This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Manages WooCommerce plugin updating on the Plugins screen. |
||
4 | * |
||
5 | * @package WooCommerce/Admin |
||
6 | * @version 3.2.0 |
||
7 | */ |
||
8 | |||
9 | if ( ! defined( 'ABSPATH' ) ) { |
||
10 | exit; |
||
11 | } |
||
12 | |||
13 | if ( ! class_exists( 'WC_Plugin_Updates' ) ) { |
||
14 | include_once dirname( __FILE__ ) . '/class-wc-plugin-updates.php'; |
||
15 | } |
||
16 | |||
17 | /** |
||
18 | * Class WC_Plugins_Screen_Updates |
||
19 | */ |
||
20 | class WC_Plugins_Screen_Updates extends WC_Plugin_Updates { |
||
21 | |||
22 | /** |
||
23 | * The upgrade notice shown inline. |
||
24 | * |
||
25 | * @var string |
||
26 | */ |
||
27 | protected $upgrade_notice = ''; |
||
28 | |||
29 | /** |
||
30 | * Constructor. |
||
31 | */ |
||
32 | public function __construct() { |
||
33 | add_action( 'in_plugin_update_message-woocommerce/woocommerce.php', array( $this, 'in_plugin_update_message' ), 10, 2 ); |
||
34 | } |
||
35 | |||
36 | /** |
||
37 | * Show plugin changes on the plugins screen. Code adapted from W3 Total Cache. |
||
38 | * |
||
39 | * @param array $args Unused parameter. |
||
40 | * @param stdClass $response Plugin update response. |
||
41 | */ |
||
42 | public function in_plugin_update_message( $args, $response ) { |
||
43 | $this->new_version = $response->new_version; |
||
44 | $this->upgrade_notice = $this->get_upgrade_notice( $response->new_version ); |
||
45 | $this->major_untested_plugins = $this->get_untested_plugins( $response->new_version, 'major' ); |
||
46 | $this->minor_untested_plugins = $this->get_untested_plugins( $response->new_version, 'minor' ); |
||
47 | |||
48 | $current_version_parts = explode( '.', WC_VERSION ); |
||
49 | $new_version_parts = explode( '.', $this->new_version ); |
||
50 | |||
51 | // If user has already moved to the minor version, we don't need to flag up anything. |
||
52 | View Code Duplication | if ( version_compare( $current_version_parts[0] . '.' . $current_version_parts[1], $new_version_parts[0] . '.' . $new_version_parts[1], '=' ) ) { |
|
53 | return; |
||
54 | } |
||
55 | |||
56 | if ( ! empty( $this->major_untested_plugins ) ) { |
||
57 | $this->upgrade_notice .= $this->get_extensions_inline_warning_major(); |
||
58 | } |
||
59 | |||
60 | if ( ! empty( $this->minor_untested_plugins ) ) { |
||
61 | $this->upgrade_notice .= $this->get_extensions_inline_warning_minor(); |
||
62 | } |
||
63 | |||
64 | if ( ! empty( $this->major_untested_plugins ) ) { |
||
65 | $this->upgrade_notice .= $this->get_extensions_modal_warning(); |
||
66 | add_action( 'admin_print_footer_scripts', array( $this, 'plugin_screen_modal_js' ) ); |
||
67 | } |
||
68 | |||
69 | echo apply_filters( 'woocommerce_in_plugin_update_message', $this->upgrade_notice ? '</p>' . wp_kses_post( $this->upgrade_notice ) . '<p class="dummy">' : '' ); // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped |
||
70 | } |
||
71 | |||
72 | /** |
||
73 | * Get the upgrade notice from WordPress.org. |
||
74 | * |
||
75 | * @param string $version WooCommerce new version. |
||
76 | * @return string |
||
77 | */ |
||
78 | protected function get_upgrade_notice( $version ) { |
||
79 | $transient_name = 'wc_upgrade_notice_' . $version; |
||
80 | $upgrade_notice = get_transient( $transient_name ); |
||
81 | |||
82 | if ( false === $upgrade_notice ) { |
||
83 | $response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/woocommerce/trunk/readme.txt' ); |
||
84 | |||
85 | if ( ! is_wp_error( $response ) && ! empty( $response['body'] ) ) { |
||
86 | $upgrade_notice = $this->parse_update_notice( $response['body'], $version ); |
||
87 | set_transient( $transient_name, $upgrade_notice, DAY_IN_SECONDS ); |
||
88 | } |
||
89 | } |
||
90 | return $upgrade_notice; |
||
91 | } |
||
92 | |||
93 | /** |
||
94 | * Parse update notice from readme file. |
||
95 | * |
||
96 | * @param string $content WooCommerce readme file content. |
||
97 | * @param string $new_version WooCommerce new version. |
||
98 | * @return string |
||
99 | */ |
||
100 | private function parse_update_notice( $content, $new_version ) { |
||
101 | $version_parts = explode( '.', $new_version ); |
||
102 | $check_for_notices = array( |
||
103 | $version_parts[0] . '.0', // Major. |
||
104 | $version_parts[0] . '.0.0', // Major. |
||
105 | $version_parts[0] . '.' . $version_parts[1], // Minor. |
||
106 | $version_parts[0] . '.' . $version_parts[1] . '.' . $version_parts[2], // Patch. |
||
107 | ); |
||
108 | $notice_regexp = '~==\s*Upgrade Notice\s*==\s*=\s*(.*)\s*=(.*)(=\s*' . preg_quote( $new_version ) . '\s*=|$)~Uis'; |
||
109 | $upgrade_notice = ''; |
||
110 | |||
111 | foreach ( $check_for_notices as $check_version ) { |
||
112 | if ( version_compare( WC_VERSION, $check_version, '>' ) ) { |
||
113 | continue; |
||
114 | } |
||
115 | |||
116 | $matches = null; |
||
117 | if ( preg_match( $notice_regexp, $content, $matches ) ) { |
||
118 | $notices = (array) preg_split( '~[\r\n]+~', trim( $matches[2] ) ); |
||
119 | |||
120 | if ( version_compare( trim( $matches[1] ), $check_version, '=' ) ) { |
||
121 | $upgrade_notice .= '<p class="wc_plugin_upgrade_notice">'; |
||
122 | |||
123 | foreach ( $notices as $index => $line ) { |
||
124 | $upgrade_notice .= preg_replace( '~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $line ); |
||
125 | } |
||
126 | |||
127 | $upgrade_notice .= '</p>'; |
||
128 | } |
||
129 | break; |
||
130 | } |
||
131 | } |
||
132 | return wp_kses_post( $upgrade_notice ); |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * JS for the modal window on the plugins screen. |
||
137 | */ |
||
138 | public function plugin_screen_modal_js() { |
||
139 | ?> |
||
140 | <script> |
||
141 | ( function( $ ) { |
||
142 | var $update_box = $( '#woocommerce-update' ); |
||
143 | var $update_link = $update_box.find('a.update-link').first(); |
||
144 | var update_url = $update_link.attr( 'href' ); |
||
145 | |||
146 | // Set up thickbox. |
||
147 | $update_link.removeClass( 'update-link' ); |
||
148 | $update_link.addClass( 'wc-thickbox' ); |
||
149 | $update_link.attr( 'href', '#TB_inline?height=600&width=550&inlineId=wc_untested_extensions_modal' ); |
||
150 | |||
151 | // Trigger the update if the user accepts the modal's warning. |
||
152 | $( '#wc_untested_extensions_modal .accept' ).on( 'click', function( evt ) { |
||
153 | evt.preventDefault(); |
||
154 | tb_remove(); |
||
155 | $update_link.removeClass( 'wc-thickbox open-plugin-details-modal' ); |
||
156 | $update_link.addClass( 'update-link' ); |
||
157 | $update_link.attr( 'href', update_url ); |
||
158 | $update_link.click(); |
||
159 | }); |
||
160 | |||
161 | $( '#wc_untested_extensions_modal .cancel' ).on( 'click', function( evt ) { |
||
162 | evt.preventDefault(); |
||
163 | tb_remove(); |
||
164 | }); |
||
165 | })( jQuery ); |
||
166 | </script> |
||
167 | <?php |
||
168 | $this->generic_modal_js(); |
||
0 ignored issues
–
show
|
|||
169 | } |
||
170 | } |
||
171 | new WC_Plugins_Screen_Updates(); |
||
172 |
PHP Analyzer performs a side-effects analysis of your code. A side-effect is basically anything that might be visible after the scope of the method is left.
Let’s take a look at an example:
If we look at the
getEmail()
method, we can see that it has no side-effect. Whether you call this method or not, no future calls to other methods are affected by this. As such code as the following is useless:On the hand, if we look at the
setEmail()
, this method _has_ side-effects. In the following case, we could not remove the method call: