Skip to content

fix: PHP 8.x compatibility - count() on null, mysqli_query() args, session_start() duplicate #809

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ocjorge wants to merge 6 commits into from
Closed

fix: PHP 8.x compatibility - count() on null, mysqli_query() args, session_start() duplicate #809

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a1f82b8
Fix PHP 8.x compatibility issues
ocjorge Jun 14, 2026
715028b
Address Copilot review feedback
ocjorge Jun 14, 2026
c5769a9
fix: address remaining Codacy and Copilot issues
ocjorge Jun 14, 2026
bc74c38
fix: address remaining Copilot high/medium issues
ocjorge Jun 14, 2026
2f3fc08
fix: reduce cyclomatic complexity of lookupZip()
ocjorge Jun 14, 2026
9e4d7d3
fix: address SQL injection and unit mismatch in getDistanceFromPointQ…
ocjorge Jun 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/AJAXInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,7 @@ public function __construct()
/* Give the session a unique name to avoid conflicts and start the
* session. */
@session_name(CATS_SESSION_NAME);
session_start();
if (session_status() === PHP_SESSION_NONE) { session_start(); }

/* Validate the session. */
if (!$this->isSessionLoggedIn())
Expand Down
21 changes: 14 additions & 7 deletions lib/CareerPortal.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -458,13 +458,20 @@ public function sendEmail($userID, $destination, $subject, $body)

/* Send e-mail notification. */
//FIXME: Make subject configurable.
$mailer = new Mailer($this->_siteID, $userID);
$mailerStatus = $mailer->sendToOne(
array($destination, ''),
$subject,
$body,
true
);
try {
$mailer = new Mailer($this->_siteID, $userID);
$mailerStatus = $mailer->sendToOne(
array($destination, ''),
$subject,
$body,
true
);
} catch (Exception $e) {
// Mail not configured or failed - log error for debugging
$mailerStatus = false;

error_log('OpenCATS Mailer error (site=' . $this->_siteID . '): ' . $e->getMessage());
}
Comment on lines +461 to +474
Comment on lines +461 to +474
Comment on lines +469 to +474
}
}

Expand Down
124 changes: 60 additions & 64 deletions lib/ZipLookup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,82 +1,78 @@
<?php
/**
* Google API Zip Code Lookup library
*/
class ZipLookup
{

public static function makeSearchableUSZip($zipString)
{

return str_replace(' ', '', $zipString);
}
public static function makeSearchableUSZip($zipString)
{
return str_replace(' ', '', $zipString);
}

public function getCityStateByZip($zip)
{
return $this->lookupZip($zip);
}

public function lookupZip($zip)
Comment thread
ocjorge marked this conversation as resolved.
{
$aAddress = array(0, '', '', '');

if ($zip == '') {
$aAddress[0] = 2;
return $aAddress;
}

$aAddress[0] = 0;
$aAddress[1] = '';
$aAddress[2] = '';
$aAddress[3] = '';
$sUrl = 'https://maps.googleapis.com/maps/api/geocode/xml?sensor=false&address=';
$oXml = simplexml_load_file($sUrl . rawurlencode($zip));

$sUrl = 'http://maps.googleapis.com/maps/api/geocode/xml?sensor=false&address=';
if ($oXml === false || !isset($oXml->result->address_component)) {
$aAddress[0] = 1;
return $aAddress;
}

if ($zip != '') {
if (($oXml = simplexml_load_file($sUrl . $zip))) {
foreach($oXml->result->address_component as $value) {
if ($value->type == 'route') {
$aAddress[1] = (string) $value->long_name;
}
if ($value->type[0] == 'postal_town') {
$loc_level_1 = (string) $value->long_name;
}
if ($value->type[0] == 'locality') {
$loc_level_1 = (string) $value->long_name;
}
if ($value->type[0] == 'administrative_area_level_1') {
$loc_level_2 = (string) $value->long_name;
}
if ($value->type[0] == 'administrative_area_level_2') {
$loc_level_3 = (string) $value->long_name;
}
if ($value->type[0] == 'country') {
$loc_level_4 = (string) $value->long_name;
}
}
} else {
$aAddress[0] = 1;
}
} else {
$aAddress[0] = 2;
}
$levels = $this->parseAddressComponents($oXml->result->address_component, $aAddress);
$aAddress[2] = $levels['loc_level_1'];
$aAddress[3] = ($levels['loc_level_4'] == 'United States') ? $levels['loc_level_3'] : $levels['loc_level_2'];

// Set the state based on US or non-US location
$aAddress[2] = $loc_level_1;
if ($loc_level_4 == 'United States') {
$aAddress[3] = $loc_level_3;
} else {
$aAddress[3] = $loc_level_2;
}

return $aAddress;
return $aAddress;
}

private function parseAddressComponents($components, &$aAddress)
{
$levels = array('loc_level_1' => '', 'loc_level_2' => '', 'loc_level_3' => '', 'loc_level_4' => '');
$typeMap = array(
'postal_town' => 'loc_level_1',
'locality' => 'loc_level_1',
'administrative_area_level_1'=> 'loc_level_2',
'administrative_area_level_2'=> 'loc_level_3',
'country' => 'loc_level_4',
);

foreach ($components as $value) {
if ($value->type == 'route') {
$aAddress[1] = (string) $value->long_name;
}
if (isset($value->type[0]) && isset($typeMap[(string)$value->type[0]])) {
$levels[$typeMap[(string)$value->type[0]]] = (string) $value->long_name;
}
}

return $levels;
}

/**
* Returns an array of SQL clauses that returns the distance from a zipcode for each record.
*
* @param integer United States Zip code (55303)
* @param string record Zip Code Column (candidate.zip)
* @return string SQL select clause
*/

public function getDistanceFromPointQuery($zipcode, $zipcodeColumn)
{
//based on kilometers = (3958*3.1415926*sqrt(($lat2-$lat1)*($lat2-$lat1) + cos($lat2/57.29578)*cos($lat1/57.29578)*($lon2-$lon1)*($lon2-$lon1))/180);

$select = "(3958*3.1415926*sqrt((zipcode_searching.lat-zipcode_record.lat)*(zipcode_searching.lat-zipcode_record.lat) + cos(zipcode_searching.lat/57.29578)*cos(zipcode_record.lat/57.29578)*(zipcode_searching.lng-zipcode_record.lng)*(zipcode_searching.lng-zipcode_record.lng))/180) as distance_km";
$join = "LEFT JOIN zipcodes as zipcode_searching ON zipcode_searching.zipcode = ".$zipcode." LEFT JOIN zipcodes as zipcode_record ON zipcode_record.zipcode = ".$zipcodeColumn;
// Legacy wrapper - returns expected select/join keys for distance filtering
// Fix: use 6371 (km radius) to match distance_km alias
// Fix: cast $zipcode to int to prevent SQL injection
$safeZipcode = (int) $zipcode;

// $zipcodeColumn must be a known column name - validate against allowlist
$allowedColumns = array('candidate.zip', 'zipcode', 'zip');
if (!in_array($zipcodeColumn, $allowedColumns, true)) {
return array("select" => "0 as distance_km", "join" => "");
}

$select = "(6371*3.1415926*sqrt((zipcode_searching.lat-zipcode_record.lat)*(zipcode_searching.lat-zipcode_record.lat) + cos(zipcode_searching.lat/57.29578)*cos(zipcode_record.lat/57.29578)*(zipcode_searching.lng-zipcode_record.lng)*(zipcode_searching.lng-zipcode_record.lng))/180) as distance_km";
$join = "LEFT JOIN zipcodes as zipcode_searching ON zipcode_searching.zipcode = " . $safeZipcode . " LEFT JOIN zipcodes as zipcode_record ON zipcode_record.zipcode = " . $zipcodeColumn;
return array("select" => $select, "join" => $join);
}
Comment thread
ocjorge marked this conversation as resolved.
}
?>
18 changes: 14 additions & 4 deletions modules/candidates/Add.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,12 @@
</tr>
</table>
<?php else: ?>
<?php if (PARSING_ENABLED &&
is_countable($this->parsingStatus) && count($this->parsingStatus) &&
$this->parsingStatus['parseUsed'] >= $this->parsingStatus['parseLimit'] &&
$this->parsingStatus['parseLimit'] >= 0): ?>
Comment on lines +125 to +128
Comment on lines +125 to +128
<a href="https://www.catsone.com/professional" target="_blank">All daily resume imports used. For more, upgrade to CATS professional</a>.
<?php endif; ?>
Comment on lines +125 to +130
<?php $freeformTop = '<p class="freeformtop">Cut and paste freeform address here.</p>'; ?>
<?php eval(Hooks::get('CANDIDATE_TEMPLATE_ABOVE_FREEFORM')); ?>
<?php echo($freeformTop); ?>
Expand Down Expand Up @@ -187,8 +193,12 @@
<td class="tdData">
<input type="text" tabindex="6" name="phoneHome" id="phoneHome" class="inputbox" style="width: 150px;" value="<?php if (isset($this->preassignedFields['phoneHome'])) $this->_($this->preassignedFields['phoneHome']); ?>" onchange="checkPhoneAlreadyInSystem(this.value);" />
<?php if ($this->isParsingEnabled): ?>
<?php if ($this->isModal): ?>&nbsp;&nbsp;<?php else: ?>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?php endif; ?>
<img id="transfer" src="images/parser/transfer<?php echo ($this->contents != '' ? '' : '_grey'); ?>.gif" <?php echo ($this->contents != '' ? 'style="cursor: pointer;"' : ''); ?> border="0" alt="Import Resume" onclick="parseDocumentFileContents();" />
<?php if (is_array($this->parsingStatus) && $this->parsingStatus['parseLimit'] >= 0 && $this->parsingStatus['parseUsed'] >= $this->parsingStatus['parseLimit']): ?>
&nbsp;
<?php else: ?>
<?php if ($this->isModal): ?>&nbsp;&nbsp;<?php else: ?>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?php endif; ?>
<img id="transfer" src="images/parser/transfer<?php echo ($this->contents != '' ? '' : '_grey'); ?>.gif" <?php echo ($this->contents != '' ? 'style="cursor: pointer;"' : ''); ?> border="0" alt="Import Resume" onclick="parseDocumentFileContents();" />
<?php endif; ?>
<?php else: ?>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input id="arrowButton" tabindex="91" align="middle" type="button" value="&lt;--" class="arrowbutton" onclick="AddressParser_parse('addressBlock', 'person', 'addressParserIndicator', 'arrowButton'); document.addCandidateForm.firstName.focus();" />
<?php endif; ?>
Expand Down Expand Up @@ -283,7 +293,7 @@
<?php if ($this->associatedAttachment == 0): ?>
<nobr> <?php /* FIXME: remove nobr stuff */ ?>
<?php if (isset($this->overAttachmentQuota)): ?>
<span style="font-size:10px;">(You have already reached your limit of <?php echo(FREE_ACCOUNT_SIZE/1024); ?> MB of attachments, and cannot add additional file attachments.)<br /></font>Copy and Paste Resume:&nbsp;
<span style="font-size:10px;">(You have already reached your limit of <?php echo(FREE_ACCOUNT_SIZE/1024); ?> MB of attachments, and cannot add additional file attachments without upgrading to CATS Professional Hosted.)<br /></span>Copy and Paste Resume:&nbsp;
<?php else: ?>
<input type="file" id="file" name="file" size="21" tabindex="<?php echo($tabIndex++); ?>" <?php if($this->associatedTextResume !== false): ?>disabled<?php endif; ?> /> &nbsp;
<?php endif; ?>
Expand Down Expand Up @@ -392,7 +402,7 @@
<p class="note<?php if ($this->isModal): ?>Unsized<?php endif; ?>" style="margin-top: 5px;">Other</p>
<table class="editTable">

<?php for ($i = 0; $i < count($this->extraFieldRS); $i++): ?>
<?php for ($i = 0; $i < count((array)$this->extraFieldRS); $i++): ?>
<tr>
<td class="tdVertical" id="extraFieldTd<?php echo($i); ?>">
<label id="extraFieldLbl<?php echo($i); ?>">
Expand Down
2 changes: 1 addition & 1 deletion modules/candidates/Edit.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@

<table class="editTable" width="700">

<?php for ($i = 0; $i < count($this->extraFieldRS); $i++): ?>
<?php for ($i = 0; $i < count((array)$this->extraFieldRS); $i++): ?>
<tr>
<td class="tdVertical" id="extraFieldTd<?php echo($i); ?>">
<label id="extraFieldLbl<?php echo($i); ?>">
Expand Down
2 changes: 1 addition & 1 deletion modules/candidates/Search.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@
<img src="images/resume_preview_inline.gif" class="abstop" alt="(Preview)" border="0" width="15" height="15" />
</a>
<?php endif; ?>
<?php $this->_($data['keySkills']); ?>&nbsp;
<?php $this->_(isset($data['keySkills']) ? $data['keySkills'] : ''); ?>&nbsp;
</td>
<td><?php $this->_($data['city']); ?>&nbsp;</td>
<td><?php $this->_($data['state']); ?>&nbsp;</td>
Expand Down
8 changes: 4 additions & 4 deletions modules/candidates/Show.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
<td class="data"><?php $this->_($this->data['source']); ?></td>
</tr>

<?php for ($i = 0; $i < intval(count($this->extraFieldRS)/2); $i++): ?>
<?php for ($i = 0; $i < intval(count((array)$this->extraFieldRS)/2); $i++): ?>
<tr>
<td class="vertical"><?php $this->_($this->extraFieldRS[$i]['fieldName']); ?>:</td>
<td class="data"><?php echo($this->extraFieldRS[$i]['display']); ?></td>
Expand Down Expand Up @@ -226,7 +226,7 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
<td class="data"><?php $this->_($this->data['ownerFullName']); ?></td>
</tr>

<?php for ($i = (intval(count($this->extraFieldRS))/2); $i < (count($this->extraFieldRS)); $i++): ?>
<?php for ($i = (intval(count((array)$this->extraFieldRS))/2); $i < (count((array)$this->extraFieldRS)); $i++): ?>
<tr>
<td class="vertical"><?php $this->_($this->extraFieldRS[$i]['fieldName']); ?>:</td>
<td class="data"><?php echo($this->extraFieldRS[$i]['display']); ?></td>
Expand Down Expand Up @@ -626,9 +626,9 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
<tr>
<th align="left" width="125">Date</th>
<th align="left" width="90">Type</th>
<th align="left" width="90">Entered By</th>
<th align="left" width="250">Regarding</th>
<th align="left">Notes</th>
<th align="left" width="90">Entered By</th>
<?php if (!$this->isPopup): ?>
<th align="left" width="40">Action</th>
<?php endif; ?>
Expand All @@ -638,9 +638,9 @@ use OpenCATS\UI\CandidateDuplicateQuickActionMenu;
<tr class="<?php TemplateUtility::printAlternatingRowClass($rowNumber); ?>">
<td align="left" valign="top" id="activityDate<?php echo Template::escapeAttr($activityData['activityID']); ?>"><?php $this->_($activityData['dateCreated']) ?></td>
<td align="left" valign="top" id="activityType<?php echo Template::escapeAttr($activityData['activityID']); ?>"><?php $this->_($activityData['typeDescription']) ?></td>
<td align="left" valign="top"><?php $this->_($activityData['enteredByAbbrName']) ?></td>
<td align="left" valign="top" id="activityRegarding<?php echo Template::escapeAttr($activityData['activityID']); ?>" data-joborder-id="<?php echo Template::escapeAttr(isset($activityData['jobOrderID']) ? $activityData['jobOrderID'] : ''); ?>"><?php $this->_($activityData['regarding']) ?></td>
<td align="left" valign="top" id="activityNotes<?php echo Template::escapeAttr($activityData['activityID']); ?>"><?php echo nl2br(TemplateUtility::highlightStatusChangeActivityNote($activityData['notes'])); ?></td>
<td align="left" valign="top"><?php $this->_($activityData['enteredByAbbrName']) ?></td>
<?php if (!$this->isPopup): ?>
<td align="center" >
<?php if ($this->getUserAccessLevel('candidates.edit') >= ACCESS_LEVEL_EDIT): ?>
Expand Down
Loading