Issues in class.jetpack-data.php - Fixed Issues - Inspection of "Synchronizes the site settings endpoint." - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — feature/sync-json-endpoints (#7037)

unknown

created 2017-04-22 20:13 UTC

class.jetpack-data.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Jetpack_Data {
	/**
	 * Gets locally stored token
	 *
	 * @return object|false
	 */
	public static function get_access_token( $user_id = false ) {
		if ( $user_id ) {
			if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
				return false;
			}
			if ( $user_id === JETPACK_MASTER_USER ) {
				if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
					return false;
				}
			}
			if ( !isset( $tokens[$user_id] ) || !$token = $tokens[$user_id] ) {
				return false;
			}
			$token_chunks = explode( '.', $token );
			if ( empty( $token_chunks[1] ) || empty( $token_chunks[2] ) ) {
				return false;
			}
			if ( $user_id != $token_chunks[2] ) {
				return false;
			}
			$token = "{$token_chunks[0]}.{$token_chunks[1]}";
		} else {
			$token = Jetpack_Options::get_option( 'blog_token' );
			if ( empty( $token ) ) {
				return false;
			}
		}

		return (object) array(
			'secret' => $token,
			'external_user_id' => (int) $user_id,
		);
	}

	/**
	 * This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
	 *
	 * @param $domain
	 * @param array $extra
	 *
	 * @return bool|WP_Error
	 */
	public static function is_usable_domain( $domain, $extra = array() ) {


		// If it's empty, just fail out.
		if ( ! $domain ) {
			return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
		}

		/**
		 * Skips the usuable domain check when connecting a site.
		 *
		 * Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
		 *
		 * @since 4.1.0
		 *
		 * @param bool If the check should be skipped. Default false.
		 */
		if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
			return true;
		}

		// None of the explicit localhosts.
		$forbidden_domains = array(
			'wordpress.com',
			'localhost',
			'localhost.localdomain',
			'127.0.0.1',
			'local.wordpress.dev',         // VVV
			'local.wordpress-trunk.dev',   // VVV
			'src.wordpress-develop.dev',   // VVV
			'build.wordpress-develop.dev', // VVV
		);
		if ( in_array( $domain, $forbidden_domains ) ) {
			return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
		}

		// No .dev or .local domains
		if ( preg_match( '#\.(dev|local)$#i', $domain ) ) {
			return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
		}

		// No WPCOM subdomains
		if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
			return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
		}

		// If PHP was compiled without support for the Filter module (very edge case)
		if ( ! function_exists( 'filter_var' ) ) {
			// Just pass back true for now, and let wpcom sort it out.
			return true;
		}

		// Check the IP to make sure it's pingable.
		$ip = gethostbyname( $domain );

		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );

		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
			return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
		}

		return true;
	}

	/**
	 * Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
	 * See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
	 *
	 * This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
	 */
	public static function php_bug_66229_check( $ip ) {
		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
			return false;
		}

		$ip_arr = array_map( 'intval', explode( '.', $ip ) );

		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
			return true;
		}

		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
			return true;
		}

		return false;
	}
}


1		<?php
2
3		class Jetpack_Data {
4		/**
5		* Gets locally stored token
6		*
7		* @return object\|false
8		*/
9		public static function get_access_token( $user_id = false ) {
10		if ( $user_id ) {
11		if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
12		return false;
13		}
14		if ( $user_id === JETPACK_MASTER_USER ) {
15		if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
16		return false;
17		}
18		}
19		if ( !isset( $tokens[$user_id] ) \|\| !$token = $tokens[$user_id] ) {
20		return false;
21		}
22		$token_chunks = explode( '.', $token );
23		if ( empty( $token_chunks[1] ) \|\| empty( $token_chunks[2] ) ) {
24		return false;
25		}
26		if ( $user_id != $token_chunks[2] ) {
27		return false;
28		}
29		$token = "{$token_chunks[0]}.{$token_chunks[1]}";
30		} else {
31		$token = Jetpack_Options::get_option( 'blog_token' );
32		if ( empty( $token ) ) {
33		return false;
34		}
35		}
36
37		return (object) array(
38		'secret' => $token,
39		'external_user_id' => (int) $user_id,
40		);
41		}
42
43		/**
44		* This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
45		*
46		* @param $domain
47		* @param array $extra
48		*
49		* @return bool\|WP_Error
50		*/
51		public static function is_usable_domain( $domain, $extra = array() ) {
		0 ignored issues – show Unused Code introduced 2015-11-20 23:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$extra` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
52
53		// If it's empty, just fail out.
54		if ( ! $domain ) {
55		return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
56		}
57
58		/**
59		* Skips the usuable domain check when connecting a site.
60		*
61		* Allows site administrators with domains that fail gethostname-based checks to pass the request to WP.com
62		*
63		* @since 4.1.0
64		*
65		* @param bool If the check should be skipped. Default false.
66		*/
67		if ( apply_filters( 'jetpack_skip_usuable_domain_check', false ) ) {
68		return true;
69		}
70
71		// None of the explicit localhosts.
72		$forbidden_domains = array(
73		'wordpress.com',
74		'localhost',
75		'localhost.localdomain',
76		'127.0.0.1',
77		'local.wordpress.dev', // VVV
78		'local.wordpress-trunk.dev', // VVV
79		'src.wordpress-develop.dev', // VVV
80		'build.wordpress-develop.dev', // VVV
81		);
82		if ( in_array( $domain, $forbidden_domains ) ) {
83		return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
84		}
85
86		// No .dev or .local domains
87	View Code Duplication	if ( preg_match( '#\.(dev\|local)$#i', $domain ) ) {
88		return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
89		}
90
91		// No WPCOM subdomains
92	View Code Duplication	if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
93		return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
94		}
95
96		// If PHP was compiled without support for the Filter module (very edge case)
97		if ( ! function_exists( 'filter_var' ) ) {
98		// Just pass back true for now, and let wpcom sort it out.
99		return true;
100		}
101
102		// Check the IP to make sure it's pingable.
103		$ip = gethostbyname( $domain );
104
105		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
106		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );
107
108		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE \| FILTER_FLAG_NO_RES_RANGE \| FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
109		return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
110		}
111
112		return true;
113		}
114
115		/**
116		* Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
117		* See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
118		*
119		* This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
120		*/
121		public static function php_bug_66229_check( $ip ) {
122		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
123		return false;
124		}
125
126		$ip_arr = array_map( 'intval', explode( '.', $ip ) );
127
128		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
129		return true;
130		}
131
132		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
133		return true;
134		}
135
136		return false;
137		}
138		}
139

Automattic / jetpack

Pull Request — feature/sync-json-endpoints (#7037)

class.jetpack-data.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like