Issues in class.jetpack-client-server.php - New Issues - Inspection of "Remove addTitle function and inline it." - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — pr/7794 ( cb7d3e...693e58 )

by George

created 2017-10-24 16:41 UTC

class.jetpack-client-server.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Client = Plugin
 * Client Server = API Methods the Plugin must respond to
 */
class Jetpack_Client_Server {

	/**
	 * Authorizations
	 */
	function client_authorize() {
		$data              = stripslashes_deep( $_GET );
		$data['auth_type'] = 'client';
		$role              = Jetpack::translate_current_user_to_role();
		$redirect          = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );

		$result = $this->authorize( $data );
		if ( is_wp_error( $result ) ) {
			Jetpack::state( 'error', $result->get_error_code() );
			JetpackTracking::record_user_event( 'jpc_client_authorize_fail', array(
				'error_code' => $result->get_error_code(),
				'error_message' => $result->get_error_message()
			) );
		} else {
			/**
			 * Fires after the Jetpack client is authorized to communicate with WordPress.com.
			 *
			 * @since 4.2.0
			 *
			 * @param int Jetpack Blog ID.
			 */
			do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) );
			JetpackTracking::record_user_event( 'jpc_client_authorize_success' );
		}

		if ( wp_validate_redirect( $redirect ) ) {
			// Exit happens below in $this->do_exit()
			wp_safe_redirect( $redirect );
		} else {
			// Exit happens below in $this->do_exit()
			wp_safe_redirect( Jetpack::admin_url() );
		}

		$this->do_exit();
	}

	function authorize( $data = array() ) {
		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		$jetpack_unique_connection = Jetpack_Options::get_option( 'unique_connection' );
		// Checking if site has been active/connected previously before recording unique connection
		if ( ! $jetpack_unique_connection ) {
			// jetpack_unique_connection option has never been set
			$jetpack_unique_connection = array(
				'connected'     => 0,
				'disconnected'  => 0,
				'version'       => '3.6.1',
			);

			update_option( 'jetpack_unique_connection', $jetpack_unique_connection );

			//track unique connection
			$jetpack = $this->get_jetpack();;
// Bad
$a = 5; $b = 6; $c = 7;

// Good
$a = 5;
$b = 6;
$c = 7;

			$jetpack->stat( 'connections', 'unique-connection' );
			$jetpack->do_stats( 'server_side' );
		}

		// increment number of times connected
		$jetpack_unique_connection['connected'] += 1;
		Jetpack_Options::update_option( 'unique_connection', $jetpack_unique_connection );

		$role = Jetpack::translate_current_user_to_role();

		if ( ! $role ) {
			return new Jetpack_Error( 'no_role', 'Invalid request.', 400 );
		}

		$cap = Jetpack::translate_role_to_cap( $role );
		if ( ! $cap ) {
			return new Jetpack_Error( 'no_cap', 'Invalid request.', 400 );
		}

		if ( ! empty( $data['error'] ) ) {
			return new Jetpack_Error( $data['error'], 'Error included in the request.', 400 );
		}

		if ( ! isset( $data['state'] ) ) {
			return new Jetpack_Error( 'no_state', 'Request must include state.', 400 );
		}

		if ( ! ctype_digit( $data['state'] ) ) {
			return new Jetpack_Error( $data['error'], 'State must be an integer.', 400 );
		}

		$current_user_id = get_current_user_id();
		if ( $current_user_id != $data['state'] ) {
			return new Jetpack_Error( 'wrong_state', 'State does not match current user.', 400 );
		}

		if ( empty( $data['code'] ) ) {
			return new Jetpack_Error( 'no_code', 'Request must include an authorization code.', 400 );
		}

		$token = $this->get_token( $data );

		if ( is_wp_error( $token ) ) {
			$code = $token->get_error_code();
			if ( empty( $code ) ) {
				$code = 'invalid_token';
			}
			return new Jetpack_Error( $code, $token->get_error_message(), 400 );
		}

		if ( ! $token ) {
			return new Jetpack_Error( 'no_token', 'Error generating token.', 400 );
		}

		$is_master_user = ! Jetpack::is_active();

		Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );

		if ( ! $is_master_user ) {
			Jetpack::state( 'message', 'linked' );
			// Don't activate anything since we are just connecting a user.
			return 'linked';
		}

		$redirect_on_activation_error = ( 'client' === $data['auth_type'] ) ? true : false;
		if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
			Jetpack::delete_active_modules();

			Jetpack::activate_default_modules( 999, 1, $active_modules, $redirect_on_activation_error, false );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
		} else {
			Jetpack::activate_default_modules( false, false, array(), $redirect_on_activation_error, false );
		}

		// If redirect_uri is SSO, ensure SSO module is enabled
		parse_str( parse_url( $data['redirect_uri'], PHP_URL_QUERY ), $redirect_options );
		/** This filter is documented in class.jetpack-cli.php */
		if ( isset( $redirect_options['action'] ) && 'jetpack-sso' === $redirect_options['action'] && apply_filters( 'jetpack_start_enable_sso', true ) ) {
			Jetpack::activate_module( 'sso', false, false );
		}

		// Since this is a fresh connection, be sure to clear out IDC options
		Jetpack_IDC::clear_all_idc_options();

		// Start nonce cleaner
		wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
		wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );

		Jetpack::state( 'message', 'authorized' );
		return 'authorized';
	}

	public static function deactivate_plugin( $probable_file, $probable_title ) {
		include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
		if ( is_plugin_active( $probable_file ) ) {
			deactivate_plugins( $probable_file );
			return 1;
		} else {
			// If the plugin is not in the usual place, try looking through all active plugins.
			$active_plugins = Jetpack::get_active_plugins();
			foreach ( $active_plugins as $plugin ) {
				$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
				if ( $data['Name'] == $probable_title ) {
					deactivate_plugins( $plugin );
					return 1;
				}
			}
		}

		return 0;
	}

	/**
	 * @return object|WP_Error
	 */
	function get_token( $data ) {
		$role = Jetpack::translate_current_user_to_role();

		if ( ! $role ) {
			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
		}

		$client_secret = Jetpack_Data::get_access_token();
		if ( ! $client_secret ) {
			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
		}

		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
		$redirect_uri = ( 'calypso' === $data['auth_type'] )
			? $data['redirect_uri']
			: add_query_arg( array(
				'action' => 'authorize',
				'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
				'redirect' => $redirect ? urlencode( $redirect ) : false,
			), menu_page_url( 'jetpack', false ) );

		$body = array(
			'client_id' => Jetpack_Options::get_option( 'id' ),
			'client_secret' => $client_secret->secret,
			'grant_type' => 'authorization_code',
			'code' => $data['code'],
			'redirect_uri' => $redirect_uri,
		);

		$args = array(
			'method' => 'POST',
			'body' => $body,
			'headers' => array(
				'Accept' => 'application/json',
			),
		);
		$response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );

		if ( is_wp_error( $response ) ) {
			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
		}

		$code = wp_remote_retrieve_response_code( $response );
		$entity = wp_remote_retrieve_body( $response );

		if ( $entity ) {
			$json = json_decode( $entity );
		} else {
			$json = false;
		}

		if ( 200 != $code || ! empty( $json->error ) ) {
			if ( empty( $json->error ) ) {
				return new Jetpack_Error( 'unknown', '', $code );
			}

			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';

			return new Jetpack_Error( (string) $json->error, $error_description, $code );
		}

		if ( empty( $json->access_token ) || ! is_scalar( $json->access_token ) ) {
			return new Jetpack_Error( 'access_token', '', $code );
		}

		if ( empty( $json->token_type ) || 'X_JETPACK' != strtoupper( $json->token_type ) ) {
			return new Jetpack_Error( 'token_type', '', $code );
		}

		if ( empty( $json->scope ) ) {
			return new Jetpack_Error( 'scope', 'No Scope', $code );
		}

		@list( $role, $hmac ) = explode( ':', $json->scope );
		if ( empty( $role ) || empty( $hmac ) ) {
			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
		}

		if ( Jetpack::sign_role( $role ) !== $json->scope ) {
			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
		}

		if ( ! $cap = Jetpack::translate_role_to_cap( $role ) ) {
			return new Jetpack_Error( 'scope', 'No Cap', $code );
		}

		if ( ! current_user_can( $cap ) ) {
			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );
		}

		/**
		 * Fires after user has successfully received an auth token.
		 *
		 * @since 3.9.0
		 */
		do_action( 'jetpack_user_authorized' );

		return (string) $json->access_token;
	}

	public function get_jetpack() {
		return Jetpack::init();
	}

	public function do_exit() {
		exit;
	}
}


1		<?php
2
3		/**
4		* Client = Plugin
5		* Client Server = API Methods the Plugin must respond to
6		*/
7		class Jetpack_Client_Server {
8
9		/**
10		* Authorizations
11		*/
12		function client_authorize() {
13		$data = stripslashes_deep( $_GET );
14		$data['auth_type'] = 'client';
15		$role = Jetpack::translate_current_user_to_role();
16		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
17
18		check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );
19
20		$result = $this->authorize( $data );
21		if ( is_wp_error( $result ) ) {
22		Jetpack::state( 'error', $result->get_error_code() );
23		JetpackTracking::record_user_event( 'jpc_client_authorize_fail', array(
24		'error_code' => $result->get_error_code(),
25		'error_message' => $result->get_error_message()
26		) );
27		} else {
28		/**
29		* Fires after the Jetpack client is authorized to communicate with WordPress.com.
30		*
31		* @since 4.2.0
32		*
33		* @param int Jetpack Blog ID.
34		*/
35		do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) );
36		JetpackTracking::record_user_event( 'jpc_client_authorize_success' );
37		}
38
39		if ( wp_validate_redirect( $redirect ) ) {
40		// Exit happens below in $this->do_exit()
41		wp_safe_redirect( $redirect );
42		} else {
43		// Exit happens below in $this->do_exit()
44		wp_safe_redirect( Jetpack::admin_url() );
45		}
46
47		$this->do_exit();
48		}
49
50		function authorize( $data = array() ) {
51		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
52
53		$jetpack_unique_connection = Jetpack_Options::get_option( 'unique_connection' );
54		// Checking if site has been active/connected previously before recording unique connection
55		if ( ! $jetpack_unique_connection ) {
56		// jetpack_unique_connection option has never been set
57		$jetpack_unique_connection = array(
58		'connected' => 0,
59		'disconnected' => 0,
60		'version' => '3.6.1',
61		);
62
63		update_option( 'jetpack_unique_connection', $jetpack_unique_connection );
64
65		//track unique connection
66		$jetpack = $this->get_jetpack();;
		0 ignored issues – show Coding Style introduced 2016-07-06 20:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to place each PHP statement on a line by itself. Let’s take a look at an example: // Bad $a = 5; $b = 6; $c = 7; // Good $a = 5; $b = 6; $c = 7; Loading history...
67
68		$jetpack->stat( 'connections', 'unique-connection' );
69		$jetpack->do_stats( 'server_side' );
70		}
71
72		// increment number of times connected
73		$jetpack_unique_connection['connected'] += 1;
74		Jetpack_Options::update_option( 'unique_connection', $jetpack_unique_connection );
75
76		$role = Jetpack::translate_current_user_to_role();
77
78		if ( ! $role ) {
79		return new Jetpack_Error( 'no_role', 'Invalid request.', 400 );
80		}
81
82		$cap = Jetpack::translate_role_to_cap( $role );
83		if ( ! $cap ) {
84		return new Jetpack_Error( 'no_cap', 'Invalid request.', 400 );
85		}
86
87		if ( ! empty( $data['error'] ) ) {
88		return new Jetpack_Error( $data['error'], 'Error included in the request.', 400 );
89		}
90
91		if ( ! isset( $data['state'] ) ) {
92		return new Jetpack_Error( 'no_state', 'Request must include state.', 400 );
93		}
94
95		if ( ! ctype_digit( $data['state'] ) ) {
96		return new Jetpack_Error( $data['error'], 'State must be an integer.', 400 );
97		}
98
99		$current_user_id = get_current_user_id();
100		if ( $current_user_id != $data['state'] ) {
101		return new Jetpack_Error( 'wrong_state', 'State does not match current user.', 400 );
102		}
103
104		if ( empty( $data['code'] ) ) {
105		return new Jetpack_Error( 'no_code', 'Request must include an authorization code.', 400 );
106		}
107
108		$token = $this->get_token( $data );
109
110		if ( is_wp_error( $token ) ) {
111		$code = $token->get_error_code();
112		if ( empty( $code ) ) {
113		$code = 'invalid_token';
114		}
115		return new Jetpack_Error( $code, $token->get_error_message(), 400 );
116		}
117
118		if ( ! $token ) {
119		return new Jetpack_Error( 'no_token', 'Error generating token.', 400 );
120		}
121
122		$is_master_user = ! Jetpack::is_active();
123
124		Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );
125
126		if ( ! $is_master_user ) {
127		Jetpack::state( 'message', 'linked' );
128		// Don't activate anything since we are just connecting a user.
129		return 'linked';
130		}
131
132		$redirect_on_activation_error = ( 'client' === $data['auth_type'] ) ? true : false;
133	View Code Duplication	if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
134		Jetpack::delete_active_modules();
135
136		Jetpack::activate_default_modules( 999, 1, $active_modules, $redirect_on_activation_error, false );
		0 ignored issues – show Documentation introduced 2017-05-08 23:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this `999` is of type `integer`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
137		} else {
138		Jetpack::activate_default_modules( false, false, array(), $redirect_on_activation_error, false );
139		}
140
141		// If redirect_uri is SSO, ensure SSO module is enabled
142		parse_str( parse_url( $data['redirect_uri'], PHP_URL_QUERY ), $redirect_options );
143		/** This filter is documented in class.jetpack-cli.php */
144		if ( isset( $redirect_options['action'] ) && 'jetpack-sso' === $redirect_options['action'] && apply_filters( 'jetpack_start_enable_sso', true ) ) {
145		Jetpack::activate_module( 'sso', false, false );
146		}
147
148		// Since this is a fresh connection, be sure to clear out IDC options
149		Jetpack_IDC::clear_all_idc_options();
150
151		// Start nonce cleaner
152		wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
153		wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
154
155		Jetpack::state( 'message', 'authorized' );
156		return 'authorized';
157		}
158
159		public static function deactivate_plugin( $probable_file, $probable_title ) {
160		include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
161		if ( is_plugin_active( $probable_file ) ) {
162		deactivate_plugins( $probable_file );
163		return 1;
164		} else {
165		// If the plugin is not in the usual place, try looking through all active plugins.
166		$active_plugins = Jetpack::get_active_plugins();
167		foreach ( $active_plugins as $plugin ) {
168		$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
169		if ( $data['Name'] == $probable_title ) {
170		deactivate_plugins( $plugin );
171		return 1;
172		}
173		}
174		}
175
176		return 0;
177		}
178
179		/**
180		* @return object\|WP_Error
181		*/
182		function get_token( $data ) {
183		$role = Jetpack::translate_current_user_to_role();
184
185		if ( ! $role ) {
186		return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
187		}
188
189		$client_secret = Jetpack_Data::get_access_token();
190		if ( ! $client_secret ) {
191		return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
192		}
193
194		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
195		$redirect_uri = ( 'calypso' === $data['auth_type'] )
196		? $data['redirect_uri']
197		: add_query_arg( array(
198		'action' => 'authorize',
199		'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
200		'redirect' => $redirect ? urlencode( $redirect ) : false,
201		), menu_page_url( 'jetpack', false ) );
202
203		$body = array(
204		'client_id' => Jetpack_Options::get_option( 'id' ),
205		'client_secret' => $client_secret->secret,
206		'grant_type' => 'authorization_code',
207		'code' => $data['code'],
208		'redirect_uri' => $redirect_uri,
209		);
210
211		$args = array(
212		'method' => 'POST',
213		'body' => $body,
214		'headers' => array(
215		'Accept' => 'application/json',
216		),
217		);
218		$response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );
219
220		if ( is_wp_error( $response ) ) {
221		return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
222		}
223
224		$code = wp_remote_retrieve_response_code( $response );
225		$entity = wp_remote_retrieve_body( $response );
226
227		if ( $entity ) {
228		$json = json_decode( $entity );
229		} else {
230		$json = false;
231		}
232
233		if ( 200 != $code \|\| ! empty( $json->error ) ) {
234		if ( empty( $json->error ) ) {
235		return new Jetpack_Error( 'unknown', '', $code );
236		}
237
238		$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';
239
240		return new Jetpack_Error( (string) $json->error, $error_description, $code );
241		}
242
243		if ( empty( $json->access_token ) \|\| ! is_scalar( $json->access_token ) ) {
244		return new Jetpack_Error( 'access_token', '', $code );
245		}
246
247		if ( empty( $json->token_type ) \|\| 'X_JETPACK' != strtoupper( $json->token_type ) ) {
248		return new Jetpack_Error( 'token_type', '', $code );
249		}
250
251		if ( empty( $json->scope ) ) {
252		return new Jetpack_Error( 'scope', 'No Scope', $code );
253		}
254
255		@list( $role, $hmac ) = explode( ':', $json->scope );
256		if ( empty( $role ) \|\| empty( $hmac ) ) {
257		return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
258		}
259
260		if ( Jetpack::sign_role( $role ) !== $json->scope ) {
261		return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
262		}
263
264		if ( ! $cap = Jetpack::translate_role_to_cap( $role ) ) {
265		return new Jetpack_Error( 'scope', 'No Cap', $code );
266		}
267
268		if ( ! current_user_can( $cap ) ) {
269		return new Jetpack_Error( 'scope', 'current_user_cannot', $code );
270		}
271
272		/**
273		* Fires after user has successfully received an auth token.
274		*
275		* @since 3.9.0
276		*/
277		do_action( 'jetpack_user_authorized' );
278
279		return (string) $json->access_token;
280		}
281
282		public function get_jetpack() {
283		return Jetpack::init();
284		}
285
286		public function do_exit() {
287		exit;
288		}
289		}
290

Automattic / jetpack

Push — pr/7794 ( cb7d3e...693e58 )

class.jetpack-client-server.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like