Passed
Push — teampass_3.0 ( 880668...5169d5 )
by Nils
14:26 queued 08:29
created
sources/find.queries.php 1 patch
Spacing   +47 added lines, -47 removed lines patch added patch discarded remove patch
@@ -28,7 +28,7 @@  discard block
 block discarded – undo
28 28
 require_once 'SecureHandler.php';
29 29
 session_name('teampass_session');
30 30
 session_start();
31
-if (! isset($_SESSION['CPM']) || $_SESSION['CPM'] === false || ! isset($_SESSION['key']) || empty($_SESSION['key'])) {
31
+if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] === false || !isset($_SESSION['key']) || empty($_SESSION['key'])) {
32 32
     die('Hacking attempt...');
33 33
 }
34 34
 
@@ -42,17 +42,17 @@  discard block
 block discarded – undo
42 42
 }
43 43
 
44 44
 // Do checks
45
-require_once $SETTINGS['cpassman_dir'] . '/includes/config/include.php';
46
-require_once $SETTINGS['cpassman_dir'] . '/sources/checks.php';
45
+require_once $SETTINGS['cpassman_dir'].'/includes/config/include.php';
46
+require_once $SETTINGS['cpassman_dir'].'/sources/checks.php';
47 47
 if (checkUser($_SESSION['user_id'], $_SESSION['key'], 'items', $SETTINGS) === false) {
48 48
     // Not allowed page
49 49
     $_SESSION['error']['code'] = ERR_NOT_ALLOWED;
50
-    include $SETTINGS['cpassman_dir'] . '/error.php';
50
+    include $SETTINGS['cpassman_dir'].'/error.php';
51 51
     exit;
52 52
 }
53 53
 
54
-require_once $SETTINGS['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
55
-require_once $SETTINGS['cpassman_dir'] . '/includes/config/settings.php';
54
+require_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user_language'].'.php';
55
+require_once $SETTINGS['cpassman_dir'].'/includes/config/settings.php';
56 56
 header('Content-type: text/html; charset=utf-8');
57 57
 header('Cache-Control: no-cache, must-revalidate');
58 58
 require_once 'main.functions.php';
@@ -60,12 +60,12 @@  discard block
 block discarded – undo
60 60
 if (isset($_SESSION['groupes_visibles']) === false
61 61
     || empty($_SESSION['groupes_visibles']) === true
62 62
 ) {
63
-    echo '{"sEcho": ' . intval($_GET['sEcho']) . ' ,"iTotalRecords": "0", "iTotalDisplayRecords": "0", "aaData": [] }';
63
+    echo '{"sEcho": '.intval($_GET['sEcho']).' ,"iTotalRecords": "0", "iTotalDisplayRecords": "0", "aaData": [] }';
64 64
     exit;
65 65
 }
66 66
 
67 67
 //Connect to DB
68
-require_once $SETTINGS['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
68
+require_once $SETTINGS['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php';
69 69
 if (defined('DB_PASSWD_CLEAR') === false) {
70 70
     define('DB_PASSWD_CLEAR', defuseReturnDecrypted(DB_PASSWD, $SETTINGS));
71 71
 }
@@ -89,7 +89,7 @@  discard block
 block discarded – undo
89 89
     $folders = $_SESSION['groupes_visibles'];
90 90
 } else {
91 91
     // Build tree
92
-    $tree = new SplClassLoader('Tree\NestedTree', $SETTINGS['cpassman_dir'] . '/includes/libraries');
92
+    $tree = new SplClassLoader('Tree\NestedTree', $SETTINGS['cpassman_dir'].'/includes/libraries');
93 93
     $tree->register();
94 94
     $tree = new Tree\NestedTree\NestedTree(prefixTable('nested_tree'), 'id', 'parent_id', 'title');
95 95
     $folders = $tree->getDescendants(filter_var($_GET['limited'], FILTER_SANITIZE_NUMBER_INT), true);
@@ -98,7 +98,7 @@  discard block
 block discarded – undo
98 98
 
99 99
 //Get current user "personal folder" ID
100 100
 $row = DB::query(
101
-    'SELECT id FROM ' . prefixTable('nested_tree') . ' WHERE title = %i',
101
+    'SELECT id FROM '.prefixTable('nested_tree').' WHERE title = %i',
102 102
     intval($_SESSION['user_id'])
103 103
 );
104 104
 //get list of personal folders
@@ -107,20 +107,20 @@  discard block
 block discarded – undo
107 107
 $listPf = '';
108 108
 if (empty($row['id']) === false) {
109 109
     $rows = DB::query(
110
-        'SELECT id FROM ' . prefixTable('nested_tree') . '
110
+        'SELECT id FROM '.prefixTable('nested_tree').'
111 111
         WHERE personal_folder = 1 AND NOT parent_id = %i AND NOT title = %i',
112 112
         filter_var($row['id'], FILTER_SANITIZE_NUMBER_INT),
113 113
         filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT)
114 114
     );
115 115
     foreach ($rows as $record) {
116
-        if (! in_array($record['id'], $arrayPf)) {
116
+        if (!in_array($record['id'], $arrayPf)) {
117 117
             //build an array of personal folders ids
118 118
             array_push($arrayPf, $record['id']);
119 119
             //build also a string with those ids
120 120
             if (empty($listPf)) {
121 121
                 $listPf = $record['id'];
122 122
             } else {
123
-                $listPf .= ', ' . $record['id'];
123
+                $listPf .= ', '.$record['id'];
124 124
             }
125 125
         }
126 126
     }
@@ -130,7 +130,7 @@  discard block
 block discarded – undo
130 130
 //Paging
131 131
 $sLimit = '';
132 132
 if (isset($_GET['start']) === true && $_GET['length'] !== '-1') {
133
-    $sLimit = 'LIMIT ' . filter_var($_GET['start'], FILTER_SANITIZE_NUMBER_INT) . ', ' . filter_var($_GET['length'], FILTER_SANITIZE_NUMBER_INT) . '';
133
+    $sLimit = 'LIMIT '.filter_var($_GET['start'], FILTER_SANITIZE_NUMBER_INT).', '.filter_var($_GET['length'], FILTER_SANITIZE_NUMBER_INT).'';
134 134
 }
135 135
 
136 136
 //Ordering
@@ -143,8 +143,8 @@  discard block
 block discarded – undo
143 143
     }
144 144
     $sOrder = 'ORDER BY  ';
145 145
     if ($_GET['order'][0]['column'] >= 0) {
146
-        $sOrder .= '' . $aColumns[filter_var($_GET['order'][0]['column'], FILTER_SANITIZE_NUMBER_INT)] . ' '
147
-                . filter_var($_GET['order'][0]['dir'], FILTER_SANITIZE_STRING) . ', ';
146
+        $sOrder .= ''.$aColumns[filter_var($_GET['order'][0]['column'], FILTER_SANITIZE_NUMBER_INT)].' '
147
+                . filter_var($_GET['order'][0]['dir'], FILTER_SANITIZE_STRING).', ';
148 148
     }
149 149
 
150 150
     $sOrder = substr_replace($sOrder, '', -2);
@@ -152,7 +152,7 @@  discard block
 block discarded – undo
152 152
         $sOrder = '';
153 153
     }
154 154
 } else {
155
-    $sOrder = 'ORDER BY ' . $aColumns[1] . ' ASC';
155
+    $sOrder = 'ORDER BY '.$aColumns[1].' ASC';
156 156
 }
157 157
 
158 158
 // Define criteria
@@ -174,9 +174,9 @@  discard block
 block discarded – undo
174 174
 if (empty($search_criteria) === false) {
175 175
     $sWhere .= ' AND (';
176 176
     for ($i = 0; $i < count($aColumns); ++$i) {
177
-        $sWhere .= $aColumns[$i] . ' LIKE %ss_' . $i . ' OR ';
177
+        $sWhere .= $aColumns[$i].' LIKE %ss_'.$i.' OR ';
178 178
     }
179
-    $sWhere = substr_replace((string) $sWhere, '', -3) . ') ';
179
+    $sWhere = substr_replace((string) $sWhere, '', -3).') ';
180 180
     $crit = [
181 181
         'idtree' => array_unique($folders),
182 182
         '0' => $search_criteria,
@@ -214,13 +214,13 @@  discard block
 block discarded – undo
214 214
     if (empty($sWhere) === false) {
215 215
         $sWhere .= ' AND ';
216 216
     }
217
-    $sWhere = 'WHERE ' . $sWhere . 'id_tree NOT IN %ls_pf ';
217
+    $sWhere = 'WHERE '.$sWhere.'id_tree NOT IN %ls_pf ';
218 218
 } else {
219
-    $sWhere = 'WHERE ' . $sWhere;
219
+    $sWhere = 'WHERE '.$sWhere;
220 220
 }
221 221
 
222 222
 DB::query(
223
-    'SELECT id FROM ' . prefixTable('cache') . "
223
+    'SELECT id FROM '.prefixTable('cache')."
224 224
     ${sWhere}
225 225
     ${sOrder}",
226 226
     $crit
@@ -228,7 +228,7 @@  discard block
 block discarded – undo
228 228
 $iTotal = DB::count();
229 229
 $rows = DB::query(
230 230
     'SELECT id, label, description, tags, id_tree, perso, restricted_to, login, folder, author, renewal_period, url, timestamp
231
-    FROM ' . prefixTable('cache') . "
231
+    FROM ' . prefixTable('cache')."
232 232
     ${sWhere}
233 233
     ${sOrder}
234 234
     ${sLimit}",
@@ -241,7 +241,7 @@  discard block
 block discarded – undo
241 241
 if (isset($_GET['type']) === false) {
242 242
     $sOutput = '{';
243 243
     if (isset($_GET['draw']) === true) {
244
-        $sOutput .= '"draw": ' . intval($_GET['draw']) . ', ';
244
+        $sOutput .= '"draw": '.intval($_GET['draw']).', ';
245 245
     }
246 246
     $sOutput .= '"data": [';
247 247
     $sOutputConst = '';
@@ -258,7 +258,7 @@  discard block
 block discarded – undo
258 258
             foreach (explode(';', $_SESSION['fonction_id']) as $role) {
259 259
                 //db::debugmode(true);
260 260
                 $access = DB::queryFirstRow(
261
-                    'SELECT type FROM ' . prefixTable('roles_values') . ' WHERE role_id = %i AND folder_id = %i',
261
+                    'SELECT type FROM '.prefixTable('roles_values').' WHERE role_id = %i AND folder_id = %i',
262 262
                     $role,
263 263
                     $record['id_tree']
264 264
                 );
@@ -278,7 +278,7 @@  discard block
 block discarded – undo
278 278
             }
279 279
             $accessLevel = count($arrTmp) > 0 ? min($arrTmp) : $accessLevel;
280 280
             if ($accessLevel === 0) {
281
-                $checkbox = '<input type=\"checkbox\" value=\"0\" class=\"mass_op_cb\" data-id=\"' . $record['id'] . '\">';
281
+                $checkbox = '<input type=\"checkbox\" value=\"0\" class=\"mass_op_cb\" data-id=\"'.$record['id'].'\">';
282 282
             }
283 283
 
284 284
             if ((int) $accessLevel === 0) {
@@ -318,22 +318,22 @@  discard block
 block discarded – undo
318 318
             if (empty($restrictedTo)) {
319 319
                 $restrictedTo = $_SESSION['user_id'];
320 320
             } else {
321
-                $restrictedTo .= ',' . $_SESSION['user_id'];
321
+                $restrictedTo .= ','.$_SESSION['user_id'];
322 322
             }
323 323
         }
324 324
 
325 325
         //col1
326
-        $sOutputItem .= '"<i class=\"fa fa-external-link-alt infotip mr-2\" title=\"' . langHdl('open_url_link') . '\" onClick=\"window.location.href=&#039;index.php?page=items&amp;group=' . $record['id_tree'] . '&amp;id=' . $record['id'] . '&#039;\" style=\"cursor:pointer;\"></i>' .
327
-            '<i class=\"fa fa-eye infotip mr-2 item-detail\" title=\"' . langHdl('see_item_title') . '\" data-id=\"' . $record['id'] . '\" data-perso=\"' . $record['perso'] . '\" data-tree-id=\"' . $record['id_tree'] . '\" data-expired=\"' . $expired . '\" data-restricted-to=\"' . $restrictedTo . '\" data-rights=\"' . $right . '\" style=\"cursor:pointer;\"></i>' . $checkbox . '", ';
326
+        $sOutputItem .= '"<i class=\"fa fa-external-link-alt infotip mr-2\" title=\"'.langHdl('open_url_link').'\" onClick=\"window.location.href=&#039;index.php?page=items&amp;group='.$record['id_tree'].'&amp;id='.$record['id'].'&#039;\" style=\"cursor:pointer;\"></i>'.
327
+            '<i class=\"fa fa-eye infotip mr-2 item-detail\" title=\"'.langHdl('see_item_title').'\" data-id=\"'.$record['id'].'\" data-perso=\"'.$record['perso'].'\" data-tree-id=\"'.$record['id_tree'].'\" data-expired=\"'.$expired.'\" data-restricted-to=\"'.$restrictedTo.'\" data-rights=\"'.$right.'\" style=\"cursor:pointer;\"></i>'.$checkbox.'", ';
328 328
         //col2
329
-        $sOutputItem .= '"<span id=\"item_label-' . $record['id'] . '\">' . stripslashes((string) $record['label']) . '</span>", ';
329
+        $sOutputItem .= '"<span id=\"item_label-'.$record['id'].'\">'.stripslashes((string) $record['label']).'</span>", ';
330 330
         //col3
331
-        $sOutputItem .= '"' . str_replace('&amp;', '&', htmlspecialchars(stripslashes((string) $record['login']), ENT_QUOTES)) . '", ';
331
+        $sOutputItem .= '"'.str_replace('&amp;', '&', htmlspecialchars(stripslashes((string) $record['login']), ENT_QUOTES)).'", ';
332 332
         //col4
333 333
         //get restriction from ROles
334 334
         $restrictedToRole = false;
335 335
         $rTmp = DB::queryFirstColumn(
336
-            'SELECT role_id FROM ' . prefixTable('restriction_to_roles') . ' WHERE item_id = %i',
336
+            'SELECT role_id FROM '.prefixTable('restriction_to_roles').' WHERE item_id = %i',
337 337
             $record['id']
338 338
         );
339 339
         // We considere here that if user has at least one group similar to the object ones
@@ -351,14 +351,14 @@  discard block
 block discarded – undo
351 351
         } else {
352 352
             $txt = str_replace(['\n', '<br />', '\\'], [' ', ' ', '', ' '], strip_tags($record['description']));
353 353
             if (strlen($txt) > 50) {
354
-                $sOutputItem .= '"' . substr(stripslashes(preg_replace('~/<[\/]{0,1}[^>]*>\//|[ \t]/~', '', $txt)), 0, 50) . '", ';
354
+                $sOutputItem .= '"'.substr(stripslashes(preg_replace('~/<[\/]{0,1}[^>]*>\//|[ \t]/~', '', $txt)), 0, 50).'", ';
355 355
             } else {
356
-                $sOutputItem .= '"' . stripslashes(preg_replace('~/<[^>]*>|[ \t]/~', '', $txt)) . '", ';
356
+                $sOutputItem .= '"'.stripslashes(preg_replace('~/<[^>]*>|[ \t]/~', '', $txt)).'", ';
357 357
             }
358 358
         }
359 359
 
360 360
         //col5 - TAGS
361
-        $sOutputItem .= '"' . htmlspecialchars(stripslashes((string) $record['tags']), ENT_QUOTES) . '", ';
361
+        $sOutputItem .= '"'.htmlspecialchars(stripslashes((string) $record['tags']), ENT_QUOTES).'", ';
362 362
         // col6 - URL
363 363
         if ($record['url'] !== '0') {
364 364
             $sOutputItem .= '"'.filter_var($record['url'], FILTER_SANITIZE_URL).'", ';
@@ -367,7 +367,7 @@  discard block
 block discarded – undo
367 367
         }
368 368
 
369 369
         //col7 - Prepare the Treegrid
370
-        $sOutputItem .= '"' . htmlspecialchars(stripslashes((string) $record['folder']), ENT_QUOTES) . '"';
370
+        $sOutputItem .= '"'.htmlspecialchars(stripslashes((string) $record['folder']), ENT_QUOTES).'"';
371 371
         //Finish the line
372 372
         $sOutputItem .= '], ';
373 373
         if ($getItemInList === true) {
@@ -376,16 +376,16 @@  discard block
 block discarded – undo
376 376
             --$iTotal;
377 377
         }
378 378
     }
379
-    if (! empty($sOutputConst)) {
379
+    if (!empty($sOutputConst)) {
380 380
         $sOutput .= substr_replace($sOutputConst, '', -2);
381 381
     }
382 382
     $sOutput .= '], ';
383
-    $sOutput .= '"recordsTotal": ' . $iTotal . ', ';
384
-    $sOutput .= '"recordsFiltered": ' . $iTotal . ' }';
383
+    $sOutput .= '"recordsTotal": '.$iTotal.', ';
384
+    $sOutput .= '"recordsFiltered": '.$iTotal.' }';
385 385
     echo $sOutput;
386 386
 } elseif (isset($_GET['type']) && ($_GET['type'] === 'search_for_items' || $_GET['type'] === 'search_for_items_with_tags')) {
387 387
     include_once 'main.functions.php';
388
-    include_once $SETTINGS['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
388
+    include_once $SETTINGS['cpassman_dir'].'/includes/language/'.$_SESSION['user_language'].'.php';
389 389
     
390 390
     $arr_data = [];
391 391
     foreach ($rows as $record) {
@@ -405,7 +405,7 @@  discard block
 block discarded – undo
405 405
 
406 406
         // Anyone can modify?
407 407
         $tmp = DB::queryfirstrow(
408
-            'SELECT anyone_can_modify FROM ' . prefixTable('items') . ' WHERE id = %i',
408
+            'SELECT anyone_can_modify FROM '.prefixTable('items').' WHERE id = %i',
409 409
             $record['id']
410 410
         );
411 411
         if (count($tmp) > 0) {
@@ -436,7 +436,7 @@  discard block
 block discarded – undo
436 436
         // => récupérer un tableau contenant les roles associés à cet ID (a partir table restriction_to_roles)
437 437
         $user_is_included_in_role = 0;
438 438
         $roles = DB::query(
439
-            'SELECT role_id FROM ' . prefixTable('restriction_to_roles') . ' WHERE item_id=%i',
439
+            'SELECT role_id FROM '.prefixTable('restriction_to_roles').' WHERE item_id=%i',
440 440
             $record['id']
441 441
         );
442 442
         if (count($roles) > 0) {
@@ -459,7 +459,7 @@  discard block
 block discarded – undo
459 459
             if (empty($restrictedTo)) {
460 460
                 $restrictedTo = $_SESSION['user_id'];
461 461
             } else {
462
-                $restrictedTo .= ',' . $_SESSION['user_id'];
462
+                $restrictedTo .= ','.$_SESSION['user_id'];
463 463
             }
464 464
         }
465 465
 
@@ -557,7 +557,7 @@  discard block
 block discarded – undo
557 557
             $arrTmp = [];
558 558
             foreach (explode(';', $_SESSION['fonction_id']) as $role) {
559 559
                 $access = DB::queryFirstRow(
560
-                    'SELECT type FROM ' . prefixTable('roles_values') . ' WHERE role_id = %i AND folder_id = %i',
560
+                    'SELECT type FROM '.prefixTable('roles_values').' WHERE role_id = %i AND folder_id = %i',
561 561
                     $role,
562 562
                     $record['id_tree']
563 563
                 );
@@ -606,8 +606,8 @@  discard block
 block discarded – undo
606 606
         ) {
607 607
             $data_item = DB::queryFirstRow(
608 608
                 'SELECT i.pw AS pw, s.share_key AS share_key
609
-                FROM ' . prefixTable('items') . ' AS i
610
-                INNER JOIN ' . prefixTable('sharekeys_items') . ' AS s ON (s.object_id = i.id)
609
+                FROM ' . prefixTable('items').' AS i
610
+                INNER JOIN ' . prefixTable('sharekeys_items').' AS s ON (s.object_id = i.id)
611 611
                 WHERE i.id = %i AND s.user_id = %i',
612 612
                 $record['id'],
613 613
                 $_SESSION['user_id']
@@ -653,5 +653,5 @@  discard block
 block discarded – undo
653 653
         'start' => (int) (isset($_GET['start']) === true && (int) $_GET['length'] !== -1) ? (int) $_GET['start'] + (int) $_GET['length'] : -1,
654 654
     ];
655 655
     echo prepareExchangedData(
656
-    $SETTINGS['cpassman_dir'],$returnValues, 'encode');
656
+    $SETTINGS['cpassman_dir'], $returnValues, 'encode');
657 657
 }
Please login to merge, or discard this patch.