdater->updateTable($table)) {
                /**
                 * @todo trap the errors
                 */
            }
        }

        // Create table smartobject_adsense
        $table = new XoopsModules\Smartobject\DbTable('smartobject_adsense');
        if (!$table->exists()) {
            $table->setStructure("
  `adsenseid` int(11) NOT NULL auto_increment,
  `format` VARCHAR(100) NOT NULL,
  `description` TEXT NOT NULL,
  `style` TEXT NOT NULL,
  `border_color` varchar(6) NOT NULL default '',
  `background_color` varchar(6) NOT NULL default '',
  `link_color` varchar(6) NOT NULL default '',
  `url_color` varchar(6) NOT NULL default '',
  `text_color` varchar(6) NOT NULL default '',
  `client_id` varchar(100) NOT NULL default '',
  `tag` varchar(50) NOT NULL default '',
  PRIMARY KEY  (`adsenseid`)
            ");
        }

        if (!$dbupdater->updateTable($table)) {
            /**
             * @todo trap the errors
             */
        }
    }
    // db migrate version = 2
    $newDbVersion = 2;
    if ($dbVersion < $newDbVersion) {
        echo 'Database migrate to version ' . $newDbVersion . '<br>';

        // Create table smartobject_rating
        $table = new XoopsModules\Smartobject\DbTable('smartobject_rating');
        if (!$table->exists()) {
            $table->setStructure('
  `ratingid` int(11) NOT NULL auto_increment,
  `dirname` VARCHAR(255) NOT NULL,
  `item` VARCHAR(255) NOT NULL,
  `itemid` int(11) NOT NULL,
  `uid` int(11) NOT NULL,
  `rate` int(1) NOT NULL,
  `date` int(11) NOT NULL,
  PRIMARY KEY  (`ratingid`),
  UNIQUE (`dirname`, `item`, `itemid`, `uid`)
            ');
        }

        if (!$dbupdater->updateTable($table)) {
            /**
             * @todo trap the errors
             */
        }

        // Create table smartobject_currency
        $table = new XoopsModules\Smartobject\DbTable('smartobject_currency');
        $table->setData("2, 'EUR', 'Euro', '�', 0.65, 0");
        $table->setData("3, 'USD', 'American dollar', '$', 0.9, 0");
        $table->setData("1, 'CAD', 'Canadian dollar', '$', 1, 1");

        if (!$dbupdater->updateTable($table)) {
            /**
             * @todo trap the errors
             */
        }
    }

    // db migrate version = 3
    $newDbVersion = 3;
    if ($dbVersion < $newDbVersion) {
        echo 'Database migrate to version ' . $newDbVersion . '<br>';

        // Create table smartobject_customtag
        $table = new XoopsModules\Smartobject\DbTable('smartobject_customtag');
        if (!$table->exists()) {
            $table->setStructure('
              `customtagid` int(11) NOT NULL auto_increment,
              `name` VARCHAR(255) NOT NULL,
              `description` TEXT NOT NULL,
              `content` TEXT NOT NULL,
              `language` TEXT NOT NULL,
              PRIMARY KEY  (`customtagid`)
            ');
        }

        if (!$dbupdater->updateTable($table)) {
            /**
             * @todo trap the errors
             */
        }
    }

    // db migrate version = 4
    $newDbVersion = 4;
    if ($dbVersion < $newDbVersion) {
        echo 'Database migrate to version ' . $newDbVersion . '<br>';

        // Create table smartobject_currency
        $table = new XoopsModules\Smartobject\DbTable('smartobject_currency');
        if (!$table->exists()) {
            $table->setStructure('
              `currencyid` int(11) NOT NULL auto_increment,
              `iso4217` VARCHAR(5) NOT NULL,
              `name` VARCHAR(255) NOT NULL,
              `symbol`  VARCHAR(1) NOT NULL,
              `rate` float NOT NULL,
              `default_currency` int(1) NOT NULL,
              PRIMARY KEY  (`currencyid`)
            ');
        }

        if (!$dbupdater->updateTable($table)) {
            /**
             * @todo trap the errors
             */
        }
    }

    // db migrate version = 6
    $newDbVersion = 6;
    if ($dbVersion < $newDbVersion) {
        echo 'Database migrate to version ' . $newDbVersion . '<br>';
    }

    $newDbVersion = 7;
    if ($dbVersion < $newDbVersion) {
        echo 'Database migrate to version ' . $newDbVersion . '<br>';

        // Create table smartobject_file
        $table = new XoopsModules\Smartobject\DbTable('smartobject_file');
        if (!$table->exists()) {
            $table->setStructure('
              `fileid` int(11) NOT NULL auto_increment,
              `caption` varchar(255) collate latin1_general_ci NOT NULL,
              `url` varchar(255) collate latin1_general_ci NOT NULL,
              `description` text collate latin1_general_ci NOT NULL,
               PRIMARY KEY  (`fileid`)
            ');
            if (!$dbupdater->updateTable($table)) {
                /**
                 * @todo trap the errors
                 */
            }
        }
        unset($table);
        // Create table smartobject_urllink
        $table = new XoopsModules\Smartobject\DbTable('smartobject_urllink');
        if (!$table->exists()) {
            $table->setStructure('
              `urllinkid` int(11) NOT NULL auto_increment,
              `caption` varchar(255) collate latin1_general_ci NOT NULL,
              `url` varchar(255) collate latin1_general_ci NOT NULL,
              `description` text collate latin1_general_ci NOT NULL,
              `target` varchar(10) collate latin1_general_ci NOT NULL,
                PRIMARY KEY  (`urllinkid`)
            ');
            if (!$dbupdater->updateTable($table)) {
                /**
                 * @todo trap the errors
                 */
            }
        }
        unset($table);
    }
    echo '</code>';

    $feedback = ob_get_clean();
    if (method_exists($module, 'setMessage')) {
        $module->setMessage($feedback);
    } else {
        echo $feedback;
    }
    Smartobject\Utility::setMeta('version', $newDbVersion, 'smartobject'); //Set meta version to current

    return true;
}

/**
 * @param  XoopsModule $module
 * @return string
 */
function xoops_module_install_smartobject(\XoopsModule $module)

{
    ob_start();

    echo 'Using the ImpressCMS onInstall event';
    $feedback = ob_get_clean();

    return $feedback;
}


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits
4		* of supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or credit authors.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10		*/
11
12		/**
13		* @copyright {@link https://xoops.org/ XOOPS Project}
14		* @license {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
15		* @package
16		* @since
17		* @author XOOPS Development Team
18		*/
19
20		// defined('XOOPS_ROOT_PATH') \|\| die('Restricted access');
21
22		require_once XOOPS_ROOT_PATH . '/modules/smartobject/include/common.php';
23		//require_once XOOPS_ROOT_PATH . '/modules/smartobject/class/smartdbupdater.php';
24
25		/**
26		* @param XoopsModule $module
27		* @return bool
28		*/
29		function xoops_module_update_smartobject(\XoopsModule $module)
30		{
31		ob_start();
32
33		$dbVersion = Smartobject\Utility::getMeta('version', 'smartobject');
34		if (!$dbVersion) {
35		$dbVersion = 0;
36		}
37
38		$dbupdater = new XoopsModules\Smartobject\Dbupdater();
39
40		echo '<code>' . _SDU_UPDATE_UPDATING_DATABASE . '<br>';
41
42		// db migrate version = 1
43		$newDbVersion = 1;
44		if ($dbVersion < $newDbVersion) {
45		echo 'Database migrate to version ' . $newDbVersion . '<br>';
46
47		// Create table smartobject_link
48		$table = new XoopsModules\Smartobject\DbTable('smartobject_link');
49		if (!$table->exists()) {
50		$table->setStructure("CREATE TABLE `%s` (
51		`linkid` int(11) NOT NULL auto_increment,
52		`from_uid` int(11) NOT NULL default '0',
53		`from_email` varchar(255) NOT NULL default '',
54		`from_name` varchar(255) NOT NULL default '',
55		`to_uid` int(11) NOT NULL default '0',
56		`to_email` varchar(255) NOT NULL default '',
57		`to_name` varchar(255) NOT NULL default '',
58		`link` varchar(255) NOT NULL default '',
59		`subject` varchar(255) NOT NULL default '',
60		`body` TEXT NOT NULL,
61		`mid` int(11) NOT NULL default '0',
62		`mid_name` varchar(255) NOT NULL default '',
63
64		PRIMARY KEY (`linkid`)
65		) ENGINE=MyISAM COMMENT='SmartObject by The SmartFactory <www.smartfactory.ca>' AUTO_INCREMENT=1 ;");
66
67		if (!$dbupdater->updateTable($table)) {
68		/**
69		* @todo trap the errors
70		*/
71		}
72		}
73		unset($table);
74		// Create table smartobject_link
75		$table = new XoopsModules\Smartobject\DbTable('smartobject_link');
76		if (!$table->fieldExists('date')) {
77		$table->addNewField('date', "int(11) NOT NULL default '0'");
78		if (!$dbupdater->updateTable($table)) {
79		/**
80		* @todo trap the errors
81		*/
82		}
83		}
84		unset($table);
85
86		// Create table smartobject_tag
87		$table = new XoopsModules\Smartobject\DbTable('smartobject_tag');
88		if (!$table->exists()) {
89		$table->setStructure("CREATE TABLE %s (
90		`tagid` int(11) NOT NULL auto_increment,
91		`name` varchar(255) NOT NULL default '',
92		`description` TEXT NOT NULL,
93		PRIMARY KEY (`id`)
94		) ENGINE=MyISAM COMMENT='SmartObject by The SmartFactory <www.smartfactory.ca>' AUTO_INCREMENT=1 ;");
95
96		if (!$dbupdater->updateTable($table)) {
97		/**
98		* @todo trap the errors
99		*/
100		}
101		}
102
103		// Create table smartobject_tag_text
104		$table = new XoopsModules\Smartobject\DbTable('smartobject_tag_text');
105		if (!$table->exists()) {
106		$table->setStructure("CREATE TABLE %s (
107		`tagid` int(11) NOT NULL default 0,
108		`language` varchar(255) NOT NULL default '',
109		`value` TEXT NOT NULL,
110		PRIMARY KEY (`id`, `language`)
111		) ENGINE=MyISAM COMMENT='SmartObject by The SmartFactory <www.smartfactory.ca>' AUTO_INCREMENT=1 ;");
112
113		if (!$dbupdater->updateTable($table)) {
114		/**
115		* @todo trap the errors
116		*/
117		}
118		}
119
120		// Create table smartobject_adsense
121		$table = new XoopsModules\Smartobject\DbTable('smartobject_adsense');
122		if (!$table->exists()) {
123		$table->setStructure("
124		`adsenseid` int(11) NOT NULL auto_increment,
125		`format` VARCHAR(100) NOT NULL,
126		`description` TEXT NOT NULL,
127		`style` TEXT NOT NULL,
128		`border_color` varchar(6) NOT NULL default '',
129		`background_color` varchar(6) NOT NULL default '',
130		`link_color` varchar(6) NOT NULL default '',
131		`url_color` varchar(6) NOT NULL default '',
132		`text_color` varchar(6) NOT NULL default '',
133		`client_id` varchar(100) NOT NULL default '',
134		`tag` varchar(50) NOT NULL default '',
135		PRIMARY KEY (`adsenseid`)
136		");
137		}
138
139		if (!$dbupdater->updateTable($table)) {
140		/**
141		* @todo trap the errors
142		*/
143		}
144		}
145		// db migrate version = 2
146		$newDbVersion = 2;
147		if ($dbVersion < $newDbVersion) {
148		echo 'Database migrate to version ' . $newDbVersion . '<br>';
149
150		// Create table smartobject_rating
151		$table = new XoopsModules\Smartobject\DbTable('smartobject_rating');
152		if (!$table->exists()) {
153		$table->setStructure('
154		`ratingid` int(11) NOT NULL auto_increment,
155		`dirname` VARCHAR(255) NOT NULL,
156		`item` VARCHAR(255) NOT NULL,
157		`itemid` int(11) NOT NULL,
158		`uid` int(11) NOT NULL,
159		`rate` int(1) NOT NULL,
160		`date` int(11) NOT NULL,
161		PRIMARY KEY (`ratingid`),
162		UNIQUE (`dirname`, `item`, `itemid`, `uid`)
163		');
164		}
165
166		if (!$dbupdater->updateTable($table)) {
167		/**
168		* @todo trap the errors
169		*/
170		}
171
172		// Create table smartobject_currency
173		$table = new XoopsModules\Smartobject\DbTable('smartobject_currency');
174		$table->setData("2, 'EUR', 'Euro', '�', 0.65, 0");
175		$table->setData("3, 'USD', 'American dollar', '$', 0.9, 0");
176		$table->setData("1, 'CAD', 'Canadian dollar', '$', 1, 1");
177
178		if (!$dbupdater->updateTable($table)) {
179		/**
180		* @todo trap the errors
181		*/
182		}
183		}
184
185		// db migrate version = 3
186		$newDbVersion = 3;
187	View Code Duplication	if ($dbVersion < $newDbVersion) {
188		echo 'Database migrate to version ' . $newDbVersion . '<br>';
189
190		// Create table smartobject_customtag
191		$table = new XoopsModules\Smartobject\DbTable('smartobject_customtag');
192		if (!$table->exists()) {
193		$table->setStructure('
194		`customtagid` int(11) NOT NULL auto_increment,
195		`name` VARCHAR(255) NOT NULL,
196		`description` TEXT NOT NULL,
197		`content` TEXT NOT NULL,
198		`language` TEXT NOT NULL,
199		PRIMARY KEY (`customtagid`)
200		');
201		}
202
203		if (!$dbupdater->updateTable($table)) {
204		/**
205		* @todo trap the errors
206		*/
207		}
208		}
209
210		// db migrate version = 4
211		$newDbVersion = 4;
212	View Code Duplication	if ($dbVersion < $newDbVersion) {
213		echo 'Database migrate to version ' . $newDbVersion . '<br>';
214
215		// Create table smartobject_currency
216		$table = new XoopsModules\Smartobject\DbTable('smartobject_currency');
217		if (!$table->exists()) {
218		$table->setStructure('
219		`currencyid` int(11) NOT NULL auto_increment,
220		`iso4217` VARCHAR(5) NOT NULL,
221		`name` VARCHAR(255) NOT NULL,
222		`symbol` VARCHAR(1) NOT NULL,
223		`rate` float NOT NULL,
224		`default_currency` int(1) NOT NULL,
225		PRIMARY KEY (`currencyid`)
226		');
227		}
228
229		if (!$dbupdater->updateTable($table)) {
230		/**
231		* @todo trap the errors
232		*/
233		}
234		}
235
236		// db migrate version = 6
237		$newDbVersion = 6;
238		if ($dbVersion < $newDbVersion) {
239		echo 'Database migrate to version ' . $newDbVersion . '<br>';
240		}
241
242		$newDbVersion = 7;
243		if ($dbVersion < $newDbVersion) {
244		echo 'Database migrate to version ' . $newDbVersion . '<br>';
245
246		// Create table smartobject_file
247		$table = new XoopsModules\Smartobject\DbTable('smartobject_file');
248		if (!$table->exists()) {
249		$table->setStructure('
250		`fileid` int(11) NOT NULL auto_increment,
251		`caption` varchar(255) collate latin1_general_ci NOT NULL,
252		`url` varchar(255) collate latin1_general_ci NOT NULL,
253		`description` text collate latin1_general_ci NOT NULL,
254		PRIMARY KEY (`fileid`)
255		');
256		if (!$dbupdater->updateTable($table)) {
257		/**
258		* @todo trap the errors
259		*/
260		}
261		}
262		unset($table);
263		// Create table smartobject_urllink
264		$table = new XoopsModules\Smartobject\DbTable('smartobject_urllink');
265		if (!$table->exists()) {
266		$table->setStructure('
267		`urllinkid` int(11) NOT NULL auto_increment,
268		`caption` varchar(255) collate latin1_general_ci NOT NULL,
269		`url` varchar(255) collate latin1_general_ci NOT NULL,
270		`description` text collate latin1_general_ci NOT NULL,
271		`target` varchar(10) collate latin1_general_ci NOT NULL,
272		PRIMARY KEY (`urllinkid`)
273		');
274		if (!$dbupdater->updateTable($table)) {
275		/**
276		* @todo trap the errors
277		*/
278		}
279		}
280		unset($table);
281		}
282		echo '</code>';
283
284		$feedback = ob_get_clean();
285		if (method_exists($module, 'setMessage')) {
286		$module->setMessage($feedback);
287		} else {
288		echo $feedback;
289		}
290		Smartobject\Utility::setMeta('version', $newDbVersion, 'smartobject'); //Set meta version to current
291
292		return true;
293		}
294
295		/**
296		* @param XoopsModule $module
297		* @return string
298		*/
299		function xoops_module_install_smartobject(\XoopsModule $module)
		0 ignored issues – show Unused Code introduced 2017-08-04 04:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$module` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
300		{
301		ob_start();
302
303		echo 'Using the ImpressCMS onInstall event';
304		$feedback = ob_get_clean();
305
306		return $feedback;
307		}
308

mambax7 / smartobject

Issues (496)

Security Analysis not enabled

include/update.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like