Issues in form.hotel.bak.php (master) - Issues in master - mambax7/xoops-martin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (663)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/form.hotel.bak.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @酒店表单
 * @license   http://www.blags.org/
 * @created   :2010年05月20日 23时52分
 * @copyright 1997-2010 The Martin Group
 * @author    Martin <[email protected]>
 * */
if (!defined('XOOPS_ROOT_PATH')) {
    return;
}

include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';

/**
 * Class form_hotel
 */
class form_hotel extends XoopsThemeForm
{

    /**
     * form_hotel constructor.
     * @param $HotelObj
     * @param $HotelCityObj
     */
    function __construct(&$HotelObj, &$HotelCityObj)

    {
        global $Ranks;
        $this->Ranks   = &$Ranks;
        $this->Obj     = &$HotelObj;
        $this->CityObj = &$HotelCityObj;
        parent::__construct('酒店信息', "op", xoops_getenv('PHP_SELF') . "?action=save");
        $this->setExtra('enctype="multipart/form-data"');

        $this->createElements();
        $this->createButtons();
    }

    /**
     * created elements
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * */
    function createElements()

    {
        global $xoopsDB, $xoopsModuleConfig;

        //编辑器
        include_once XOOPS_ROOT_PATH . "/modules/martin/class/xoopsformloader.php";
        include_once MARTIN_ROOT_PATH . '/include/formdatetime.php';

        $this->google_api = $xoopsModuleConfig['google_api'];

        $mytree = new XoopsTree($xoopsDB->prefix("martin_hotel_city"), "city_id", "city_parentid");
        // Parent Category
        ob_start();
        $mytree->makeMySelBox("city_name", "", $this->CityObj->city_parentid(), 1, 'hotel_city_id');
        //makeMySelBox($title,$order="",$preset_id=0, $none=0, $sel_name="", $onchange="")
        $this->addElement(new XoopsFormLabel("区域", ob_get_contents()));
        ob_end_clean();
        // City Name
        $this->addElement(new XoopsFormText('酒店排序', 'hotel_rank', 11, 11, $this->Obj->hotel_rank()), true);

        $this->addElement(new XoopsFormText(_AM_MARTIN_HOTEL_NAME, 'hotel_name', 50, 255, $this->Obj->hotel_name()), true);

        $this->addElement(new XoopsFormText('酒店英文名称', 'hotel_enname', 50, 255, $this->Obj->hotel_enname()), true);

        $this->addElement(new XoopsFormText('酒店别名', 'hotel_alias', 50, 255, $this->Obj->hotel_alias()), true);

        $this->addElement(new XoopsFormText(_AM_MARTIN_HOTEL_KEYWORDS_SEO, 'hotel_keywords', 50, 255, $this->Obj->hotel_keywords()), true);

        $this->addElement(new XoopsFormTextArea(_AM_MARTIN_HOTEL_DESC_SEO, 'hotel_description', $this->Obj->hotel_description()), true);

        //hotel star
        $rankElement = new XoopsFormSelect(_AM_MARTIN_HOTEL_STARS, 'hotel_star', $this->Obj->hotel_star(), 1);
        $rankElement->addOptionArray($this->Ranks);
        $this->addElement($rankElement, true);

        $this->addElement(new XoopsFormText('酒店地址', 'hotel_address', 50, 255, $this->Obj->hotel_address()), true);

        $this->addElement(new XoopsFormText('酒店电话', 'hotel_telephone', 50, 255, $this->Obj->hotel_telephone()), true);

        $this->addElement(new XoopsFormText('酒店 FAX', 'hotel_keywords', 50, 255, $this->Obj->hotel_keywords()), true);

        $this->addElement(new XoopsFormText('酒店特色', 'hotel_characteristic', 50, 255, $this->Obj->hotel_characteristic()), true);

        $this->addElement(new XoopsFormText('酒店房间数', 'hotel_room_count', 11, 11, $this->Obj->hotel_room_count()), true);

        //$this->addElement( new XoopsFormText(_AM_MARTIN_HOTEL_ROOM_PHOTOS, 'hotel_image', 50, 255, $this->Obj->hotel_image()), true);

        //特殊处理
        //酒店地图
        $Coordinate = $this->Obj->hotel_google();
        $google     = new XoopsFormElementTray('google 地图');
        $google->addElement(new XoopsFormText('纬度', 'GmapLatitude', 25, 25, $Coordinate[0]), true);
        $google->addElement(new XoopsFormText('经度', 'GmapLongitude', 25, 25, $Coordinate[1]), true);
        $google->addElement(new XoopsFormLabel("<br><br><font style='background-color:#2F5376;color:#FFFFFF;padding:2px;vertical-align:middle;'>google map:</font><br>", $this->googleMap($Coordinate)));
        //$this->addElement($google , true);

        //酒店图片
        $Img = new XoopsFormElementTray('酒店图片');
        $Img->addElement(new XoopsFormLabel("", $this->Swfupload()));

        $this->addElement($Img);
        //特殊处理

        //编辑器 酒店详细信息
        $this->addElement(new XoopsFormTextArea('酒店特别提醒', 'hotel_reminded', $this->Obj->hotel_reminded()), true);
        $editor                   = 'tinymce';
        $hotel_info               = $this->Obj->hotel_info();
        $editor_configs           = array();
        $editor_configs["name"]   = "hotel_info";
        $editor_configs["value"]  = $hotel_info;
        $editor_configs["rows"]   = empty($xoopsModuleConfig["editor_rows"]) ? 35 : $xoopsModuleConfig["editor_rows"];
        $editor_configs["cols"]   = empty($xoopsModuleConfig["editor_cols"]) ? 60 : $xoopsModuleConfig["editor_cols"];
        $editor_configs["width"]  = empty($xoopsModuleConfig["editor_width"]) ? "100%" : $xoopsModuleConfig["editor_width"];
        $editor_configs["height"] = empty($xoopsModuleConfig["editor_height"]) ? "400px" : $xoopsModuleConfig["editor_height"];

        //$this->addElement(new XoopsFormEditor("酒店详细信息", $editor, $editor_configs, false, $onfailure = null) , true);
        $this->addElement(new XoopsFormHidden("hotel_info", $hotel_info), true);

        $this->addElement(new XoopsFormRadioYN("酒店编辑状态", 'hotel_status', $this->Obj->hotel_status(), _AM_MARTIN_PUBLISHED, _AM_MARTIN_DRAFT), true);
        $this->addElement(new MartinFormDateTime("酒店发布时间", 'hotel_open_time', $size = 15, $this->Obj->hotel_open_time()), true);

        $this->addElement(new XoopsFormHidden('hotel_id', $this->Obj->hotel_id()));
    }

    /**
     * @创建按钮
     * @license   http://www.blags.org/
     * @created   :2010年05月20日 23时52分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * */
    function createButtons()

    {
        $button_tray = new XoopsFormElementTray('', '');
        // No ID for category -- then it's new category, button says 'Create'
        if (!$this->CityObj->city_id()) {
            $butt_create = new XoopsFormButton('', '', _SUBMIT, 'submit');
            $butt_create->setExtra('onclick="this.form.elements.op.value=\'addcategory\'"');
            $button_tray->addElement($butt_create);

            $butt_clear = new XoopsFormButton('', '', _RESET, 'reset');
            $button_tray->addElement($butt_clear);

            $butt_cancel = new XoopsFormButton('', '', _CANCEL, 'button');
            $butt_cancel->setExtra('onclick="history.go(-1)"');
            $button_tray->addElement($butt_cancel);

            $this->addElement($button_tray);
        } else {
            // button says 'Update'
            $butt_create = new XoopsFormButton('', '', _EDIT, 'submit');
            $butt_create->setExtra('onclick="this.form.elements.op.value=\'addcategory\'"');
            $button_tray->addElement($butt_create);

            $butt_clear = new XoopsFormButton('', '', _RESET, 'reset');
            $button_tray->addElement($butt_clear);

            $butt_cancel = new XoopsFormButton('', '', _CANCEL, 'button');
            $butt_cancel->setExtra('onclick="history.go(-1)"');
            $button_tray->addElement($butt_cancel);

            $this->addElement($button_tray);
        }
    }

    /**
     * @google    地图
     * @license   http://www.blags.org/
     * @created   :2010年05月24日 19时55分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $Coordinate
     * @return string
     */
    function googleMap($Coordinate)

    {
        $str = '<div id="gmap" style="width: 640px; height: 320px;"></div>';
        $str .= '<style type="text/css">
            @import url("http://www.google.com/uds/css/gsearch.css");
            @import url("http://www.google.com/uds/solutions/localsearch/gmlocalsearch.css");
            </style>
        <script src="http://maps.google.com/maps?file=api&amp;v=2&amp;key=' . $this->google_api . '" type="text/javascript"></script>
        <script type="text/javascript">
        //<![CDATA[
        //得到坐标
        var lat = document.getElementById("GmapLatitude").value;
        lat = lat == "" ? 35.86166 : lat;
        var lng = document.getElementById("GmapLongitude").value;
        lng = lng == "" ? 104.195397 : lng;

        function initialize() {
          if (GBrowserIsCompatible()) {
            var map = new GMap2(document.getElementById("gmap"),{ size: new GSize(800,400) } );
            map.setCenter(new GLatLng(lat,lng), 3);
            var customUI = map.getDefaultUI();
            // Remove MapType.G_HYBRID_MAP
            customUI.maptypes.hybrid = false;
            map.setUI(customUI);
            //搜索
            map.enableGoogleBar();
            GEvent.addListener(map,"click", function(overlay,data) {
                document.getElementById("GmapLatitude").value = data.lat();
                document.getElementById("GmapLongitude").value = data.lng();
            });

            //锚点
            //得到数据信息
            var hotel_name = ["' . $this->Obj->hotel_name() . '"];
            var message = ["' . $this->Obj->hotel_description() . '"];
            hotel_name = hotel_name == "" ? [_AM_MARTIN_HOTEL_NAME] : hotel_name;
            message = message == "" ? [_AM_MARTIN_HOTEL_DESCRIPTION] : message;

            function createMarker(latlng, number) {
              var marker = new GMarker(latlng);
              marker.value = number;
              //点击显示
              GEvent.addListener(marker,"click", function() {
                var myHtml = "<b><font color=\"blue\">" + hotel_name[number] + "</font></b><br/>" + message[number];
                map.openInfoWindowHtml(latlng, myHtml);
              });
              return marker;
            }

            /*var bounds = map.getBounds();
            var southWest = bounds.getSouthWest();
            var northEast = bounds.getNorthEast();
            var lngSpan = northEast.lng() - southWest.lng();
            var latSpan = northEast.lat() - southWest.lat();*/
            for (var i = 0; i < 1; i++) {
                var latlng = new GLatLng(lat,lng);
                map.addOverlay(createMarker(latlng, i));
            }
          }
        }
        //window.onunload = GUnload();
        window.onload = function(){initialize();};
        //Event.observe(window, "load",initialize);
        google.setOnLoadCallback(initialize);
        //]]>
        </script>  ';

        return $str;
    }

    /**
     * swf 多图片上传
     * @license   http://www.blags.org/
     * @created   :2010年05月24日 19时55分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * */
    function Swfupload()

    {
        session_start();
        $_SESSION["file_info"] = array();

        $hotel_image = $this->Obj->hotel_image();
        $swf         = '
        <link href="../javascript/swfupload/css/default.css" rel="stylesheet" type="text/css" />
        <script type="text/javascript" src="../javascript/swfupload/swfupload.js"></script>
        <script type="text/javascript" src="../javascript/swfupload/swfupload.swfobject.js"></script>
        <script type="text/javascript" src="../javascript/swfupload/fileprogress.js"></script>
        <script type="text/javascript" src="../javascript/swfupload/handlers.js"></script>
        <script type="text/javascript">
        var swfu;
        SWFUpload.onload = function () {
            var settings = {
                flash_url : "../javascript/swfupload/swfupload.swf",
                flash9_url : "../javascript/swfupload/swfupload_fp9.swf",
                upload_url: "upload.php",
                post_params: {
                    "PHPSESSID" : "' . session_id() . '"

                },
                file_size_limit : "100 MB",
                file_types : "*.jpg;*.JPG;*.gif;*.GIF;*.jpeg;*.JPEG;*.png;*.PNG",
                file_types_description : "All Files",
                file_upload_limit : 0,
                //file_queue_limit : 0,
                custom_settings : {
                    progressTarget : "fsUploadProgress",
                    cancelButtonId : "btnCancel",
                    showUpload        : "ShowTmp"
                },
                debug: true,

                // Button Settings
                button_image_url : "../javascript/swfupload/images/button.png",
                button_placeholder_id : "spanButtonPlaceholder",
                button_width: 61,
                button_height: 22,
                //button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT,

                // The event handler functions are defined in handlers.js
                swfupload_loaded_handler : swfUploadLoaded,
                //file_queued_handler : fileQueued,
                file_queue_error_handler : fileQueueError,
                file_dialog_complete_handler : fileDialogComplete,
                upload_start_handler : uploadStart,
                upload_progress_handler : uploadProgress,
                upload_error_handler : uploadError,
                upload_success_handler : uploadSuccess,
                upload_complete_handler : uploadComplete,
                queue_complete_handler : queueComplete,    // Queue plugin event

                // SWFObject settings
                minimum_flash_version : "9.0.28",
                swfupload_pre_load_handler : swfUploadPreLoad,
                swfupload_load_failed_handler : swfUploadLoadFailed
            };
            swfu = new SWFUpload(settings);
        }
        </script>
                <div id="divSWFUploadUI">
                    <div id="ShowTmp"></div>
                    <div class="fieldset  flash" id="fsUploadProgress">
                    <span class="legend">图片上传</span>
                    </div>
                    <p id="divStatus">0 Files Uploaded</p>
                    <p>
                        <span id="spanButtonPlaceholder"></span>
                        <input id="btnCancel" type="button" value="Cancel All Uploads" disabled="disabled" style="margin-left: 2px; height: 22px; font-size: 8pt;" />
                        <br />
                    </p>
                </div>
                <noscript>
                    <div style="background-color: #FFFF66; border-top: solid 4px


1			<?php
2			/**
3			* @酒店表单
4			* @license http://www.blags.org/
5			* @created :2010年05月20日 23时52分
6			* @copyright 1997-2010 The Martin Group
7			* @author Martin <[email protected]>
8			* */
9			if (!defined('XOOPS_ROOT_PATH')) {
10			return;
11			}
12
13			include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
14
15			/**
16			* Class form_hotel
17			*/
18			class form_hotel extends XoopsThemeForm
19			{
20
21			/**
22			* form_hotel constructor.
23			* @param $HotelObj
24			* @param $HotelCityObj
25			*/
26			function __construct(&$HotelObj, &$HotelCityObj)
			0 ignored issues – show Best Practice introduced 2016-01-18 08:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
27			{
28			global $Ranks;
29			$this->Ranks = &$Ranks;
30			$this->Obj = &$HotelObj;
31			$this->CityObj = &$HotelCityObj;
32			parent::__construct('酒店信息', "op", xoops_getenv('PHP_SELF') . "?action=save");
33			$this->setExtra('enctype="multipart/form-data"');
34
35			$this->createElements();
36			$this->createButtons();
37			}
38
39			/**
40			* created elements
41			* @license http://www.blags.org/
42			* @created :2010年05月21日 20时40分
43			* @copyright 1997-2010 The Martin Group
44			* @author Martin <[email protected]>
45			* */
46			function createElements()
			0 ignored issues – show Best Practice introduced 2016-01-18 08:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
47			{
48			global $xoopsDB, $xoopsModuleConfig;
49
50			//编辑器
51			include_once XOOPS_ROOT_PATH . "/modules/martin/class/xoopsformloader.php";
52			include_once MARTIN_ROOT_PATH . '/include/formdatetime.php';
53
54			$this->google_api = $xoopsModuleConfig['google_api'];
55
56			$mytree = new XoopsTree($xoopsDB->prefix("martin_hotel_city"), "city_id", "city_parentid");
57			// Parent Category
58			ob_start();
59			$mytree->makeMySelBox("city_name", "", $this->CityObj->city_parentid(), 1, 'hotel_city_id');
60			//makeMySelBox($title,$order="",$preset_id=0, $none=0, $sel_name="", $onchange="")
61			$this->addElement(new XoopsFormLabel("区域", ob_get_contents()));
62			ob_end_clean();
63			// City Name
64			$this->addElement(new XoopsFormText('酒店排序', 'hotel_rank', 11, 11, $this->Obj->hotel_rank()), true);
65
66			$this->addElement(new XoopsFormText(_AM_MARTIN_HOTEL_NAME, 'hotel_name', 50, 255, $this->Obj->hotel_name()), true);
67
68			$this->addElement(new XoopsFormText('酒店英文名称', 'hotel_enname', 50, 255, $this->Obj->hotel_enname()), true);
69
70			$this->addElement(new XoopsFormText('酒店别名', 'hotel_alias', 50, 255, $this->Obj->hotel_alias()), true);
71
72			$this->addElement(new XoopsFormText(_AM_MARTIN_HOTEL_KEYWORDS_SEO, 'hotel_keywords', 50, 255, $this->Obj->hotel_keywords()), true);
73
74			$this->addElement(new XoopsFormTextArea(_AM_MARTIN_HOTEL_DESC_SEO, 'hotel_description', $this->Obj->hotel_description()), true);
75
76			//hotel star
77			$rankElement = new XoopsFormSelect(_AM_MARTIN_HOTEL_STARS, 'hotel_star', $this->Obj->hotel_star(), 1);
78			$rankElement->addOptionArray($this->Ranks);
79			$this->addElement($rankElement, true);
80
81			$this->addElement(new XoopsFormText('酒店地址', 'hotel_address', 50, 255, $this->Obj->hotel_address()), true);
82
83			$this->addElement(new XoopsFormText('酒店电话', 'hotel_telephone', 50, 255, $this->Obj->hotel_telephone()), true);
84
85			$this->addElement(new XoopsFormText('酒店 FAX', 'hotel_keywords', 50, 255, $this->Obj->hotel_keywords()), true);
86
87			$this->addElement(new XoopsFormText('酒店特色', 'hotel_characteristic', 50, 255, $this->Obj->hotel_characteristic()), true);
88
89			$this->addElement(new XoopsFormText('酒店房间数', 'hotel_room_count', 11, 11, $this->Obj->hotel_room_count()), true);
90
91			//$this->addElement( new XoopsFormText(_AM_MARTIN_HOTEL_ROOM_PHOTOS, 'hotel_image', 50, 255, $this->Obj->hotel_image()), true);
92
93			//特殊处理
94			//酒店地图
95			$Coordinate = $this->Obj->hotel_google();
96			$google = new XoopsFormElementTray('google 地图');
97			$google->addElement(new XoopsFormText('纬度', 'GmapLatitude', 25, 25, $Coordinate[0]), true);
98			$google->addElement(new XoopsFormText('经度', 'GmapLongitude', 25, 25, $Coordinate[1]), true);
99			$google->addElement(new XoopsFormLabel("<br><br><font style='background-color:#2F5376;color:#FFFFFF;padding:2px;vertical-align:middle;'>google map:</font><br>", $this->googleMap($Coordinate)));
100			//$this->addElement($google , true);
101
102			//酒店图片
103			$Img = new XoopsFormElementTray('酒店图片');
104			$Img->addElement(new XoopsFormLabel("", $this->Swfupload()));
105
106			$this->addElement($Img);
107			//特殊处理
108
109			//编辑器酒店详细信息
110			$this->addElement(new XoopsFormTextArea('酒店特别提醒', 'hotel_reminded', $this->Obj->hotel_reminded()), true);
111			$editor = 'tinymce';
112			$hotel_info = $this->Obj->hotel_info();
113			$editor_configs = array();
114			$editor_configs["name"] = "hotel_info";
115			$editor_configs["value"] = $hotel_info;
116			$editor_configs["rows"] = empty($xoopsModuleConfig["editor_rows"]) ? 35 : $xoopsModuleConfig["editor_rows"];
117			$editor_configs["cols"] = empty($xoopsModuleConfig["editor_cols"]) ? 60 : $xoopsModuleConfig["editor_cols"];
118			$editor_configs["width"] = empty($xoopsModuleConfig["editor_width"]) ? "100%" : $xoopsModuleConfig["editor_width"];
119			$editor_configs["height"] = empty($xoopsModuleConfig["editor_height"]) ? "400px" : $xoopsModuleConfig["editor_height"];
120
121			//$this->addElement(new XoopsFormEditor("酒店详细信息", $editor, $editor_configs, false, $onfailure = null) , true);
122			$this->addElement(new XoopsFormHidden("hotel_info", $hotel_info), true);
123
124			$this->addElement(new XoopsFormRadioYN("酒店编辑状态", 'hotel_status', $this->Obj->hotel_status(), _AM_MARTIN_PUBLISHED, _AM_MARTIN_DRAFT), true);
125			$this->addElement(new MartinFormDateTime("酒店发布时间", 'hotel_open_time', $size = 15, $this->Obj->hotel_open_time()), true);
126
127			$this->addElement(new XoopsFormHidden('hotel_id', $this->Obj->hotel_id()));
128			}
129
130			/**
131			* @创建按钮
132			* @license http://www.blags.org/
133			* @created :2010年05月20日 23时52分
134			* @copyright 1997-2010 The Martin Group
135			* @author Martin <[email protected]>
136			* */
137			function createButtons()
			0 ignored issues – show Best Practice introduced 2016-01-18 08:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
138			{
139			$button_tray = new XoopsFormElementTray('', '');
140			// No ID for category -- then it's new category, button says 'Create'
141			if (!$this->CityObj->city_id()) {
142			$butt_create = new XoopsFormButton('', '', _SUBMIT, 'submit');
143			$butt_create->setExtra('onclick="this.form.elements.op.value=\'addcategory\'"');
144			$button_tray->addElement($butt_create);
145
146			$butt_clear = new XoopsFormButton('', '', _RESET, 'reset');
147			$button_tray->addElement($butt_clear);
148
149			$butt_cancel = new XoopsFormButton('', '', _CANCEL, 'button');
150			$butt_cancel->setExtra('onclick="history.go(-1)"');
151			$button_tray->addElement($butt_cancel);
152
153			$this->addElement($button_tray);
154			} else {
155			// button says 'Update'
156			$butt_create = new XoopsFormButton('', '', _EDIT, 'submit');
157			$butt_create->setExtra('onclick="this.form.elements.op.value=\'addcategory\'"');
158			$button_tray->addElement($butt_create);
159
160			$butt_clear = new XoopsFormButton('', '', _RESET, 'reset');
161			$button_tray->addElement($butt_clear);
162
163			$butt_cancel = new XoopsFormButton('', '', _CANCEL, 'button');
164			$butt_cancel->setExtra('onclick="history.go(-1)"');
165			$button_tray->addElement($butt_cancel);
166
167			$this->addElement($button_tray);
168			}
169			}
170
171			/**
172			* @google 地图
173			* @license http://www.blags.org/
174			* @created :2010年05月24日 19时55分
175			* @copyright 1997-2010 The Martin Group
176			* @author Martin <[email protected]>
177			* @param $Coordinate
178			* @return string
179			*/
180			function googleMap($Coordinate)
			0 ignored issues – show Best Practice introduced 2016-01-18 08:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
181			{
182			$str = '<div id="gmap" style="width: 640px; height: 320px;"></div>';
183			$str .= '<style type="text/css">
184			@import url("http://www.google.com/uds/css/gsearch.css");
185			@import url("http://www.google.com/uds/solutions/localsearch/gmlocalsearch.css");
186			</style>
187			<script src="http://maps.google.com/maps?file=api&v=2&key=' . $this->google_api . '" type="text/javascript"></script>
188			<script type="text/javascript">
189			//<![CDATA[
190			//得到坐标
191			var lat = document.getElementById("GmapLatitude").value;
192			lat = lat == "" ? 35.86166 : lat;
193			var lng = document.getElementById("GmapLongitude").value;
194			lng = lng == "" ? 104.195397 : lng;
195
196			function initialize() {
197			if (GBrowserIsCompatible()) {
198			var map = new GMap2(document.getElementById("gmap"),{ size: new GSize(800,400) } );
199			map.setCenter(new GLatLng(lat,lng), 3);
200			var customUI = map.getDefaultUI();
201			// Remove MapType.G_HYBRID_MAP
202			customUI.maptypes.hybrid = false;
203			map.setUI(customUI);
204			//搜索
205			map.enableGoogleBar();
206			GEvent.addListener(map,"click", function(overlay,data) {
207			document.getElementById("GmapLatitude").value = data.lat();
208			document.getElementById("GmapLongitude").value = data.lng();
209			});
210
211			//锚点
212			//得到数据信息
213			var hotel_name = ["' . $this->Obj->hotel_name() . '"];
214			var message = ["' . $this->Obj->hotel_description() . '"];
215			hotel_name = hotel_name == "" ? [_AM_MARTIN_HOTEL_NAME] : hotel_name;
216			message = message == "" ? [_AM_MARTIN_HOTEL_DESCRIPTION] : message;
217
218			function createMarker(latlng, number) {
219			var marker = new GMarker(latlng);
220			marker.value = number;
221			//点击显示
222			GEvent.addListener(marker,"click", function() {
223			var myHtml = "<b><font color=\"blue\">" + hotel_name[number] + "</font></b><br/>" + message[number];
224			map.openInfoWindowHtml(latlng, myHtml);
225			});
226			return marker;
227			}
228
229			/*var bounds = map.getBounds();
230			var southWest = bounds.getSouthWest();
231			var northEast = bounds.getNorthEast();
232			var lngSpan = northEast.lng() - southWest.lng();
233			var latSpan = northEast.lat() - southWest.lat();*/
234			for (var i = 0; i < 1; i++) {
235			var latlng = new GLatLng(lat,lng);
236			map.addOverlay(createMarker(latlng, i));
237			}
238			}
239			}
240			//window.onunload = GUnload();
241			window.onload = function(){initialize();};
242			//Event.observe(window, "load",initialize);
243			google.setOnLoadCallback(initialize);
244			//]]>
245			</script> ';
246
247			return $str;
248			}
249
250			/**
251			* swf 多图片上传
252			* @license http://www.blags.org/
253			* @created :2010年05月24日 19时55分
254			* @copyright 1997-2010 The Martin Group
255			* @author Martin <[email protected]>
256			* */
257			function Swfupload()
			0 ignored issues – show Best Practice introduced 2016-01-18 08:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
258			{
259			session_start();
260			$_SESSION["file_info"] = array();
261
262			$hotel_image = $this->Obj->hotel_image();
263			$swf = '
264			<link href="../javascript/swfupload/css/default.css" rel="stylesheet" type="text/css" />
265			<script type="text/javascript" src="../javascript/swfupload/swfupload.js"></script>
266			<script type="text/javascript" src="../javascript/swfupload/swfupload.swfobject.js"></script>
267			<script type="text/javascript" src="../javascript/swfupload/fileprogress.js"></script>
268			<script type="text/javascript" src="../javascript/swfupload/handlers.js"></script>
269			<script type="text/javascript">
270			var swfu;
271			SWFUpload.onload = function () {
272			var settings = {
273			flash_url : "../javascript/swfupload/swfupload.swf",
274			flash9_url : "../javascript/swfupload/swfupload_fp9.swf",
275			upload_url: "upload.php",
276			post_params: {
277			"PHPSESSID" : "' . session_id() . '"
			0 ignored issues – show Bug introduced 2015-12-30 10:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_ENCAPSED_AND_WHITESPACE Loading history...
278			},
279			file_size_limit : "100 MB",
280			file_types : ".jpg;.JPG;.gif;.GIF;.jpeg;.JPEG;.png;.PNG",
281			file_types_description : "All Files",
282			file_upload_limit : 0,
283			//file_queue_limit : 0,
284			custom_settings : {
285			progressTarget : "fsUploadProgress",
286			cancelButtonId : "btnCancel",
287			showUpload : "ShowTmp"
288			},
289			debug: true,
290
291			// Button Settings
292			button_image_url : "../javascript/swfupload/images/button.png",
293			button_placeholder_id : "spanButtonPlaceholder",
294			button_width: 61,
295			button_height: 22,
296			//button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT,
297
298			// The event handler functions are defined in handlers.js
299			swfupload_loaded_handler : swfUploadLoaded,
300			//file_queued_handler : fileQueued,
301			file_queue_error_handler : fileQueueError,
302			file_dialog_complete_handler : fileDialogComplete,
303			upload_start_handler : uploadStart,
304			upload_progress_handler : uploadProgress,
305			upload_error_handler : uploadError,
306			upload_success_handler : uploadSuccess,
307			upload_complete_handler : uploadComplete,
308			queue_complete_handler : queueComplete, // Queue plugin event
309
310			// SWFObject settings
311			minimum_flash_version : "9.0.28",
312			swfupload_pre_load_handler : swfUploadPreLoad,
313			swfupload_load_failed_handler : swfUploadLoadFailed
314			};
315			swfu = new SWFUpload(settings);
316			}
317			</script>
318			<div id="divSWFUploadUI">
319			<div id="ShowTmp"></div>
320			<div class="fieldset flash" id="fsUploadProgress">
321			<span class="legend">图片上传</span>
322			</div>
323			<p id="divStatus">0 Files Uploaded</p>
324			<p>
325			<span id="spanButtonPlaceholder"></span>
326			<input id="btnCancel" type="button" value="Cancel All Uploads" disabled="disabled" style="margin-left: 2px; height: 22px; font-size: 8pt;" />
327			<br />
328			</p>
329			</div>
330			<noscript>
331			<div style="background-color: #FFFF66; border-top: solid 4px
332

mambax7 / xoops-martin

Issues (663)

Security Analysis not enabled

include/form.hotel.bak.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like