Merge pull request #35 from mambax7/master

2.35.0 RC-1

Author: mambax7

SECURITY.md

@@ -0,0 +1,37 @@
+# XOOPS Security Policy
+
+XOOPS takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
+This documentation provides guidelines and standard procedures regarding maintaining security with our software.
+
+## Supported Versions
+
+By default, only the latest version built from branch `master` (or `main`) is supported with security updates.
+
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report (suspected) security vulnerabilities to
+**[security@xoops.org](mailto:security@xoops.org)**. You will receive a response from
+us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible depending on complexity, and you'll receive a credit in our changelog.
+
+Please use a descriptive subject line for your report email. After the initial
+reply to your report, the security team will endeavor to keep you informed of
+the progress being made towards a fix and announcement.
+
+In addition, please include the following information along with your report:
+
+* Your name and affiliation (if any).
+* A description of the technical details of the vulnerabilities. It is very
+  important to let us know how we can reproduce your findings.
+* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.

admin/blocksadmin.php

@@ -1,6 +1,4 @@
-<?php
-
-declare(strict_types=1);
+<?php declare(strict_types=1);
 
 /**
  * You may not change or alter any portion of this comment or credits

assets/cumulus.swf

@@ -25,12 +25,14 @@
 
 defined('XOOPS_ROOT_PATH') || exit('Restricted access');
 
-require_once $GLOBALS['xoops']->path('/modules/tag/include/vars.php');
-
 if (!xoops_isActiveModule('tag')) {
     return false;
 }
 
+require_once $GLOBALS['xoops']->path('/modules/tag/include/vars.php');
+
+
+
 $helper = Helper::getInstance();
 
 $helper->loadLanguage('blocks');
@@ -386,11 +388,13 @@ function tag_block_top_edit(array $options)
         $form .= ' selected ';
     }
     $form .= '>' . _MB_TAG_COUNT . "</option>\n";
-    $form .= "<option value='t'";
-    if ('t' === $options[2]) {
-        $form .= ' selected ';
-    }
-    $form .= '>' . _MB_TAG_TIME . "</option>\n";
+
+//    $form .= "<option value='t'"; //@todo currently not implemented
+//    if ('t' === $options[2]) {
+//        $form .= ' selected ';
+//    }
+//    $form .= '>' . _MB_TAG_TIME . "</option>\n";
+
     $form .= "</select><br>\n";
 
     return $form;

assets/js/swfobject.js

@@ -1,6 +1,4 @@
-<?php
-
-declare(strict_types=1);
+<?php declare(strict_types=1);
 
 namespace XoopsModules\Tag\Common;
 
@@ -277,9 +275,9 @@ public function listBlocks(): void
 
             // Actions
 
-            echo "<td class='$class' align='center'><a href='blocksadmin.php?op=edit&amp;bid=" . $i->getVar('bid') . "'><img src=" . $pathIcon16 . '/edit.png' . " alt='" . _EDIT . "' title='" . _EDIT . "'>
-                 </a> <a href='blocksadmin.php?op=clone&amp;bid=" . $i->getVar('bid') . "'><img src=" . $pathIcon16 . '/editcopy.png' . " alt='" . _CLONE . "' title='" . _CLONE . "'>
-                 </a>";
+            echo "<td class='$class' align='center'>
+                <a href='blocksadmin.php?op=edit&amp;bid=" . $i->getVar('bid') . "'><img src=" . $pathIcon16 . '/edit.png' . " alt='" . _EDIT . "' title='" . _EDIT . "'></a> 
+                <a href='blocksadmin.php?op=clone&amp;bid=" . $i->getVar('bid') . "'><img src=" . $pathIcon16 . '/editcopy.png' . " alt='" . _CLONE . "' title='" . _CLONE . "'></a>";
             //            if ('S' !== $i->getVar('block_type') && 'M' !== $i->getVar('block_type')) {
             //                echo "&nbsp;<a href='" . XOOPS_URL . '/modules/system/admin.php?fct=blocksadmin&amp;op=delete&amp;bid=' . $i->getVar('bid') . "'><img src=" . $pathIcon16 . '/delete.png' . " alt='" . _DELETE . "' title='" . _DELETE . "'>
             //                     </a>";
@@ -421,7 +419,7 @@ public function isBlockCloned(int $bid, string $bside, string $bweight, string $
         if ('' !== $clone->getVar('template')) {
             /** @var \XoopsTplfileHandler $tplfileHandler */
             $tplfileHandler = \xoops_getHandler('tplfile');
-            $btemplate      = $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', $bid);
+            $btemplate      = $tplfileHandler->find($GLOBALS['xoopsConfig']['template_set'], 'block', (string)$bid);
             if (\count($btemplate) > 0) {
                 $tplclone = $btemplate[0]->xoopsClone();
                 $tplclone->setVar('tpl_id', 0);
@@ -603,7 +601,7 @@ public function orderBlock(
         $this->helper->redirect('admin/blocksadmin.php', 1, \constant('CO_' . $this->moduleDirNameUpper . '_' . 'UPDATE_SUCCESS'));
     }
 
-    public function render(?array $block = null): void
+    public function render(?array $block = null)
     {
         \xoops_load('XoopsFormLoader');
         \xoops_loadLanguage('common', $this->moduleDirNameUpper);

blocks/block.php

@@ -1,6 +1,4 @@
-<?php
-
-declare(strict_types=1);
+<?php declare(strict_types=1);
 
 namespace XoopsModules\Tag\Common;
 

class/Common/Blocksadmin.php

@@ -1,6 +1,4 @@
-<?php
-
-declare(strict_types=1);
+<?php declare(strict_types=1);
 
 namespace XoopsModules\Tag\Common;
 

class/Common/TestdataButtons.php

@@ -30,12 +30,9 @@ class Helper extends \Xmf\Module\Helper
      */
     public function __construct($debug = false)
     {
-        $this->debug = $debug;
-        if (null === $this->dirname) {
-            $dirname       = \basename(\dirname(__DIR__));
-            $this->dirname = $dirname;
-        }
-        parent::__construct($this->dirname);
+        $this->debug   = $debug;
+        $moduleDirName = \basename(\dirname(__DIR__));
+        parent::__construct($moduleDirName);
     }
 
     public static function getInstance(bool $debug = false): self

class/Common/VersionChecks.php

@@ -313,7 +313,7 @@ public function &getByLimit($limit = Constants::UNLIMITED, $start = Constants::B
             $limit = $limit >= 0 ? $limit : $criteria->getLimit(); // non-zero arg passed to method overrides $criteria setting
             $start = $start >= 0 ? $start : $criteria->getStart(); // non-zero arg passed to method overrides $criteria setting
         }
-        $sql .= " GROUP BY o.{$this->keyName}, o.tag_term, o.tag_status, l.tag_modid";
+        $sql .= " GROUP BY o.{$this->keyName}, o.tag_term, o.tag_status";
 
         $order = ('ASC' !== \mb_strtoupper($order)) ? 'DESC' : 'ASC';
         $sort  = \mb_strtolower($sort);