Issues in class-broken-token-xmlrpc.php - New Issues - Inspection of "[not verified] rename stats package to mc-stats" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/stats-package ( 873a22...c3aabb )

unknown

created 2020-06-24 14:55 UTC

inc/class-broken-token-xmlrpc.php (3 issues)

Labels

Bug 3

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php // phpcs:disable WordPress.PHP.DevelopmentFunctions.error_log_print_r
/**
 * XMLRPC Brokeness.
 *
 * @package Jetpack.
 */

use Automattic\Jetpack\Connection\Error_Handler;

/**
 * Class Broken_Token_XmlRpc
 */
class Broken_Token_XmlRpc {

	/**
	 * Broken_Token_XmlRpc constructor.
	 */
	public function __construct() {

		add_action( 'admin_menu', array( $this, 'register_submenu_page' ), 1000 );

		add_action( 'admin_post_clear_all_xmlrpc_errors', array( $this, 'admin_post_clear_all_xmlrpc_errors' ) );

		$this->error_manager = new Error_Handler();
class MyClass { }

$x = new MyClass();
$x->foo = true;
		$this->stored_errors = $this->error_manager->get_stored_errors();
class MyClass { }

$x = new MyClass();
$x->foo = true;
		$this->dev_debug_on  = defined( 'JETPACK_DEV_DEBUG' ) && JETPACK_DEV_DEBUG;
class MyClass { }

$x = new MyClass();
$x->foo = true;
	}

	/**
	 * Register submenu page.
	 */
	public function register_submenu_page() {
		add_submenu_page(
			'jetpack',
			'XML-RPC Errors',
			'XML-RPC Errors',
			'manage_options',
			'broken-token-xmlrpc-errors',
			array( $this, 'render_ui' ),
			99
		);
	}

	/**
	 * Render UI.
	 */
	public function render_ui() {
		?>
			<h1>XML-RPC errors</h1>
			<p>
				This page helps you to trigger XML-RPC requests with invalid signatures.
			</p>
			<?php if ( $this->dev_debug_on ) : ?>
				<div class="notice notice-success">
					<p>JETPACK_DEV_DEBUG constant is ON. This means every xml-rpc error will be reported. You're good to test.</p>
				</div>
			<?php else : ?>
				<div class="notice notice-warning">
					<p>JETPACK_DEV_DEBUG constant is OFF. This means xml-rpc error will only be reported once evey hour. Set it to true so you can test it.</p>
				</div>
			<?php endif; ?>

			<p>
				Now head to <a href="https://jetpack.com/debug/?url=<?php echo esc_url_raw( get_home_url() ); ?>">Jetpack Debugger</a> and trigger some requests!
			</p>

			<div id="current_xmlrpc_errors">


				<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post">
					<input type="hidden" name="action" value="clear_all_xmlrpc_errors">
					<?php wp_nonce_field( 'clear-xmlrpc-errors' ); ?>
					<h2>
						Current Unverified Errors
						<input type="submit" value="Clear all unverified errors" class="button button-primary">
					</h2>
				</form>
				<div id="stored-xmlrpc-error">
					<?php $this->print_current_errors(); ?>
				</div>
			</div>

		<?php
	}

	/**
	 * Print current errors.
	 */
	public function print_current_errors() {
		foreach ( $this->stored_errors as $error_code => $error_group ) {

			echo '<h4>' . esc_html( $error_code ) . '</h4>';

			foreach ( $error_group as $user_id => $error ) {
				?>
				<b>User: <?php echo esc_html( $user_id ); ?></b>
				<pre><?php print_r( $error ); ?></pre>
				<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post">
					<input type="hidden" name="action" value="verify_error">
					<input type="hidden" name="nonce" value="<?php echo esc_attr( $error['error_data']['nonce'] ); ?>">
					<?php wp_nonce_field( 'verify-error' ); ?>
					<input type="submit" value="Verify error" class="button button-primary">
				</form>
				<hr />
				<?php
			}
		}
	}

	/**
	 * Clear all XMLRPC Errors.
	 */
	public function admin_post_clear_all_xmlrpc_errors() {
		check_admin_referer( 'clear-xmlrpc-errors' );
		$this->error_manager->delete_stored_errors();
		$this->admin_post_redirect_referrer();
	}

	/**
	 * Just redirects back to the referrer. Keeping it DRY.
	 */
	public function admin_post_redirect_referrer() {
		if ( wp_get_referer() ) {
			wp_safe_redirect( wp_get_referer() );
		} else {
			wp_safe_redirect( get_home_url() );
		}
	}

}

// phpcs:enable


1			<?php // phpcs:disable WordPress.PHP.DevelopmentFunctions.error_log_print_r
2			/**
3			* XMLRPC Brokeness.
4			*
5			* @package Jetpack.
6			*/
7
8			use Automattic\Jetpack\Connection\Error_Handler;
9
10			/**
11			* Class Broken_Token_XmlRpc
12			*/
13			class Broken_Token_XmlRpc {
14
15			/**
16			* Broken_Token_XmlRpc constructor.
17			*/
18			public function __construct() {
19
20			add_action( 'admin_menu', array( $this, 'register_submenu_page' ), 1000 );
21
22			add_action( 'admin_post_clear_all_xmlrpc_errors', array( $this, 'admin_post_clear_all_xmlrpc_errors' ) );
23
24			$this->error_manager = new Error_Handler();
			0 ignored issues – show Bug introduced 2020-06-22 22:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `error_manager` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
25			$this->stored_errors = $this->error_manager->get_stored_errors();
			0 ignored issues – show Bug introduced 2020-06-22 22:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `stored_errors` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
26			$this->dev_debug_on = defined( 'JETPACK_DEV_DEBUG' ) && JETPACK_DEV_DEBUG;
			0 ignored issues – show Bug introduced 2020-06-22 22:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `dev_debug_on` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
27			}
28
29			/**
30			* Register submenu page.
31			*/
32			public function register_submenu_page() {
33			add_submenu_page(
34			'jetpack',
35			'XML-RPC Errors',
36			'XML-RPC Errors',
37			'manage_options',
38			'broken-token-xmlrpc-errors',
39			array( $this, 'render_ui' ),
40			99
41			);
42			}
43
44			/**
45			* Render UI.
46			*/
47			public function render_ui() {
48			?>
49			<h1>XML-RPC errors</h1>
50			<p>
51			This page helps you to trigger XML-RPC requests with invalid signatures.
52			</p>
53			<?php if ( $this->dev_debug_on ) : ?>
54			<div class="notice notice-success">
55			<p>JETPACK_DEV_DEBUG constant is ON. This means every xml-rpc error will be reported. You're good to test.</p>
56			</div>
57			<?php else : ?>
58			<div class="notice notice-warning">
59			<p>JETPACK_DEV_DEBUG constant is OFF. This means xml-rpc error will only be reported once evey hour. Set it to true so you can test it.</p>
60			</div>
61			<?php endif; ?>
62
63			<p>
64			Now head to <a href="https://jetpack.com/debug/?url=<?php echo esc_url_raw( get_home_url() ); ?>">Jetpack Debugger</a> and trigger some requests!
65			</p>
66
67			<div id="current_xmlrpc_errors">
68
69
70			<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post">
71			<input type="hidden" name="action" value="clear_all_xmlrpc_errors">
72			<?php wp_nonce_field( 'clear-xmlrpc-errors' ); ?>
73			<h2>
74			Current Unverified Errors
75			<input type="submit" value="Clear all unverified errors" class="button button-primary">
76			</h2>
77			</form>
78			<div id="stored-xmlrpc-error">
79			<?php $this->print_current_errors(); ?>
80			</div>
81			</div>
82
83			<?php
84			}
85
86			/**
87			* Print current errors.
88			*/
89			public function print_current_errors() {
90			foreach ( $this->stored_errors as $error_code => $error_group ) {
91
92			echo '<h4>' . esc_html( $error_code ) . '</h4>';
93
94			foreach ( $error_group as $user_id => $error ) {
95			?>
96			<b>User: <?php echo esc_html( $user_id ); ?></b>
97			<pre><?php print_r( $error ); ?></pre>
98			<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post">
99			<input type="hidden" name="action" value="verify_error">
100			<input type="hidden" name="nonce" value="<?php echo esc_attr( $error['error_data']['nonce'] ); ?>">
101			<?php wp_nonce_field( 'verify-error' ); ?>
102			<input type="submit" value="Verify error" class="button button-primary">
103			</form>
104			<hr />
105			<?php
106			}
107			}
108			}
109
110			/**
111			* Clear all XMLRPC Errors.
112			*/
113			public function admin_post_clear_all_xmlrpc_errors() {
114			check_admin_referer( 'clear-xmlrpc-errors' );
115			$this->error_manager->delete_stored_errors();
116			$this->admin_post_redirect_referrer();
117			}
118
119			/**
120			* Just redirects back to the referrer. Keeping it DRY.
121			*/
122			public function admin_post_redirect_referrer() {
123			if ( wp_get_referer() ) {
124			wp_safe_redirect( wp_get_referer() );
125			} else {
126			wp_safe_redirect( get_home_url() );
127			}
128			}
129
130			}
131
132			// phpcs:enable
133

Automattic / jetpack

Push — add/stats-package ( 873a22...c3aabb )

inc/class-broken-token-xmlrpc.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like