Issues in bandcamp.php - New Issues - Inspection of "Jetpack Sync: Reordering checks" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/plugin_install ( 3a9d43...6595e5 )

unknown

created 2017-04-19 20:16 UTC

modules/shortcodes/bandcamp.php (2 issues)

Labels

Bug 2

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// shortcode handler for [bandcamp], which inserts a bandcamp.com
// music player (iframe, html5)
//
// [bandcamp album=119385304]
// [bandcamp album=3462839126  bgcol=FFFFFF linkcol=4285BB size=venti]
// [bandcamp track=2446959313]
//
function shortcode_handler_bandcamp( $atts ) {
	// there are no default values, but specify here anyway
	// to explicitly list supported atts
	$attributes = shortcode_atts( array(
		'album'       => null,     // integer album id
		'track'       => null,     // integer track id
		'video'       => null,     // integer track id for video player
		'size'        => 'venti',  // one of the supported sizes
		'bgcol'       => 'FFFFFF', // hex, no '#' prefix
		'linkcol'     => null,     // hex, no '#' prefix
		'layout'      => null,     // encoded layout url
		'width'       => null,     // integer with optional "%"
		'height'      => null,     // integer with optional "%"
		'notracklist' => null,     // may be string "true" (defaults false)
		'tracklist'   => null,     // may be string "false" (defaults true)
		'artwork'     => null,     // may be string "false" (alternately: "none") or "small" (default is large)
		'minimal'     => null,     // may be string "true" (defaults false)
		'theme'       => null,     // may be theme identifier string ("light"|"dark" so far)
		'package'     => null,     // integer package id
		't'           => null,     // integer track number
		'tracks'      => null,     // comma separated list of allowed tracks
		'esig'        => null      // hex, no '#' prefix
	), $atts, 'bandcamp' );

	$sizes = array(
		'venti'      => array( 'width' => 400, 'height' => 100 ),
		'grande'     => array( 'width' => 300, 'height' => 100 ),
		'grande2'    => array( 'width' => 300, 'height' => 355 ),
		'grande3'    => array( 'width' => 300, 'height' => 415 ),
		'tall_album' => array( 'width' => 150, 'height' => 295 ),
		'tall_track' => array( 'width' => 150, 'height' => 270 ),
		'tall2'      => array( 'width' => 150, 'height' => 450 ),
		'short'      => array( 'width' => 46, 'height' => 23 ),
		'large'      => array( 'width' => 350, 'height' => 470 ),
		'medium'     => array( 'width' => 450, 'height' => 120 ),
		'small'      => array( 'width' => 350, 'height' => 42 )
	);

	$sizekey = $attributes['size'];
	$height  = null;
	$width   = null;

	$isVideo = false;

	// Build iframe url.  For audio players, args are appended as
	// extra path segments for historical reasons having to
	// do with an IE-only flash bug which required this URL
	// to contain no querystring.  Delay the actual joining
	// of args into a string until after we decide if it's
	// a video player or an audio player
	$argparts = array();

	if ( ! isset( $attributes['album'] ) && ! isset( $attributes['track'] ) && ! isset( $attributes['video'] ) ) {
		return "[bandcamp: shortcode must include 'track', 'album', or 'video' param]";
	}

	if ( isset( $attributes['track'] ) && is_numeric( $attributes['track'] ) ) {
		$track = esc_attr( $attributes['track'] );
		array_push( $argparts, "track={$track}" );
	} elseif ( isset( $attributes['video'] ) && is_numeric( $attributes['video'] ) ) {
		$track = esc_attr( $attributes['video'] ); // videos are referenced by track id
		$urlbase = "//bandcamp.com/EmbeddedPlayer/v=2";
		$isVideo = true;
		array_push( $argparts, "track={$track}" );
	}
	if ( isset( $attributes['album'] ) && is_numeric( $attributes['album'] ) ) {
		$album = esc_attr( $attributes['album'] );
		array_push( $argparts, "album={$album}" );
	}

	if ( $sizekey == 'tall' ) {
		if ( isset( $attributes['album'] ) ) {
			$sizekey .= '_album';
		} else {
			$sizekey .= '_track';
		}
	}

	// if size specified that we don't recognize, fall back on venti
	if ( empty( $sizes[ $sizekey ] ) ) {
		$sizekey            = 'venti';
		$attributes['size'] = 'venti';
	}

	// use strict regex for digits + optional % instead of absint for height/width
	// 'width' and 'height' params in the iframe url get the exact string from the shortcode
	// args, whereas the inline style attribute must have "px" added to it if it has no "%"
	if ( isset( $attributes['width'] ) && preg_match( "|^([0-9]+)(%)?$|", $attributes['width'], $matches ) ) {
		$width = $csswidth = $attributes['width'];
		if ( sizeof( $matches ) < 3 ) {
			$csswidth .= "px";
		}
	}
	if ( isset( $attributes['height'] ) && preg_match( "|^([0-9]+)(%)?$|", $attributes['height'], $matches ) ) {
		$height = $cssheight = $attributes['height'];
		if ( sizeof( $matches ) < 3 ) {
			$cssheight .= "px";
		}
	}

	if ( ! $height ) {
		$height    = $sizes[ $sizekey ]['height'];
		$cssheight = $height . "px";
	}

	if ( ! $width ) {
		$width    = $sizes[ $sizekey ]['width'];
		$csswidth = $width . "px";
	}

	if ( isset( $attributes['layout'] ) ) {
		array_push( $argparts, "layout={$attributes['layout']}" );
	} elseif ( isset( $attributes['size'] ) && preg_match( "|^[a-zA-Z0-9]+$|", $attributes['size'] ) ) {
		array_push( $argparts, "size={$attributes['size']}" );
	}

	if ( isset( $attributes['bgcol'] ) && preg_match( "|^[0-9A-Fa-f]+$|", $attributes['bgcol'] ) ) {
		array_push( $argparts, "bgcol={$attributes['bgcol']}" );
	}

	if ( isset( $attributes['linkcol'] ) && preg_match( "|^[0-9A-Fa-f]+$|", $attributes['linkcol'] ) ) {
		array_push( $argparts, "linkcol={$attributes['linkcol']}" );
	}

	if ( isset( $attributes['package'] ) && preg_match( "|^[0-9]+$|", $attributes['package'] ) ) {
		array_push( $argparts, "package={$attributes['package']}" );
	}

	if ( isset( $attributes['t'] ) && preg_match( "|^[0-9]+$|", $attributes['t'] ) ) {
		array_push( $argparts, "t={$attributes['t']}" );
	}

	if ( $attributes['notracklist'] == "true" ) {
		array_push( $argparts, "notracklist=true" );
	}

	// 'tracklist' arg deprecates 'notracklist=true' to be less weird.  note, behavior
	// if both are specified is undefined
	switch ( $attributes['tracklist'] ) {
		case "false":
		case "none":
			array_push( $argparts, "tracklist=false" );
			break;
	}

	switch ( $attributes['artwork'] ) {
		case "false":
		case "none":
		case "small":
			array_push( $argparts, "artwork=" . $attributes['artwork'] );
			break;
	}

	if ( $attributes['minimal'] == "true" ) {
		array_push( $argparts, "minimal=true" );
	}

	if ( isset( $attributes['theme'] ) && preg_match( "|^[a-zA-Z_]+$|", $attributes['theme'] ) ) {
		array_push( $argparts, "theme={$attributes['theme']}" );
	}

	// param 'tracks' is signed digest param 'esig'
	if ( isset( $attributes['tracks'] ) && preg_match( "|^[0-9\,]+$|", $attributes['tracks'] ) ) {
		if ( isset( $attributes['esig'] ) && preg_match( "|^[0-9A-Fa-f]+$|", $attributes['esig'] ) ) {
			array_push( $argparts, "tracks={$attributes['tracks']}" );
			array_push( $argparts, "esig={$attributes['esig']}" );
		}
	}

	if ( $isVideo ) {
		$url        = "//bandcamp.com/VideoEmbed?" . join( '&', $argparts );
		$extraAttrs = " mozallowfullscreen='1' webkitallowfullscreen='1' allowfullscreen='1'";
	} else {
		$url        = "//bandcamp.com/EmbeddedPlayer/v=2/" . join( '/', $argparts ) . '/';
		$extraAttrs = '';
	}

	return "<iframe width='" . esc_attr( $width ) . "' height='" . esc_attr( $height ) . "' style='position: relative; display: block; width: " . esc_attr( $csswidth ) . "; height: " . esc_attr( $cssheight ) . ";' src='" . esc_url( $url ) . "' allowtransparency='true' frameborder='0'" . $extraAttrs . "></iframe>";
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
}

add_shortcode( 'bandcamp', 'shortcode_handler_bandcamp' );


Push — add/plugin_install ( 3a9d43...6595e5 )

modules/shortcodes/bandcamp.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

1		<?php
2		// shortcode handler for [bandcamp], which inserts a bandcamp.com
3		// music player (iframe, html5)
4		//
5		// [bandcamp album=119385304]
6		// [bandcamp album=3462839126 bgcol=FFFFFF linkcol=4285BB size=venti]
7		// [bandcamp track=2446959313]
8		//
9		function shortcode_handler_bandcamp( $atts ) {
10		// there are no default values, but specify here anyway
11		// to explicitly list supported atts
12		$attributes = shortcode_atts( array(
13		'album' => null, // integer album id
14		'track' => null, // integer track id
15		'video' => null, // integer track id for video player
16		'size' => 'venti', // one of the supported sizes
17		'bgcol' => 'FFFFFF', // hex, no '#' prefix
18		'linkcol' => null, // hex, no '#' prefix
19		'layout' => null, // encoded layout url
20		'width' => null, // integer with optional "%"
21		'height' => null, // integer with optional "%"
22		'notracklist' => null, // may be string "true" (defaults false)
23		'tracklist' => null, // may be string "false" (defaults true)
24		'artwork' => null, // may be string "false" (alternately: "none") or "small" (default is large)
25		'minimal' => null, // may be string "true" (defaults false)
26		'theme' => null, // may be theme identifier string ("light"\|"dark" so far)
27		'package' => null, // integer package id
28		't' => null, // integer track number
29		'tracks' => null, // comma separated list of allowed tracks
30		'esig' => null // hex, no '#' prefix
31		), $atts, 'bandcamp' );
32
33		$sizes = array(
34		'venti' => array( 'width' => 400, 'height' => 100 ),
35		'grande' => array( 'width' => 300, 'height' => 100 ),
36		'grande2' => array( 'width' => 300, 'height' => 355 ),
37		'grande3' => array( 'width' => 300, 'height' => 415 ),
38		'tall_album' => array( 'width' => 150, 'height' => 295 ),
39		'tall_track' => array( 'width' => 150, 'height' => 270 ),
40		'tall2' => array( 'width' => 150, 'height' => 450 ),
41		'short' => array( 'width' => 46, 'height' => 23 ),
42		'large' => array( 'width' => 350, 'height' => 470 ),
43		'medium' => array( 'width' => 450, 'height' => 120 ),
44		'small' => array( 'width' => 350, 'height' => 42 )
45		);
46
47		$sizekey = $attributes['size'];
48		$height = null;
49		$width = null;
50
51		$isVideo = false;
52
53		// Build iframe url. For audio players, args are appended as
54		// extra path segments for historical reasons having to
55		// do with an IE-only flash bug which required this URL
56		// to contain no querystring. Delay the actual joining
57		// of args into a string until after we decide if it's
58		// a video player or an audio player
59		$argparts = array();
60
61		if ( ! isset( $attributes['album'] ) && ! isset( $attributes['track'] ) && ! isset( $attributes['video'] ) ) {
62		return "[bandcamp: shortcode must include 'track', 'album', or 'video' param]";
63		}
64
65		if ( isset( $attributes['track'] ) && is_numeric( $attributes['track'] ) ) {
66		$track = esc_attr( $attributes['track'] );
67		array_push( $argparts, "track={$track}" );
68		} elseif ( isset( $attributes['video'] ) && is_numeric( $attributes['video'] ) ) {
69		$track = esc_attr( $attributes['video'] ); // videos are referenced by track id
70		$urlbase = "//bandcamp.com/EmbeddedPlayer/v=2";
71		$isVideo = true;
72		array_push( $argparts, "track={$track}" );
73		}
74		if ( isset( $attributes['album'] ) && is_numeric( $attributes['album'] ) ) {
75		$album = esc_attr( $attributes['album'] );
76		array_push( $argparts, "album={$album}" );
77		}
78
79		if ( $sizekey == 'tall' ) {
80		if ( isset( $attributes['album'] ) ) {
81		$sizekey .= '_album';
82		} else {
83		$sizekey .= '_track';
84		}
85		}
86
87		// if size specified that we don't recognize, fall back on venti
88		if ( empty( $sizes[ $sizekey ] ) ) {
89		$sizekey = 'venti';
90		$attributes['size'] = 'venti';
91		}
92
93		// use strict regex for digits + optional % instead of absint for height/width
94		// 'width' and 'height' params in the iframe url get the exact string from the shortcode
95		// args, whereas the inline style attribute must have "px" added to it if it has no "%"
96	View Code Duplication	if ( isset( $attributes['width'] ) && preg_match( "\|^([0-9]+)(%)?$\|", $attributes['width'], $matches ) ) {
97		$width = $csswidth = $attributes['width'];
98		if ( sizeof( $matches ) < 3 ) {
99		$csswidth .= "px";
100		}
101		}
102	View Code Duplication	if ( isset( $attributes['height'] ) && preg_match( "\|^([0-9]+)(%)?$\|", $attributes['height'], $matches ) ) {
103		$height = $cssheight = $attributes['height'];
104		if ( sizeof( $matches ) < 3 ) {
105		$cssheight .= "px";
106		}
107		}
108
109		if ( ! $height ) {
110		$height = $sizes[ $sizekey ]['height'];
111		$cssheight = $height . "px";
112		}
113
114		if ( ! $width ) {
115		$width = $sizes[ $sizekey ]['width'];
116		$csswidth = $width . "px";
117		}
118
119	View Code Duplication	if ( isset( $attributes['layout'] ) ) {
120		array_push( $argparts, "layout={$attributes['layout']}" );
121		} elseif ( isset( $attributes['size'] ) && preg_match( "\|^[a-zA-Z0-9]+$\|", $attributes['size'] ) ) {
122		array_push( $argparts, "size={$attributes['size']}" );
123		}
124
125		if ( isset( $attributes['bgcol'] ) && preg_match( "\|^[0-9A-Fa-f]+$\|", $attributes['bgcol'] ) ) {
126		array_push( $argparts, "bgcol={$attributes['bgcol']}" );
127		}
128
129		if ( isset( $attributes['linkcol'] ) && preg_match( "\|^[0-9A-Fa-f]+$\|", $attributes['linkcol'] ) ) {
130		array_push( $argparts, "linkcol={$attributes['linkcol']}" );
131		}
132
133		if ( isset( $attributes['package'] ) && preg_match( "\|^[0-9]+$\|", $attributes['package'] ) ) {
134		array_push( $argparts, "package={$attributes['package']}" );
135		}
136
137		if ( isset( $attributes['t'] ) && preg_match( "\|^[0-9]+$\|", $attributes['t'] ) ) {
138		array_push( $argparts, "t={$attributes['t']}" );
139		}
140
141		if ( $attributes['notracklist'] == "true" ) {
142		array_push( $argparts, "notracklist=true" );
143		}
144
145		// 'tracklist' arg deprecates 'notracklist=true' to be less weird. note, behavior
146		// if both are specified is undefined
147		switch ( $attributes['tracklist'] ) {
148		case "false":
149		case "none":
150		array_push( $argparts, "tracklist=false" );
151		break;
152		}
153
154		switch ( $attributes['artwork'] ) {
155		case "false":
156		case "none":
157		case "small":
158		array_push( $argparts, "artwork=" . $attributes['artwork'] );
159		break;
160		}
161
162		if ( $attributes['minimal'] == "true" ) {
163		array_push( $argparts, "minimal=true" );
164		}
165
166		if ( isset( $attributes['theme'] ) && preg_match( "\|^[a-zA-Z_]+$\|", $attributes['theme'] ) ) {
167		array_push( $argparts, "theme={$attributes['theme']}" );
168		}
169
170		// param 'tracks' is signed digest param 'esig'
171		if ( isset( $attributes['tracks'] ) && preg_match( "\|^[0-9\,]+$\|", $attributes['tracks'] ) ) {
172	View Code Duplication	if ( isset( $attributes['esig'] ) && preg_match( "\|^[0-9A-Fa-f]+$\|", $attributes['esig'] ) ) {
173		array_push( $argparts, "tracks={$attributes['tracks']}" );
174		array_push( $argparts, "esig={$attributes['esig']}" );
175		}
176		}
177
178		if ( $isVideo ) {
179		$url = "//bandcamp.com/VideoEmbed?" . join( '&', $argparts );
180		$extraAttrs = " mozallowfullscreen='1' webkitallowfullscreen='1' allowfullscreen='1'";
181		} else {
182		$url = "//bandcamp.com/EmbeddedPlayer/v=2/" . join( '/', $argparts ) . '/';
183		$extraAttrs = '';
184		}
185
186		return "<iframe width='" . esc_attr( $width ) . "' height='" . esc_attr( $height ) . "' style='position: relative; display: block; width: " . esc_attr( $csswidth ) . "; height: " . esc_attr( $cssheight ) . ";' src='" . esc_url( $url ) . "' allowtransparency='true' frameborder='0'" . $extraAttrs . "></iframe>";
		0 ignored issues – show Bug introduced 2017-04-19 20:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$csswidth` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history... Bug introduced 2017-04-19 20:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$cssheight` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
187		}
188
189		add_shortcode( 'bandcamp', 'shortcode_handler_bandcamp' );
190

Automattic / jetpack

Push — add/plugin_install ( 3a9d43...6595e5 )

modules/shortcodes/bandcamp.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like