for testing and deploying your application
for finding and fixing issues
for empowering human code reviews
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
public $comment_object_format = array(
// explicitly document and cast all output
'ID' => '(int) The comment ID.',
'post' => "(object>post_reference) A reference to the comment's post.",
'author' => '(object>author) The author of the comment.',
'date' => "(ISO 8601 datetime) The comment's creation time.",
'URL' => '(URL) The full permalink URL to the comment.',
'short_URL' => '(URL) The wp.me short URL.',
'content' => '(HTML) <code>context</code> dependent.',
'raw_content' => '(string) Raw comment content.',
'status' => array(
'approved' => 'The comment has been approved.',
'unapproved' => 'The comment has been held for review in the moderation queue.',
'spam' => 'The comment has been marked as spam.',
'trash' => 'The comment is in the trash.',
),
'parent' => "(object>comment_reference|false) A reference to the comment's parent, if it has one.",
'type' => array(
'comment' => 'The comment is a regular comment.',
'trackback' => 'The comment is a trackback.',
'pingback' => 'The comment is a pingback.',
'review' => 'The comment is a product review.',
'like_count' => '(int) The number of likes for this comment.',
'i_like' => '(bool) Does the current user like this comment?',
'meta' => '(object) Meta data',
'can_moderate' => '(bool) Whether current user can moderate the comment.',
);
// public $response_format =& $this->comment_object_format;
function __construct( $args ) {
if ( !$this->response_format ) {
$this->response_format =& $this->comment_object_format;
}
parent::__construct( $args );
function get_comment( $comment_id, $context ) {
global $blog_id;
$comment = get_comment( $comment_id );
if ( !$comment || is_wp_error( $comment ) ) {
return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
$types = array( '', 'comment', 'pingback', 'trackback', 'review' );
if ( !in_array( $comment->comment_type, $types ) ) {
$post = get_post( $comment->comment_post_ID );
if ( !$post || is_wp_error( $post ) ) {
return new WP_Error( 'unknown_post', 'Unknown post', 404 );
$status = wp_get_comment_status( $comment->comment_ID );
// Permissions
switch ( $context ) {
case 'edit' :
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );
$GLOBALS['post'] = $post;
$comment = get_comment_to_edit( $comment->comment_ID );
foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
$comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
break;
case 'display' :
if ( 'approved' !== $status ) {
$current_user_id = get_current_user_id();
$user_can_read_comment = false;
$user_can_read_comment
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
$myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; }
Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.
$myVar
$higher
if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
$user_can_read_comment = true;
} elseif (
$comment->comment_author_email && $comment->comment_author
&&
isset( $this->api->token_details['user'] )
isset( $this->api->token_details['user']['user_email'] )
$this->api->token_details['user']['user_email'] === $comment->comment_author_email
$this->api->token_details['user']['display_name'] === $comment->comment_author
) {
} else {
$user_can_read_comment = current_user_can( 'edit_posts' );
if ( !$user_can_read_comment ) {
return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );
setup_postdata( $post );
default :
return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
$can_view = $this->user_can_view_post( $post->ID );
if ( !$can_view || is_wp_error( $can_view ) ) {
return $can_view;
$GLOBALS['comment'] = $comment;
$response = array();
foreach ( array_keys( $this->comment_object_format ) as $key ) {
switch ( $key ) {
case 'ID' :
// explicitly cast all output
$response[$key] = (int) $comment->comment_ID;
case 'post' :
$response[$key] = (object) array(
'ID' => (int) $post->ID,
'title' => (string) get_the_title( $post->ID ),
'type' => (string) $post->post_type,
'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
case 'author' :
$response[$key] = (object) $this->get_author( $comment, current_user_can( 'edit_comment', $comment->comment_ID ) );
case 'date' :
$response[$key] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
case 'URL' :
$response[$key] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
case 'short_URL' :
// @todo - pagination
$response[$key] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
case 'content' :
if ( 'display' === $context ) {
ob_start();
comment_text();
$response[$key] = (string) ob_get_clean();
$response[$key] = (string) $comment->comment_content;
case 'raw_content':
case 'status' :
$response[$key] = (string) $status;
case 'parent' : // (object|false)
if ( $comment->comment_parent ) {
$parent = get_comment( $comment->comment_parent );
'ID' => (int) $parent->comment_ID,
'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
$response[$key] = false;
case 'type' :
$response[$key] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
case 'like_count' :
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
$response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );
case 'i_like' :
$response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID );
case 'meta' :
'links' => (object) array(
'self' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
'help' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
'site' => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
'post' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
'likes' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
case 'can_moderate':
$response[ $key ] = (bool) current_user_can( 'edit_comment', $comment_id );
unset( $GLOBALS['comment'], $GLOBALS['post'] );
return $response;
Automattic /
jetpack
Kirk Wight
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.
Both the
$myVarassignment in line 1 and the$higherassignment in line 2 are dead. The first because$myVaris never used and the second because$higheris always overwritten for every possible time line.