Issues in class.jetpack-data.php - All Issues - Inspection of "Nosara: remove error_logs" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/nosara-tracks ( 481cb6...757671 )

unknown

created 2016-01-11 21:09 UTC

class.jetpack-data.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Jetpack_Data {
	/**
	 * Gets locally stored token
	 *
	 * @return object|false
	 */
	public static function get_access_token( $user_id = false ) {
		if ( $user_id ) {
			if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
				return false;
			}
			if ( $user_id === JETPACK_MASTER_USER ) {
				if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
					return false;
				}
			}
			if ( !isset( $tokens[$user_id] ) || !$token = $tokens[$user_id] ) {
				return false;
			}
			$token_chunks = explode( '.', $token );
			if ( empty( $token_chunks[1] ) || empty( $token_chunks[2] ) ) {
				return false;
			}
			if ( $user_id != $token_chunks[2] ) {
				return false;
			}
			$token = "{$token_chunks[0]}.{$token_chunks[1]}";
		} else {
			$token = Jetpack_Options::get_option( 'blog_token' );
			if ( empty( $token ) ) {
				return false;
			}
		}

		return (object) array(
			'secret' => $token,
			'external_user_id' => (int) $user_id,
		);
	}

	/**
	 * This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
	 *
	 * @param $domain
	 * @param array $extra
	 *
	 * @return bool|WP_Error
	 */
	public static function is_usable_domain( $domain, $extra = array() ) {


		// If it's empty, just fail out.
		if ( ! $domain ) {
			return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
		}

		// None of the explicit localhosts.
		$forbidden_domains = array(
			'wordpress.com',
			'localhost',
			'localhost.localdomain',
			'127.0.0.1',
			'local.wordpress.dev',         // VVV
			'local.wordpress-trunk.dev',   // VVV
			'src.wordpress-develop.dev',   // VVV
			'build.wordpress-develop.dev', // VVV
		);
		if ( in_array( $domain, $forbidden_domains ) ) {
			return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
		}

		// No .dev or .local domains
		if ( preg_match( '#\.(dev|local)$#i', $domain ) ) {
			return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
		}

		// No WPCOM subdomains
		if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
			return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
		}

		// If PHP was compiled without support for the Filter module (very edge case)
		if ( ! function_exists( 'filter_var' ) ) {
			// Just pass back true for now, and let wpcom sort it out.
			return true;
		}

		// Check the IP to make sure it's pingable.
		$ip = gethostbyname( $domain );

		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );

		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
			return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
		}

		return true;
	}

	/**
	 * Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
	 * See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
	 *
	 * This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
	 */
	public static function php_bug_66229_check( $ip ) {
		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
			return false;
		}

		$ip_arr = array_map( 'intval', explode( '.', $ip ) );

		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
			return true;
		}

		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
			return true;
		}

		return false;
	}
}


1		<?php
2
3		class Jetpack_Data {
4		/**
5		* Gets locally stored token
6		*
7		* @return object\|false
8		*/
9		public static function get_access_token( $user_id = false ) {
10		if ( $user_id ) {
11		if ( !$tokens = Jetpack_Options::get_option( 'user_tokens' ) ) {
12		return false;
13		}
14		if ( $user_id === JETPACK_MASTER_USER ) {
15		if ( !$user_id = Jetpack_Options::get_option( 'master_user' ) ) {
16		return false;
17		}
18		}
19		if ( !isset( $tokens[$user_id] ) \|\| !$token = $tokens[$user_id] ) {
20		return false;
21		}
22		$token_chunks = explode( '.', $token );
23		if ( empty( $token_chunks[1] ) \|\| empty( $token_chunks[2] ) ) {
24		return false;
25		}
26		if ( $user_id != $token_chunks[2] ) {
27		return false;
28		}
29		$token = "{$token_chunks[0]}.{$token_chunks[1]}";
30		} else {
31		$token = Jetpack_Options::get_option( 'blog_token' );
32		if ( empty( $token ) ) {
33		return false;
34		}
35		}
36
37		return (object) array(
38		'secret' => $token,
39		'external_user_id' => (int) $user_id,
40		);
41		}
42
43		/**
44		* This function mirrors Jetpack_Data::is_usable_domain() in the WPCOM codebase.
45		*
46		* @param $domain
47		* @param array $extra
48		*
49		* @return bool\|WP_Error
50		*/
51		public static function is_usable_domain( $domain, $extra = array() ) {
		0 ignored issues – show Unused Code introduced 2015-11-20 23:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$extra` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
52
53		// If it's empty, just fail out.
54		if ( ! $domain ) {
55		return new WP_Error( 'fail_domain_empty', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is empty.', 'jetpack' ), $domain ) );
56		}
57
58		// None of the explicit localhosts.
59		$forbidden_domains = array(
60		'wordpress.com',
61		'localhost',
62		'localhost.localdomain',
63		'127.0.0.1',
64		'local.wordpress.dev', // VVV
65		'local.wordpress-trunk.dev', // VVV
66		'src.wordpress-develop.dev', // VVV
67		'build.wordpress-develop.dev', // VVV
68		);
69		if ( in_array( $domain, $forbidden_domains ) ) {
70		return new WP_Error( 'fail_domain_forbidden', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is in the forbidden array.', 'jetpack' ), $domain ) );
71		}
72
73		// No .dev or .local domains
74	View Code Duplication	if ( preg_match( '#\.(dev\|local)$#i', $domain ) ) {
75		return new WP_Error( 'fail_domain_tld', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it uses an invalid top level domain.', 'jetpack' ), $domain ) );
76		}
77
78		// No WPCOM subdomains
79	View Code Duplication	if ( preg_match( '#\.wordpress\.com$#i', $domain ) ) {
80		return new WP_Error( 'fail_subdomain_wpcom', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as it is a subdomain of WordPress.com.', 'jetpack' ), $domain ) );
81		}
82
83		// If PHP was compiled without support for the Filter module (very edge case)
84		if ( ! function_exists( 'filter_var' ) ) {
85		// Just pass back true for now, and let wpcom sort it out.
86		return true;
87		}
88
89		// Check the IP to make sure it's pingable.
90		$ip = gethostbyname( $domain );
91
92		// Doing this again as I was getting some false positives when gethostbyname() flaked out and returned the domain.
93		$ip = filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 ) ? $ip : gethostbyname( $ip );
94
95		if ( ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE \| FILTER_FLAG_NO_RES_RANGE \| FILTER_FLAG_IPV4 ) && ! self::php_bug_66229_check( $ip ) ) {
96		return new WP_Error( 'fail_domain_bad_ip_range', sprintf( __( 'Domain `%1$s` just failed is_usable_domain check as its IP `%2$s` is either invalid, or in a reserved or private range.', 'jetpack' ), $domain, $ip ) );
97		}
98
99		return true;
100		}
101
102		/**
103		* Returns true if the IP address passed in should not be in a reserved range, even if PHP says that it is.
104		* See: https://bugs.php.net/bug.php?id=66229 and https://github.com/php/php-src/commit/d1314893fd1325ca6aa0831101896e31135a2658
105		*
106		* This function mirrors Jetpack_Data::php_bug_66229_check() in the WPCOM codebase.
107		*/
108		public static function php_bug_66229_check( $ip ) {
109		if ( ! filter_var( $ip, FILTER_VALIDATE_IP ) ) {
110		return false;
111		}
112
113		$ip_arr = array_map( 'intval', explode( '.', $ip ) );
114
115		if ( 128 == $ip_arr[0] && 0 == $ip_arr[1] ) {
116		return true;
117		}
118
119		if ( 191 == $ip_arr[0] && 255 == $ip_arr[1] ) {
120		return true;
121		}
122
123		return false;
124		}
125		}
126

Automattic / jetpack

Push — add/nosara-tracks ( 481cb6...757671 )

class.jetpack-data.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like