Issues in sharedaddy.php - New Issues - Inspection of "Merge branch 'master' into master-stable" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master-stable ( 4e4f59...6f97bb )

unknown

created 2016-04-06 20:17 UTC

modules/sharedaddy/sharedaddy.php (1 issue)

Labels

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
Plugin Name: Sharedaddy
Description: The most super duper sharing tool on the interwebs.
Version: 0.3.1
Author: Automattic, Inc.
Author URI: http://automattic.com/
Plugin URI: http://en.blog.wordpress.com/2010/08/24/more-ways-to-share/
*/

require_once plugin_dir_path( __FILE__ ).'sharing.php';

function sharing_email_send_post( $data ) {

	$content = sharing_email_send_post_content( $data );
	// Borrowed from wp_mail();
	$sitename = strtolower( $_SERVER['SERVER_NAME'] );
	if ( substr( $sitename, 0, 4 ) == 'www.' ) {
		$sitename = substr( $sitename, 4 );
	}

	/** This filter is documented in core/src/wp-includes/pluggable.php */
	$from_email = apply_filters( 'wp_mail_from', 'wordpress@' . $sitename );

	$headers[] = sprintf( 'From: %1$s <%2$s>', $data['name'], $from_email );
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
	$headers[] = sprintf( 'Reply-To: %1$s <%2$s>', $data['name'], $data['source'] );

	wp_mail( $data['target'], '['.__( 'Shared Post', 'jetpack' ).'] '.$data['post']->post_title, $content, $headers );
}


/* Checks for spam using akismet if available. */
/* Return $data as it if email about to be send out is not spam. */
function sharing_email_check_for_spam_via_akismet( $data ) {

	if ( ! function_exists( 'akismet_http_post' ) && ! method_exists( 'Akismet', 'http_post' ) )
		return $data;

	// Prepare the body_request for akismet
	$body_request = array(
		'blog'                  => get_option( 'home' ),
		'permalink'             => get_permalink( $data['post']->ID ),
		'comment_type'          => 'share',
		'comment_author'        => $data['name'],
		'comment_author_email'  => $data['source'],
		'comment_content'       => sharing_email_send_post_content( $data ),
		'user_agent'            => ( isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : null ),
		);

	if ( method_exists( 'Akismet', 'http_post' ) ) {
		$body_request['user_ip']	= Akismet::get_ip_address();
		$response = Akismet::http_post( build_query( $body_request ), 'comment-check' );
	} else {
		global $akismet_api_host, $akismet_api_port;
		$body_request['user_ip'] 	= ( isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null );
		$response = akismet_http_post( build_query( $body_request ), $akismet_api_host, '/1.1/comment-check', $akismet_api_port );
	}

	// The Response is spam lets not send the email.
	if ( ! empty( $response ) && isset( $response[1] ) && 'true' == trim( $response[1] ) ) { // 'true' is spam
		return false; // don't send the email
	}
	return $data;
}

function sharing_email_send_post_content( $data ) {
	/* translators: included in e-mail when post is shared via e-mail. First item is sender's name. Second is sender's e-mail address. */
	$content  = sprintf( __( '%1$s (%2$s) thinks you may be interested in the following post:', 'jetpack' ), $data['name'], $data['source'] );
	$content .= "\n\n";
	$content .= $data['post']->post_title."\n";
	$content .= get_permalink( $data['post']->ID )."\n";
	return $content;
}

function sharing_add_meta_box() {
	global $post;
	if ( empty( $post ) ) { // If a current post is not defined, such as when editing a comment.
		return;
	}

	/**
	 * Filter whether to display the Sharing Meta Box or not.
	 *
	 * @module sharedaddy
	 *
	 * @since 3.8.0
	 *
	 * @param bool true Display Sharing Meta Box.
	 * @param $post Post.
	 */
	if ( ! apply_filters( 'sharing_meta_box_show', true, $post ) ) {
		return;
	}

	$post_types = get_post_types( array( 'public' => true ) );
	/**
	 * Filter the Sharing Meta Box title.
	 *
	 * @module sharedaddy
	 *
	 * @since 2.2.0
	 *
	 * @param string $var Sharing Meta Box title. Default is "Sharing".
	 */
	$title = apply_filters( 'sharing_meta_box_title', __( 'Sharing', 'jetpack' ) );
	if ( $post->ID !== get_option( 'page_for_posts' ) ) {
		foreach( $post_types as $post_type ) {
			add_meta_box( 'sharing_meta', $title, 'sharing_meta_box_content', $post_type, 'advanced', 'high' );
		}
	}
}


function sharing_meta_box_content( $post ) {
	/**
	 * Fires before the sharing meta box content.
	 *
	 * @module sharedaddy
	 *
	 * @since 2.2.0
	 *
	 * @param WP_Post $post The post to share.
	 */
	do_action( 'start_sharing_meta_box_content', $post );

	$disabled = get_post_meta( $post->ID, 'sharing_disabled', true ); ?>

	<p>
		<label for="enable_post_sharing">
			<input type="checkbox" name="enable_post_sharing" id="enable_post_sharing" value="1" <?php checked( !$disabled ); ?>>
			<?php _e( 'Show sharing buttons.' , 'jetpack'); ?>
		</label>
		<input type="hidden" name="sharing_status_hidden" value="1" />
	</p>

	<?php
	/**
	 * Fires after the sharing meta box content.
	 *
	 * @module sharedaddy
	 *
	 * @since 2.2.0
	 *
	 * @param WP_Post $post The post to share.
	*/
	do_action( 'end_sharing_meta_box_content', $post );
}

function sharing_meta_box_save( $post_id ) {
	if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE )
		return $post_id;

	// Record sharing disable
	if ( isset( $_POST['post_type'] ) && ( $post_type_object = get_post_type_object( $_POST['post_type'] ) ) && $post_type_object->public ) {
		if ( current_user_can( 'edit_post', $post_id ) ) {
			if ( isset( $_POST['sharing_status_hidden'] ) ) {
				if ( !isset( $_POST['enable_post_sharing'] ) ) {
					update_post_meta( $post_id, 'sharing_disabled', 1 );
				} else {
					delete_post_meta( $post_id, 'sharing_disabled' );
				}
			}
		}
	}

  	return $post_id;
}

function sharing_meta_box_protected( $protected, $meta_key, $meta_type ) {
	if ( 'sharing_disabled' == $meta_key )
		$protected = true;

	return $protected;
}

add_filter( 'is_protected_meta', 'sharing_meta_box_protected', 10, 3 );

function sharing_plugin_settings( $links ) {
	$settings_link = '<a href="options-general.php?page=sharing.php">'.__( 'Settings', 'jetpack' ).'</a>';
	array_unshift( $links, $settings_link );
	return $links;
}

function sharing_add_plugin_settings($links, $file) {
	if ( $file == basename( dirname( __FILE__ ) ).'/'.basename( __FILE__ ) ) {
		$links[] = '<a href="options-general.php?page=sharing.php">' . __( 'Settings', 'jetpack' ) . '</a>';
		$links[] = '<a href="http://support.wordpress.com/sharing/" target="_blank">' . __( 'Support', 'jetpack' ) . '</a>';
	}

	return $links;
}

function sharing_restrict_to_single( $services ) {
	// This removes Press This from non-multisite blogs - doesn't make much sense
	if ( is_multisite() === false ) {
		unset( $services['press-this'] );
	}

	return $services;
}

function sharing_init() {
	if ( get_option( 'sharedaddy_disable_resources' ) ) {
		add_filter( 'sharing_js', 'sharing_disable_js' );
		remove_action( 'wp_head', 'sharing_add_header', 1 );
	}
}

function sharing_disable_js() {
	return false;
}

function sharing_global_resources() {
	$disable = get_option( 'sharedaddy_disable_resources' );
?>
<tr valign="top">
	<th scope="row"><label for="disable_css"><?php _e( 'Disable CSS and JS', 'jetpack' ); ?></label></th>
	<td>
		<input id="disable_css" type="checkbox" name="disable_resources" <?php if ( $disable == 1 ) echo ' checked="checked"'; ?>/>  <small><em><?php _e( 'Advanced.  If this option is checked, you must include these files in your theme manually for the sharing links to work.', 'jetpack' ); ?></em></small>
	</td>
</tr>
<?php
}

function sharing_global_resources_save() {
	update_option( 'sharedaddy_disable_resources', isset( $_POST['disable_resources'] ) ? 1 : 0 );
}

function sharing_email_dialog() {
	require_once plugin_dir_path( __FILE__ ) . 'recaptcha.php';

	$recaptcha = new Jetpack_ReCaptcha( RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY );
	echo $recaptcha->get_recaptcha_html(); // xss ok
}

function sharing_email_check( $true, $post, $data ) {
	require_once plugin_dir_path( __FILE__ ) . 'recaptcha.php';

	$recaptcha = new Jetpack_ReCaptcha( RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY );
	$response  = ! empty( $_POST['g-recaptcha-response'] ) ? $_POST['g-recaptcha-response'] : '';
	$result    = $recaptcha->verify( $response, $_SERVER['REMOTE_ADDR'] );

	return ( true === $result );
}

add_action( 'init', 'sharing_init' );
add_action( 'add_meta_boxes', 'sharing_add_meta_box' );
add_action( 'save_post', 'sharing_meta_box_save' );
add_action( 'sharing_email_send_post', 'sharing_email_send_post' );
add_filter( 'sharing_email_can_send', 'sharing_email_check_for_spam_via_akismet' );
add_action( 'sharing_global_options', 'sharing_global_resources', 30 );
add_action( 'sharing_admin_update', 'sharing_global_resources_save' );
add_filter( 'sharing_services', 'sharing_restrict_to_single' );
add_action( 'plugin_action_links_'.basename( dirname( __FILE__ ) ).'/'.basename( __FILE__ ), 'sharing_plugin_settings', 10, 4 );
add_filter( 'plugin_row_meta', 'sharing_add_plugin_settings', 10, 2 );

if ( defined( 'RECAPTCHA_PUBLIC_KEY' ) && defined( 'RECAPTCHA_PRIVATE_KEY' ) ) {
	add_action( 'sharing_email_dialog', 'sharing_email_dialog' );
	add_filter( 'sharing_email_check', 'sharing_email_check', 10, 3 );
}


1		<?php
2		/*
3		Plugin Name: Sharedaddy
4		Description: The most super duper sharing tool on the interwebs.
5		Version: 0.3.1
6		Author: Automattic, Inc.
7		Author URI: http://automattic.com/
8		Plugin URI: http://en.blog.wordpress.com/2010/08/24/more-ways-to-share/
9		*/
10
11		require_once plugin_dir_path( __FILE__ ).'sharing.php';
12
13		function sharing_email_send_post( $data ) {
14
15		$content = sharing_email_send_post_content( $data );
16		// Borrowed from wp_mail();
17		$sitename = strtolower( $_SERVER['SERVER_NAME'] );
18		if ( substr( $sitename, 0, 4 ) == 'www.' ) {
19		$sitename = substr( $sitename, 4 );
20		}
21
22		/** This filter is documented in core/src/wp-includes/pluggable.php */
23		$from_email = apply_filters( 'wp_mail_from', 'wordpress@' . $sitename );
24
25		$headers[] = sprintf( 'From: %1$s <%2$s>', $data['name'], $from_email );
		0 ignored issues – show Coding Style Comprehensibility introduced 2016-03-03 23:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$headers` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$headers = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
26		$headers[] = sprintf( 'Reply-To: %1$s <%2$s>', $data['name'], $data['source'] );
27
28		wp_mail( $data['target'], '['.__( 'Shared Post', 'jetpack' ).'] '.$data['post']->post_title, $content, $headers );
29		}
30
31
32		/* Checks for spam using akismet if available. */
33		/* Return $data as it if email about to be send out is not spam. */
34		function sharing_email_check_for_spam_via_akismet( $data ) {
35
36		if ( ! function_exists( 'akismet_http_post' ) && ! method_exists( 'Akismet', 'http_post' ) )
37		return $data;
38
39		// Prepare the body_request for akismet
40		$body_request = array(
41		'blog' => get_option( 'home' ),
42		'permalink' => get_permalink( $data['post']->ID ),
43		'comment_type' => 'share',
44		'comment_author' => $data['name'],
45		'comment_author_email' => $data['source'],
46		'comment_content' => sharing_email_send_post_content( $data ),
47		'user_agent' => ( isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : null ),
48		);
49
50		if ( method_exists( 'Akismet', 'http_post' ) ) {
51		$body_request['user_ip'] = Akismet::get_ip_address();
52		$response = Akismet::http_post( build_query( $body_request ), 'comment-check' );
53		} else {
54		global $akismet_api_host, $akismet_api_port;
55		$body_request['user_ip'] = ( isset( $_SERVER['REMOTE_ADDR'] ) ? $_SERVER['REMOTE_ADDR'] : null );
56		$response = akismet_http_post( build_query( $body_request ), $akismet_api_host, '/1.1/comment-check', $akismet_api_port );
57		}
58
59		// The Response is spam lets not send the email.
60		if ( ! empty( $response ) && isset( $response[1] ) && 'true' == trim( $response[1] ) ) { // 'true' is spam
61		return false; // don't send the email
62		}
63		return $data;
64		}
65
66		function sharing_email_send_post_content( $data ) {
67		/* translators: included in e-mail when post is shared via e-mail. First item is sender's name. Second is sender's e-mail address. */
68		$content = sprintf( __( '%1$s (%2$s) thinks you may be interested in the following post:', 'jetpack' ), $data['name'], $data['source'] );
69		$content .= "\n\n";
70		$content .= $data['post']->post_title."\n";
71		$content .= get_permalink( $data['post']->ID )."\n";
72		return $content;
73		}
74
75		function sharing_add_meta_box() {
76		global $post;
77		if ( empty( $post ) ) { // If a current post is not defined, such as when editing a comment.
78		return;
79		}
80
81		/**
82		* Filter whether to display the Sharing Meta Box or not.
83		*
84		* @module sharedaddy
85		*
86		* @since 3.8.0
87		*
88		* @param bool true Display Sharing Meta Box.
89		* @param $post Post.
90		*/
91		if ( ! apply_filters( 'sharing_meta_box_show', true, $post ) ) {
92		return;
93		}
94
95		$post_types = get_post_types( array( 'public' => true ) );
96		/**
97		* Filter the Sharing Meta Box title.
98		*
99		* @module sharedaddy
100		*
101		* @since 2.2.0
102		*
103		* @param string $var Sharing Meta Box title. Default is "Sharing".
104		*/
105		$title = apply_filters( 'sharing_meta_box_title', __( 'Sharing', 'jetpack' ) );
106		if ( $post->ID !== get_option( 'page_for_posts' ) ) {
107		foreach( $post_types as $post_type ) {
108		add_meta_box( 'sharing_meta', $title, 'sharing_meta_box_content', $post_type, 'advanced', 'high' );
109		}
110		}
111		}
112
113
114		function sharing_meta_box_content( $post ) {
115		/**
116		* Fires before the sharing meta box content.
117		*
118		* @module sharedaddy
119		*
120		* @since 2.2.0
121		*
122		* @param WP_Post $post The post to share.
123		*/
124		do_action( 'start_sharing_meta_box_content', $post );
125
126		$disabled = get_post_meta( $post->ID, 'sharing_disabled', true ); ?>
127
128		<p>
129		<label for="enable_post_sharing">
130		<input type="checkbox" name="enable_post_sharing" id="enable_post_sharing" value="1" <?php checked( !$disabled ); ?>>
131		<?php _e( 'Show sharing buttons.' , 'jetpack'); ?>
132		</label>
133		<input type="hidden" name="sharing_status_hidden" value="1" />
134		</p>
135
136		<?php
137		/**
138		* Fires after the sharing meta box content.
139		*
140		* @module sharedaddy
141		*
142		* @since 2.2.0
143		*
144		* @param WP_Post $post The post to share.
145		*/
146		do_action( 'end_sharing_meta_box_content', $post );
147		}
148
149		function sharing_meta_box_save( $post_id ) {
150		if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE )
151		return $post_id;
152
153		// Record sharing disable
154		if ( isset( $_POST['post_type'] ) && ( $post_type_object = get_post_type_object( $_POST['post_type'] ) ) && $post_type_object->public ) {
155		if ( current_user_can( 'edit_post', $post_id ) ) {
156		if ( isset( $_POST['sharing_status_hidden'] ) ) {
157	View Code Duplication	if ( !isset( $_POST['enable_post_sharing'] ) ) {
158		update_post_meta( $post_id, 'sharing_disabled', 1 );
159		} else {
160		delete_post_meta( $post_id, 'sharing_disabled' );
161		}
162		}
163		}
164		}
165
166		return $post_id;
167		}
168
169		function sharing_meta_box_protected( $protected, $meta_key, $meta_type ) {
170		if ( 'sharing_disabled' == $meta_key )
171		$protected = true;
172
173		return $protected;
174		}
175
176		add_filter( 'is_protected_meta', 'sharing_meta_box_protected', 10, 3 );
177
178		function sharing_plugin_settings( $links ) {
179		$settings_link = '<a href="options-general.php?page=sharing.php">'.__( 'Settings', 'jetpack' ).'</a>';
180		array_unshift( $links, $settings_link );
181		return $links;
182		}
183
184		function sharing_add_plugin_settings($links, $file) {
185		if ( $file == basename( dirname( __FILE__ ) ).'/'.basename( __FILE__ ) ) {
186		$links[] = '<a href="options-general.php?page=sharing.php">' . __( 'Settings', 'jetpack' ) . '</a>';
187		$links[] = '<a href="http://support.wordpress.com/sharing/" target="_blank">' . __( 'Support', 'jetpack' ) . '</a>';
188		}
189
190		return $links;
191		}
192
193		function sharing_restrict_to_single( $services ) {
194		// This removes Press This from non-multisite blogs - doesn't make much sense
195		if ( is_multisite() === false ) {
196		unset( $services['press-this'] );
197		}
198
199		return $services;
200		}
201
202		function sharing_init() {
203		if ( get_option( 'sharedaddy_disable_resources' ) ) {
204		add_filter( 'sharing_js', 'sharing_disable_js' );
205		remove_action( 'wp_head', 'sharing_add_header', 1 );
206		}
207		}
208
209		function sharing_disable_js() {
210		return false;
211		}
212
213		function sharing_global_resources() {
214		$disable = get_option( 'sharedaddy_disable_resources' );
215		?>
216		<tr valign="top">
217		<th scope="row"><label for="disable_css"><?php _e( 'Disable CSS and JS', 'jetpack' ); ?></label></th>
218		<td>
219		<input id="disable_css" type="checkbox" name="disable_resources" <?php if ( $disable == 1 ) echo ' checked="checked"'; ?>/> <small><em><?php _e( 'Advanced. If this option is checked, you must include these files in your theme manually for the sharing links to work.', 'jetpack' ); ?></em></small>
220		</td>
221		</tr>
222		<?php
223		}
224
225		function sharing_global_resources_save() {
226		update_option( 'sharedaddy_disable_resources', isset( $_POST['disable_resources'] ) ? 1 : 0 );
227		}
228
229		function sharing_email_dialog() {
230		require_once plugin_dir_path( __FILE__ ) . 'recaptcha.php';
231
232		$recaptcha = new Jetpack_ReCaptcha( RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY );
233		echo $recaptcha->get_recaptcha_html(); // xss ok
234		}
235
236		function sharing_email_check( $true, $post, $data ) {
237		require_once plugin_dir_path( __FILE__ ) . 'recaptcha.php';
238
239		$recaptcha = new Jetpack_ReCaptcha( RECAPTCHA_PUBLIC_KEY, RECAPTCHA_PRIVATE_KEY );
240		$response = ! empty( $_POST['g-recaptcha-response'] ) ? $_POST['g-recaptcha-response'] : '';
241		$result = $recaptcha->verify( $response, $_SERVER['REMOTE_ADDR'] );
242
243		return ( true === $result );
244		}
245
246		add_action( 'init', 'sharing_init' );
247		add_action( 'add_meta_boxes', 'sharing_add_meta_box' );
248		add_action( 'save_post', 'sharing_meta_box_save' );
249		add_action( 'sharing_email_send_post', 'sharing_email_send_post' );
250		add_filter( 'sharing_email_can_send', 'sharing_email_check_for_spam_via_akismet' );
251		add_action( 'sharing_global_options', 'sharing_global_resources', 30 );
252		add_action( 'sharing_admin_update', 'sharing_global_resources_save' );
253		add_filter( 'sharing_services', 'sharing_restrict_to_single' );
254		add_action( 'plugin_action_links_'.basename( dirname( __FILE__ ) ).'/'.basename( __FILE__ ), 'sharing_plugin_settings', 10, 4 );
255		add_filter( 'plugin_row_meta', 'sharing_add_plugin_settings', 10, 2 );
256
257		if ( defined( 'RECAPTCHA_PUBLIC_KEY' ) && defined( 'RECAPTCHA_PRIVATE_KEY' ) ) {
258		add_action( 'sharing_email_dialog', 'sharing_email_dialog' );
259		add_filter( 'sharing_email_check', 'sharing_email_check', 10, 3 );
260		}
261

Automattic / jetpack

Push — master-stable ( 4e4f59...6f97bb )

modules/sharedaddy/sharedaddy.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like