From 4c288e957ec4340af93f980c65eecea6d3a789f4 Mon Sep 17 00:00:00 2001 From: msquare Date: Thu, 29 Sep 2016 11:28:42 +0200 Subject: prohibit inline control structures on includes and index --- includes/engelsystem_provider.php | 3 +- includes/mysqli_provider.php | 43 ++++++++++++++---------- includes/sys_auth.php | 48 +++++++++++++++++---------- includes/sys_menu.php | 69 +++++++++++++++++++++++++-------------- includes/sys_page.php | 9 +++-- includes/sys_template.php | 66 +++++++++++++++++++------------------ 6 files changed, 143 insertions(+), 95 deletions(-) (limited to 'includes') diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index d0f1cbff..84a73275 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -54,8 +54,9 @@ require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php'); require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php'); require_once realpath(__DIR__ . '/../config/config.default.php'); -if (file_exists(realpath(__DIR__ . '/../config/config.php'))) +if (file_exists(realpath(__DIR__ . '/../config/config.php'))) { require_once realpath(__DIR__ . '/../config/config.php'); +} if ($maintenance_mode) { echo file_get_contents(__DIR__ . '/../public/maintenance.html'); diff --git a/includes/mysqli_provider.php b/includes/mysqli_provider.php index 7197b95a..0315c0f1 100644 --- a/includes/mysqli_provider.php +++ b/includes/mysqli_provider.php @@ -22,10 +22,11 @@ function sql_null($value = null) { function sql_transaction_start() { global $sql_nested_transaction_level; - if ($sql_nested_transaction_level ++ == 0) + if ($sql_nested_transaction_level ++ == 0) { return sql_query("BEGIN"); - else - return true; + } + + return true; } /** @@ -34,10 +35,11 @@ function sql_transaction_start() { function sql_transaction_commit() { global $sql_nested_transaction_level; - if (-- $sql_nested_transaction_level == 0) + if (-- $sql_nested_transaction_level == 0) { return sql_query("COMMIT"); - else - return true; + } + + return true; } /** @@ -46,10 +48,11 @@ function sql_transaction_commit() { function sql_transaction_rollback() { global $sql_nested_transaction_level; - if (-- $sql_nested_transaction_level == 0) + if (-- $sql_nested_transaction_level == 0) { return sql_query("ROLLBACK"); - else + } else { return true; + } } /** @@ -92,12 +95,14 @@ function sql_connect($host, $user, $pass, $db) { } $result = $sql_connection->query("SET CHARACTER SET utf8;"); - if (! $result) + if (! $result) { return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error); + } $result = $sql_connection->set_charset('utf8'); - if (! $result) + if (! $result) { return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error); + } return $sql_connection; } @@ -111,8 +116,9 @@ function sql_connect($host, $user, $pass, $db) { */ function sql_select_db($db_name) { global $sql_connection; - if (! $sql_connection->select_db($db_name)) + if (! $sql_connection->select_db($db_name)) { return sql_error("No database selected."); + } return true; } @@ -127,12 +133,14 @@ function sql_select($query) { $result = $sql_connection->query($query); if ($result) { - $data = array(); - while ($line = $result->fetch_assoc()) + $data = []; + while ($line = $result->fetch_assoc()) { array_push($data, $line); + } return $data; - } else - return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error); + } + + return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error); } /** @@ -147,8 +155,9 @@ function sql_query($query) { $result = $sql_connection->query($query); if ($result) { return $result; - } else - return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error); + } + + return sql_error("MySQL-query error: " . $query . " (" . $sql_connection->errno . ") " . $sql_connection->error); } /** diff --git a/includes/sys_auth.php b/includes/sys_auth.php index d4f35fa6..39f4d4b0 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -1,49 +1,59 @@ 0) { // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten - list ($user) = $user; + list($user) = $user; sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"); - } else + } else { unset($_SESSION['uid']); + } } - + $privileges = isset($user) ? privileges_for_user($user['UID']) : privileges_for_group(- 1); } -// generate a salt (random string) of arbitrary length suitable for the use with crypt() +/** + * generate a salt (random string) of arbitrary length suitable for the use with crypt() + */ function generate_salt($length = 16) { $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; $salt = ""; - for($i = 0; $i < $length; $i ++) { + for ($i = 0; $i < $length; $i ++) { $salt .= $alphabet[rand(0, strlen($alphabet) - 1)]; } return $salt; } -// set the password of a user +/** + * set the password of a user + */ function set_password($uid, $password) { return sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); } -// verify a password given a precomputed salt. -// if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically +/** + * verify a password given a precomputed salt. + * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically + */ function verify_password($password, $salt, $uid = false) { $correct = false; - if (substr($salt, 0, 1) == '$') // new-style crypt() + if (substr($salt, 0, 1) == '$') { // new-style crypt() $correct = crypt($password, $salt) == $salt; - elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore + } elseif (substr($salt, 0, 7) == '{crypt}') { // old-style crypt() with DES and static salt - not used anymore $correct = crypt($password, '77') == $salt; - elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore + } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore $correct = md5($password) == $salt; - + } + if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { // this password is stored in another format than we want it to be. // let's update it! @@ -54,18 +64,20 @@ function verify_password($password, $salt, $uid = false) { } function privileges_for_user($user_id) { - $privileges = array (); + $privileges = []; $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'"); - foreach ($user_privs as $user_priv) + foreach ($user_privs as $user_priv) { $privileges[] = $user_priv['name']; + } return $privileges; } function privileges_for_group($group_id) { - $privileges = array (); + $privileges = []; $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'"); - foreach ($groups_privs as $guest_priv) + foreach ($groups_privs as $guest_priv) { $privileges[] = $guest_priv['name']; + } return $privileges; } ?> diff --git a/includes/sys_menu.php b/includes/sys_menu.php index c6e916b4..6896194a 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -1,8 +1,9 @@ 0) + if (count($hints) > 0) { $toolbar_items[] = toolbar_popover($glyphicon . ' text-' . $hint_class, '', $hints, 'bg-' . $hint_class); + } $user_submenu = make_langselect(); $user_submenu[] = toolbar_item_divider(); - if (in_array('user_myshifts', $privileges)) + if (in_array('user_myshifts', $privileges)) { $toolbar_items[] = toolbar_item_link(page_link_to('users') . '&action=view', ' icon-icon_angel', $user['Nick'], $p == 'users'); + } - if (in_array('user_settings', $privileges)) + if (in_array('user_settings', $privileges)) { $user_submenu[] = toolbar_item_link(page_link_to('user_settings'), 'list-alt', settings_title(), $p == 'user_settings'); + } - if (in_array('logout', $privileges)) + if (in_array('logout', $privileges)) { $user_submenu[] = toolbar_item_link(page_link_to('logout'), 'log-out', logout_title(), $p == 'logout'); + } - if (count($user_submenu) > 0) + if (count($user_submenu) > 0) { $toolbar_items[] = toolbar_dropdown('', '', $user_submenu); + } return toolbar($toolbar_items, true); } @@ -100,21 +114,23 @@ function header_toolbar() { function make_navigation() { global $p, $privileges; - $menu = array(); - $pages = array( + $menu = []; + $pages = [ "news" => news_title(), "user_meetings" => meetings_title(), "user_shifts" => shifts_title(), "angeltypes" => angeltypes_title(), "user_questions" => questions_title() - ); + ]; - foreach ($pages as $page => $title) - if (in_array($page, $privileges)) + foreach ($pages as $page => $title) { + if (in_array($page, $privileges)) { $menu[] = toolbar_item_link(page_link_to($page), '', $title, $page == $p); + } + } - $admin_menu = array(); - $admin_pages = array( + $admin_menu = []; + $admin_pages = [ "admin_arrive" => admin_arrive_title(), "admin_active" => admin_active_title(), "admin_user" => admin_user_title(), @@ -127,14 +143,17 @@ function make_navigation() { "admin_import" => admin_import_title(), "admin_log" => admin_log_title(), "admin_event_config" => event_config_title() - ); + ]; - foreach ($admin_pages as $page => $title) - if (in_array($page, $privileges)) + foreach ($admin_pages as $page => $title) { + if (in_array($page, $privileges)) { $admin_menu[] = toolbar_item_link(page_link_to($page), '', $title, $page == $p); + } + } - if (count($admin_menu) > 0) + if (count($admin_menu) > 0) { $menu[] = toolbar_dropdown('', _("Admin"), $admin_menu); + } return toolbar($menu); } diff --git a/includes/sys_page.php b/includes/sys_page.php index cbc18db8..6b71eb15 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -31,8 +31,9 @@ function raw_output($output) { * @return ValidationResult containing the parsed date */ function check_request_date($name, $error_message = null, $null_allowed = false) { - if (! isset($_REQUEST[$name])) + if (! isset($_REQUEST[$name])) { return new ValidationResult($null_allowed, null); + } return check_date($_REQUEST[$name], $error_message, $null_allowed); } @@ -49,10 +50,12 @@ function check_request_date($name, $error_message = null, $null_allowed = false) * @return ValidationResult containing the parsed date */ function check_date($input, $error_message = null, $null_allowed = false) { - if (DateTime::createFromFormat("Y-m-d", trim($input))) + if (DateTime::createFromFormat("Y-m-d", trim($input))) { return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input))->getTimestamp()); - if ($null_allowed) + } + if ($null_allowed) { return new ValidationResult(true, null); + } error($error_message); return new ValidationResult(false, null); diff --git a/includes/sys_template.php b/includes/sys_template.php index 112bb483..23f4b77b 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -179,19 +179,10 @@ function form_date($name, $label, $value, $start_date = '') { */ function form_checkboxes($name, $label, $items, $selected) { $html = form_element($label, ''); - foreach ($items as $key => $item) - $html .= form_checkbox($name . '_' . $key, $item, array_search($key, $selected) !== false); - - return $html; - - $html = ""; - return form_element($label, $html); + return $html; } /** @@ -210,16 +201,18 @@ function form_checkboxes($name, $label, $items, $selected) { */ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = array()) { $html = ""; - foreach ($names as $title) + foreach ($names as $title) { $html .= ""; + } $html .= ""; foreach ($items as $key => $item) { $html .= ""; foreach ($names as $name => $title) { $id = $name . '_' . $key; $sel = array_search($key, $selected[$name]) !== false ? ' checked="checked"' : ""; - if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) + if (! empty($disabled) && ! empty($disabled[$name]) && array_search($key, $disabled[$name]) !== false) { $sel .= ' disabled="disabled"'; + } $html .= ''; } $html .= ''; @@ -246,10 +239,12 @@ function form_radio($name, $label, $selected, $value) { * Rendert einen Infotext in das Formular */ function form_info($label, $text = "") { - if ($label == "") + if ($label == "") { return '' . glyph('info-sign') . $text . ''; - if ($text == "") + } + if ($text == "") { return '

' . $label . '

'; + } return form_element($label, '

' . $text . '

', ''); } @@ -312,9 +307,9 @@ function form_select($name, $label, $values, $selected) { function form_element($label, $input, $for = "") { if ($label == '') { return '
' . $input . '
'; - } else { - return '
' . '' . $input . '
'; } + + return '
' . '' . $input . '
'; } /** @@ -346,34 +341,40 @@ function page_with_title($title, $elements) { function table($columns, $rows_raw, $data = true) { // If only one column is given if (! is_array($columns)) { - $columns = array( + $columns = [ 'col' => $columns - ); + ]; - $rows = array(); + $rows = []; foreach ($rows_raw as $row) - $rows[] = array( + $rows[] = [ 'col' => $row - ); - } else + ]; + } else { $rows = $rows_raw; + } - if (count($rows) == 0) + if (count($rows) == 0) { return info(_("No data found."), true); + } + $html = ""; $html .= '
$title
'; $html .= ''; - foreach ($columns as $key => $column) + foreach ($columns as $key => $column) { $html .= ''; + } $html .= ''; $html .= ''; foreach ($rows as $row) { $html .= ''; - foreach ($columns as $key => $column) - if (isset($row[$key])) + foreach ($columns as $key => $column) { + if (isset($row[$key])) { $html .= ''; - else + } else { $html .= ''; + } + } $html .= ''; } $html .= ''; @@ -410,10 +411,11 @@ function table_buttons($buttons = array()) { function template_render($file, $data) { if (file_exists($file)) { $template = file_get_contents($file); - if (is_array($data)) + if (is_array($data)) { foreach ($data as $name => $content) { $template = str_replace("%" . $name . "%", $content, $template); } + } return $template; } engelsystem_error("Cannot find template file «" . $file . "»."); @@ -430,8 +432,9 @@ function table_body($array) { foreach ($array as $line) { $html .= ""; if (is_array($line)) { - foreach ($line as $td) + foreach ($line as $td) { $html .= ""; + } } else { $html .= ""; } @@ -442,8 +445,9 @@ function table_body($array) { function html_options($name, $options, $selected = "") { $html = ""; - foreach ($options as $value => $label) + foreach ($options as $value => $label) { $html .= ' ' . $label; + } return $html; } -- cgit v1.2.3-54-g00ecf
' . $column . '
' . $row[$key] . ' 
" . $td . "" . $line . "