Issues in mygrouppermform.php (master) - Issues in master - mambax7/wflinks - Measure and Improve Code Quality continuously with Scrutinizer

Issues (273)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/mygrouppermform.php (4 issues)

Labels

Severity

Minor 4

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright    XOOPS Project https://xoops.org/
 * @license      GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @package
 * @since
 * @author       XOOPS Development Team, Kazumi Ono (AKA onokazu)
 */

require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelement.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhidden.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhiddentoken.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formbutton.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelementtray.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/form.php';

/**
 * Renders a form for setting module specific group permissions
 *
 * @author       Kazumi Ono    <[email protected]>
 * @copyright    copyright (c) 2000-2003 XOOPS.org
 *
 * @package      kernel
 * @subpackage   form
 */
class MyXoopsGroupPermForm extends \XoopsForm
{
    /**
     * Module ID
     *
     * @var int
     */
    public $_modid;
    /**
     * Tree structure of items
     *
     * @var array
     */
    public $_itemTree = [];
    /**
     * Name of permission
     *
     * @var string
     */
    public $_permName;
    /**
     * Description of permission
     *
     * @var string
     */
    public $_permDesc;
    /**
     * Appendix
     *
     * @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
     */
    public $_appendix = [];

    /**
     * Constructor
     * @param string $title
     * @param string $modid
     * @param string $permname
     * @param string $permdesc
     */
    public function __construct($title, $modid, $permname, $permdesc)
    {
        //      $this->XoopsForm($title, 'groupperm_form', XOOPS_URL.'/modules/system/admin/groupperm.php', 'post'); GIJ
        parent::__construct($title, 'groupperm_form', '', 'post');
        $this->_modid    = (int)$modid;
        $this->_permName = $permname;
        $this->_permDesc = $permdesc;
        $this->addElement(new \XoopsFormHidden('modid', $this->_modid));
        $this->addElement(new \XoopsFormHiddenToken($permname));
    }

    /**
     * Adds an item to which permission will be assigned
     *
     * @param string $itemName
     * @param int    $itemId
     * @param int    $itemParent
     *
     * @access public
     */
    public function addItem($itemId, $itemName, $itemParent = 0)
    {
        $this->_itemTree[$itemParent]['children'][] = $itemId;
        $this->_itemTree[$itemId]['parent']         = $itemParent;
        $this->_itemTree[$itemId]['name']           = $itemName;
        $this->_itemTree[$itemId]['id']             = $itemId;
    }

    /**
     * Add appendix
     *
     * @access public
     * @param $permName
     * @param $itemId
     * @param $itemName
     */
    public function addAppendix($permName, $itemId, $itemName)
    {
        $this->_appendix[] = [
            'permname' => $permName,
            'itemid'   => $itemId,
            'itemname' => $itemName,
            'selected' => false,
        ];
    }

    /**
     * Loads all child ids for an item to be used in javascript
     *
     * @param int   $itemId
     * @param array $childIds
     *
     * @access private
     */
    public function _loadAllChildItemIds($itemId, &$childIds)
    {
        if (!empty($this->_itemTree[$itemId]['children'])) {
            $first_child = $this->_itemTree[$itemId]['children'];
            foreach ($first_child as $fcid) {
                $childIds[] = $fcid;
                if (!empty($this->_itemTree[$fcid]['children'])) {
                    foreach ($this->_itemTree[$fcid]['children'] as $_fcid) {
                        $childIds[] = $_fcid;
                        $this->_loadAllChildItemIds($_fcid, $childIds);
                    }
                }
            }
        }
    }

    /**
     * Renders the form
     *
     * @return string
     * @access public
     */
    public function render()
    {
        // load all child ids for javascript codes
        foreach (array_keys($this->_itemTree) as $item_id) {
            $this->_itemTree[$item_id]['allchild'] = [];
            $this->_loadAllChildItemIds($item_id, $this->_itemTree[$item_id]['allchild']);
        }
        /** @var \XoopsGroupPermHandler $grouppermHandler */
        $grouppermHandler = xoops_getHandler('groupperm');
        /** @var \XoopsMemberHandler $memberHandler */
        $memberHandler = xoops_getHandler('member');
        $glist         = $memberHandler->getGroupList();
        foreach (array_keys($glist) as $i) {
            // get selected item id(s) for each group
            $selected = $grouppermHandler->getItemIds($this->_permName, $i, $this->_modid);
            $ele      = new MyXoopsGroupFormCheckBox($glist[$i], 'perms[' . $this->_permName . ']', $i, $selected);
            $ele->setOptionTree($this->_itemTree);

            foreach ($this->_appendix as $key => $append) {
                $this->_appendix[$key]['selected'] = $grouppermHandler->checkRight($append['permname'], $append['itemid'], $i, $this->_modid);
            }
            $ele->setAppendix($this->_appendix);
            $this->addElement($ele);
            unset($ele);
        }

        // GIJ start
        $jstray          = new \XoopsFormElementTray(' &nbsp; ');
        $jsuncheckbutton = new \XoopsFormButton('', 'none', _NONE, 'button');
        $jsuncheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if (elements[i].type=='checkbox') {elements[i].checked=false;}}}\"");
        $jscheckbutton = new \XoopsFormButton('', 'all', _ALL, 'button');
        $jscheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if(elements[i].type=='checkbox' && (elements[i].name.indexOf('module_admin')<0 || elements[i].name.indexOf('[groups][1]')>=0)) {elements[i].checked=true;}}}\"");
        $jstray->addElement($jsuncheckbutton);
        $jstray->addElement($jscheckbutton);
        $this->addElement($jstray);
        // GIJ end

        $tray = new \XoopsFormElementTray('');
        $tray->addElement(new \XoopsFormButton('', 'reset', _CANCEL, 'reset'));
        $tray->addElement(new \XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
        $this->addElement($tray);

        $ret      = '<h4>' . $this->getTitle() . '</h4>' . $this->_permDesc . '<br>';
        $ret      .= "<form name='" . $this->getName() . "' id='" . $this->getName() . "' action='" . $this->getAction() . "' method='" . $this->getMethod() . "'" . $this->getExtra() . ">\n<table width='100%' class='outer' cellspacing='1'>\n";
        $elements = &$this->getElements();
        foreach (array_keys($elements) as $i) {
            if (!is_object($elements[$i])) {
                $ret .= $elements[$i];
            } elseif ($elements[$i]->isHidden()) {
                $ret .= $elements[$i]->render();
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            } else {
                $ret .= "<tr valign='top' style='text-align: left;'><td class='head'>" . $elements[$i]->getCaption();
                if ('' !== $elements[$i]->getDescription()) {
                    $ret .= '<br><br><span style="font-weight: normal;">' . $elements[$i]->getDescription() . '</span>';
                }
                $ret .= "</td>\n<td class='even'>\n" . $elements[$i]->render() . "\n</td></tr>\n";
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            }
        }
        $ret .= '</table>' . $GLOBALS['xoopsSecurity']->getTokenHTML() . '</form>';

        return $ret;
    }
}

/**
 * Renders checkbox options for a group permission form
 *
 * @author       Kazumi Ono    <[email protected]>
 * @copyright    copyright (c) 2000-2003 XOOPS.org
 *
 * @package      kernel
 * @subpackage   form
 */
class MyXoopsGroupFormCheckBox extends \XoopsFormElement
{
    /**
     * Pre-selected value(s)
     *
     * @var array;
     */
    public $_value;
    /**
     * Group ID
     *
     * @var int
     */
    public $_groupId;
    /**
     * Option tree
     *
     * @var array
     */
    public $_optionTree;
    /**
     * Appendix
     *
     * @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
     */
    public $_appendix = [];

    /**
     * Constructor
     * @param      $caption
     * @param      $name
     * @param      $groupId
     * @param null $values

     */
    public function __construct($caption, $name, $groupId, $values = null)
    {
        $this->setCaption($caption);
        $this->setName($name);
        if (isset($values)) {
            $this->setValue($values);
        }
        $this->_groupId = $groupId;
    }

    /**
     * Sets pre-selected values
     *
     * @param mixed $value A group ID or an array of group IDs
     *
     * @access public
     */
    public function setValue($value)
    {
        if (is_array($value)) {
            foreach ($value as $v) {
                $this->setValue($v);
            }
        } else {
            $this->_value[] = $value;
        }
    }

    /**
     * Sets the tree structure of items
     *
     * @param array $optionTree
     *
     * @access public
     */
    public function setOptionTree(&$optionTree)
    {
        $this->_optionTree = &$optionTree;
    }

    /**
     * Sets appendix of checkboxes
     *
     * @access public
     * @param $appendix
     */
    public function setAppendix($appendix)
    {
        $this->_appendix = $appendix;
    }

    /**
     * Renders checkbox options for this group
     *
     * @return string
     * @access public
     */
    public function render()
    {
        $ret = '';

        if (count($this->_appendix) > 0) {
            $ret  .= '<table class="outer"><tr>';
            $cols = 1;
            foreach ($this->_appendix as $append) {
                if ($cols > 4) {
                    $ret  .= '</tr><tr>';
                    $cols = 1;
                }
                $checked = $append['selected'] ? 'checked' : '';
                $name    = 'perms[' . $append['permname'] . ']';
                $itemid  = $append['itemid'];

                $itemid  = $append['itemid'];
                $ret     .= "<td class=\"odd\"><input type=\"checkbox\" name=\"{$name}[groups][$this->_groupId][$itemid]\" id=\"{$name}[groups][$this->_groupId][$itemid]\" value=\"1\" $checked>{$append['itemname']}<input type=\"hidden\" name=\"{$name}[parents][$itemid]\" value=\"\"><input type=\"hidden\" name=\"{$name}[itemname][$itemid]\" value=\"{$append['itemname']}\"><br></td>";
                ++$cols;
            }
            $ret .= '</tr></table>';
        }

        $ret  .= '<table class="outer"><tr>';
        $cols = 1;
        if (!empty($this->_optionTree[0]['children'])) {
            foreach ($this->_optionTree[0]['children'] as $topitem) {
                if ($cols > 4) {
                    $ret  .= '</tr><tr>';
                    $cols = 1;
                }
                $tree   = '<td class="odd">';
                $prefix = '';
                $this->_renderOptionTree($tree, $this->_optionTree[$topitem], $prefix);
                $ret .= $tree . '</td>';
                ++$cols;
            }
        }
        $ret .= '</tr></table>';

        return $ret;
    }

    /**
     * Renders checkbox options for an item tree
     *
     * @param string $tree
     * @param array  $option
     * @param string $prefix
     * @param array  $parentIds
     *
     * @access private
     */
    public function _renderOptionTree(&$tree, $option, $prefix, $parentIds = [])
    {
        $tree .= $prefix . '<input type="checkbox" name="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" id="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" onclick="';
        // If there are parent elements, add javascript that will
        // make them selecteded when this element is checked to make
        // sure permissions to parent items are added as well.
        foreach ($parentIds as $pid) {
            $parent_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $pid . ']';
            $tree       .= "var ele = xoopsGetElementById('" . $parent_ele . "'); if (ele.checked !== true) {ele.checked = this.checked;}";
        }
        // If there are child elements, add javascript that will
        // make them unchecked when this element is unchecked to make
        // sure permissions to child items are not added when there
        // is no permission to this item.
        foreach ($option['allchild'] as $cid) {
            $child_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $cid . ']';
            $tree      .= "var ele = xoopsGetElementById('" . $child_ele . "'); if (this.checked !== true) {ele.checked = false;}";
        }
        $tree .= '" value="1"';
        if (isset($this->_value) && in_array($option['id'], $this->_value)) {
            $tree .= ' checked';
        }
        $tree .= '>' . $option['name'] . '<input type="hidden" name="' . $this->getName() . '[parents][' . $option['id'] . ']" value="' . implode(':', $parentIds) . '"><input type="hidden" name="' . $this->getName() . '[itemname][' . $option['id'] . ']" value="' . htmlspecialchars(
                $option['name'],
                ENT_QUOTES | ENT_HTML5
            ) . "\"><br>\n";
        if (isset($option['children'])) {
            foreach ($option['children'] as $child) {
                $parentIds[] = $option['id'];
                $this->_renderOptionTree($tree, $this->_optionTree[$child], $prefix . '&nbsp;-', $parentIds);
            }
        }
    }
}


1			<?php
2			/*
3			* You may not change or alter any portion of this comment or credits
4			* of supporting developers from this source code or any supporting source code
5			* which is considered copyrighted (c) material of the original comment or credit authors.
6			*
7			* This program is distributed in the hope that it will be useful,
8			* but WITHOUT ANY WARRANTY; without even the implied warranty of
9			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10			*/
11
12			/**
13			* @copyright XOOPS Project https://xoops.org/
14			* @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
15			* @package
16			* @since
17			* @author XOOPS Development Team, Kazumi Ono (AKA onokazu)
18			*/
19
20			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelement.php';
21			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhidden.php';
22			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formhiddentoken.php';
23			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formbutton.php';
24			require_once XOOPS_ROOT_PATH . '/class/xoopsform/formelementtray.php';
25			require_once XOOPS_ROOT_PATH . '/class/xoopsform/form.php';
26
27			/**
28			* Renders a form for setting module specific group permissions
29			*
30			* @author Kazumi Ono <[email protected]>
31			* @copyright copyright (c) 2000-2003 XOOPS.org
32			*
33			* @package kernel
34			* @subpackage form
35			*/
36			class MyXoopsGroupPermForm extends \XoopsForm
37			{
38			/**
39			* Module ID
40			*
41			* @var int
42			*/
43			public $_modid;
44			/**
45			* Tree structure of items
46			*
47			* @var array
48			*/
49			public $_itemTree = [];
50			/**
51			* Name of permission
52			*
53			* @var string
54			*/
55			public $_permName;
56			/**
57			* Description of permission
58			*
59			* @var string
60			*/
61			public $_permDesc;
62			/**
63			* Appendix
64			*
65			* @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
66			*/
67			public $_appendix = [];
68
69			/**
70			* Constructor
71			* @param string $title
72			* @param string $modid
73			* @param string $permname
74			* @param string $permdesc
75			*/
76			public function __construct($title, $modid, $permname, $permdesc)
77			{
78			// $this->XoopsForm($title, 'groupperm_form', XOOPS_URL.'/modules/system/admin/groupperm.php', 'post'); GIJ
79			parent::__construct($title, 'groupperm_form', '', 'post');
80			$this->_modid = (int)$modid;
81			$this->_permName = $permname;
82			$this->_permDesc = $permdesc;
83			$this->addElement(new \XoopsFormHidden('modid', $this->_modid));
84			$this->addElement(new \XoopsFormHiddenToken($permname));
85			}
86
87			/**
88			* Adds an item to which permission will be assigned
89			*
90			* @param string $itemName
91			* @param int $itemId
92			* @param int $itemParent
93			*
94			* @access public
95			*/
96			public function addItem($itemId, $itemName, $itemParent = 0)
97			{
98			$this->_itemTree[$itemParent]['children'][] = $itemId;
99			$this->_itemTree[$itemId]['parent'] = $itemParent;
100			$this->_itemTree[$itemId]['name'] = $itemName;
101			$this->_itemTree[$itemId]['id'] = $itemId;
102			}
103
104			/**
105			* Add appendix
106			*
107			* @access public
108			* @param $permName
109			* @param $itemId
110			* @param $itemName
111			*/
112			public function addAppendix($permName, $itemId, $itemName)
113			{
114			$this->_appendix[] = [
115			'permname' => $permName,
116			'itemid' => $itemId,
117			'itemname' => $itemName,
118			'selected' => false,
119			];
120			}
121
122			/**
123			* Loads all child ids for an item to be used in javascript
124			*
125			* @param int $itemId
126			* @param array $childIds
127			*
128			* @access private
129			*/
130			public function _loadAllChildItemIds($itemId, &$childIds)
131			{
132			if (!empty($this->_itemTree[$itemId]['children'])) {
133			$first_child = $this->_itemTree[$itemId]['children'];
134			foreach ($first_child as $fcid) {
135			$childIds[] = $fcid;
136			if (!empty($this->_itemTree[$fcid]['children'])) {
137			foreach ($this->_itemTree[$fcid]['children'] as $_fcid) {
138			$childIds[] = $_fcid;
139			$this->_loadAllChildItemIds($_fcid, $childIds);
140			}
141			}
142			}
143			}
144			}
145
146			/**
147			* Renders the form
148			*
149			* @return string
150			* @access public
151			*/
152			public function render()
153			{
154			// load all child ids for javascript codes
155			foreach (array_keys($this->_itemTree) as $item_id) {
156			$this->_itemTree[$item_id]['allchild'] = [];
157			$this->_loadAllChildItemIds($item_id, $this->_itemTree[$item_id]['allchild']);
158			}
159			/** @var \XoopsGroupPermHandler $grouppermHandler */
160			$grouppermHandler = xoops_getHandler('groupperm');
161			/** @var \XoopsMemberHandler $memberHandler */
162			$memberHandler = xoops_getHandler('member');
163			$glist = $memberHandler->getGroupList();
164			foreach (array_keys($glist) as $i) {
165			// get selected item id(s) for each group
166			$selected = $grouppermHandler->getItemIds($this->_permName, $i, $this->_modid);
167			$ele = new MyXoopsGroupFormCheckBox($glist[$i], 'perms[' . $this->_permName . ']', $i, $selected);
168			$ele->setOptionTree($this->_itemTree);
169
170			foreach ($this->_appendix as $key => $append) {
171			$this->_appendix[$key]['selected'] = $grouppermHandler->checkRight($append['permname'], $append['itemid'], $i, $this->_modid);
172			}
173			$ele->setAppendix($this->_appendix);
174			$this->addElement($ele);
175			unset($ele);
176			}
177
178			// GIJ start
179			$jstray = new \XoopsFormElementTray('   ');
180			$jsuncheckbutton = new \XoopsFormButton('', 'none', _NONE, 'button');
181			$jsuncheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if (elements[i].type=='checkbox') {elements[i].checked=false;}}}\"");
182			$jscheckbutton = new \XoopsFormButton('', 'all', _ALL, 'button');
183			$jscheckbutton->setExtra("onclick=\"with(document.groupperm_form){for (i=0;i<length;i++) {if(elements[i].type=='checkbox' && (elements[i].name.indexOf('module_admin')<0 \|\| elements[i].name.indexOf('[groups][1]')>=0)) {elements[i].checked=true;}}}\"");
184			$jstray->addElement($jsuncheckbutton);
185			$jstray->addElement($jscheckbutton);
186			$this->addElement($jstray);
187			// GIJ end
188
189			$tray = new \XoopsFormElementTray('');
190			$tray->addElement(new \XoopsFormButton('', 'reset', _CANCEL, 'reset'));
191			$tray->addElement(new \XoopsFormButton('', 'submit', _SUBMIT, 'submit'));
192			$this->addElement($tray);
193
194			$ret = '<h4>' . $this->getTitle() . '</h4>' . $this->_permDesc . '<br>';
195			$ret .= "<form name='" . $this->getName() . "' id='" . $this->getName() . "' action='" . $this->getAction() . "' method='" . $this->getMethod() . "'" . $this->getExtra() . ">\n<table width='100%' class='outer' cellspacing='1'>\n";
196			$elements = &$this->getElements();
197			foreach (array_keys($elements) as $i) {
198			if (!is_object($elements[$i])) {
199			$ret .= $elements[$i];
200			} elseif ($elements[$i]->isHidden()) {
201			$ret .= $elements[$i]->render();
			0 ignored issues – show Bug introduced 2020-08-13 17:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$elements[$i]->render()` targeting `XoopsFormElement::render()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
202			} else {
203			$ret .= "<tr valign='top' style='text-align: left;'><td class='head'>" . $elements[$i]->getCaption();
204			if ('' !== $elements[$i]->getDescription()) {
205			$ret .= '<br><br><span style="font-weight: normal;">' . $elements[$i]->getDescription() . '</span>';
206			}
207			$ret .= "</td>\n<td class='even'>\n" . $elements[$i]->render() . "\n</td></tr>\n";
			0 ignored issues – show Bug introduced 2020-08-13 17:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$elements[$i]->render()` targeting `XoopsFormElement::render()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
208			}
209			}
210			$ret .= '</table>' . $GLOBALS['xoopsSecurity']->getTokenHTML() . '</form>';
211
212			return $ret;
213			}
214			}
215
216			/**
217			* Renders checkbox options for a group permission form
218			*
219			* @author Kazumi Ono <[email protected]>
220			* @copyright copyright (c) 2000-2003 XOOPS.org
221			*
222			* @package kernel
223			* @subpackage form
224			*/
225			class MyXoopsGroupFormCheckBox extends \XoopsFormElement
226			{
227			/**
228			* Pre-selected value(s)
229			*
230			* @var array;
231			*/
232			public $_value;
233			/**
234			* Group ID
235			*
236			* @var int
237			*/
238			public $_groupId;
239			/**
240			* Option tree
241			*
242			* @var array
243			*/
244			public $_optionTree;
245			/**
246			* Appendix
247			*
248			* @var array ('permname'=>,'itemid'=>,'itemname'=>,'selected'=>)
249			*/
250			public $_appendix = [];
251
252			/**
253			* Constructor
254			* @param $caption
255			* @param $name
256			* @param $groupId
257			* @param null $values
			0 ignored issues – show Documentation Bug introduced 2020-08-13 17:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$values` is correct as it would always require `null` to be passed? Loading history...
258			*/
259			public function __construct($caption, $name, $groupId, $values = null)
260			{
261			$this->setCaption($caption);
262			$this->setName($name);
263			if (isset($values)) {
264			$this->setValue($values);
265			}
266			$this->_groupId = $groupId;
267			}
268
269			/**
270			* Sets pre-selected values
271			*
272			* @param mixed $value A group ID or an array of group IDs
273			*
274			* @access public
275			*/
276			public function setValue($value)
277			{
278			if (is_array($value)) {
279			foreach ($value as $v) {
280			$this->setValue($v);
281			}
282			} else {
283			$this->_value[] = $value;
284			}
285			}
286
287			/**
288			* Sets the tree structure of items
289			*
290			* @param array $optionTree
291			*
292			* @access public
293			*/
294			public function setOptionTree(&$optionTree)
295			{
296			$this->_optionTree = &$optionTree;
297			}
298
299			/**
300			* Sets appendix of checkboxes
301			*
302			* @access public
303			* @param $appendix
304			*/
305			public function setAppendix($appendix)
306			{
307			$this->_appendix = $appendix;
308			}
309
310			/**
311			* Renders checkbox options for this group
312			*
313			* @return string
314			* @access public
315			*/
316			public function render()
317			{
318			$ret = '';
319
320			if (count($this->_appendix) > 0) {
321			$ret .= '<table class="outer"><tr>';
322			$cols = 1;
323			foreach ($this->_appendix as $append) {
324			if ($cols > 4) {
325			$ret .= '</tr><tr>';
326			$cols = 1;
327			}
328			$checked = $append['selected'] ? 'checked' : '';
329			$name = 'perms[' . $append['permname'] . ']';
330			$itemid = $append['itemid'];
			0 ignored issues – show Unused Code introduced 2020-08-13 17:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$itemid` is dead and can be removed. Loading history...
331			$itemid = $append['itemid'];
332			$ret .= "<td class=\"odd\"><input type=\"checkbox\" name=\"{$name}[groups][$this->_groupId][$itemid]\" id=\"{$name}[groups][$this->_groupId][$itemid]\" value=\"1\" $checked>{$append['itemname']}<input type=\"hidden\" name=\"{$name}[parents][$itemid]\" value=\"\"><input type=\"hidden\" name=\"{$name}[itemname][$itemid]\" value=\"{$append['itemname']}\"><br></td>";
333			++$cols;
334			}
335			$ret .= '</tr></table>';
336			}
337
338			$ret .= '<table class="outer"><tr>';
339			$cols = 1;
340			if (!empty($this->_optionTree[0]['children'])) {
341			foreach ($this->_optionTree[0]['children'] as $topitem) {
342			if ($cols > 4) {
343			$ret .= '</tr><tr>';
344			$cols = 1;
345			}
346			$tree = '<td class="odd">';
347			$prefix = '';
348			$this->_renderOptionTree($tree, $this->_optionTree[$topitem], $prefix);
349			$ret .= $tree . '</td>';
350			++$cols;
351			}
352			}
353			$ret .= '</tr></table>';
354
355			return $ret;
356			}
357
358			/**
359			* Renders checkbox options for an item tree
360			*
361			* @param string $tree
362			* @param array $option
363			* @param string $prefix
364			* @param array $parentIds
365			*
366			* @access private
367			*/
368			public function _renderOptionTree(&$tree, $option, $prefix, $parentIds = [])
369			{
370			$tree .= $prefix . '<input type="checkbox" name="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" id="' . $this->getName() . '[groups][' . $this->_groupId . '][' . $option['id'] . ']" onclick="';
371			// If there are parent elements, add javascript that will
372			// make them selecteded when this element is checked to make
373			// sure permissions to parent items are added as well.
374			foreach ($parentIds as $pid) {
375			$parent_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $pid . ']';
376			$tree .= "var ele = xoopsGetElementById('" . $parent_ele . "'); if (ele.checked !== true) {ele.checked = this.checked;}";
377			}
378			// If there are child elements, add javascript that will
379			// make them unchecked when this element is unchecked to make
380			// sure permissions to child items are not added when there
381			// is no permission to this item.
382			foreach ($option['allchild'] as $cid) {
383			$child_ele = $this->getName() . '[groups][' . $this->_groupId . '][' . $cid . ']';
384			$tree .= "var ele = xoopsGetElementById('" . $child_ele . "'); if (this.checked !== true) {ele.checked = false;}";
385			}
386			$tree .= '" value="1"';
387			if (isset($this->_value) && in_array($option['id'], $this->_value)) {
388			$tree .= ' checked';
389			}
390			$tree .= '>' . $option['name'] . '<input type="hidden" name="' . $this->getName() . '[parents][' . $option['id'] . ']" value="' . implode(':', $parentIds) . '"><input type="hidden" name="' . $this->getName() . '[itemname][' . $option['id'] . ']" value="' . htmlspecialchars(
391			$option['name'],
392			ENT_QUOTES \| ENT_HTML5
393			) . "\"><br>\n";
394			if (isset($option['children'])) {
395			foreach ($option['children'] as $child) {
396			$parentIds[] = $option['id'];
397			$this->_renderOptionTree($tree, $this->_optionTree[$child], $prefix . ' -', $parentIds);
398			}
399			}
400			}
401			}
402

mambax7 / wflinks

Issues (273)

Security Analysis not enabled

admin/mygrouppermform.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like