From cd89614a754c21ffd3269c836bc9fb899cdbd00d Mon Sep 17 00:00:00 2001
From: Carsten Rose <carsten.rose@math.uzh.ch>
Date: Fri, 13 May 2016 14:14:49 +0200
Subject: [PATCH] Report.php: changed various comparison from '==' to '==='.
Use of Support::doAttribute() instead of manual concatenating. Use of empty()
instead of ==''.
---
extension/qfq/qfq/report/Report.php | 34 +++++++++++++++++++----------
1 file changed, 23 insertions(+), 11 deletions(-)
diff --git a/extension/qfq/qfq/report/Report.php b/extension/qfq/qfq/report/Report.php
index b65aa7fe1..86261f6de 100644
--- a/extension/qfq/qfq/report/Report.php
+++ b/extension/qfq/qfq/report/Report.php
@@ -175,7 +175,7 @@ class Report {
$key = strtolower(trim($arr[0]));
// comment ?
- if (substr($key, 0, 1) == "#") return;
+ if (substr($key, 0, 1) === "#") return;
// select ...
$value = trim($arr[1]);
@@ -212,7 +212,7 @@ class Report {
// per sql command
//pro sql cmd wir der Indexarray abgefüllt. Dieser wird später verwendet um auf den $frArray zuzugreifen
//if(preg_match("/^sql/i", $frCmd) == 1){
- if ($frCmd == "sql" || $frCmd == "form") {
+ if ($frCmd === "sql" || $frCmd === "form") {
// Remember max level
$this->levelCount = max(substr_count($level, '.') + 1, $this->levelCount);
// $indexArray[10][50][5]
@@ -288,7 +288,9 @@ class Report {
for ($i = 0; $i < $this->levelCount; $i++) {
$sortArg = $sortArg . $i . " ASC, ";
}
+
$sortArg = substr($sortArg, 0, strlen($sortArg) - 2);
+
return $sortArg;
}
@@ -526,17 +528,18 @@ class Report {
$flagControl = false;
$flagOutput = true;
- if (substr($columnName, 0, 1) == "_") {
+ if ($columnName[0] === "_") {
$flagControl = true;
$columnName = substr($columnName, 1);
}
+
//TODO: reserved names,not starting with '_' will be still accepted - stop this!
switch ($columnName) {
case "link":
$link = new Link($this->fr_error, $this->sip);
$content .= $link->renderLink($columnValue);
-# unset $link;
break;
+
case "exec":
$content .= $this->myExec($columnValue);
break;
@@ -550,7 +553,6 @@ class Report {
case "Pagen":
case "Pages":
$linkValue = $this->doFixColPosPage($columnName, $columnValue);
-
$link = new Link($this->fr_error, $this->sip);
$content .= $link->renderLink($linkValue);
break;
@@ -563,10 +565,7 @@ class Report {
case "pagei":
case "pagen":
case "pages":
-#debug($columnValue);
$linkValue = $this->doPage($columnName, $columnValue);
-// debug($linkValue);
-
$link = new Link($this->fr_error, $this->sip);
$content .= $link->renderLink($linkValue);
break;
@@ -597,14 +596,24 @@ class Report {
break;
$tmp = explode("|", $columnValue, 3);
- if ($tmp[0] == "") break;
- $content .= '<img src="' . $tmp[0] . '" alt="' . $tmp[1] . '">' . $tmp[2];
+
+ // Fake values for tmp[1], tmp[2] to suppress access errors.
+ $tmp[] = '';
+ $tmp[] = '';
+
+ if (empty($tmp[0]))
+ break;
+ $attribute = Support::doAttribute('src', $tmp[0]);
+ $attribute .= Support::doAttribute('alt', $tmp[1]);
+
+ $content .= '<img ' . $attribute . '>' . $tmp[2];
break;
case "mailto":
// "<email address>|[Real Name]" renders to (encrypted via JS): <a href="mailto://<email address>"><email address></a> OR <a href="mailto://<email address>">[Real Name]</a>
$tmp = explode("|", $columnValue, 2);
- if ($tmp[0] == "") break;
+ if (empty($tmp[0]))
+ break;
$t1 = explode("@", $tmp[0], 2);
$content .= "<script language=javascript><!--" . chr(10);
@@ -623,6 +632,9 @@ class Report {
case "sendmail":
// 'Absender|Empfaenger, mehrere mit Komma getrennt|Betreff|Mailinhalt'
$tmp = explode("|", $columnValue, 4);
+ if (count($tmp) < 4) {
+ throw new SyntaxReportException ("Too few parameter for sendmail: $columnValue", "", null, __FILE__, __LINE__, $this->fr_error);
+ }
$mail['receiver'] = $tmp[0];
$mail['sender'] = $tmp[1];
--
GitLab