This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * |
||
4 | * @package Quickedit |
||
5 | * @copyright (c) 2015 - 2021 Marc Alexander ( www.m-a-styles.de ) |
||
6 | * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 |
||
7 | * |
||
8 | */ |
||
9 | |||
10 | namespace marc1706\quickedit\event; |
||
11 | |||
12 | use phpbb\auth\auth; |
||
13 | use phpbb\config\config; |
||
14 | use phpbb\request\request; |
||
15 | use phpbb\request\request_interface; |
||
16 | |||
17 | class listener_helper |
||
18 | { |
||
19 | /** @var auth */ |
||
20 | protected $auth; |
||
21 | |||
22 | /** @var config */ |
||
23 | protected $config; |
||
24 | |||
25 | /** @var request */ |
||
26 | protected $request; |
||
27 | |||
28 | /** @var int quickedit forums flag */ |
||
29 | const QUICKEDIT_FLAG = 128; |
||
30 | |||
31 | /** |
||
32 | * Constructor for listener |
||
33 | * |
||
34 | 29 | * @param auth $auth phpBB auth |
|
35 | * @param config $config phpBB config |
||
36 | 29 | * @param request_interface $request $request phpBB request |
|
37 | 29 | */ |
|
38 | 29 | public function __construct(auth $auth, config $config, request_interface $request) |
|
39 | 29 | { |
|
40 | $this->auth = $auth; |
||
41 | $this->config = $config; |
||
42 | $this->request = $request; |
||
0 ignored issues
–
show
|
|||
43 | } |
||
44 | |||
45 | /** |
||
46 | * Check if request is a catchable request |
||
47 | * |
||
48 | 3 | * @param object $event The event object |
|
49 | * @return bool True if it's a catchable request, false if not |
||
50 | 3 | */ |
|
51 | public function is_catchable_request($event) : bool |
||
52 | { |
||
53 | return $this->request->is_ajax() && !$event['submit'] && $event['mode'] == 'edit'; |
||
54 | } |
||
55 | |||
56 | /** |
||
57 | * Add hidden fields in order to prevent dropping the needed values upon |
||
58 | * submission. |
||
59 | * |
||
60 | * @param object $event The event object |
||
61 | 2 | * @return void |
|
62 | */ |
||
63 | 2 | public function add_hidden_fields(&$event) |
|
64 | 2 | { |
|
65 | 2 | $hidden_fields = [ |
|
66 | 2 | 'attachment_data' => $event['message_parser']->attachment_data, |
|
67 | 2 | 'poll_vote_change' => $this->not_empty_or_default($event['post_data']['poll_vote_change'], ' checked="checked"', ''), |
|
68 | 2 | 'poll_title' => $this->isset_or_default($event['post_data']['poll_title'], ''), |
|
69 | 2 | 'poll_option_text' => $this->not_empty_or_default($event['post_data']['poll_options'], implode("\n", $event['post_data']['poll_options']), ''), |
|
70 | 2 | 'poll_max_options' => $this->isset_or_default((int) $event['post_data']['poll_max_options'], 1), |
|
71 | 2 | 'poll_length' => $event['post_data']['poll_length'], |
|
72 | 2 | 'topic_status' => $event['post_data']['topic_status'], |
|
73 | ]; |
||
74 | 2 | ||
75 | 2 | if (!empty($event['post_data']['post_edit_locked'])) |
|
76 | 1 | { |
|
77 | 1 | $hidden_fields['lock_post'] = $event['post_data']['post_edit_locked']; |
|
78 | 1 | } |
|
79 | 1 | ||
80 | if (!empty($event['post_data']['enable_sig'])) |
||
81 | { |
||
82 | 2 | $hidden_fields['attach_sig'] = $event['post_data']['enable_sig']; |
|
83 | 2 | } |
|
84 | |||
85 | if (!empty($event['post_data']['topic_status'])) |
||
86 | { |
||
87 | $hidden_fields['lock_topic'] = true; |
||
88 | } |
||
89 | |||
90 | $event['s_hidden_fields'] .= build_hidden_fields($hidden_fields); |
||
91 | |||
92 | // Add hidden fields for kinerity/topicdescriptions |
||
93 | 2 | $event['s_hidden_fields'] = $this->add_hidden_if_exists($event['s_hidden_fields'], $event['post_data'], 'topic_desc'); |
|
94 | } |
||
95 | 2 | ||
96 | /** |
||
97 | * Returns value if it is set, otherwise the default |
||
98 | * |
||
99 | * @param mixed $value The variable to check |
||
100 | * @param mixed $default The default value to use if variable is not set |
||
101 | * @return mixed Value if variable is set, default value if not |
||
102 | */ |
||
103 | protected function isset_or_default($value, $default) |
||
104 | { |
||
105 | return $value ?? $default; |
||
106 | } |
||
107 | 2 | ||
108 | /** |
||
109 | 2 | * Returns value if it's not empty, otherwise the default |
|
110 | * |
||
111 | * @param mixed $check_value The variable to check |
||
112 | * @param mixed $value The value if $check_value is not empty |
||
113 | * @param mixed $default The default value to use if variable is empty |
||
114 | * @return mixed Value if $check_value is not empty, default value if not |
||
115 | */ |
||
116 | protected function not_empty_or_default($check_value, $value, $default) |
||
117 | { |
||
118 | return (!empty($check_value)) ? $value : $default; |
||
119 | 1 | } |
|
120 | |||
121 | 1 | /** |
|
122 | 1 | * Enable quick edit |
|
123 | 1 | * |
|
124 | 1 | * @param object $event The event object |
|
125 | 1 | * @return void |
|
126 | 1 | */ |
|
127 | 1 | public function enable_quick_edit($event) |
|
128 | 1 | { |
|
129 | $cfg_array = ($this->request->is_set('config')) ? $this->request->variable('config', array('' => '')) : ''; |
||
130 | if (isset($cfg_array['allow_quick_edit'])) |
||
131 | { |
||
132 | $this->config->set('allow_quick_edit', (bool) $cfg_array['allow_quick_edit']); |
||
133 | \enable_bitfield_column_flag(FORUMS_TABLE, 'forum_flags', log(self::QUICKEDIT_FLAG, 2)); |
||
134 | } |
||
135 | $event->offsetSet('submit', true); |
||
136 | } |
||
137 | 1 | ||
138 | /** |
||
139 | * Add quickedit settings to acp settings by modifying the display vars |
||
140 | 1 | * |
|
141 | 1 | * @param object $event The event object |
|
142 | 1 | * @return void |
|
143 | */ |
||
144 | 1 | public function modify_acp_display_vars($event) |
|
145 | { |
||
146 | 1 | $new_display_var = array( |
|
147 | 1 | 'title' => $event['display_vars']['title'], |
|
148 | 1 | 'vars' => array(), |
|
149 | 1 | ); |
|
150 | 1 | ||
151 | 1 | foreach ($event['display_vars']['vars'] as $key => $content) |
|
152 | 1 | { |
|
153 | 1 | $new_display_var['vars'][$key] = $content; |
|
154 | 1 | if ($key == 'allow_quick_reply') |
|
155 | { |
||
156 | 1 | $new_display_var['vars']['allow_quick_edit'] = array( |
|
157 | 1 | 'lang' => 'ALLOW_QUICK_EDIT', |
|
158 | 1 | 'validate' => 'bool', |
|
159 | 1 | 'type' => 'custom', |
|
160 | 'function' => array('marc1706\quickedit\event\listener', 'quickedit_settings'), |
||
161 | 'explain' => true, |
||
162 | ); |
||
163 | } |
||
164 | } |
||
165 | $event->offsetSet('display_vars', $new_display_var); |
||
166 | } |
||
167 | |||
168 | 2 | /** |
|
169 | * Check whether user can edit in this topic and forum |
||
170 | 2 | * |
|
171 | 2 | * @param object $event The event object |
|
172 | 1 | * @return bool True if user can edit in this topic or forum, else false |
|
173 | */ |
||
174 | public function check_topic_edit($event) : bool |
||
175 | { |
||
176 | 1 | if (($event['topic_data']['forum_status'] == ITEM_UNLOCKED && $event['topic_data']['topic_status'] == ITEM_UNLOCKED) || $this->auth->acl_get('m_edit', $event['forum_id'])) |
|
177 | { |
||
178 | return true; |
||
179 | } |
||
180 | else |
||
181 | { |
||
182 | return false; |
||
183 | } |
||
184 | } |
||
185 | |||
186 | /** |
||
187 | * Check forum_permissions and flag |
||
188 | 2 | * |
|
189 | * @param object $event The event object |
||
190 | 2 | * @return bool True if quickedit is enabled and user can reply in forum, |
|
191 | 2 | * false if not |
|
192 | 1 | */ |
|
193 | public function check_forum_permissions($event) : bool |
||
194 | { |
||
195 | if (($event['topic_data']['forum_flags'] & self::QUICKEDIT_FLAG) && $this->auth->acl_get('f_reply', $event['forum_id'])) |
||
196 | 1 | { |
|
197 | return true; |
||
198 | } |
||
199 | else |
||
200 | { |
||
201 | return false; |
||
202 | } |
||
203 | } |
||
204 | |||
205 | /** |
||
206 | * Add data to hidden fields if column exists in post_data array |
||
207 | * |
||
208 | * @param string $hidden_fields Hidden fields data |
||
209 | 2 | * @param array $data_array post_data array |
|
210 | * @param string $column Column name |
||
211 | 2 | * |
|
212 | 2 | * @return string Hidden fields data |
|
213 | 1 | */ |
|
214 | 1 | protected function add_hidden_if_exists(string $hidden_fields, array $data_array, string $column) : string |
|
215 | 1 | { |
|
216 | 1 | if (isset($data_array[$column])) |
|
217 | { |
||
218 | 2 | $hidden_fields .= build_hidden_fields(array( |
|
219 | $column => $data_array[$column], |
||
220 | )); |
||
221 | } |
||
222 | |||
223 | return $hidden_fields; |
||
224 | } |
||
225 | } |
||
226 |
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.
Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..