Issues in shared-functions.php - New Issues - Inspection of "New build" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master-stable ( e17c57...c646dd )

unknown

created 2016-11-08 14:25 UTC

modules/protect/shared-functions.php (4 issues)

Labels

Documentation 4

Severity

Minor 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * These functions are shared by the Protect module and its related json-endpoints
 */
/**
 * Returns an array of IP objects that will never be blocked by the Protect module
 *
 * The array is segmented into a local whitelist which applies only to the current site
 * and a global whitelist which, for multisite installs, applies to the entire networko
 *
 * @return array
 */
function jetpack_protect_format_whitelist() {
	$local_whitelist = jetpack_protect_get_local_whitelist();
	$formatted = array(
		'local' => array(),
	);
	foreach ( $local_whitelist as $item ) {
		if ( $item->range ) {
			$formatted['local'][] = $item->range_low . ' - ' . $item->range_high;
		} else {
			$formatted['local'][] = $item->ip_address;
		}
	}
	if ( is_multisite() && current_user_can( 'manage_network' ) ) {
		$formatted['global'] = array();
		$global_whitelist    = jetpack_protect_get_global_whitelist();
		if ( false === $global_whitelist ) {
			// If the global whitelist has never been set, check for a legacy option set prior to 3.6.
			$global_whitelist = get_site_option( 'jetpack_protect_whitelist', array() );
		}
		foreach ( $global_whitelist as $item ) {
			if ( $item->range ) {
				$formatted['global'][] = $item->range_low . ' - ' . $item->range_high;
			} else {
				$formatted['global'][] = $item->ip_address;
			}
		}
	}
	return $formatted;
}
/**
 * Gets the local Protect whitelist
 *
 * The 'local' part of the whitelist only really applies to multisite installs,
 * which can have a network wide whitelist, as well as a local list that applies
 * only to the current site. On single site installs, there will only be a local
 * whitelist.
 *
 * @return array A list of IP Address objects or an empty array
 */
function jetpack_protect_get_local_whitelist() {
	$whitelist = Jetpack_Options::get_option( 'protect_whitelist' );
	if ( false === $whitelist ) {
		// The local whitelist has never been set.
		if ( is_multisite() ) {
			// On a multisite, we can check for a legacy site_option that existed prior to v 3.6, or default to an empty array.
			$whitelist = get_site_option( 'jetpack_protect_whitelist', array() );
		} else {
			// On a single site, we can just use an empty array.
			$whitelist = array();
		}
	}
	return $whitelist;
}

/**
 * Get the global, network-wide whitelist
 *
 * It will revert to the legacy site_option if jetpack_protect_global_whitelist has never been set.
 *
 * @return array
 */
function jetpack_protect_get_global_whitelist() {
	$whitelist = get_site_option( 'jetpack_protect_global_whitelist' );
	if ( false === $whitelist ) {
		// The global whitelist has never been set. Check for legacy site_option, or default to an empty array.
		$whitelist = get_site_option( 'jetpack_protect_whitelist', array() );
	}
	return $whitelist;
}

/**
 * Jetpack Protect Save Whitelist.
 *
 * @access public
 * @param mixed $whitelist Whitelist.
 * @param bool  $global (default: false) Global.
 * @return Bool.

 */
function jetpack_protect_save_whitelist( $whitelist, $global = false ) {
	$whitelist_error = false;
	$new_items       = array();
	if ( ! is_array( $whitelist ) ) {
		return new WP_Error( 'invalid_parameters', __( 'Expecting an array', 'jetpack' ) );
	}
	if ( $global && ! is_multisite() ) {
		return new WP_Error( 'invalid_parameters', __( 'Cannot use global flag on non-multisites', 'jetpack' ) );
	}
	if ( $global && ! current_user_can( 'manage_network' ) ) {
		return new WP_Error( 'permission_denied', __( 'Only super admins can edit the global whitelist', 'jetpack' ) );
	}
	// Validate each item.
	foreach ( $whitelist as $item ) {
		$item = trim( $item );
		if ( empty( $item ) ) {
			continue;
		}
		$range = false;
		if ( strpos( $item, '-' ) ) {
			$item  = explode( '-', $item );
			$range = true;
		}
		$new_item        = new stdClass();
		$new_item->range = $range;
		if ( ! empty( $range ) ) {
			$low  = trim( $item[0] );
			$high = trim( $item[1] );
			if ( ! filter_var( $low, FILTER_VALIDATE_IP ) || ! filter_var( $high, FILTER_VALIDATE_IP ) ) {
				$whitelist_error = true;
				break;
			}
			if ( ! jetpack_convert_ip_address( $low ) || ! jetpack_convert_ip_address( $high ) ) {
				$whitelist_error = true;
				break;
			}
			$new_item->range_low  = $low;
			$new_item->range_high = $high;
		} else {
			if ( ! filter_var( $item, FILTER_VALIDATE_IP ) ) {
				$whitelist_error = true;
				break;
			}
			if ( ! jetpack_convert_ip_address( $item ) ) {
				$whitelist_error = true;
				break;
			}
			$new_item->ip_address = $item;
		}
		$new_items[] = $new_item;
	} // End item loop.
	if ( ! empty( $whitelist_error ) ) {
		return new WP_Error( 'invalid_ip', __( 'One of your IP addresses was not valid.', 'jetpack' ) );
	}
	if ( $global ) {
		update_site_option( 'jetpack_protect_global_whitelist', $new_items );
		// Once a user has saved their global whitelist, we can permanently remove the legacy option.
		delete_site_option( 'jetpack_protect_whitelist' );
	} else {
		Jetpack_Options::update_option( 'protect_whitelist', $new_items );
	}
	return true;
}

/**
 * Jetpack Protect Get IP.
 *
 * @access public
 * @return IP.

 */
function jetpack_protect_get_ip() {
	$trusted_header_data = get_site_option( 'trusted_ip_header' );
	if ( isset( $trusted_header_data->trusted_header ) && isset( $_SERVER[ $trusted_header_data->trusted_header ] ) ) {
		$ip            = $_SERVER[ $trusted_header_data->trusted_header ];
		$segments      = $trusted_header_data->segments;
		$reverse_order = $trusted_header_data->reverse;
	} else {
		$ip = $_SERVER['REMOTE_ADDR'];
	}
	$ips = explode( ',', $ip );
	if ( ! isset( $segments ) || ! $segments ) {
		$segments = 1;
	}
	if ( isset( $reverse_order ) && $reverse_order ) {
		$ips = array_reverse( $ips );
	}
	$ip_count = count( $ips );
	if ( 1 === $ip_count ) {
		return jetpack_clean_ip( $ips[0] );
	} elseif ( $ip_count >= $segments ) {
		$the_one = $ip_count - $segments;
		return jetpack_clean_ip( $ips[ $the_one ] );
	} else {
		return jetpack_clean_ip( $_SERVER['REMOTE_ADDR'] );
	}
}

/**
 * Jetpack Clean IP.
 *
 * @access public
 * @param mixed $ip IP.
 * @return $ip IP.

 */
function jetpack_clean_ip( $ip ) {
	$ip = trim( $ip );
	// Check for IPv4 IP cast as IPv6.
	if ( preg_match( '/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches ) ) {
		$ip = $matches[1];
	}
	return $ip;
}

/**
 * Checks an IP to see if it is within a private range.
 *
 * @param int $ip IP.
 * @return bool
 */
function jetpack_protect_ip_is_private( $ip ) {
	// We are dealing with ipv6, so we can simply rely on filter_var.
	if ( false === strpos( $ip, '.' ) ) {
		return ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE );
	}
	// We are dealing with ipv4.
	$private_ip4_addresses = array(
		'10.0.0.0|10.255.255.255',     // Single class A network.
		'172.16.0.0|172.31.255.255',   // 16 contiguous class B network.
		'192.168.0.0|192.168.255.255', // 256 contiguous class C network.
		'169.254.0.0|169.254.255.255', // Link-local address also referred to as Automatic Private IP Addressing.
		'127.0.0.0|127.255.255.255',    // localhost.
	);
	$long_ip = ip2long( $ip );
	if ( -1 !== $long_ip ) {
		foreach ( $private_ip4_addresses as $pri_addr ) {
			list ( $start, $end ) = explode( '|', $pri_addr );
			if ( $long_ip >= ip2long( $start ) && $long_ip <= ip2long( $end ) ) {
				return true;
			}
		}
	}
	return false;
}

/**
 * Uses inet_pton if available to convert an IP address to a binary string.
 * If inet_pton is not available, ip2long will convert the address to an integer.
 * Returns false if an invalid IP address is given.
 *
 * NOTE: ip2long will return false for any ipv6 address. servers that do not support
 * inet_pton will not support ipv6
 *
 * @access public
 * @param mixed $ip IP.
 * @return int|string|bool
 */
function jetpack_convert_ip_address( $ip ) {
	if ( function_exists( 'inet_pton' ) ) {
		return inet_pton( $ip );
	}
	return ip2long( $ip );
}

/**
 * Checks that a given IP address is within a given low - high range.
 * Servers that support inet_pton will use that function to convert the ip to number,
 * while other servers will use ip2long.
 *
 * NOTE: servers that do not support inet_pton cannot support ipv6.
 *
 * @access public
 * @param mixed $ip IP.
 * @param mixed $range_low Range Low.
 * @param mixed $range_high Range High.
 * @return Bool.

 */
function jetpack_protect_ip_address_is_in_range( $ip, $range_low, $range_high ) {
	// The inet_pton will give us binary string of an ipv4 or ipv6.
	// We can then use strcmp to see if the address is in range.
	if ( function_exists( 'inet_pton' ) ) {
		$ip_num  = inet_pton( $ip );
		$ip_low  = inet_pton( $range_low );
		$ip_high = inet_pton( $range_high );
		if ( $ip_num && $ip_low && $ip_high && strcmp( $ip_num, $ip_low ) >= 0 && strcmp( $ip_num, $ip_high ) <= 0 ) {
			return true;
		}
		// The ip2long will give us an integer of an ipv4 address only. it will produce FALSE for ipv6.
	} else {
		$ip_num  = ip2long( $ip );
		$ip_low  = ip2long( $range_low );
		$ip_high = ip2long( $range_high );
		if ( $ip_num && $ip_low && $ip_high && $ip_num >= $ip_low && $ip_num <= $ip_high ) {
			return true;
		}
	}
	return false;
}


1		<?php
2		/**
3		* These functions are shared by the Protect module and its related json-endpoints
4		*/
5		/**
6		* Returns an array of IP objects that will never be blocked by the Protect module
7		*
8		* The array is segmented into a local whitelist which applies only to the current site
9		* and a global whitelist which, for multisite installs, applies to the entire networko
10		*
11		* @return array
12		*/
13		function jetpack_protect_format_whitelist() {
14		$local_whitelist = jetpack_protect_get_local_whitelist();
15		$formatted = array(
16		'local' => array(),
17		);
18	View Code Duplication	foreach ( $local_whitelist as $item ) {
19		if ( $item->range ) {
20		$formatted['local'][] = $item->range_low . ' - ' . $item->range_high;
21		} else {
22		$formatted['local'][] = $item->ip_address;
23		}
24		}
25		if ( is_multisite() && current_user_can( 'manage_network' ) ) {
26		$formatted['global'] = array();
27		$global_whitelist = jetpack_protect_get_global_whitelist();
28		if ( false === $global_whitelist ) {
29		// If the global whitelist has never been set, check for a legacy option set prior to 3.6.
30		$global_whitelist = get_site_option( 'jetpack_protect_whitelist', array() );
31		}
32	View Code Duplication	foreach ( $global_whitelist as $item ) {
33		if ( $item->range ) {
34		$formatted['global'][] = $item->range_low . ' - ' . $item->range_high;
35		} else {
36		$formatted['global'][] = $item->ip_address;
37		}
38		}
39		}
40		return $formatted;
41		}
42		/**
43		* Gets the local Protect whitelist
44		*
45		* The 'local' part of the whitelist only really applies to multisite installs,
46		* which can have a network wide whitelist, as well as a local list that applies
47		* only to the current site. On single site installs, there will only be a local
48		* whitelist.
49		*
50		* @return array A list of IP Address objects or an empty array
51		*/
52		function jetpack_protect_get_local_whitelist() {
53		$whitelist = Jetpack_Options::get_option( 'protect_whitelist' );
54		if ( false === $whitelist ) {
55		// The local whitelist has never been set.
56		if ( is_multisite() ) {
57		// On a multisite, we can check for a legacy site_option that existed prior to v 3.6, or default to an empty array.
58		$whitelist = get_site_option( 'jetpack_protect_whitelist', array() );
59		} else {
60		// On a single site, we can just use an empty array.
61		$whitelist = array();
62		}
63		}
64		return $whitelist;
65		}
66
67		/**
68		* Get the global, network-wide whitelist
69		*
70		* It will revert to the legacy site_option if jetpack_protect_global_whitelist has never been set.
71		*
72		* @return array
73		*/
74		function jetpack_protect_get_global_whitelist() {
75		$whitelist = get_site_option( 'jetpack_protect_global_whitelist' );
76		if ( false === $whitelist ) {
77		// The global whitelist has never been set. Check for legacy site_option, or default to an empty array.
78		$whitelist = get_site_option( 'jetpack_protect_whitelist', array() );
79		}
80		return $whitelist;
81		}
82
83		/**
84		* Jetpack Protect Save Whitelist.
85		*
86		* @access public
87		* @param mixed $whitelist Whitelist.
88		* @param bool $global (default: false) Global.
89		* @return Bool.
		0 ignored issues – show Documentation introduced 2016-10-23 09:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `Bool.` could not be parsed: Unknown type name "Bool." at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
90		*/
91		function jetpack_protect_save_whitelist( $whitelist, $global = false ) {
92		$whitelist_error = false;
93		$new_items = array();
94		if ( ! is_array( $whitelist ) ) {
95		return new WP_Error( 'invalid_parameters', __( 'Expecting an array', 'jetpack' ) );
96		}
97		if ( $global && ! is_multisite() ) {
98		return new WP_Error( 'invalid_parameters', __( 'Cannot use global flag on non-multisites', 'jetpack' ) );
99		}
100		if ( $global && ! current_user_can( 'manage_network' ) ) {
101		return new WP_Error( 'permission_denied', __( 'Only super admins can edit the global whitelist', 'jetpack' ) );
102		}
103		// Validate each item.
104		foreach ( $whitelist as $item ) {
105		$item = trim( $item );
106		if ( empty( $item ) ) {
107		continue;
108		}
109		$range = false;
110		if ( strpos( $item, '-' ) ) {
111		$item = explode( '-', $item );
112		$range = true;
113		}
114		$new_item = new stdClass();
115		$new_item->range = $range;
116		if ( ! empty( $range ) ) {
117		$low = trim( $item[0] );
118		$high = trim( $item[1] );
119		if ( ! filter_var( $low, FILTER_VALIDATE_IP ) \|\| ! filter_var( $high, FILTER_VALIDATE_IP ) ) {
120		$whitelist_error = true;
121		break;
122		}
123		if ( ! jetpack_convert_ip_address( $low ) \|\| ! jetpack_convert_ip_address( $high ) ) {
124		$whitelist_error = true;
125		break;
126		}
127		$new_item->range_low = $low;
128		$new_item->range_high = $high;
129		} else {
130		if ( ! filter_var( $item, FILTER_VALIDATE_IP ) ) {
131		$whitelist_error = true;
132		break;
133		}
134		if ( ! jetpack_convert_ip_address( $item ) ) {
135		$whitelist_error = true;
136		break;
137		}
138		$new_item->ip_address = $item;
139		}
140		$new_items[] = $new_item;
141		} // End item loop.
142		if ( ! empty( $whitelist_error ) ) {
143		return new WP_Error( 'invalid_ip', __( 'One of your IP addresses was not valid.', 'jetpack' ) );
144		}
145		if ( $global ) {
146		update_site_option( 'jetpack_protect_global_whitelist', $new_items );
147		// Once a user has saved their global whitelist, we can permanently remove the legacy option.
148		delete_site_option( 'jetpack_protect_whitelist' );
149		} else {
150		Jetpack_Options::update_option( 'protect_whitelist', $new_items );
151		}
152		return true;
153		}
154
155		/**
156		* Jetpack Protect Get IP.
157		*
158		* @access public
159		* @return IP.
		0 ignored issues – show Documentation introduced 2016-10-23 09:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `IP.` could not be parsed: Unknown type name "IP." at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
160		*/
161		function jetpack_protect_get_ip() {
162		$trusted_header_data = get_site_option( 'trusted_ip_header' );
163		if ( isset( $trusted_header_data->trusted_header ) && isset( $_SERVER[ $trusted_header_data->trusted_header ] ) ) {
164		$ip = $_SERVER[ $trusted_header_data->trusted_header ];
165		$segments = $trusted_header_data->segments;
166		$reverse_order = $trusted_header_data->reverse;
167		} else {
168		$ip = $_SERVER['REMOTE_ADDR'];
169		}
170		$ips = explode( ',', $ip );
171		if ( ! isset( $segments ) \|\| ! $segments ) {
172		$segments = 1;
173		}
174		if ( isset( $reverse_order ) && $reverse_order ) {
175		$ips = array_reverse( $ips );
176		}
177		$ip_count = count( $ips );
178		if ( 1 === $ip_count ) {
179		return jetpack_clean_ip( $ips[0] );
180		} elseif ( $ip_count >= $segments ) {
181		$the_one = $ip_count - $segments;
182		return jetpack_clean_ip( $ips[ $the_one ] );
183		} else {
184		return jetpack_clean_ip( $_SERVER['REMOTE_ADDR'] );
185		}
186		}
187
188		/**
189		* Jetpack Clean IP.
190		*
191		* @access public
192		* @param mixed $ip IP.
193		* @return $ip IP.
		0 ignored issues – show Documentation introduced 2016-10-23 09:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$ip` could not be parsed: Unknown type name "$ip" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
194		*/
195		function jetpack_clean_ip( $ip ) {
196		$ip = trim( $ip );
197		// Check for IPv4 IP cast as IPv6.
198		if ( preg_match( '/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches ) ) {
199		$ip = $matches[1];
200		}
201		return $ip;
202		}
203
204		/**
205		* Checks an IP to see if it is within a private range.
206		*
207		* @param int $ip IP.
208		* @return bool
209		*/
210		function jetpack_protect_ip_is_private( $ip ) {
211		// We are dealing with ipv6, so we can simply rely on filter_var.
212		if ( false === strpos( $ip, '.' ) ) {
213		return ! filter_var( $ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE \| FILTER_FLAG_NO_RES_RANGE );
214		}
215		// We are dealing with ipv4.
216		$private_ip4_addresses = array(
217		'10.0.0.0\|10.255.255.255', // Single class A network.
218		'172.16.0.0\|172.31.255.255', // 16 contiguous class B network.
219		'192.168.0.0\|192.168.255.255', // 256 contiguous class C network.
220		'169.254.0.0\|169.254.255.255', // Link-local address also referred to as Automatic Private IP Addressing.
221		'127.0.0.0\|127.255.255.255', // localhost.
222		);
223		$long_ip = ip2long( $ip );
224		if ( -1 !== $long_ip ) {
225		foreach ( $private_ip4_addresses as $pri_addr ) {
226		list ( $start, $end ) = explode( '\|', $pri_addr );
227		if ( $long_ip >= ip2long( $start ) && $long_ip <= ip2long( $end ) ) {
228		return true;
229		}
230		}
231		}
232		return false;
233		}
234
235		/**
236		* Uses inet_pton if available to convert an IP address to a binary string.
237		* If inet_pton is not available, ip2long will convert the address to an integer.
238		* Returns false if an invalid IP address is given.
239		*
240		* NOTE: ip2long will return false for any ipv6 address. servers that do not support
241		* inet_pton will not support ipv6
242		*
243		* @access public
244		* @param mixed $ip IP.
245		* @return int\|string\|bool
246		*/
247		function jetpack_convert_ip_address( $ip ) {
248		if ( function_exists( 'inet_pton' ) ) {
249		return inet_pton( $ip );
250		}
251		return ip2long( $ip );
252		}
253
254		/**
255		* Checks that a given IP address is within a given low - high range.
256		* Servers that support inet_pton will use that function to convert the ip to number,
257		* while other servers will use ip2long.
258		*
259		* NOTE: servers that do not support inet_pton cannot support ipv6.
260		*
261		* @access public
262		* @param mixed $ip IP.
263		* @param mixed $range_low Range Low.
264		* @param mixed $range_high Range High.
265		* @return Bool.
		0 ignored issues – show Documentation introduced 2016-10-23 09:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `Bool.` could not be parsed: Unknown type name "Bool." at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
266		*/
267		function jetpack_protect_ip_address_is_in_range( $ip, $range_low, $range_high ) {
268		// The inet_pton will give us binary string of an ipv4 or ipv6.
269		// We can then use strcmp to see if the address is in range.
270		if ( function_exists( 'inet_pton' ) ) {
271		$ip_num = inet_pton( $ip );
272		$ip_low = inet_pton( $range_low );
273		$ip_high = inet_pton( $range_high );
274		if ( $ip_num && $ip_low && $ip_high && strcmp( $ip_num, $ip_low ) >= 0 && strcmp( $ip_num, $ip_high ) <= 0 ) {
275		return true;
276		}
277		// The ip2long will give us an integer of an ipv4 address only. it will produce FALSE for ipv6.
278		} else {
279		$ip_num = ip2long( $ip );
280		$ip_low = ip2long( $range_low );
281		$ip_high = ip2long( $range_high );
282		if ( $ip_num && $ip_low && $ip_high && $ip_num >= $ip_low && $ip_num <= $ip_high ) {
283		return true;
284		}
285		}
286		return false;
287		}
288

Automattic / jetpack

Push — master-stable ( e17c57...c646dd )

modules/protect/shared-functions.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like