From 91dafb19ec171e747d9976cf738606759bde3aae Mon Sep 17 00:00:00 2001 From: msquare Date: Thu, 29 Sep 2016 10:53:17 +0200 Subject: prohibit inline control structures on pages --- includes/pages/admin_groups.php | 45 ++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 19 deletions(-) (limited to 'includes/pages/admin_groups.php') diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index bf6d08d0..d26e6de7 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -1,4 +1,5 @@ $group['Name'], 'privileges' => join(', ', $privileges_html), 'actions' => button(page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], _("edit"), 'btn-xs') - ); + ]; } - return page_with_title(admin_groups_title(), array( - table(array( + return page_with_title(admin_groups_title(), [ + table([ 'name' => _("Name"), 'privileges' => _("Privileges"), 'actions' => '' - ), $groups_table) - )); + ], $groups_table) + ]); } else { switch ($_REQUEST["action"]) { case 'edit': - if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; - else + } else { return error("Incomplete call, missing Groups ID.", true); + } $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); if (count($room) > 0) { list($room) = $room; $privileges = sql_select("SELECT `Privileges`.*, `GroupPrivileges`.`group_id` FROM `Privileges` LEFT OUTER JOIN `GroupPrivileges` ON (`Privileges`.`id` = `GroupPrivileges`.`privilege_id` AND `GroupPrivileges`.`group_id`='" . sql_escape($id) . "') ORDER BY `Privileges`.`name`"); $privileges_html = ""; - $privileges_form = array(); + $privileges_form = []; foreach ($privileges as $priv) { $privileges_form[] = form_checkbox('privileges[]', $priv['desc'] . ' (' . $priv['name'] . ')', $priv['group_id'] != "", $priv['id']); $privileges_html .= sprintf('' . ' %s %s', $priv['id'], ($priv['group_id'] != "" ? 'checked="checked"' : ''), $priv['name'], $priv['desc']); } $privileges_form[] = form_submit('submit', _("Save")); - $html .= page_with_title(_("Edit group"), array( + $html .= page_with_title(_("Edit group"), [ form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $id) - )); - } else + ]); + } else { return error("No Group found.", true); + } break; case 'save': - if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) + if (isset($_REQUEST['id']) && preg_match("/^-[0-9]{1,11}$/", $_REQUEST['id'])) { $id = $_REQUEST['id']; - else + } else { return error("Incomplete call, missing Groups ID.", true); + } $room = sql_select("SELECT * FROM `Groups` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1"); - if (! is_array($_REQUEST['privileges'])) - $_REQUEST['privileges'] = array(); + if (! is_array($_REQUEST['privileges'])) { + $_REQUEST['privileges'] = []; + } if (count($room) > 0) { list($room) = $room; sql_query("DELETE FROM `GroupPrivileges` WHERE `group_id`='" . sql_escape($id) . "'"); - $privilege_names = array(); + $privilege_names = []; foreach ($_REQUEST['privileges'] as $priv) { if (preg_match("/^[0-9]{1,}$/", $priv)) { $group_privileges_source = sql_select("SELECT * FROM `Privileges` WHERE `id`='" . sql_escape($priv) . "' LIMIT 1"); @@ -80,8 +86,9 @@ function admin_groups() { } engelsystem_log("Group privileges of group " . $room['Name'] . " edited: " . join(", ", $privilege_names)); redirect(page_link_to("admin_groups")); - } else + } else { return error("No Group found.", true); + } break; } } -- cgit v1.2.3-70-g09d2