Issues in class.wpcom-json-api-comment-endpoint.php - New Issues - Inspection of "Settings UI: add VideoPress to list of modules tha..." - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — fix/videopress-missing-from-se... ( 60564b )

unknown

created 2017-04-19 18:37 UTC

class.wpcom-json-api-comment-endpoint.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php


abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
	public $comment_object_format = array(
		// explicitly document and cast all output
		'ID'        => '(int) The comment ID.',
		'post'      => "(object>post_reference) A reference to the comment's post.",
		'author'    => '(object>author) The author of the comment.',
		'date'      => "(ISO 8601 datetime) The comment's creation time.",
		'URL'       => '(URL) The full permalink URL to the comment.',
		'short_URL' => '(URL) The wp.me short URL.',
		'content'   => '(HTML) <code>context</code> dependent.',
		'status'    => array(
			'approved'   => 'The comment has been approved.',
			'unapproved' => 'The comment has been held for review in the moderation queue.',
			'spam'       => 'The comment has been marked as spam.',
			'trash'      => 'The comment is in the trash.',
		),
		'parent' => "(object>comment_reference|false) A reference to the comment's parent, if it has one.",
		'type'   => array(
			'comment'   => 'The comment is a regular comment.',
			'trackback' => 'The comment is a trackback.',
			'pingback'  => 'The comment is a pingback.',
		),
		'like_count'     => '(int) The number of likes for this comment.',
		'i_like'         => '(bool) Does the current user like this comment?',
		'meta' => '(object) Meta data',
	);

	// public $response_format =& $this->comment_object_format;

	function __construct( $args ) {
		if ( !$this->response_format ) {
			$this->response_format =& $this->comment_object_format;
		}
		parent::__construct( $args );
	}

	function get_comment( $comment_id, $context ) {
		global $blog_id;

		$comment = get_comment( $comment_id );
		if ( !$comment || is_wp_error( $comment ) ) {
			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
		}

		$types = array( '', 'comment', 'pingback', 'trackback' );
		if ( !in_array( $comment->comment_type, $types ) ) {
			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
		}

		$post = get_post( $comment->comment_post_ID );
		if ( !$post || is_wp_error( $post ) ) {
			return new WP_Error( 'unknown_post', 'Unknown post', 404 );
		}

		$status = wp_get_comment_status( $comment->comment_ID );

		// Permissions
		switch ( $context ) {
		case 'edit' :
			if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
				return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );
			}

			$GLOBALS['post'] = $post;
			$comment         = get_comment_to_edit( $comment->comment_ID );
			foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
				$comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
			}
			break;
		case 'display' :
			if ( 'approved' !== $status ) {
				$current_user_id = get_current_user_id();
				$user_can_read_coment = false;
				if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
					$user_can_read_coment = true;
				} elseif (
					$comment->comment_author_email && $comment->comment_author
				&&
					isset( $this->api->token_details['user'] )
				&&
					isset( $this->api->token_details['user']['user_email'] )
				&&
					$this->api->token_details['user']['user_email'] === $comment->comment_author_email
				&&
					$this->api->token_details['user']['display_name'] === $comment->comment_author
				) {
					$user_can_read_coment = true;
				} else {
					$user_can_read_coment = current_user_can( 'edit_comment', $comment->comment_ID );
				}

				if ( !$user_can_read_coment ) {
					return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );
				}
			}

			$GLOBALS['post'] = $post;
			setup_postdata( $post );
			break;
		default :
switch ($expr) {
    default : //wrong
        doSomething();
        break;
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}
			return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
		}

		$can_view = $this->user_can_view_post( $post->ID );
		if ( !$can_view || is_wp_error( $can_view ) ) {
			return $can_view;
		}

		$GLOBALS['comment'] = $comment;
		$response           = array();

		foreach ( array_keys( $this->comment_object_format ) as $key ) {
			switch ( $key ) {
			case 'ID' :
				// explicitly cast all output
				$response[$key] = (int) $comment->comment_ID;
				break;
			case 'post' :
				$response[$key] = (object) array(
					'ID'   => (int) $post->ID,
					'title' => (string) get_the_title( $post->ID ),
					'type' => (string) $post->post_type,
					'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
				);
				break;
			case 'author' :
				$response[$key] = (object) $this->get_author( $comment, 'edit' === $context && current_user_can( 'edit_comment', $comment->comment_ID ) );
				break;
			case 'date' :
				$response[$key] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
				break;
			case 'URL' :
				$response[$key] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
				break;
			case 'short_URL' :
				// @todo - pagination
				$response[$key] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
				break;
			case 'content' :
				if ( 'display' === $context ) {
					ob_start();
					comment_text();
					$response[$key] = (string) ob_get_clean();
				} else {
					$response[$key] = (string) $comment->comment_content;
				}
				break;
			case 'status' :
				$response[$key] = (string) $status;
				break;
			case 'parent' : // (object|false)
				if ( $comment->comment_parent ) {
					$parent = get_comment( $comment->comment_parent );
					$response[$key] = (object) array(
						'ID'   => (int) $parent->comment_ID,
						'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
						'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
					);
				} else {
					$response[$key] = false;
				}
				break;
			case 'type' :
				$response[$key] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
				break;
			case 'like_count' :
				if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
					$response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );
				}
				break;
			case 'i_like' :
				if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
					$response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID );
				}
				break;
			case 'meta' :
				$response[$key] = (object) array(
					'links' => (object) array(
						'self'    => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
						'help'    => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
						'site'    => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
						'post'    => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
						'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
						'likes'   => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
					),
				);
				break;
			}
		}

		unset( $GLOBALS['comment'], $GLOBALS['post'] );
		return $response;
	}
}



1			<?php
2
3
4			abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
5			public $comment_object_format = array(
6			// explicitly document and cast all output
7			'ID' => '(int) The comment ID.',
8			'post' => "(object>post_reference) A reference to the comment's post.",
9			'author' => '(object>author) The author of the comment.',
10			'date' => "(ISO 8601 datetime) The comment's creation time.",
11			'URL' => '(URL) The full permalink URL to the comment.',
12			'short_URL' => '(URL) The wp.me short URL.',
13			'content' => '(HTML) <code>context</code> dependent.',
14			'status' => array(
15			'approved' => 'The comment has been approved.',
16			'unapproved' => 'The comment has been held for review in the moderation queue.',
17			'spam' => 'The comment has been marked as spam.',
18			'trash' => 'The comment is in the trash.',
19			),
20			'parent' => "(object>comment_reference\|false) A reference to the comment's parent, if it has one.",
21			'type' => array(
22			'comment' => 'The comment is a regular comment.',
23			'trackback' => 'The comment is a trackback.',
24			'pingback' => 'The comment is a pingback.',
25			),
26			'like_count' => '(int) The number of likes for this comment.',
27			'i_like' => '(bool) Does the current user like this comment?',
28			'meta' => '(object) Meta data',
29			);
30
31			// public $response_format =& $this->comment_object_format;
32
33			function __construct( $args ) {
34			if ( !$this->response_format ) {
35			$this->response_format =& $this->comment_object_format;
36			}
37			parent::__construct( $args );
38			}
39
40			function get_comment( $comment_id, $context ) {
41			global $blog_id;
42
43			$comment = get_comment( $comment_id );
44			if ( !$comment \|\| is_wp_error( $comment ) ) {
45			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
46			}
47
48			$types = array( '', 'comment', 'pingback', 'trackback' );
49			if ( !in_array( $comment->comment_type, $types ) ) {
50			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
51			}
52
53			$post = get_post( $comment->comment_post_ID );
54			if ( !$post \|\| is_wp_error( $post ) ) {
55			return new WP_Error( 'unknown_post', 'Unknown post', 404 );
56			}
57
58			$status = wp_get_comment_status( $comment->comment_ID );
59
60			// Permissions
61			switch ( $context ) {
62			case 'edit' :
63			if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
64			return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );
65			}
66
67			$GLOBALS['post'] = $post;
68			$comment = get_comment_to_edit( $comment->comment_ID );
69			foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
70			$comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
71			}
72			break;
73			case 'display' :
74			if ( 'approved' !== $status ) {
75			$current_user_id = get_current_user_id();
76			$user_can_read_coment = false;
77			if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
78			$user_can_read_coment = true;
79			} elseif (
80			$comment->comment_author_email && $comment->comment_author
81			&&
82			isset( $this->api->token_details['user'] )
83			&&
84			isset( $this->api->token_details['user']['user_email'] )
85			&&
86			$this->api->token_details['user']['user_email'] === $comment->comment_author_email
87			&&
88			$this->api->token_details['user']['display_name'] === $comment->comment_author
89			) {
90			$user_can_read_coment = true;
91			} else {
92			$user_can_read_coment = current_user_can( 'edit_comment', $comment->comment_ID );
93			}
94
95			if ( !$user_can_read_coment ) {
96			return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );
97			}
98			}
99
100			$GLOBALS['post'] = $post;
101			setup_postdata( $post );
102			break;
103			default :
			0 ignored issues – show Coding Style introduced 2015-11-20 23:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be no space before the colon in a DEFAULT statement As per the PSR-2 coding standard, there must not be a space in front of the colon in the default statement. switch ($expr) { default : //wrong doSomething(); break; } switch ($expr) { default: //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
104			return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
105			}
106
107			$can_view = $this->user_can_view_post( $post->ID );
108			if ( !$can_view \|\| is_wp_error( $can_view ) ) {
109			return $can_view;
110			}
111
112			$GLOBALS['comment'] = $comment;
113			$response = array();
114
115			foreach ( array_keys( $this->comment_object_format ) as $key ) {
116			switch ( $key ) {
117			case 'ID' :
118			// explicitly cast all output
119			$response[$key] = (int) $comment->comment_ID;
120			break;
121			case 'post' :
122			$response[$key] = (object) array(
123			'ID' => (int) $post->ID,
124			'title' => (string) get_the_title( $post->ID ),
125			'type' => (string) $post->post_type,
126			'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
127			);
128			break;
129			case 'author' :
130			$response[$key] = (object) $this->get_author( $comment, 'edit' === $context && current_user_can( 'edit_comment', $comment->comment_ID ) );
131			break;
132			case 'date' :
133			$response[$key] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
134			break;
135			case 'URL' :
136			$response[$key] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
137			break;
138			case 'short_URL' :
139			// @todo - pagination
140			$response[$key] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
141			break;
142			case 'content' :
143			if ( 'display' === $context ) {
144			ob_start();
145			comment_text();
146			$response[$key] = (string) ob_get_clean();
147			} else {
148			$response[$key] = (string) $comment->comment_content;
149			}
150			break;
151			case 'status' :
152			$response[$key] = (string) $status;
153			break;
154			case 'parent' : // (object\|false)
155			if ( $comment->comment_parent ) {
156			$parent = get_comment( $comment->comment_parent );
157			$response[$key] = (object) array(
158			'ID' => (int) $parent->comment_ID,
159			'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
160			'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
161			);
162			} else {
163			$response[$key] = false;
164			}
165			break;
166			case 'type' :
167			$response[$key] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
168			break;
169			case 'like_count' :
170			if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
171			$response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );
172			}
173			break;
174			case 'i_like' :
175			if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
176			$response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID );
177			}
178			break;
179			case 'meta' :
180			$response[$key] = (object) array(
181			'links' => (object) array(
182			'self' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
183			'help' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
184			'site' => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
185			'post' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
186			'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
187			'likes' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
188			),
189			);
190			break;
191			}
192			}
193
194			unset( $GLOBALS['comment'], $GLOBALS['post'] );
195			return $response;
196			}
197			}
198
199

Automattic / jetpack

Push — fix/videopress-missing-from-se... ( 60564b )

class.wpcom-json-api-comment-endpoint.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like