Issues in class.jetpack-client-server.php - All Issues - Inspection of "Prefix functions with jetpack_" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — add/vr-shortcode ( 271979...022ee9 )

unknown

created 2016-12-16 18:04 UTC

class.jetpack-client-server.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Client = Plugin
 * Client Server = API Methods the Plugin must respond to
 */
class Jetpack_Client_Server {
	function authorize() {
		$data = stripslashes_deep( $_GET );
		$args = array();
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		do {
			$jetpack = Jetpack::init();
			$role = $jetpack->translate_current_user_to_role();
			if ( !$role ) {
				Jetpack::state( 'error', 'no_role' );
				break;
			}

			$cap = $jetpack->translate_role_to_cap( $role );
			if ( !$cap ) {
				Jetpack::state( 'error', 'no_cap' );
				break;
			}

			check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );

			if ( !empty( $data['error'] ) ) {
				Jetpack::state( 'error', $data['error'] );
				break;
			}

			if ( empty( $data['state'] ) ) {
				Jetpack::state( 'error', 'no_state' );
				break;
			}

			if ( !ctype_digit( $data['state'] ) ) {
				Jetpack::state( 'error', 'invalid_state' );
				break;
			}

			$current_user_id = get_current_user_id();
			if ( $current_user_id != $data['state'] ) {
				Jetpack::state( 'error', 'wrong_state' );
				break;
			}

			if ( empty( $data['code'] ) ) {
				Jetpack::state( 'error', 'no_code' );
				break;
			}

			$token = $this->get_token( $data );

			if ( is_wp_error( $token ) ) {
				if ( $error = $token->get_error_code() )
					Jetpack::state( 'error', $error );
				else
					Jetpack::state( 'error', 'invalid_token' );

				Jetpack::state( 'error_description', $token->get_error_message() );

				break;
			}

			if ( !$token ) {
				Jetpack::state( 'error', 'no_token' );
				break;
			}

			$is_master_user = ! Jetpack::is_active();

			Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );


			if ( $is_master_user ) {
				Jetpack::state( 'message', 'authorized' );
			} else {
				Jetpack::state( 'message', 'linked' );
				// Don't activate anything since we are just connecting a user.
				break;
			}

			if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
				Jetpack_Options::delete_option( 'active_modules' );

				Jetpack::activate_default_modules( 999, 1, $active_modules );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
			} else {
				Jetpack::activate_default_modules();
			}

			// Sync all registers options and constants
			do_action( 'jetpack_sync_all_registered_options' );

			// Start nonce cleaner
			wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
			wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
		} while ( false );

		if ( wp_validate_redirect( $redirect ) ) {
			wp_safe_redirect( $redirect );
		} else {
			wp_safe_redirect( Jetpack::admin_url() );
		}

		exit;

	}

	public static function deactivate_plugin( $probable_file, $probable_title ) {
		include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
		if ( is_plugin_active( $probable_file ) ) {
			deactivate_plugins( $probable_file );
			return 1;
		} else {
			// If the plugin is not in the usual place, try looking through all active plugins.
			$active_plugins = Jetpack::get_active_plugins();
			foreach ( $active_plugins as $plugin ) {
				$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
				if ( $data['Name'] == $probable_title ) {
					deactivate_plugins( $plugin );
					return 1;
				}
			}
		}

		return 0;
	}

	/**
	 * @return object|WP_Error
	 */
	function get_token( $data ) {
		$jetpack = Jetpack::init();
		$role = $jetpack->translate_current_user_to_role();

		if ( !$role ) {
			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
		}

		$client_secret = Jetpack_Data::get_access_token();
		if ( !$client_secret ) {
			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
		}

		$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';

		$body = array(
			'client_id' => Jetpack_Options::get_option( 'id' ),
			'client_secret' => $client_secret->secret,
			'grant_type' => 'authorization_code',
			'code' => $data['code'],
			'redirect_uri' => add_query_arg( array(
				'action' => 'authorize',
				'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
				'redirect' => $redirect ? urlencode( $redirect ) : false,
			), menu_page_url( 'jetpack', false ) ),
		);

		$args = array(
			'method' => 'POST',
			'body' => $body,
			'headers' => array(
				'Accept' => 'application/json',
			),
		);
		$response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );

		if ( is_wp_error( $response ) ) {
			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
		}

		$code = wp_remote_retrieve_response_code( $response );
		$entity = wp_remote_retrieve_body( $response );

		if ( $entity )
			$json = json_decode( $entity );
		else
			$json = false;

		if ( 200 != $code || !empty( $json->error ) ) {
			if ( empty( $json->error ) )
				return new Jetpack_Error( 'unknown', '', $code );

			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';

			return new Jetpack_Error( (string) $json->error, $error_description, $code );
		}

		if ( empty( $json->access_token ) || !is_scalar( $json->access_token ) ) {
			return new Jetpack_Error( 'access_token', '', $code );
		}

		if ( empty( $json->token_type ) || 'X_JETPACK' != strtoupper( $json->token_type ) ) {
			return new Jetpack_Error( 'token_type', '', $code );
		}

		if ( empty( $json->scope ) ) {
			return new Jetpack_Error( 'scope', 'No Scope', $code );
		}
		@list( $role, $hmac ) = explode( ':', $json->scope );
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
		if ( empty( $role ) || empty( $hmac ) ) {
			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
		}
		if ( $jetpack->sign_role( $role ) !== $json->scope ) {
			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
		}

		if ( !$cap = $jetpack->translate_role_to_cap( $role ) )
			return new Jetpack_Error( 'scope', 'No Cap', $code );
		if ( !current_user_can( $cap ) )
			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );

		return (string) $json->access_token;
	}
}


1			<?php
2
3			/**
4			* Client = Plugin
5			* Client Server = API Methods the Plugin must respond to
6			*/
7			class Jetpack_Client_Server {
8			function authorize() {
9			$data = stripslashes_deep( $_GET );
10			$args = array();
			0 ignored issues – show Unused Code introduced 2015-12-18 19:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$args` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
11			$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
12
13			do {
14			$jetpack = Jetpack::init();
15			$role = $jetpack->translate_current_user_to_role();
16			if ( !$role ) {
17			Jetpack::state( 'error', 'no_role' );
18			break;
19			}
20
21			$cap = $jetpack->translate_role_to_cap( $role );
22			if ( !$cap ) {
23			Jetpack::state( 'error', 'no_cap' );
24			break;
25			}
26
27			check_admin_referer( "jetpack-authorize_{$role}_{$redirect}" );
28
29			if ( !empty( $data['error'] ) ) {
30			Jetpack::state( 'error', $data['error'] );
31			break;
32			}
33
34			if ( empty( $data['state'] ) ) {
35			Jetpack::state( 'error', 'no_state' );
36			break;
37			}
38
39			if ( !ctype_digit( $data['state'] ) ) {
40			Jetpack::state( 'error', 'invalid_state' );
41			break;
42			}
43
44			$current_user_id = get_current_user_id();
45			if ( $current_user_id != $data['state'] ) {
46			Jetpack::state( 'error', 'wrong_state' );
47			break;
48			}
49
50			if ( empty( $data['code'] ) ) {
51			Jetpack::state( 'error', 'no_code' );
52			break;
53			}
54
55			$token = $this->get_token( $data );
56
57			if ( is_wp_error( $token ) ) {
58			if ( $error = $token->get_error_code() )
59			Jetpack::state( 'error', $error );
60			else
61			Jetpack::state( 'error', 'invalid_token' );
62
63			Jetpack::state( 'error_description', $token->get_error_message() );
64
65			break;
66			}
67
68			if ( !$token ) {
69			Jetpack::state( 'error', 'no_token' );
70			break;
71			}
72
73			$is_master_user = ! Jetpack::is_active();
74
75			Jetpack::update_user_token( $current_user_id, sprintf( '%s.%d', $token, $current_user_id ), $is_master_user );
76
77
78			if ( $is_master_user ) {
79			Jetpack::state( 'message', 'authorized' );
80			} else {
81			Jetpack::state( 'message', 'linked' );
82			// Don't activate anything since we are just connecting a user.
83			break;
84			}
85
86			if ( $active_modules = Jetpack_Options::get_option( 'active_modules' ) ) {
87			Jetpack_Options::delete_option( 'active_modules' );
88
89			Jetpack::activate_default_modules( 999, 1, $active_modules );
			0 ignored issues – show Documentation introduced 2016-12-16 00:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this `999` is of type `integer`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
90			} else {
91			Jetpack::activate_default_modules();
92			}
93
94			// Sync all registers options and constants
95			do_action( 'jetpack_sync_all_registered_options' );
96
97			// Start nonce cleaner
98			wp_clear_scheduled_hook( 'jetpack_clean_nonces' );
99			wp_schedule_event( time(), 'hourly', 'jetpack_clean_nonces' );
100			} while ( false );
101
102			if ( wp_validate_redirect( $redirect ) ) {
103			wp_safe_redirect( $redirect );
104			} else {
105			wp_safe_redirect( Jetpack::admin_url() );
106			}
107
108			exit;
			0 ignored issues – show Coding Style Compatibility introduced 2016-12-16 00:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `authorize()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
109			}
110
111			public static function deactivate_plugin( $probable_file, $probable_title ) {
112			include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
113			if ( is_plugin_active( $probable_file ) ) {
114			deactivate_plugins( $probable_file );
115			return 1;
116			} else {
117			// If the plugin is not in the usual place, try looking through all active plugins.
118			$active_plugins = Jetpack::get_active_plugins();
119			foreach ( $active_plugins as $plugin ) {
120			$data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
121			if ( $data['Name'] == $probable_title ) {
122			deactivate_plugins( $plugin );
123			return 1;
124			}
125			}
126			}
127
128			return 0;
129			}
130
131			/**
132			* @return object\|WP_Error
133			*/
134			function get_token( $data ) {
135			$jetpack = Jetpack::init();
136			$role = $jetpack->translate_current_user_to_role();
137
138			if ( !$role ) {
139			return new Jetpack_Error( 'role', __( 'An administrator for this blog must set up the Jetpack connection.', 'jetpack' ) );
140			}
141
142			$client_secret = Jetpack_Data::get_access_token();
143			if ( !$client_secret ) {
144			return new Jetpack_Error( 'client_secret', __( 'You need to register your Jetpack before connecting it.', 'jetpack' ) );
145			}
146
147			$redirect = isset( $data['redirect'] ) ? esc_url_raw( (string) $data['redirect'] ) : '';
148
149			$body = array(
150			'client_id' => Jetpack_Options::get_option( 'id' ),
151			'client_secret' => $client_secret->secret,
152			'grant_type' => 'authorization_code',
153			'code' => $data['code'],
154			'redirect_uri' => add_query_arg( array(
155			'action' => 'authorize',
156			'_wpnonce' => wp_create_nonce( "jetpack-authorize_{$role}_{$redirect}" ),
157			'redirect' => $redirect ? urlencode( $redirect ) : false,
158			), menu_page_url( 'jetpack', false ) ),
159			);
160
161			$args = array(
162			'method' => 'POST',
163			'body' => $body,
164			'headers' => array(
165			'Accept' => 'application/json',
166			),
167			);
168			$response = Jetpack_Client::_wp_remote_request( Jetpack::fix_url_for_bad_hosts( Jetpack::api_url( 'token' ) ), $args );
169
170			if ( is_wp_error( $response ) ) {
171			return new Jetpack_Error( 'token_http_request_failed', $response->get_error_message() );
172			}
173
174			$code = wp_remote_retrieve_response_code( $response );
175			$entity = wp_remote_retrieve_body( $response );
176
177			if ( $entity )
178			$json = json_decode( $entity );
179			else
180			$json = false;
181
182			if ( 200 != $code \|\| !empty( $json->error ) ) {
183			if ( empty( $json->error ) )
184			return new Jetpack_Error( 'unknown', '', $code );
185
186			$error_description = isset( $json->error_description ) ? sprintf( __( 'Error Details: %s', 'jetpack' ), (string) $json->error_description ) : '';
187
188			return new Jetpack_Error( (string) $json->error, $error_description, $code );
189			}
190
191			if ( empty( $json->access_token ) \|\| !is_scalar( $json->access_token ) ) {
192			return new Jetpack_Error( 'access_token', '', $code );
193			}
194
195			if ( empty( $json->token_type ) \|\| 'X_JETPACK' != strtoupper( $json->token_type ) ) {
196			return new Jetpack_Error( 'token_type', '', $code );
197			}
198
199			if ( empty( $json->scope ) ) {
200			return new Jetpack_Error( 'scope', 'No Scope', $code );
201			}
202			@list( $role, $hmac ) = explode( ':', $json->scope );
			0 ignored issues – show Security Best Practice introduced 2015-11-20 23:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
203			if ( empty( $role ) \|\| empty( $hmac ) ) {
204			return new Jetpack_Error( 'scope', 'Malformed Scope', $code );
205			}
206			if ( $jetpack->sign_role( $role ) !== $json->scope ) {
207			return new Jetpack_Error( 'scope', 'Invalid Scope', $code );
208			}
209
210			if ( !$cap = $jetpack->translate_role_to_cap( $role ) )
211			return new Jetpack_Error( 'scope', 'No Cap', $code );
212			if ( !current_user_can( $cap ) )
213			return new Jetpack_Error( 'scope', 'current_user_cannot', $code );
214
215			return (string) $json->access_token;
216			}
217			}
218

Automattic / jetpack

Push — add/vr-shortcode ( 271979...022ee9 )

class.jetpack-client-server.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like