XOOPS · mambax7 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024
diff --git a/htdocs/class/template.php b/htdocs/class/template.php
@@ -55,6 +55,8 @@ public function __construct()
         $this->registerPlugin('modifier', 'count', 'count');
         // Register the strstr function
         $this->registerPlugin('modifier', 'strstr', 'strstr');
+        // Register the trim function
+        $this->registerPlugin('modifier', 'trim', 'trim');
 
         if ($xoopsConfig['debug_mode']) {
             $this->debugging_ctrl = 'URL';

diff --git a/htdocs/class/theme.php b/htdocs/class/theme.php
@@ -455,9 +455,9 @@ public function checkCache()
             $this->template->caching        = 2;
             $this->template->cache_lifetime = $this->contentCacheLifetime;
             $uri                            = str_replace(XOOPS_URL, '', $_SERVER['REQUEST_URI']);
-            // Clean uri by removing session id
-            if (defined('SID') && SID && strpos($uri, SID)) {
-                $uri = preg_replace("/([\?&])(" . SID . "$|" . SID . '&)/', "\\1", $uri);
+
+            if (session_id() && strpos($uri, session_id())) {
+                $uri = preg_replace("/([\?&])(" . session_id() . "$|" . session_id() . '&)/', "\\1", $uri);
             }
             $this->contentCacheId = $this->generateCacheId('page_' . substr(md5($uri), 0, 8));
             if ($this->template->isCached($template, $this->contentCacheId)) {

diff --git a/htdocs/include/checklogin.php b/htdocs/include/checklogin.php
@@ -36,8 +36,9 @@
 include_once $GLOBALS['xoops']->path('class/auth/authfactory.php');
 
 xoops_loadLanguage('auth');
-
-$xoopsAuth = XoopsAuthFactory::getAuthConnection($myts->addSlashes($uname));
+/** @var XoopsMySQLDatabase $xoopsDB */
+$xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
+$xoopsAuth = XoopsAuthFactory::getAuthConnection($xoopsDB->escape($uname));
 $user      = $xoopsAuth->authenticate($uname, $pass);
 
 if (false !== $user) {

diff --git a/htdocs/modules/profile/templates/profile_userinfo.tpl b/htdocs/modules/profile/templates/profile_userinfo.tpl
@@ -39,7 +39,7 @@
             <input type="button" value="<{$lang_logout}>" onclick="location='<{$xoops_url}>/modules/<{$xoops_dirname}>/user.php?op=logout'"/>
         </form>
     </div>
-<{elseif $xoops_isadmin != false}>
+<{elseif isset($xoops_isadmin) && $xoops_isadmin != false}>
     <div class="floatleft pad5">
         <form method="post" action="<{$xoops_url}>/modules/<{$xoops_dirname}>/admin/deactivate.php">
             <input type="button" value="<{$lang_editprofile}>"

diff --git a/htdocs/modules/system/admin/modulesadmin/modulesadmin.php b/htdocs/modules/system/admin/modulesadmin/modulesadmin.php
@@ -265,7 +265,7 @@ function xoops_module_install($dirname)
                                 $tplfile->setVar('tpl_file', $block['template']);
                                 $tplfile->setVar('tpl_module', $dirname);
                                 $tplfile->setVar('tpl_type', 'block');
-                                $tplfile->setVar('tpl_desc', $block['description'], true);
+                                $tplfile->setVar('tpl_desc', $block['description']??'', true);
                                 $tplfile->setVar('tpl_lastimported', 0);
                                 $tplfile->setVar('tpl_lastmodified', time());
                                 if (!$tplfile_handler->insert($tplfile)) {

diff --git a/htdocs/modules/system/blocks/system_blocks.php b/htdocs/modules/system/blocks/system_blocks.php
@@ -313,7 +313,9 @@ function b_system_waiting_show()
             $block['modules'][10]['lang_linkname'] = _MB_SYSTEM_SMARTSECTION;
         }
     }
+    if (count($block) > 0) {
         $GLOBALS['xoopsLogger']->addDeprecated("Block 'Waiting Contents' is deprecated since XOOPS 2.5.11, please use Waiting module");
+    }
     return $block;
 }
 

diff --git a/htdocs/themes/xbootstrap/modules/newbb/newbb_viewtopic.tpl b/htdocs/themes/xbootstrap/modules/newbb/newbb_viewtopic.tpl
@@ -87,7 +87,7 @@
         <div class="col-sm-6 col-md-6">
             <a href="<{$xoops_url}>/modules/<{$xoops_dirname}>/reply.php?topic_id=<{$topic_id}>" title="<{$smarty.const.THEME_FORUM_REPLY}>" class="btn btn-primary"><{$smarty.const.THEME_FORUM_REPLY}></a>
 
-            <{if if isset($viewer_level) && $viewer_level > 1}>
+            <{if isset($viewer_level) && $viewer_level > 1}>
                 <a href="<{$xoops_url}>/modules/<{$xoops_dirname}>/newtopic.php?forum=<{$forum_id}>" title="<{$smarty.const.THEME_FORUM_NEWTOPIC}>" class="btn btn-primary"><{$smarty.const.THEME_FORUM_NEWTOPIC}></a>
             <{else}>
                 <a href="<{$xoops_url}>/user.php" title="<{$smarty.const.THEME_FORUM_REGISTER}>" class="btn btn-success"><{$smarty.const.THEME_FORUM_REGISTER}></a>

diff --git a/htdocs/themes/xswatch4/modules/newbb/blocks/newbb_block_author.tpl b/htdocs/themes/xswatch4/modules/newbb/blocks/newbb_block_author.tpl
@@ -1,6 +1,6 @@
 <table class="table table-hover" cellspacing="1">
 
-    <{if isset($block.disp_mode) &&  $block.disp_mod == 0}>
+    <{if isset($block.disp_mode) &&  $block.disp_mode == 0}>
         <tr>
             <th><{$smarty.const._MB_NEWBB_AUTHOR}></th>
             <th><{$smarty.const._MB_NEWBB_COUNT}></th>

diff --git a/htdocs/xoops_lib/modules/protector/admin/admin_header.php b/htdocs/xoops_lib/modules/protector/admin/admin_header.php
@@ -57,20 +57,21 @@
 $xoopsTpl->assign('pathIcon16', $pathIcon16);
 
 // Load language files
-// Attempt to include the language-specific admin file, fallback to English if not found
-$languageFile = XOOPS_TRUST_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/' . $xoopsConfig['language'] . '/admin.php';
-if (!file_exists($languageFile) || !include_once $languageFile) {
-    include_once XOOPS_TRUST_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/english/admin.php';
-}
 
-// Attempt to include the language-specific modinfo file, fallback to English if not found
-$languageFile = XOOPS_TRUST_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/' . $xoopsConfig['language'] . '/modinfo.php';
-if (!file_exists($languageFile) || !include_once $languageFile) {
-    include_once XOOPS_TRUST_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/english/modinfo.php';
-}
+$moduleDir = $xoopsModule->getVar('dirname');
+$language = $xoopsConfig['language'];
+
+// List of language files to include
+$languageFiles = ['admin.php', 'modinfo.php', 'main.php'];
 
-// Attempt to include the language-specific main file, fallback to English if not found
-$languageFile = XOOPS_TRUST_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/' . $xoopsConfig['language'] . '/main.php';
-if (!file_exists($languageFile) || !include_once $languageFile) {
-    include_once XOOPS_TRUST_PATH . '/modules/' . $xoopsModule->getVar('dirname') . '/language/english/main.php';
+foreach ($languageFiles as $file) {
+    $languageFile = XOOPS_TRUST_PATH . "/modules/{$moduleDir}/language/{$language}/{$file}";
+    $englishFile = XOOPS_TRUST_PATH . "/modules/{$moduleDir}/language/english/{$file}";
+
+    // Attempt to include the language-specific file, fallback to English if not found
+    if (file_exists($languageFile)) {
+        include_once $languageFile;
+    } else {
+        include_once $englishFile;
+    }
 }
diff --git a/htdocs/xoops_lib/modules/protector/admin/advisory.php b/htdocs/xoops_lib/modules/protector/admin/advisory.php
@@ -109,10 +109,10 @@
 $db = XoopsDatabaseFactory::getDatabaseConnection();
 // Check if XOOPS_VERSION is defined and has a valid value
 $xoopsVersion = defined('XOOPS_VERSION') ? XOOPS_VERSION : '';
-$versionSubstring = substr($xoopsVersion, 6, 3);
-
+$versionSubstring = is_string($xoopsVersion) ? substr($xoopsVersion, 6, 3) : '';
+$dbClass = strtolower(get_class($db));
 // Check if the version is valid and the database class is not 'protectormysqldatabase'
-if ($versionSubstring !== false && $versionSubstring < 2.4 && strtolower(get_class($db)) !== 'protectormysqldatabase') {
+if ($versionSubstring && version_compare($versionSubstring, '2.4', '<') && $dbClass !== 'protectormysqldatabase') {
     echo "<span style='color:red;font-weight:bold;'>" . _AM_ADV_DBFACTORYUNPATCHED . "</span></dt>\n";
 } else {
     echo _AM_ADV_DBFACTORYPATCHED . "<span style='color:green;font-weight:bold;'> OK</span></dt>\n";

diff --git a/htdocs/xoops_lib/modules/protector/admin/center.php b/htdocs/xoops_lib/modules/protector/admin/center.php
@@ -9,6 +9,11 @@
 require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
 require_once dirname(__DIR__) . '/class/gtickets.php';
 
+// Define custom exception classes
+class FileOpenException extends RuntimeException {}
+class FileLockException extends RuntimeException {}
+class FileWriteException extends RuntimeException {}
+
 //dirty trick to get navigation working with system menus
 if (isset($_GET['num'])) {
     $_SERVER['REQUEST_URI'] = 'admin/center.php?page=center';
@@ -47,49 +52,53 @@
         $lines   = empty($_POST['bad_ips']) ? [] : explode("\n", trim($_POST['bad_ips']));
         $bad_ips = [];
         foreach ($lines as $line) {
-            $parts = array_map('trim', explode('|', $line, 2));
-
-            if (count($parts) === 2) {
-                [$bad_ip, $jailed_time] = $parts;
-            } else {
-                $bad_ip = $parts[0];
-                $jailed_time = '';
-            }
-            $bad_ips[$bad_ip] = empty($jailed_time) ? 0x7fffffff : (int) $jailed_time;
+            [$bad_ip, $jailed_time] = explode('|', $line, 2) + [1 => '']; // Ensure 2 elements
+            $bad_ips[trim($bad_ip)] = empty($jailed_time) ? 0x7fffffff : (int) $jailed_time;
         }
         if (!$protector->write_file_badips($bad_ips)) {
             $error_msg .= _AM_MSG_BADIPSCANTOPEN;
+            error_log("[File Write Error] Failed to write bad IPs to file.");
         }
 
         $group1_ips = empty($_POST['group1_ips']) ? [] : explode("\n", trim($_POST['group1_ips']));
-        foreach (array_keys($group1_ips) as $i) {
-            $group1_ips[$i] = trim($group1_ips[$i]);
-        }
+        $group1_ips = array_map('trim', $group1_ips); // Use array_map for trimming
+
         $filePath = $protector->get_filepath4group1ips();
+        try {
         $fp = fopen($filePath, 'w');
 
         if ($fp === false) {
-            $error_msg .= _AM_MSG_GROUP1IPSCANTOPEN;
-            error_log("Failed to open file for writing: $filePath");
-        } else {
-            if (flock($fp, LOCK_EX)) {
+                throw new FileOpenException("Failed to open file for writing: $filePath (mode: 'w')");
+        }
+
+            if (!flock($fp, LOCK_EX)) {
+                throw new FileLockException("Failed to acquire lock on file: $filePath");
+            }
+
                 $data = serialize(array_unique($group1_ips)) . "\n";
                 $bytesWritten = fwrite($fp, $data);
 
                 if ($bytesWritten === false || $bytesWritten != strlen($data)) {
-                    $error_msg .= "Failed to write data to file: $filePath";
-                    error_log("Failed to write data to file: $filePath");
+                throw new FileWriteException(
+                    "Failed to write data to file: $filePath " .
+                    "(bytes written: $bytesWritten, expected: " . strlen($data) . ")"
+                );
                 }
-
+        } catch (FileOpenException $e) {
+            $error_msg .= _AM_MSG_GROUP1IPSCANTOPEN;
+            error_log("[File Open Error] " . $e->getMessage());
+        } catch (FileLockException $e) {
+            $error_msg .= "Failed to acquire lock on file.";
+            error_log("[File Lock Error] " . $e->getMessage());
+        } catch (FileWriteException $e) {
+            $error_msg .= "Failed to write data to file.";
+            error_log("[File Write Error] " . $e->getMessage());
+        } finally {
+            if (isset($fp) && is_resource($fp)) {
                 flock($fp, LOCK_UN);
-            } else {
-                $error_msg .= "Failed to acquire lock on file: $filePath";
-                error_log("Failed to acquire lock on file: $filePath");
-            }
-
             fclose($fp);
         }
-
+        }
 
         $redirect_msg = $error_msg ?: _AM_MSG_IPFILESUPDATED;
         redirect_header('center.php?page=center', 2, $redirect_msg);

diff --git a/htdocs/xoops_lib/modules/protector/filters_disabled/postcommon_post_htmlpurify4everyone.php b/htdocs/xoops_lib/modules/protector/filters_disabled/postcommon_post_htmlpurify4everyone.php
@@ -10,32 +10,18 @@ class Protector_postcommon_post_htmlpurify4everyone extends ProtectorFilterAbstr
 
     public function execute()
     {
-        // HTMLPurifier runs with PHP5 only
-        if (version_compare(PHP_VERSION, '5.0.0') < 0) {
-            die('Turn postcommon_post_htmlpurify4everyone.php off because this filter cannot run with PHP4');
-        }
-        /*
-                if ( file_exists( XOOPS_ROOT_PATH.'/class/icms.htmlpurifier.php' ) ) {
-                    // use HTMLPurifier inside ImpressCMS
-                    if ( ! class_exists( 'icms_HTMLPurifier' ) ) {
-                        require_once ICMS_ROOT_PATH.'/class/icms.htmlpurifier.php' ;
-                    }
-        //            $pure =& icms_HTMLPurifier::getPurifierInstance() ;
-        //            $_POST = $pure->icms_html_purifier( $_POST , 'protector' ) ;
-                    $this->purifier =& icms_HTMLPurifier::getPurifierInstance() ;
-                    $this->method = 'icms_html_purifier' ;
 
-                } else {
-                    */
         // use HTMLPurifier inside Protector
         require_once dirname(__DIR__) . '/library/HTMLPurifier.auto.php';
+//      TODO in XOOPS 2.7.0        
+//      require_once XOOPS_ROOT_PATH . '/class/libraries/vendor/vendor/ezyang/htmlpurifier/library/HTMLPurifier.auto.php';
         $config = HTMLPurifier_Config::createDefault();
         $config->set('Cache', 'SerializerPath', XOOPS_VAR_PATH . '/configs/protector');
         $config->set('Core', 'Encoding', _CHARSET);
         //$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
         $this->purifier = new HTMLPurifier($config);
         $this->method   = 'purify';
-        //        }
+
 
         $_POST = $this->purify_recursive($_POST);
     }

diff --git a/htdocs/xoops_lib/modules/protector/filters_disabled/postcommon_post_htmlpurify4guest.php b/htdocs/xoops_lib/modules/protector/filters_disabled/postcommon_post_htmlpurify4guest.php
@@ -15,36 +15,19 @@ public function execute()
     {
         global $xoopsUser;
 
-        // HTMLPurifier runs with PHP5 only
-        if (version_compare(PHP_VERSION, '5.0.0') < 0) {
-            die('Turn postcommon_post_htmlpurify4guest.php off because this filter cannot run with PHP4');
-        }
-
         if (is_object($xoopsUser)) {
             return true;
         }
-        /*
-                if ( file_exists( XOOPS_ROOT_PATH.'/class/icms.htmlpurifier.php' ) ) {
-                    // use HTMLPurifier inside ImpressCMS
-                    if ( ! class_exists( 'icms_HTMLPurifier' ) ) {
-                        require_once ICMS_ROOT_PATH.'/class/icms.htmlpurifier.php' ;
-                    }
-        //            $pure =& icms_HTMLPurifier::getPurifierInstance() ;
-        //            $_POST = $pure->icms_html_purifier( $_POST , 'protector' ) ;
-                    $this->purifier =& icms_HTMLPurifier::getPurifierInstance() ;
-                    $this->method = 'icms_html_purifier' ;
-
-                } else {
-                    */
         // use HTMLPurifier inside Protector
         require_once dirname(__DIR__) . '/library/HTMLPurifier.auto.php';
+//      TODO in XOOPS 2.7.0        
+//      require_once XOOPS_ROOT_PATH . '/class/libraries/vendor/vendor/ezyang/htmlpurifier/library/HTMLPurifier.auto.php';
         $config = HTMLPurifier_Config::createDefault();
         $config->set('Cache', 'SerializerPath', XOOPS_VAR_PATH . '/configs/protector');
         $config->set('Core', 'Encoding', _CHARSET);
         //$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
         $this->purifier = new HTMLPurifier($config);
         $this->method   = 'purify';
-        //        }
 
         $_POST = $this->purify_recursive($_POST);
         return null;