Issues in class.jetpack-client-server.php - Fixed Issues - Inspection of "Update/grunt to gulp: introduce js:uglify task" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — update/grunt-to-gulp (#3647)

unknown

created 2016-05-18 05:30 UTC

class.jetpack-client-server.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Client = Plugin
 * Client Server = API Methods the Plugin must respond to
 */
class Jetpack_Client_Server {

	function authorize() {
		$data = stripslashes_deep( $_GET );
		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		$jetpack_unique_connection = Jetpack_Options::get_option( 'unique_connection' );
		// Checking if site has been active/connected previously before recording unique connection
		if ( ! $jetpack_unique_connection ) {
			// jetpack_unique_connection option has never been set
			$jetpack_unique_connection = array(
				'connected'     => 0,
				'disconnected'  => 0,
				'version'       => '3.6.1'
			);

			update_option( 'jetpack_unique_connection', $jetpack_unique_connection );

			//track unique connection
			$jetpack = Jetpack::init();

			$jetpack->stat( 'connections', 'unique-connection' );
			$jetpack->do_stats( 'server_side' );
		}

		// increment number of times connected
		$jetpack_unique_connection['connected'] += 1;
		Jetpack_Options::update_option( 'unique_connection', $jetpack_unique_connection );

		do {
			$jetpack = $this->get_jetpack();
			$role = $jetpack->translate_current_user_to_role();

			if ( !$role ) {
				Jetpack::state( 'error', 'no_role' );
				break;
			}

			$cap = $jetpack->translate_role_to_cap( $role );
			if ( !$cap ) {
				Jetpack::state( 'error', 'no_cap' );
				break;
			}

			$this->check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );

			if ( !empty( $data['error'] ) ) {
				Jetpack::state( 'error', $data['error'] );
				break;
			}

			if ( empty( $data['state'] ) ) {
				Jetpack::state( 'error', 'no_state' );
				break;
			}

			if ( !ctype_digit( $data['state'] ) ) {
				Jetpack::state( 'error', 'invalid_state' );
				break;
			}

			$current_user_id = get_current_user_id();
			if ( $current_user_id != $data['state'] ) {
				Jetpack::state( 'error', 'wrong_state' );
				break;
			}

			if ( empty( $data['code'] ) ) {
				Jetpack::state( 'error', 'no_code' );
				break;
			}

			$token = $this->get_token( $data );

			if ( is_wp_error( $token ) ) {
				if ( $error = $token->get_error_code() )
					Jetpack::state( 'error', $error );
				else
					Jetpack::state( 'error', 'invalid_token' );

				Jetpack::state( 'error_description', $token->get_error_message() );

				break;
			}

			if ( !$token ) {
				Jetpack::state( 'error', 'no_token' );
				break;
			}

			$is_master_user = ! Jetpack::is_active();

			Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );


			if ( $is_master_user ) {
				Jetpack::state( 'message', 'authorized' );
			} else {
				Jetpack::state( 'message', 'linked' );
				// Don't activate anything since we are just connecting a user.
				break;
			}

			if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
				Jetpack_Options::delete_option( 'active_modules' );

				Jetpack::activate_default_modules( 999, 1, $active_modules );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
			} else {
				Jetpack::activate_default_modules();
			}

			// Sync all registers options and constants
			/** This action is documented in class.jetpack.php */
			do_action( 'jetpack_sync_all_registered_options' );

			// Start nonce cleaner
			wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
			wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
		} while ( false );

		if ( wp_validate_redirect( $redirect ) ) {
			$this->wp_safe_redirect( $redirect );
		} else {
			$this->wp_safe_redirect( Jetpack::admin_url() );
		}

		$this->do_exit();
	}

	public static function deactivate_plugin( $probable_file, $probable_title ) {
		include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
		if ( is_plugin_active( $probable_file ) ) {
			deactivate_plugins( $probable_file );
			return 1;
		} else {
			// If the plugin is not in the usual place, try looking through all active plugins.
			$active_plugins = Jetpack::get_active_plugins();
			foreach ( $active_plugins as $plugin ) {
				$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
				if ( $data['Name'] == $probable_title ) {
					deactivate_plugins( $plugin );
					return 1;
				}
			}
		}

		return 0;
	}

	/**
	 * @return object|WP_Error
	 */
	function get_token( $data ) {
		$jetpack = $this->get_jetpack();
		$role = $jetpack->translate_current_user_to_role();

		if ( !$role ) {
			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
		}

		$client_secret = Jetpack_Data::get_access_token();
		if ( !$client_secret ) {
			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
		}

		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		$body = array(
			'client_id' => Jetpack_Options::get_option( 'id' ),
			'client_secret' => $client_secret->secret,
			'grant_type' => 'authorization_code',
			'code' => $data['code'],
			'redirect_uri' => add_query_arg( array(
				'action' => 'authorize',
				'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
				'redirect' => $redirect ? urlencode( $redirect ) : false,
			), menu_page_url( 'jetpack', false ) ),
		);

		$args = array(
			'method' => 'POST',
			'body' => $body,
			'headers' => array(
				'Accept' => 'application/json',
			),
		);
		$response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );

		if ( is_wp_error( $response ) ) {
			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
		}

		$code = wp_remote_retrieve_response_code( $response );
		$entity = wp_remote_retrieve_body( $response );

		if ( $entity )
			$json = json_decode( $entity );
		else
			$json = false;

		if ( 200 != $code || !empty( $json->error ) ) {
			if ( empty( $json->error ) )
				return new Jetpack_Error( 'unknown', '', $code );

			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';

			return new Jetpack_Error( (string) $json->error, $error_description, $code );
		}

		if ( empty( $json->access_token ) || !is_scalar( $json->access_token ) ) {
			return new Jetpack_Error( 'access_token', '', $code );
		}

		if ( empty( $json->token_type ) || 'X_JETPACK' != strtoupper( $json->token_type ) ) {
			return new Jetpack_Error( 'token_type', '', $code );
		}

		if ( empty( $json->scope ) ) {
			return new Jetpack_Error( 'scope', 'No Scope', $code );
		}
		@list( $role, $hmac ) = explode( ':', $json->scope );
		if ( empty( $role ) || empty( $hmac ) ) {
			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
		}
		if ( $jetpack->sign_role( $role ) !== $json->scope ) {
			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
		}

		if ( !$cap = $jetpack->translate_role_to_cap( $role ) )
			return new Jetpack_Error( 'scope', 'No Cap', $code );
		if ( ! current_user_can( $cap ) )
			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );

		/**
		 * Fires after user has successfully received an auth token.
		 *
		 * @since 3.9.0
		 */
		do_action( 'jetpack_user_authorized' );

		return (string) $json->access_token;
	}

	public function get_jetpack() {
		return Jetpack::init();
	}

	public function check_admin_referer( $action ) {
		return check_admin_referer( $action );
	}

	public function wp_safe_redirect( $redirect ) {
		return wp_safe_redirect( $redirect );
	}

	public function do_exit() {
		exit;
	}

}


1			<?php
2
3			/**
4			* Client = Plugin
5			* Client Server = API Methods the Plugin must respond to
6			*/
7			class Jetpack_Client_Server {
8
9			function authorize() {
10			$data = stripslashes_deep( $_GET );
11			$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
12
13			$jetpack_unique_connection = Jetpack_Options::get_option( 'unique_connection' );
14			// Checking if site has been active/connected previously before recording unique connection
15			if ( ! $jetpack_unique_connection ) {
16			// jetpack_unique_connection option has never been set
17			$jetpack_unique_connection = array(
18			'connected' => 0,
19			'disconnected' => 0,
20			'version' => '3.6.1'
21			);
22
23			update_option( 'jetpack_unique_connection', $jetpack_unique_connection );
24
25			//track unique connection
26			$jetpack = Jetpack::init();
27
28			$jetpack->stat( 'connections', 'unique-connection' );
29			$jetpack->do_stats( 'server_side' );
30			}
31
32			// increment number of times connected
33			$jetpack_unique_connection['connected'] += 1;
34			Jetpack_Options::update_option( 'unique_connection', $jetpack_unique_connection );
35
36			do {
37			$jetpack = $this->get_jetpack();
38			$role = $jetpack->translate_current_user_to_role();
39
40			if ( !$role ) {
41			Jetpack::state( 'error', 'no_role' );
42			break;
43			}
44
45			$cap = $jetpack->translate_role_to_cap( $role );
46			if ( !$cap ) {
47			Jetpack::state( 'error', 'no_cap' );
48			break;
49			}
50
51			$this->check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );
52
53			if ( !empty( $data['error'] ) ) {
54			Jetpack::state( 'error', $data['error'] );
55			break;
56			}
57
58			if ( empty( $data['state'] ) ) {
59			Jetpack::state( 'error', 'no_state' );
60			break;
61			}
62
63			if ( !ctype_digit( $data['state'] ) ) {
64			Jetpack::state( 'error', 'invalid_state' );
65			break;
66			}
67
68			$current_user_id = get_current_user_id();
69			if ( $current_user_id != $data['state'] ) {
70			Jetpack::state( 'error', 'wrong_state' );
71			break;
72			}
73
74			if ( empty( $data['code'] ) ) {
75			Jetpack::state( 'error', 'no_code' );
76			break;
77			}
78
79			$token = $this->get_token( $data );
80
81			if ( is_wp_error( $token ) ) {
82			if ( $error = $token->get_error_code() )
83			Jetpack::state( 'error', $error );
84			else
85			Jetpack::state( 'error', 'invalid_token' );
86
87			Jetpack::state( 'error_description', $token->get_error_message() );
88
89			break;
90			}
91
92			if ( !$token ) {
93			Jetpack::state( 'error', 'no_token' );
94			break;
95			}
96
97			$is_master_user = ! Jetpack::is_active();
98
99			Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );
100
101
102			if ( $is_master_user ) {
103			Jetpack::state( 'message', 'authorized' );
104			} else {
105			Jetpack::state( 'message', 'linked' );
106			// Don't activate anything since we are just connecting a user.
107			break;
108			}
109
110			if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
111			Jetpack_Options::delete_option( 'active_modules' );
112
113			Jetpack::activate_default_modules( 999, 1, $active_modules );
			0 ignored issues – show Documentation introduced 2016-02-05 11:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `1` is of type `integer`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
114			} else {
115			Jetpack::activate_default_modules();
116			}
117
118			// Sync all registers options and constants
119			/** This action is documented in class.jetpack.php */
120			do_action( 'jetpack_sync_all_registered_options' );
121
122			// Start nonce cleaner
123			wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
124			wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
125			} while ( false );
126
127			if ( wp_validate_redirect( $redirect ) ) {
128			$this->wp_safe_redirect( $redirect );
129			} else {
130			$this->wp_safe_redirect( Jetpack::admin_url() );
131			}
132
133			$this->do_exit();
134			}
135
136			public static function deactivate_plugin( $probable_file, $probable_title ) {
137			include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
138			if ( is_plugin_active( $probable_file ) ) {
139			deactivate_plugins( $probable_file );
140			return 1;
141			} else {
142			// If the plugin is not in the usual place, try looking through all active plugins.
143			$active_plugins = Jetpack::get_active_plugins();
144			foreach ( $active_plugins as $plugin ) {
145			$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
146			if ( $data['Name'] == $probable_title ) {
147			deactivate_plugins( $plugin );
148			return 1;
149			}
150			}
151			}
152
153			return 0;
154			}
155
156			/**
157			* @return object\|WP_Error
158			*/
159			function get_token( $data ) {
160			$jetpack = $this->get_jetpack();
161			$role = $jetpack->translate_current_user_to_role();
162
163			if ( !$role ) {
164			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
165			}
166
167			$client_secret = Jetpack_Data::get_access_token();
168			if ( !$client_secret ) {
169			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
170			}
171
172			$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
173
174			$body = array(
175			'client_id' => Jetpack_Options::get_option( 'id' ),
176			'client_secret' => $client_secret->secret,
177			'grant_type' => 'authorization_code',
178			'code' => $data['code'],
179			'redirect_uri' => add_query_arg( array(
180			'action' => 'authorize',
181			'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
182			'redirect' => $redirect ? urlencode( $redirect ) : false,
183			), menu_page_url( 'jetpack', false ) ),
184			);
185
186			$args = array(
187			'method' => 'POST',
188			'body' => $body,
189			'headers' => array(
190			'Accept' => 'application/json',
191			),
192			);
193			$response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );
194
195			if ( is_wp_error( $response ) ) {
196			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
197			}
198
199			$code = wp_remote_retrieve_response_code( $response );
200			$entity = wp_remote_retrieve_body( $response );
201
202			if ( $entity )
203			$json = json_decode( $entity );
204			else
205			$json = false;
206
207			if ( 200 != $code \|\| !empty( $json->error ) ) {
208			if ( empty( $json->error ) )
209			return new Jetpack_Error( 'unknown', '', $code );
210
211			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';
212
213			return new Jetpack_Error( (string) $json->error, $error_description, $code );
214			}
215
216			if ( empty( $json->access_token ) \|\| !is_scalar( $json->access_token ) ) {
217			return new Jetpack_Error( 'access_token', '', $code );
218			}
219
220			if ( empty( $json->token_type ) \|\| 'X_JETPACK' != strtoupper( $json->token_type ) ) {
221			return new Jetpack_Error( 'token_type', '', $code );
222			}
223
224			if ( empty( $json->scope ) ) {
225			return new Jetpack_Error( 'scope', 'No Scope', $code );
226			}
227			@list( $role, $hmac ) = explode( ':', $json->scope );
228			if ( empty( $role ) \|\| empty( $hmac ) ) {
229			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
230			}
231			if ( $jetpack->sign_role( $role ) !== $json->scope ) {
232			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
233			}
234
235			if ( !$cap = $jetpack->translate_role_to_cap( $role ) )
236			return new Jetpack_Error( 'scope', 'No Cap', $code );
237			if ( ! current_user_can( $cap ) )
238			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );
239
240			/**
241			* Fires after user has successfully received an auth token.
242			*
243			* @since 3.9.0
244			*/
245			do_action( 'jetpack_user_authorized' );
246
247			return (string) $json->access_token;
248			}
249
250			public function get_jetpack() {
251			return Jetpack::init();
252			}
253
254			public function check_admin_referer( $action ) {
255			return check_admin_referer( $action );
256			}
257
258			public function wp_safe_redirect( $redirect ) {
259			return wp_safe_redirect( $redirect );
260			}
261
262			public function do_exit() {
263			exit;
264			}
265
266			}
267

Automattic / jetpack

Pull Request — update/grunt-to-gulp (#3647)

class.jetpack-client-server.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like