XoopsModules25x
diff --git a/‎SECURITY.md‎
Lines changed: 37 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎admin/index.php‎
Lines changed: 1 addition & 1 deletion b/‎admin/index.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎blocks/repositories.php‎
Lines changed: 2 additions & 2 deletions b/‎blocks/repositories.php‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎class/Common/DirectoryChecker.php‎
Lines changed: 160 additions & 0 deletions b/‎class/Common/DirectoryChecker.php‎
Lines changed: 160 additions & 0 deletions
diff --git a/‎class/Common/FileChecker.php‎
Lines changed: 161 additions & 0 deletions b/‎class/Common/FileChecker.php‎
Lines changed: 161 additions & 0 deletions
@@ -0,0 +1,37 @@
+# XOOPS Security Policy
+
+XOOPS takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
+This documentation provides guidelines and standard procedures regarding maintaining security with our software.
+
+## Supported Versions
+
+By default, only the latest version built from branch `master` (or `main`) is supported with security updates.
+
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report (suspected) security vulnerabilities to
+**[security@xoops.org](mailto:security@xoops.org)**. You will receive a response from
+us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible depending on complexity, and you'll receive a credit in our changelog.
+
+Please use a descriptive subject line for your report email. After the initial
+reply to your report, the security team will endeavor to keep you informed of
+the progress being made towards a fix and announcement.
+
+In addition, please include the following information along with your report:
+
+* Your name and affiliation (if any).
+* A description of the technical details of the vulnerabilities. It is very
+  important to let us know how we can reproduce your findings.
+* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
@@ -62,7 +62,7 @@
 // Uploads Folders Created
 foreach (\array_keys($folder) as $i) {
     $adminObject->addConfigBoxLine($folder[$i], 'folder');
-    $adminObject->addConfigBoxLine(array($folder[$i], '777'), 'chmod');
+    $adminObject->addConfigBoxLine([$folder[$i], '777'], 'chmod');
 }
 
 // Render Index
 
@@ -56,8 +56,8 @@ function b_wggithub_repositories_show($options)
             break;
         case 'new':
             // For the block: repositories new
-            $crRepositories->add(new \Criteria('repo_datecreated', \DateTime::createFromFormat(_SHORTDATESTRING), '>='));
-            $crRepositories->add(new \Criteria('repo_datecreated', \DateTime::createFromFormat(_SHORTDATESTRING) + 86400, '<='));
+            $crRepositories->add(new \Criteria('repo_datecreated', \time() - 604800, '>='));
+            $crRepositories->add(new \Criteria('repo_datecreated', \time(), '<='));
             $crRepositories->setSort('repo_datecreated');
             $crRepositories->setOrder('ASC');
             break;
 
@@ -0,0 +1,160 @@
+<?php
+
+namespace XoopsModules\Wggithub\Common;
+
+/*
+ You may not change or alter any portion of this comment or credits
+ of supporting developers from this source code or any supporting source code
+ which is considered copyrighted (c) material of the original comment or credit authors.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/**
+ * Wggithub module
+ *
+ * @copyright       XOOPS Project (https://xoops.org)
+ * @license         GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
+ * @author          Xoops Development Team
+ */
+
+use Xmf\Request;
+use XoopsModules\Wggithub;
+
+
+require_once \dirname(__DIR__, 4) . '/mainfile.php';
+$moduleDirName      = \basename(\dirname(__DIR__, 2));
+$moduleDirNameUpper = \mb_strtoupper($moduleDirName);
+\xoops_loadLanguage('directorychecker', $moduleDirName);
+
+/**
+ * Class DirectoryChecker
+ * check status of a directory
+ */
+class DirectoryChecker
+{
+    /**
+     * @param     $path
+     * @param int $mode
+     * @param     $redirectFile
+     *
+     * @return bool|string
+     */
+    public static function getDirectoryStatus($path, $mode = 0777, $redirectFile = null)
+    {
+        $pathIcon16 = \Xmf\Module\Admin::iconUrl('', '16');
+
+        if (empty($path)) {
+            return false;
+        }
+        if (null === $redirectFile) {
+            $redirectFile = $_SERVER['SCRIPT_NAME'];
+        }
+        $moduleDirName      = \basename(\dirname(__DIR__, 2));
+        $moduleDirNameUpper = \mb_strtoupper($moduleDirName);
+        if (!@\is_dir($path)) {
+            $path_status = "<img src='$pathIcon16/0.png' >";
+            $path_status .= "$path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_NOTAVAILABLE') . ') ';
+            $path_status .= "<form action='" . $_SERVER['SCRIPT_NAME'] . "' method='post'>";
+            $path_status .= "<input type='hidden' name='op' value='createdir'>";
+            $path_status .= "<input type='hidden' name='path' value='$path'>";
+            $path_status .= "<input type='hidden' name='redirect' value='$redirectFile'>";
+            $path_status .= "<button class='submit' onClick='this.form.submit();'>" . \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_CREATETHEDIR') . '</button>';
+            $path_status .= '</form>';
+        } elseif (@\is_writable($path)) {
+            $path_status = "<img src='$pathIcon16/1.png' >";
+            $path_status .= "$path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_AVAILABLE') . ') ';
+            $currentMode = \mb_substr(\decoct(\fileperms($path)), 2);
+            if ($currentMode != \decoct($mode)) {
+                $path_status = "<img src='$pathIcon16/0.png' >";
+                $path_status .= $path . \sprintf(\constant('CO_' . $moduleDirNameUpper . '_' . 'DC_NOTWRITABLE'), \decoct($mode), $currentMode);
+                $path_status .= "<form action='" . $_SERVER['SCRIPT_NAME'] . "' method='post'>";
+                $path_status .= "<input type='hidden' name='op' value='setdirperm'>";
+                $path_status .= "<input type='hidden' name='mode' value='$mode'>";
+                $path_status .= "<input type='hidden' name='path' value='$path'>";
+                $path_status .= "<input type='hidden' name='redirect' value='$redirectFile'>";
+                $path_status .= "<button class='submit' onClick='this.form.submit();'>" . \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_SETMPERM') . '</button>';
+                $path_status .= '</form>';
+            }
+        } else {
+            $currentMode = \mb_substr(\decoct(\fileperms($path)), 2);
+            $path_status = "<img src='$pathIcon16/0.png' >";
+            $path_status .= $path . \sprintf(\constant('CO_' . $moduleDirNameUpper . '_' . 'DC_NOTWRITABLE'), \decoct($mode), $currentMode);
+            $path_status .= "<form action='" . $_SERVER['SCRIPT_NAME'] . "' method='post'>";
+            $path_status .= "<input type='hidden' name='op' value='setdirperm'>";
+            $path_status .= "<input type='hidden' name='mode' value='$mode'>";
+            $path_status .= "<input type='hidden' name='path' value='$path'>";
+            $path_status .= "<input type='hidden' name='redirect' value='$redirectFile'>";
+            $path_status .= "<button class='submit' onClick='this.form.submit();'>" . \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_SETMPERM') . '</button>';
+            $path_status .= '</form>';
+        }
+
+        return $path_status;
+    }
+
+    /**
+     * @param     $target
+     * @param int $mode
+     *
+     * @return bool
+     */
+    public static function createDirectory($target, $mode = 0777)
+    {
+        $target = \str_replace('..', '', $target);
+
+        // http://www.php.net/manual/en/function.mkdir.php
+        return \is_dir($target) || (self::createDirectory(\dirname($target), $mode) && !\mkdir($target, $mode) && !\is_dir($target));
+    }
+
+    /**
+     * @param     $target
+     * @param int $mode
+     *
+     * @return bool
+     */
+    public static function setDirectoryPermissions($target, $mode = 0777)
+    {
+        $target = \str_replace('..', '', $target);
+
+        return @\chmod($target, (int)$mode);
+    }
+
+    /**
+     * @param   $dir_path
+     *
+     * @return bool
+     */
+    public static function dirExists($dir_path)
+    {
+        return \is_dir($dir_path);
+    }
+}
+
+$op = Request::getString('op', '', 'POST');
+switch ($op) {
+    case 'createdir':
+        if (\Xmf\Request::hasVar('path', 'POST')) {
+            $path = $_POST['path'];
+        }
+        if (\Xmf\Request::hasVar('redirect', 'POST')) {
+            $redirect = $_POST['redirect'];
+        }
+        $msg = DirectoryChecker::createDirectory($path) ? \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_DIRCREATED') : \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_DIRNOTCREATED');
+        \redirect_header($redirect, 2, $msg . ': ' . $path);
+        break;
+    case 'setdirperm':
+        if (\Xmf\Request::hasVar('path', 'POST')) {
+            $path = $_POST['path'];
+        }
+        if (\Xmf\Request::hasVar('redirect', 'POST')) {
+            $redirect = $_POST['redirect'];
+        }
+        if (\Xmf\Request::hasVar('mode', 'POST')) {
+            $mode = $_POST['mode'];
+        }
+        $msg = DirectoryChecker::setDirectoryPermissions($path, $mode) ? \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_PERMSET') : \constant('CO_' . $moduleDirNameUpper . '_' . 'DC_PERMNOTSET');
+        \redirect_header($redirect, 2, $msg . ': ' . $path);
+        break;
+}
@@ -0,0 +1,161 @@
+<?php
+
+namespace XoopsModules\Wggithub\Common;
+
+/*
+ You may not change or alter any portion of this comment or credits
+ of supporting developers from this source code or any supporting source code
+ which is considered copyrighted (c) material of the original comment or credit authors.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/**
+ * Wggithub module
+ *
+ * @copyright       XOOPS Project (https://xoops.org)
+ * @license         GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
+ * @author          Xoops Development Team
+ */
+
+use Xmf\Request;
+use XoopsModules\Wggithub;
+
+//\defined('XOOPS_ROOT_PATH') || die('XOOPS root path not defined');
+
+require_once \dirname(__DIR__, 4) . '/mainfile.php';
+$moduleDirName      = \basename(\dirname(__DIR__, 2));
+$moduleDirNameUpper = \mb_strtoupper($moduleDirName);
+\xoops_loadLanguage('filechecker', $moduleDirName);
+
+/**
+ * Class FileChecker
+ * check status of a directory
+ */
+class FileChecker
+{
+    /**
+     * @param string      $file_path
+     * @param string|null $original_file_path
+     * @param string      $redirectFile
+     * @return bool|string
+     */
+    public static function getFileStatus($file_path, $original_file_path = null, $redirectFile)
+    {
+        $pathIcon16 = \Xmf\Module\Admin::iconUrl('', '16');
+
+        if (empty($file_path)) {
+            return false;
+        }
+        if (null === $redirectFile) {
+            $redirectFile = $_SERVER['SCRIPT_NAME'];
+        }
+        $moduleDirName      = \basename(\dirname(__DIR__, 2));
+        $moduleDirNameUpper = \mb_strtoupper($moduleDirName);
+        if (null === $original_file_path) {
+            if (self::fileExists($file_path)) {
+                $path_status = "<img src='$pathIcon16/1.png' >";
+                $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_AVAILABLE') . ') ';
+            } else {
+                $path_status = "<img src='$pathIcon16/0.png' >";
+                $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_NOTAVAILABLE') . ') ';
+            }
+        } else {
+            if (self::compareFiles($file_path, $original_file_path)) {
+                $path_status = "<img src='$pathIcon16/1.png' >";
+                $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_AVAILABLE') . ') ';
+            } else {
+                $path_status = "<img src='$pathIcon16/0.png' >";
+                $path_status .= "$file_path (" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_NOTAVAILABLE') . ') ';
+                $path_status .= "<form action='" . $_SERVER['SCRIPT_NAME'] . "' method='post'>";
+                $path_status .= "<input type='hidden' name='op' value='copyfile'>";
+                $path_status .= "<input type='hidden' name='file_path' value='$file_path'>";
+                $path_status .= "<input type='hidden' name='original_file_path' value='$original_file_path'>";
+                $path_status .= "<input type='hidden' name='redirect' value='$redirectFile'>";
+                $path_status .= "<button class='submit' onClick='this.form.submit();'>" . \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_CREATETHEFILE') . '</button>';
+                $path_status .= '</form>';
+            }
+        }
+
+        return $path_status;
+    }
+
+    /**
+     * @param   $source_path
+     * @param   $destination_path
+     *
+     * @return bool
+     */
+    public static function copyFile($source_path, $destination_path)
+    {
+        $source_path      = \str_replace('..', '', $source_path);
+        $destination_path = \str_replace('..', '', $destination_path);
+
+        return @\copy($source_path, $destination_path);
+    }
+
+    /**
+     * @param   $file1_path
+     * @param   $file2_path
+     *
+     * @return bool
+     */
+    public static function compareFiles($file1_path, $file2_path)
+    {
+        if (!self::fileExists($file1_path) || !self::fileExists($file2_path)) {
+            return false;
+        }
+        if (\filetype($file1_path) !== \filetype($file2_path)) {
+            return false;
+        }
+        if (\filesize($file1_path) !== \filesize($file2_path)) {
+            return false;
+        }
+        $crc1 = \mb_strtoupper(\dechex(\crc32(\file_get_contents($file1_path))));
+        $crc2 = \mb_strtoupper(\dechex(\crc32(\file_get_contents($file2_path))));
+
+        return !($crc1 !== $crc2);
+    }
+
+    /**
+     * @param   $file_path
+     *
+     * @return bool
+     */
+    public static function fileExists($file_path)
+    {
+        return \is_file($file_path);
+    }
+
+    /**
+     * @param     $target
+     * @param int $mode
+     *
+     * @return bool
+     */
+    public static function setFilePermissions($target, $mode = 0777)
+    {
+        $target = \str_replace('..', '', $target);
+
+        return @\chmod($target, (int)$mode);
+    }
+}
+
+$op = Request::getString('op', '', 'POST');
+switch ($op) {
+    case 'copyfile':
+        if (\Xmf\Request::hasVar('original_file_path', 'POST')) {
+            $original_file_path = $_POST['original_file_path'];
+        }
+        if (\Xmf\Request::hasVar('file_path', 'POST')) {
+            $file_path = $_POST['file_path'];
+        }
+        if (\Xmf\Request::hasVar('redirect', 'POST')) {
+            $redirect = $_POST['redirect'];
+        }
+        $msg = FileChecker::copyFile($original_file_path, $file_path) ? \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_FILECOPIED') : \constant('CO_' . $moduleDirNameUpper . '_' . 'FC_FILENOTCOPIED');
+        \redirect_header($redirect, 2, $msg . ': ' . $file_path);
+        break;
+}
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@`
`62`	`62`	`// Uploads Folders Created`
`63`	`63`	`foreach (\array_keys($folder) as $i) {`
`64`	`64`	`$adminObject->addConfigBoxLine($folder[$i], 'folder');`
`65`		`- $adminObject->addConfigBoxLine(array($folder[$i], '777'), 'chmod');`
	`65`	`+ $adminObject->addConfigBoxLine([$folder[$i], '777'], 'chmod');`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`// Render Index`