ACTIONS.php
変数名の大文字小文字の不一致
ADMIN.php
存在しないkey値の参照、変数の未定義
BLOG.php
変数の未定義
ITEMACTIONS.php
データ作成方法の不一致(StdClass/Array)による不正参照
MANAGER.php
参照渡しすべき引数の値渡し
PAGEFACTORY.php
存在しないkey値の参照、変数名の大文字小文字の不一致
PLUGIN.php
存在しないkey値の参照
PLUGINADMIN.php
global変数の定義漏れ
showlist.php
存在しないkey値の参照
media.php
変数の未定義
plugins/NP_SecurityEnforcer.php
存在しないkey値の参照
plugins/NP_SkinFiles.php
条件判定時の前提条件確認漏れ
plugins/securityenforcer/index.php
変数の未定義
plugins/NP_MediaFiles.php において、ディレクトリ作成処理時に警告が表示されるが
意図する動作が不明なため未対処。
13 files changed:
global $blog, $manager;
// when no blog found
global $blog, $manager;
// when no blog found
- if (($blogName == '') && (!is_object($blog)))
+ if (($blogname == '') && (!is_object($blog)))
return 0;
if ($blogname == '') {
return 0;
if ($blogname == '') {
if ($iForcedBlogInclude != -1)\r
$aBlogIds[] = intval($iForcedBlogInclude);\r
\r
if ($iForcedBlogInclude != -1)\r
$aBlogIds[] = intval($iForcedBlogInclude);\r
\r
- if (($member->isAdmin()) && ($CONF['ShowAllBlogs']))\r
+ if (($member->isAdmin()) && (array_key_exists('ShowAllBlogs', $CONF) && $CONF['ShowAllBlogs']))\r
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
else\r
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').' ORDER BY bname';\r
else\r
$queryBlogs = 'SELECT bnumber FROM '.sql_table('blog').', '.sql_table('team').' WHERE tblog=bnumber and tmember=' . $member->getID();\r
if ($mode == 'category') {\r
if (sql_num_rows($blogs) > 1)\r
$multipleBlogs = 1;\r
if ($mode == 'category') {\r
if (sql_num_rows($blogs) > 1)\r
$multipleBlogs = 1;\r
+ else\r
+ $multipleBlogs = 0;\r
\r
while ($oBlog = sql_fetch_object($blogs)) {\r
if ($multipleBlogs)\r
\r
while ($oBlog = sql_fetch_object($blogs)) {\r
if ($multipleBlogs)\r
$body = $body;
$more = $more;
$catid = intval($catid);
$body = $body;
$more = $more;
$catid = intval($catid);
// convert newlines to <br />
if ($this->convertBreaks()) {
// convert newlines to <br />
if ($this->convertBreaks()) {
function setCurrentItem(&$item) {
$this->currentItem =& $item;
global $currentitemid;
function setCurrentItem(&$item) {
$this->currentItem =& $item;
global $currentitemid;
- $currentitemid = $this->currentItem->itemid;
+ if (is_array($this->currentItem)) {
+ $currentitemid = $this->currentItem['itemid'];
+ } else {
+ $currentitemid = $this->currentItem->itemid;
+ }
}
function setBlog(&$blog) {\r
}
function setBlog(&$blog) {\r
* Can contain any type of data, depending on the event type. Usually this is
* an itemid, blogid, ... but it can also be an array containing multiple values
*/
* Can contain any type of data, depending on the event type. Usually this is
* an itemid, blogid, ... but it can also be an array containing multiple values
*/
- function notify($eventName, $data) {
+ function notify($eventName, &$data) {
// load subscription list if needed
if (!is_array($this->subscriptions))
$this->_loadSubscriptions();
// load subscription list if needed
if (!is_array($this->subscriptions))
$this->_loadSubscriptions();
\r
// create category dropdown box\r
function parse_categories($startidx = 0) {\r
\r
// create category dropdown box\r
function parse_categories($startidx = 0) {\r
- if ($this->variables['catid'])\r
+ if (array_key_exists('catid', $this->variables) && $this->variables['catid'])\r
$catid = $this->variables['catid']; // on edit item\r
else\r
$catid = $this->blog->getDefaultCategory(); // on add item\r
$catid = $this->variables['catid']; // on edit item\r
else\r
$catid = $this->blog->getDefaultCategory(); // on add item\r
$manager->notify('AddItemFormExtras', $param);\r
break;\r
case 'edit':\r
$manager->notify('AddItemFormExtras', $param);\r
break;\r
case 'edit':\r
'variables' => $this->variables,\r
'blog' => &$this->blog,\r
'itemid' => $this->variables['itemid']\r
'variables' => $this->variables,\r
'blog' => &$this->blog,\r
'itemid' => $this->variables['itemid']\r
*/
function _getOID($context, $name) {
$key = $context . '_' . $name;
*/
function _getOID($context, $name) {
$key = $context . '_' . $name;
- $info = $this->_aOptionToInfo[$key];
- if (is_array($info)) return $info['oid'];
+ if (array_key_exists($key, $this->_aOptionToInfo)) {
+ $info = $this->_aOptionToInfo[$key];
+ if (is_array($info)) return $info['oid'];
+ }
// load all OIDs for this plugin from the database
$this->_aOptionToInfo = array();
// load all OIDs for this plugin from the database
$this->_aOptionToInfo = array();
- return $this->_aOptionToInfo[$key]['oid'];
+ if (array_key_exists($key, $this->_aOptionToInfo)) {
+ return $this->_aOptionToInfo[$key]['oid'];
+ } else {
+ return null;
+ }
function _getDefVal($context, $name) {
$key = $context . '_' . $name;
$info = $this->_aOptionToInfo[$key];
function _getDefVal($context, $name) {
$key = $context . '_' . $name;
$info = $this->_aOptionToInfo[$key];
$meta = NucleusPlugin::getOptionMeta($o->oextra);
// if the option is readonly or hidden it may not be saved
$meta = NucleusPlugin::getOptionMeta($o->oextra);
// if the option is readonly or hidden it may not be saved
- if (($meta['access'] != 'readonly') && ($meta['access'] != 'hidden')) {
+ if (!array_key_exists('access', $meta) || (($meta['access'] != 'readonly') && ($meta['access'] != 'hidden'))) {
$value = undoMagic($value); // value comes from request
$value = undoMagic($value); // value comes from request
}
// check the validity of numerical options
}
// check the validity of numerical options
- if (($meta['datatype'] == 'numerical') && (!is_numeric($value))) {
+ if (array_key_exists('datatype', $meta) && ($meta['datatype'] == 'numerical') && (!is_numeric($value))) {
//the option must be numeric, but the it isn't
//use the default for this option
$value = $o->odef;
//the option must be numeric, but the it isn't
//use the default for this option
$value = $o->odef;
\r
function PluginAdmin($pluginName)\r
{\r
\r
function PluginAdmin($pluginName)\r
{\r
+ global $manager, $DIR_LIBS;\r
include_once($DIR_LIBS . 'ADMIN.php');
\r
$this->strFullName = 'NP_' . $pluginName;\r
include_once($DIR_LIBS . 'ADMIN.php');
\r
$this->strFullName = 'NP_' . $pluginName;\r
$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
// only if it is not a hidden option write the controls to the page
$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
// only if it is not a hidden option write the controls to the page
- if ($meta['access'] != 'hidden') {
+ if (!array_key_exists('access', $meta) || $meta['access'] != 'hidden') {
echo '<td>',htmlspecialchars($current['description']?$current['description']:$current['name']),'</td>';
echo '<td>';
switch($current['type']) {
echo '<td>',htmlspecialchars($current['description']?$current['description']:$current['name']),'</td>';
echo '<td>';
switch($current['type']) {
//$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
echo '<input type="text" size="40" maxlength="128" name="',htmlspecialchars($varname),'" value="',htmlspecialchars($current['value']),'"';
//$meta = NucleusPlugin::getOptionMeta($current['typeinfo']);
echo '<input type="text" size="40" maxlength="128" name="',htmlspecialchars($varname),'" value="',htmlspecialchars($current['value']),'"';
- if ($meta['datatype'] == 'numerical') {
+ if (array_key_exists('datatype', $meta) && $meta['datatype'] == 'numerical') {
echo ' onkeyup="checkNumeric(this)" onblur="checkNumeric(this)"';
}
echo ' onkeyup="checkNumeric(this)" onblur="checkNumeric(this)"';
}
- if ($meta['access'] == 'readonly') {
+ if (array_key_exists('access', $meta) && $meta['access'] == 'readonly') {
echo ' readonly="readonly"';
}
echo ' />';
}
echo ' readonly="readonly"';
}
echo ' />';
}
- echo $current['extra'];
+ if (array_key_exists('extra', $current)) {
+ echo $current['extra'];
+ }
+
+ $idxStart = 0;
+ $idxEnd = 0;
+
if (sizeof($arr)>0) {
if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))
if (sizeof($arr)>0) {
if (($offset + $CONF['MediaPerPage']) >= sizeof($arr))
$query = "CREATE TABLE IF NOT EXISTS ". sql_table('plug_securityenforcer').
" (
`login` varchar(255),
$query = "CREATE TABLE IF NOT EXISTS ". sql_table('plug_securityenforcer').
" (
`login` varchar(255),
- `fails` int(11) NOT NULL default '0',
+ `fails` int(11) NOT NULL default '0',
`lastfail` bigint NOT NULL default '0',
KEY `login` (`login`)) ENGINE=MyISAM";
sql_query($query);
`lastfail` bigint NOT NULL default '0',
KEY `login` (`login`)) ENGINE=MyISAM";
sql_query($query);
}
public function event_PrePluginOptionsEdit($data) {
}
public function event_PrePluginOptionsEdit($data) {
- if ($data['plugid'] === $this->getID()) {
+ if (array_key_exists('plugid', $data) && $data['plugid'] === $this->getID()) {
foreach($data['options'] as $key => $value){
if (defined($value['description'])) {
$data['options'][$key]['description'] = constant($value['description']);
foreach($data['options'] as $key => $value){
if (defined($value['description'])) {
$data['options'][$key]['description'] = constant($value['description']);
}
public function event_PrePluginOptionsEdit($data) {
}
public function event_PrePluginOptionsEdit($data) {
- if ($data['plugid'] !== $this->getID()) {
+ if ($data['context'] !== 'global' || $data['plugid'] !== $this->getID()) {
return;
}
foreach($data['options'] as $key => $value){
return;
}
foreach($data['options'] as $key => $value){
$oPluginAdmin->start('');\r
\r
// if form to unlock is posted\r
$oPluginAdmin->start('');\r
\r
// if form to unlock is posted\r
if(postVar('action') == 'unlock') {\r
if (!$manager->checkTicket()) \r
doError('Invalid Ticket');\r
if(postVar('action') == 'unlock') {\r
if (!$manager->checkTicket()) \r
doError('Invalid Ticket');\r