Issues in class.jetpack-client-server.php - New Issues - Inspection of "Changelog: add #13961" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/80-changelog ( 5b0ee5...e45d37 )

by Jeremy

created 2019-11-25 12:20 UTC

class.jetpack-client-server.php (14 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

use Automattic\Jetpack\Connection\Client;
use Automattic\Jetpack\Connection\Manager as Connection_Manager;
use Automattic\Jetpack\Connection\Utils as Connection_Utils;
use Automattic\Jetpack\Roles;
use Automattic\Jetpack\Tracking;

/**
 * Client = Plugin
 * Client Server = API Methods the Plugin must respond to
 */
class Jetpack_Client_Server {

	/**
	 * Authorizations
	 */
	function client_authorize() {
		$data              = stripslashes_deep( $_GET );
		$data['auth_type'] = 'client';
		$roles             = new Roles();
		$role              = $roles->translate_current_user_to_role();
		$redirect          = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );

		$tracking = new Tracking();

		$manager = new Connection_Manager();
		$result  = $manager->authorize( $data );

		if ( is_wp_error( $result ) ) {
			Jetpack::state( 'error', $result->get_error_code() );

			$tracking->record_user_event(
				'jpc_client_authorize_fail',
				array(
					'error_code'    => $result->get_error_code(),
					'error_message' => $result->get_error_message(),
				)
			);
		} else {
			/**
			 * Fires after the Jetpack client is authorized to communicate with WordPress.com.
			 *
			 * @since 4.2.0
			 *
			 * @param int Jetpack Blog ID.
			 */
			do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) );
		}

		if ( wp_validate_redirect( $redirect ) ) {
			// Exit happens below in $this->do_exit()
			wp_safe_redirect( $redirect );
		} else {
			// Exit happens below in $this->do_exit()
			wp_safe_redirect( Jetpack::admin_url() );
		}

		$tracking->record_user_event( 'jpc_client_authorize_success' );

		$this->do_exit();
	}

	/*
	 * @deprecated 8.0 Use Automattic\Jetpack\Connection\Manager::authorize() instead.
	 */
	function authorize( $data = array() ) {
		_deprecated_function( __METHOD__, 'jetpack-8.0', 'Automattic\\Jetpack\\Connection\\Manager::authorize' );
		$manager = new Connection_Manager();
		return $manager->authorize( $data );
	}

	public static function deactivate_plugin( $probable_file, $probable_title ) {
		include_once ABSPATH . 'wp-admin/includes/plugin.php';
		if ( is_plugin_active( $probable_file ) ) {
			deactivate_plugins( $probable_file );
			return 1;
		} else {
			// If the plugin is not in the usual place, try looking through all active plugins.
			$active_plugins = Jetpack::get_active_plugins();
			foreach ( $active_plugins as $plugin ) {
				$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
				if ( $data['Name'] == $probable_title ) {
					deactivate_plugins( $plugin );
					return 1;
				}
			}
		}

		return 0;
	}

	/**
	 * @return object|WP_Error
	 */
	function get_token( $data ) {
		$roles = new Roles();
		$role  = $roles->translate_current_user_to_role();

		if ( ! $role ) {
			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );

		}

		$client_secret = Jetpack_Data::get_access_token();

		if ( ! $client_secret ) {
			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );

		}

		$redirect     = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
		$redirect_uri = ( 'calypso' === $data['auth_type'] )
			? $data['redirect_uri']
			: add_query_arg(
				array(
					'action'   => 'authorize',
					'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
					'redirect' => $redirect ? urlencode( $redirect ) : false,
				),
				menu_page_url( 'jetpack', false )
			);

		// inject identity for analytics
		$tracks          = new Automattic\Jetpack\Tracking();
		$tracks_identity = $tracks->tracks_get_identity( get_current_user_id() );

		$body = array(
			'client_id'     => Jetpack_Options::get_option( 'id' ),
			'client_secret' => $client_secret->secret,
			'grant_type'    => 'authorization_code',
			'code'          => $data['code'],
			'redirect_uri'  => $redirect_uri,
			'_ui'           => $tracks_identity['_ui'],
			'_ut'           => $tracks_identity['_ut'],
		);

		$args     = array(
			'method'  => 'POST',
			'body'    => $body,
			'headers' => array(
				'Accept' => 'application/json',
			),
		);
		$response = Client::_wp_remote_request( Connection_Utils::fix_url_for_bad_hosts( Jetpack::connection()->api_url( 'token' ) ), $args );

		if ( is_wp_error( $response ) ) {
			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );

		}

		$code   = wp_remote_retrieve_response_code( $response );
		$entity = wp_remote_retrieve_body( $response );

		if ( $entity ) {
			$json = json_decode( $entity );
		} else {
			$json = false;
		}

		if ( 200 != $code || ! empty( $json->error ) ) {
			if ( empty( $json->error ) ) {
				return new Jetpack_Error( 'unknown', '', $code );

			}

			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';

			return new Jetpack_Error( (string) $json->error, $error_description, $code );

		}

		if ( empty( $json->access_token ) || ! is_scalar( $json->access_token ) ) {
			return new Jetpack_Error( 'access_token', '', $code );

		}

		if ( empty( $json->token_type ) || 'X_JETPACK' != strtoupper( $json->token_type ) ) {
			return new Jetpack_Error( 'token_type', '', $code );

		}

		if ( empty( $json->scope ) ) {
			return new Jetpack_Error( 'scope', 'No Scope', $code );

		}

		@list( $role, $hmac ) = explode( ':', $json->scope );
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
		if ( empty( $role ) || empty( $hmac ) ) {
			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );

		}

		if ( Jetpack::connection()->sign_role( $role ) !== $json->scope ) {
			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );

		}

		$cap = $roles->translate_role_to_cap( $role );
		if ( ! $cap ) {
			return new Jetpack_Error( 'scope', 'No Cap', $code );

		}

		if ( ! current_user_can( $cap ) ) {
			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );

		}

		/**
		 * Fires after user has successfully received an auth token.
		 *
		 * @since 3.9.0
		 */
		do_action( 'jetpack_user_authorized' );

		return (string) $json->access_token;
	}

	public function get_jetpack() {
		return Jetpack::init();
	}

	public function do_exit() {
		exit;
	}
}


1			<?php
2
3			use Automattic\Jetpack\Connection\Client;
4			use Automattic\Jetpack\Connection\Manager as Connection_Manager;
5			use Automattic\Jetpack\Connection\Utils as Connection_Utils;
6			use Automattic\Jetpack\Roles;
7			use Automattic\Jetpack\Tracking;
8
9			/**
10			* Client = Plugin
11			* Client Server = API Methods the Plugin must respond to
12			*/
13			class Jetpack_Client_Server {
14
15			/**
16			* Authorizations
17			*/
18			function client_authorize() {
19			$data = stripslashes_deep( $_GET );
20			$data['auth_type'] = 'client';
21			$roles = new Roles();
22			$role = $roles->translate_current_user_to_role();
23			$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
24
25			check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );
26
27			$tracking = new Tracking();
28
29			$manager = new Connection_Manager();
30			$result = $manager->authorize( $data );
31
32			if ( is_wp_error( $result ) ) {
33			Jetpack::state( 'error', $result->get_error_code() );
34
35			$tracking->record_user_event(
36			'jpc_client_authorize_fail',
37			array(
38			'error_code' => $result->get_error_code(),
39			'error_message' => $result->get_error_message(),
40			)
41			);
42			} else {
43			/**
44			* Fires after the Jetpack client is authorized to communicate with WordPress.com.
45			*
46			* @since 4.2.0
47			*
48			* @param int Jetpack Blog ID.
49			*/
50			do_action( 'jetpack_client_authorized', Jetpack_Options::get_option( 'id' ) );
51			}
52
53			if ( wp_validate_redirect( $redirect ) ) {
54			// Exit happens below in $this->do_exit()
55			wp_safe_redirect( $redirect );
56			} else {
57			// Exit happens below in $this->do_exit()
58			wp_safe_redirect( Jetpack::admin_url() );
59			}
60
61			$tracking->record_user_event( 'jpc_client_authorize_success' );
62
63			$this->do_exit();
64			}
65
66			/*
67			* @deprecated 8.0 Use Automattic\Jetpack\Connection\Manager::authorize() instead.
68			*/
69			function authorize( $data = array() ) {
70			_deprecated_function( __METHOD__, 'jetpack-8.0', 'Automattic\\Jetpack\\Connection\\Manager::authorize' );
71			$manager = new Connection_Manager();
72			return $manager->authorize( $data );
73			}
74
75			public static function deactivate_plugin( $probable_file, $probable_title ) {
76			include_once ABSPATH . 'wp-admin/includes/plugin.php';
77			if ( is_plugin_active( $probable_file ) ) {
78			deactivate_plugins( $probable_file );
79			return 1;
80			} else {
81			// If the plugin is not in the usual place, try looking through all active plugins.
82			$active_plugins = Jetpack::get_active_plugins();
83			foreach ( $active_plugins as $plugin ) {
84			$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
85			if ( $data['Name'] == $probable_title ) {
86			deactivate_plugins( $plugin );
87			return 1;
88			}
89			}
90			}
91
92			return 0;
93			}
94
95			/**
96			* @return object\|WP_Error
97			*/
98			function get_token( $data ) {
99			$roles = new Roles();
100			$role = $roles->translate_current_user_to_role();
101
102			if ( ! $role ) {
103			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'role'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
104			}
105
106			$client_secret = Jetpack_Data::get_access_token();
			0 ignored issues – show Deprecated Code introduced 2019-06-06 00:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `Jetpack_Data::get_access_token()` has been deprecated with message: 7.5 Use Connection_Manager instead. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
107			if ( ! $client_secret ) {
108			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'client_secret'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
109			}
110
111			$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
112			$redirect_uri = ( 'calypso' === $data['auth_type'] )
113			? $data['redirect_uri']
114			: add_query_arg(
115			array(
116			'action' => 'authorize',
117			'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
118			'redirect' => $redirect ? urlencode( $redirect ) : false,
119			),
120			menu_page_url( 'jetpack', false )
121			);
122
123			// inject identity for analytics
124			$tracks = new Automattic\Jetpack\Tracking();
125			$tracks_identity = $tracks->tracks_get_identity( get_current_user_id() );
126
127			$body = array(
128			'client_id' => Jetpack_Options::get_option( 'id' ),
129			'client_secret' => $client_secret->secret,
130			'grant_type' => 'authorization_code',
131			'code' => $data['code'],
132			'redirect_uri' => $redirect_uri,
133			'_ui' => $tracks_identity['_ui'],
134			'_ut' => $tracks_identity['_ut'],
135			);
136
137			$args = array(
138			'method' => 'POST',
139			'body' => $body,
140			'headers' => array(
141			'Accept' => 'application/json',
142			),
143			);
144			$response = Client::_wp_remote_request( Connection_Utils::fix_url_for_bad_hosts( Jetpack::connection()->api_url( 'token' ) ), $args );
145
146			if ( is_wp_error( $response ) ) {
147			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'token_http_request_failed'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
148			}
149
150			$code = wp_remote_retrieve_response_code( $response );
151			$entity = wp_remote_retrieve_body( $response );
152
153			if ( $entity ) {
154			$json = json_decode( $entity );
155			} else {
156			$json = false;
157			}
158
159			if ( 200 != $code \|\| ! empty( $json->error ) ) {
160			if ( empty( $json->error ) ) {
161			return new Jetpack_Error( 'unknown', '', $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'unknown'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
162			}
163
164			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';
165
166			return new Jetpack_Error( (string) $json->error, $error_description, $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `(string) $json->error`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
167			}
168
169			if ( empty( $json->access_token ) \|\| ! is_scalar( $json->access_token ) ) {
170			return new Jetpack_Error( 'access_token', '', $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'access_token'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
171			}
172
173			if ( empty( $json->token_type ) \|\| 'X_JETPACK' != strtoupper( $json->token_type ) ) {
174			return new Jetpack_Error( 'token_type', '', $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'token_type'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
175			}
176
177			if ( empty( $json->scope ) ) {
178			return new Jetpack_Error( 'scope', 'No Scope', $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'scope'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
179			}
180
181			@list( $role, $hmac ) = explode( ':', $json->scope );
			0 ignored issues – show Security Best Practice introduced 2017-04-19 20:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
182			if ( empty( $role ) \|\| empty( $hmac ) ) {
183			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
			0 ignored issues – show Unused Code introduced 2019-07-15 13:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'scope'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
184			}
185
186			if ( Jetpack::connection()->sign_role( $role ) !== $json->scope ) {
187			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
			0 ignored issues – show Unused Code introduced 2019-07-18 12:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'scope'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
188			}
189
190			$cap = $roles->translate_role_to_cap( $role );
191			if ( ! $cap ) {
192			return new Jetpack_Error( 'scope', 'No Cap', $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'scope'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
193			}
194
195			if ( ! current_user_can( $cap ) ) {
196			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Jetpack_Error::__construct()` has too many arguments starting with `'scope'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
197			}
198
199			/**
200			* Fires after user has successfully received an auth token.
201			*
202			* @since 3.9.0
203			*/
204			do_action( 'jetpack_user_authorized' );
205
206			return (string) $json->access_token;
207			}
208
209			public function get_jetpack() {
210			return Jetpack::init();
211			}
212
213			public function do_exit() {
214			exit;
215			}
216			}
217

Automattic / jetpack

Push — add/80-changelog ( 5b0ee5...e45d37 )

class.jetpack-client-server.php (14 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like