 mambax7    /
                    wflinks
                      mambax7    /
                    wflinks
                
                            This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include, or for example
                                via PHP's auto-loading mechanism.
                                                    | 1 | <?php | ||
| 2 | // ------------------------------------------------------------------------- // | ||
| 3 | // myblocksadmin.php // | ||
| 4 | // - XOOPS block admin for each modules - // | ||
| 5 | // GIJOE <http://www.peak.ne.jp> // | ||
| 6 | // ------------------------------------------------------------------------- // | ||
| 7 | use Xmf\Request; | ||
| 8 | |||
| 9 | require_once dirname(__DIR__, 3) . '/include/cp_header.php'; | ||
| 10 | require_once __DIR__ . '/mygrouppermform.php'; | ||
| 11 | require_once XOOPS_ROOT_PATH . '/class/xoopsblock.php'; | ||
| 12 | //require_once dirname(__DIR__) . '/include/gtickets.php'; // GIJ | ||
| 13 | |||
| 14 | $xoops_system_path = XOOPS_ROOT_PATH . '/modules/system'; | ||
| 15 | // language files | ||
| 16 | $language = $xoopsConfig['language']; | ||
| 17 | if (!file_exists("$xoops_system_path/language/$language/admin/blocksadmin.php")) { | ||
| 18 | $language = 'english'; | ||
| 19 | } | ||
| 20 | // to prevent from notice that constants already defined | ||
| 21 | $error_reporting_level = error_reporting(0); | ||
| 22 | require_once "$xoops_system_path/constants.php"; | ||
| 23 | require_once "$xoops_system_path/language/$language/admin.php"; | ||
| 24 | require_once "$xoops_system_path/language/$language/admin/blocksadmin.php"; | ||
| 25 | error_reporting($error_reporting_level); | ||
| 26 | |||
| 27 | $group_defs = file("$xoops_system_path/language/$language/admin/groups.php"); | ||
| 28 | foreach ($group_defs as $def) { | ||
| 29 |     if (false !== mb_strpos($def, '_AM_ACCESSRIGHTS') || false !== mb_strpos($def, '_AM_ACTIVERIGHTS')) { | ||
| 30 | eval($def); | ||
| 0 ignored issues–
                            show     
    
    
        introduced 
                            by  
  Loading history... | |||
| 31 | } | ||
| 32 | } | ||
| 33 | // check $xoopsModule | ||
| 34 | if (!is_object($xoopsModule)) { | ||
| 35 | redirect_header(XOOPS_URL . '/user.php', 1, _NOPERM); | ||
| 36 | } | ||
| 37 | // set target_module if specified by $_GET['dirname'] | ||
| 38 | /** @var \XoopsModuleHandler $moduleHandler */ | ||
| 39 | $moduleHandler = xoops_getHandler('module'); | ||
| 40 | if (!empty($_GET['dirname'])) { | ||
| 41 | $target_module = $moduleHandler->getByDirname($_GET['dirname']); | ||
| 42 | } | ||
| 43 | /* else if ( ! empty( $_GET['mid'] ) ) { | ||
| 44 | $target_module = $moduleHandler->get( (int)( $_GET['mid'] ) ); | ||
| 45 | }*/ | ||
| 46 | |||
| 47 | if (!empty($target_module) && is_object($target_module)) { | ||
| 48 | // specified by dirname | ||
| 49 |     $target_mid     = $target_module->getVar('mid'); | ||
| 50 |     $target_mname   = $target_module->getVar('name'); | ||
| 51 | $query4redirect = '?dirname=' . urlencode(strip_tags($_GET['dirname'])); | ||
| 52 | } elseif (Request::hasVar('mid', 'GET') && 0 == $_GET['mid'] || 'blocksadmin' === $xoopsModule->getVar('dirname')) { | ||
| 0 ignored issues–
                            show | |||
| 53 | $target_mid = 0; | ||
| 54 | $target_mname = ''; | ||
| 55 | $query4redirect = '?mid=0'; | ||
| 56 | } else { | ||
| 57 |     $target_mid     = $xoopsModule->getVar('mid'); | ||
| 58 |     $target_mname   = $xoopsModule->getVar('name'); | ||
| 59 | $query4redirect = ''; | ||
| 60 | } | ||
| 61 | // check access right (needs system_admin of BLOCK) | ||
| 62 | /** @var \XoopsGroupPermHandler $grouppermHandler */ | ||
| 63 | $grouppermHandler = xoops_getHandler('groupperm'); | ||
| 64 | if (!$grouppermHandler->checkRight('system_admin', XOOPS_SYSTEM_BLOCK, $xoopsUser->getGroups())) { | ||
| 65 | redirect_header(XOOPS_URL . '/user.php', 1, _NOPERM); | ||
| 66 | } | ||
| 67 | // get blocks owned by the module (Imported from xoopsblock.php then modified) | ||
| 68 | // $block_arr = \XoopsBlock::getByModule( $target_mid ) ; | ||
| 69 | $db = \XoopsDatabaseFactory:: getDatabaseConnection(); | ||
| 70 | $sql       = 'SELECT * FROM ' . $db->prefix('newblocks') . " WHERE mid='$target_mid' ORDER BY visible DESC,side,weight"; | ||
| 71 | $result = $db->query($sql); | ||
| 72 | $block_arr = []; | ||
| 73 | while (false !== ($myrow = $db->fetchArray($result))) { | ||
| 74 | $block_arr[] = new \XoopsBlock($myrow); | ||
| 75 | } | ||
| 76 | |||
| 77 | function list_blocks() | ||
| 78 | { | ||
| 79 | global $query4redirect, $block_arr; | ||
| 80 | // cachetime options | ||
| 81 | $cachetimes = [ | ||
| 82 | '0' => _NOCACHE, | ||
| 83 | '30' => sprintf(_SECONDS, 30), | ||
| 84 | '60' => _MINUTE, | ||
| 85 | '300' => sprintf(_MINUTES, 5), | ||
| 86 | '1800' => sprintf(_MINUTES, 30), | ||
| 87 | '3600' => _HOUR, | ||
| 88 | '18000' => sprintf(_HOURS, 5), | ||
| 89 | '86400' => _DAY, | ||
| 90 | '259200' => sprintf(_DAYS, 3), | ||
| 91 | '604800' => _WEEK, | ||
| 92 | '2592000' => _MONTH, | ||
| 93 | ]; | ||
| 94 | // displaying TH | ||
| 95 | echo " | ||
| 96 | <form action='admin.php' name='blockadmin' method='post'> | ||
| 97 | <table width='95%' class='outer' cellpadding='4' cellspacing='1'> | ||
| 98 | <tr valign='middle'> | ||
| 99 | <th style='text-align: left;'>" . _AM_TITLE . "</th> | ||
| 0 ignored issues–
                            show | |||
| 100 | <th class='center;' nowrap='nowrap'>" . _AM_SIDE . "</th> | ||
| 0 ignored issues–
                            show | |||
| 101 | <th class='center;'>" . _AM_WEIGHT . "</th> | ||
| 0 ignored issues–
                            show | |||
| 102 | <th class='center;'>" . _AM_VISIBLEIN . "</th> | ||
| 0 ignored issues–
                            show | |||
| 103 | <th class='center;'>" . _AM_BCACHETIME . "</th> | ||
| 0 ignored issues–
                            show | |||
| 104 | <th class='center;'>" . _AM_ACTION . "</th> | ||
| 0 ignored issues–
                            show | |||
| 105 | </tr>\n"; | ||
| 106 | // blocks displaying loop | ||
| 107 | $class = 'even'; | ||
| 108 | $block_configs = get_block_configs(); | ||
| 109 |     foreach (array_keys($block_arr) as $i) { | ||
| 110 | $sseln = $ssel0 = $ssel1 = $ssel2 = $ssel3 = $ssel4 = $ssel5 = $ssel6 = $ssel7 = ''; | ||
| 111 | $scoln = $scol0 = $scol1 = $scol2 = $scol3 = $scol4 = $scol5 = $scol6 = $scol7 = '#FFFFFF'; | ||
| 112 | |||
| 113 |         $weight     = $block_arr[$i]->getVar('weight'); | ||
| 114 |         $title      = $block_arr[$i]->getVar('title'); | ||
| 115 |         $name       = $block_arr[$i]->getVar('name'); | ||
| 116 |         $bcachetime = $block_arr[$i]->getVar('bcachetime'); | ||
| 117 | |||
| 118 |         $bid = $block_arr[$i]->getVar('bid'); | ||
| 119 | // visible and side | ||
| 120 |         if (1 != $block_arr[$i]->getVar('visible')) { | ||
| 121 | $sseln = ' checked'; | ||
| 122 | $scoln = '#FF0000'; | ||
| 123 |         } else { | ||
| 124 |             switch ($block_arr[$i]->getVar('side')) { | ||
| 125 | default: | ||
| 126 | case XOOPS_SIDEBLOCK_LEFT: | ||
| 127 | $ssel0 = ' checked'; | ||
| 128 | $scol0 = '#00FF00'; | ||
| 129 | break; | ||
| 130 | case XOOPS_SIDEBLOCK_RIGHT: | ||
| 131 | $ssel1 = ' checked'; | ||
| 132 | $scol1 = '#00FF00'; | ||
| 133 | break; | ||
| 134 | case XOOPS_CENTERBLOCK_LEFT: | ||
| 135 | $ssel2 = ' checked'; | ||
| 136 | $scol2 = '#00FF00'; | ||
| 137 | break; | ||
| 138 | case XOOPS_CENTERBLOCK_RIGHT: | ||
| 139 | $ssel4 = ' checked'; | ||
| 140 | $scol4 = '#00FF00'; | ||
| 141 | break; | ||
| 142 | case XOOPS_CENTERBLOCK_CENTER: | ||
| 143 | $ssel3 = ' checked'; | ||
| 144 | $scol3 = '#00FF00'; | ||
| 145 | break; | ||
| 146 | case XOOPS_CENTERBLOCK_BOTTOMLEFT: | ||
| 147 | $ssel5 = ' checked'; | ||
| 148 | $scol5 = '#00FF00'; | ||
| 149 | break; | ||
| 150 | case XOOPS_CENTERBLOCK_BOTTOMRIGHT: | ||
| 151 | $ssel7 = ' checked'; | ||
| 152 | $scol7 = '#00FF00'; | ||
| 153 | break; | ||
| 154 | case XOOPS_CENTERBLOCK_BOTTOM: | ||
| 155 | $ssel6 = ' checked'; | ||
| 156 | $scol6 = '#00FF00'; | ||
| 157 | break; | ||
| 158 | } | ||
| 159 | } | ||
| 160 | // bcachetime | ||
| 161 | $cachetime_options = ''; | ||
| 162 |         foreach ($cachetimes as $cachetime => $cachetime_name) { | ||
| 163 |             if ($bcachetime == $cachetime) { | ||
| 164 | $cachetime_options .= "<option value='$cachetime' selected>$cachetime_name</option>\n"; | ||
| 165 |             } else { | ||
| 166 | $cachetime_options .= "<option value='$cachetime'>$cachetime_name</option>\n"; | ||
| 167 | } | ||
| 168 | } | ||
| 169 | // target modules | ||
| 170 | $db = \XoopsDatabaseFactory:: getDatabaseConnection(); | ||
| 171 |         $result        = $db->query('SELECT module_id FROM ' . $db->prefix('block_module_link') . " WHERE block_id='$bid'"); | ||
| 172 | $selected_mids = []; | ||
| 173 |         while (list($selected_mid) = $db->fetchRow($result)) { | ||
| 174 | $selected_mids[] = (int)$selected_mid; | ||
| 175 | } | ||
| 176 | /** @var \XoopsModuleHandler $moduleHandler */ | ||
| 177 |         $moduleHandler = xoops_getHandler('module'); | ||
| 178 |         $criteria      = new \CriteriaCompo(new \Criteria('hasmain', 1)); | ||
| 179 |         $criteria->add(new \Criteria('isactive', 1)); | ||
| 180 | $module_list = $moduleHandler->getList($criteria); | ||
| 181 | $module_list[-1] = _AM_TOPPAGE; | ||
| 0 ignored issues–
                            show | |||
| 182 | $module_list[0] = _AM_ALLPAGES; | ||
| 0 ignored issues–
                            show | |||
| 183 | ksort($module_list); | ||
| 184 | $module_options = ''; | ||
| 185 |         foreach ($module_list as $mid => $mname) { | ||
| 186 |             if (in_array($mid, $selected_mids)) { | ||
| 187 | $module_options .= "<option value='$mid' selected>$mname</option>\n"; | ||
| 188 |             } else { | ||
| 189 | $module_options .= "<option value='$mid'>$mname</option>\n"; | ||
| 190 | } | ||
| 191 | } | ||
| 192 | // delete link if it is cloned block | ||
| 193 | $delete_link = ''; | ||
| 194 |         if ('D' === $block_arr[$i]->getVar('block_type') || 'C' === $block_arr[$i]->getVar('block_type')) { | ||
| 195 | $delete_link = "<br><a href='admin.php?fct=blocksadmin&op=delete&bid=$bid'>" . _DELETE . '</a>'; | ||
| 196 | } | ||
| 197 | // clone link if it is marked as cloneable block | ||
| 198 | // $modversion['blocks'][n]['can_clone'] | ||
| 199 |         if ('D' === $block_arr[$i]->getVar('block_type') || 'C' === $block_arr[$i]->getVar('block_type')) { | ||
| 200 | $can_clone = true; | ||
| 201 |         } else { | ||
| 202 | $can_clone = false; | ||
| 203 |             foreach ($block_configs as $bconf) { | ||
| 204 |                 if ($block_arr[$i]->getVar('show_func') == $bconf['show_func'] | ||
| 205 |                     && $block_arr[$i]->getVar('func_file') == $bconf['file'] | ||
| 206 | && (empty($bconf['template']) | ||
| 207 |                         || $block_arr[$i]->getVar('template') == $bconf['template'])) { | ||
| 208 |                     if (!empty($bconf['can_clone'])) { | ||
| 209 | $can_clone = true; | ||
| 210 | } | ||
| 211 | } | ||
| 212 | } | ||
| 213 | } | ||
| 214 | $clone_link = ''; | ||
| 215 |         if ($can_clone) { | ||
| 216 | $clone_link = "<br><a href='admin.php?fct=blocksadmin&op=clone&bid=$bid'>" . _CLONE . '</a>'; | ||
| 217 | } | ||
| 218 | // displaying part | ||
| 219 | echo " | ||
| 220 | <tr valign='middle'> | ||
| 221 | <td class='$class'> | ||
| 222 | $name | ||
| 223 | <br> | ||
| 224 | <input type='text' name='title[$bid]' value='$title' size='20'> | ||
| 225 | </td> | ||
| 226 | <td class='$class' class='center;' nowrap='nowrap' width='110px'> | ||
| 227 | <div style='float:left;background-color:$scol0;'> | ||
| 228 | <input type='radio' name='side[$bid]' value='" . XOOPS_SIDEBLOCK_LEFT . "' style='background-color:$scol0;' $ssel0> | ||
| 229 | </div> | ||
| 230 | <div style='float:left;'>-</div> | ||
| 231 | <div style='float:left;background-color:$scol2;'> | ||
| 232 | <input type='radio' name='side[$bid]' value='" . XOOPS_CENTERBLOCK_LEFT . "' style='background-color:$scol2;' $ssel2> | ||
| 233 | </div> | ||
| 234 | <div style='float:left;background-color:$scol3;'> | ||
| 235 | <input type='radio' name='side[$bid]' value='" . XOOPS_CENTERBLOCK_CENTER . "' style='background-color:$scol3;' $ssel3> | ||
| 236 | </div> | ||
| 237 | <div style='float:left;background-color:$scol4;'> | ||
| 238 | <input type='radio' name='side[$bid]' value='" . XOOPS_CENTERBLOCK_RIGHT . "' style='background-color:$scol4;' $ssel4> | ||
| 239 | </div> | ||
| 240 | <div style='float:left;'>-</div> | ||
| 241 | <div style='float:left;background-color:$scol1;'> | ||
| 242 | <input type='radio' name='side[$bid]' value='" . XOOPS_SIDEBLOCK_RIGHT . "' style='background-color:$scol1;' $ssel1> | ||
| 243 | </div> | ||
| 244 | <br> | ||
| 245 | <div style='float:left;width:25px;'> </div> | ||
| 246 | <div style='float:left;background-color:$scol5;'> | ||
| 247 | <input type='radio' name='side[$bid]' value='" . XOOPS_CENTERBLOCK_BOTTOMLEFT . "' style='background-color:$scol5;' $ssel5> | ||
| 248 | </div> | ||
| 249 | <div style='float:left;background-color:$scol6;'> | ||
| 250 | <input type='radio' name='side[$bid]' value='" . XOOPS_CENTERBLOCK_BOTTOM . "' style='background-color:$scol6;' $ssel6> | ||
| 251 | </div> | ||
| 252 | <div style='float:left;background-color:$scol7;'> | ||
| 253 | <input type='radio' name='side[$bid]' value='" . XOOPS_CENTERBLOCK_BOTTOMRIGHT . "' style='background-color:$scol7;' $ssel7> | ||
| 254 | </div> | ||
| 255 | <div style='float:left;width:25px;'> </div> | ||
| 256 | <br> | ||
| 257 | <br> | ||
| 258 | <div style='float:left;width:40px;'> </div> | ||
| 259 | <div style='float:left;background-color:$scoln;'> | ||
| 260 | <input type='radio' name='side[$bid]' value='-1' style='background-color:$scoln;' $sseln> | ||
| 261 | </div> | ||
| 262 | <div style='float:left;'>" . _NONE . "</div> | ||
| 263 | </td> | ||
| 264 | <td class='$class' class='center;'> | ||
| 265 | <input type='text' name=weight[$bid] value='$weight' size='3' maxlength='5' style='text-align:right;'> | ||
| 266 | </td> | ||
| 267 | <td class='$class' class='center;'> | ||
| 268 | <select name='bmodule[$bid][]' size='5' multiple='multiple'> | ||
| 269 | $module_options | ||
| 270 | </select> | ||
| 271 | </td> | ||
| 272 | <td class='$class' class='center;'> | ||
| 273 | <select name='bcachetime[$bid]' size='1'> | ||
| 274 | $cachetime_options | ||
| 275 | </select> | ||
| 276 | </td> | ||
| 277 | <td class='$class' class='center;'> | ||
| 278 |                 <a href='admin.php?fct=blocksadmin&op=edit&bid=$bid'>" . _EDIT . "</a>{$delete_link}{$clone_link} | ||
| 279 | <input type='hidden' name='bid[$bid]' value='$bid'> | ||
| 280 | </td> | ||
| 281 | </tr>\n"; | ||
| 282 | |||
| 283 |         $class = ('even' === $class) ? 'odd' : 'even'; | ||
| 284 | } | ||
| 285 | |||
| 286 | echo " | ||
| 287 | <tr> | ||
| 288 | <td class='foot' class='center;' colspan='6'> | ||
| 289 | <input type='hidden' name='query4redirect' value='$query4redirect'> | ||
| 290 | <input type='hidden' name='fct' value='blocksadmin'> | ||
| 291 | <input type='hidden' name='op' value='order'> | ||
| 292 | " . $GLOBALS['xoopsSecurity']->getTokenHTML() . " | ||
| 293 | <input type='submit' name='submit' value='" . _SUBMIT . "'> | ||
| 294 | </td> | ||
| 295 | </tr> | ||
| 296 | </table> | ||
| 297 | </form>\n"; | ||
| 298 | } | ||
| 299 | |||
| 300 | /** | ||
| 301 | * @return array | ||
| 302 | */ | ||
| 303 | function get_block_configs() | ||
| 304 | { | ||
| 305 | $error_reporting_level = error_reporting(0); | ||
| 306 | require_once dirname(__DIR__) . '/xoops_version.php'; | ||
| 307 | error_reporting($error_reporting_level); | ||
| 308 |     if (empty($modversion['blocks'])) { | ||
| 0 ignored issues–
                            show             Comprehensibility
            Best Practice
    
    
    
        introduced 
                            by  | |||
| 309 | return []; | ||
| 310 | } | ||
| 311 | |||
| 312 | return $modversion['blocks']; | ||
| 313 | } | ||
| 314 | |||
| 315 | function list_groups() | ||
| 316 | { | ||
| 317 | global $target_mid, $target_mname, $block_arr; | ||
| 318 | |||
| 319 | $item_list = []; | ||
| 320 |     foreach (array_keys($block_arr) as $i) { | ||
| 321 |         $item_list[$block_arr[$i]->getVar('bid')] = $block_arr[$i]->getVar('title'); | ||
| 322 | } | ||
| 323 | |||
| 324 | $form = new MyXoopsGroupPermForm(_MD_AM_ADGS, 1, 'block_read', ''); | ||
| 0 ignored issues–
                            show | |||
| 325 |     if ($target_mid > 1) { | ||
| 326 |         $form->addAppendix('module_admin', $target_mid, $target_mname . ' ' . _AM_ACTIVERIGHTS); | ||
| 0 ignored issues–
                            show | |||
| 327 |         $form->addAppendix('module_read', $target_mid, $target_mname . ' ' . _AM_ACCESSRIGHTS); | ||
| 0 ignored issues–
                            show | |||
| 328 | } | ||
| 329 |     foreach ($item_list as $item_id => $item_name) { | ||
| 330 | $form->addItem($item_id, $item_name); | ||
| 331 | } | ||
| 332 | echo $form->render(); | ||
| 333 | } | ||
| 334 | |||
| 335 | if (!empty($_POST['submit'])) { | ||
| 336 |     if (!$GLOBALS['xoopsSecurity']->check()) { | ||
| 337 | redirect_header(XOOPS_URL . '/', 3, $GLOBALS['xoopsSecurity']->getErrors()); | ||
| 338 | } | ||
| 339 | |||
| 340 | require_once __DIR__ . '/mygroupperm.php'; | ||
| 341 |     redirect_header(XOOPS_URL . '/modules/' . $xoopsModule->getVar('dirname') . "/admin/myblocksadmin.php$query4redirect", 1, _AM_SYSTEM_DBUPDATED); | ||
| 342 | } | ||
| 343 | |||
| 344 | xoops_cp_header(); | ||
| 345 | |||
| 346 | if (file_exists('./mymenu.php')) { | ||
| 347 | require_once __DIR__ . '/mymenu.php'; | ||
| 348 | } | ||
| 349 | |||
| 350 | echo "<h3 style='text-align:left;'>$target_mname</h3>\n"; | ||
| 351 | |||
| 352 | if (!empty($block_arr)) { | ||
| 353 | echo "<h4 style='text-align:left;'>" . _AM_BADMIN . "</h4>\n"; | ||
| 0 ignored issues–
                            show | |||
| 354 | list_blocks(); | ||
| 355 | } | ||
| 356 | |||
| 357 | list_groups(); | ||
| 358 | xoops_cp_footer(); | ||
| 359 | 
