Issues in class.wpcom-json-api-render-embed-endpoint.php - New Issues - Inspection of "Fix omitted imports" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — fix/instant-search-non-ascii ( b82854...f54339 )

unknown

created 2020-10-27 18:57 UTC

class.wpcom-json-api-render-embed-endpoint.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

new WPCOM_JSON_API_Render_Embed_Endpoint( array(
	'description' => "Get a rendered embed for a site. Note: The current user must have publishing access.",
	'group'       => 'sites',
	'stat'        => 'embeds:render',
	'method'      => 'GET',
	'path'        => '/sites/%s/embeds/render',
	'path_labels' => array(
		'$site'    => '(int|string) Site ID or domain',
	),
	'query_parameters' => array(
		'embed_url'     => '(string) The query-string encoded embed URL to render. Required. Only accepts one at a time.',
	),
	'response_format' => array(
		'embed_url' => '(string) The embed_url that was passed in for rendering.',
		'result'    => '(html) The rendered HTML result of the embed.',
	),
	'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/apiexamples.wordpress.com/embeds/render?embed_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSQEQr7c0-dw',
	'example_request_data' => array(
		'headers' => array(
			'authorization' => 'Bearer YOUR_API_TOKEN'
		),
	)
) );

class WPCOM_JSON_API_Render_Embed_Endpoint extends WPCOM_JSON_API_Render_Endpoint {
	// /sites/%s/embeds/render -> $blog_id
	function callback( $path = '', $blog_id = 0 ) {
		$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) );
		if ( is_wp_error( $blog_id ) ) {
			return $blog_id;
		}

		if ( ! current_user_can( 'edit_posts' ) ) {
			return new WP_Error( 'unauthorized', __( 'Your token must have permission to post on this blog.', 'jetpack' ), 403 );
		}

		$args = $this->query_args();
		$embed_url = trim( $args['embed_url'] );

		// quick validation
		if ( ! preg_match_all( '|^\s*(https?://[^\s"]+)\s*$|im', $embed_url, $matches ) ) {
			return new WP_Error( 'invalid_embed_url', __( 'The embed_url parameter must be a valid URL.', 'jetpack' ), 400 );
		}

		if ( count( $matches[1] ) > 1 ) {
			return new WP_Error( 'invalid_embed',  __( 'Only one embed can be rendered at a time.', 'jetpack' ), 400 );
		}

		$embed_url = array_shift( $matches[1] );
		$parts = wp_parse_url( $embed_url );
		if ( ! $parts ) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
			return new WP_Error( 'invalid_embed_url', __( 'The embed_url parameter must be a valid URL.', 'jetpack' ), 400 );
		}

		global $wp_embed;
		$render = $this->process_render( array( $this, 'do_embed' ), $embed_url );

		// if nothing happened, then the shortcode does not exist.
		$is_an_embed = ( $embed_url != $render['result'] && $wp_embed->maybe_make_link( $embed_url ) != $render['result'] );
		if ( ! $is_an_embed ) {
			return new WP_Error( 'invalid_embed',  __( 'The requested URL is not an embed.', 'jetpack' ), 400 );
		}

		// our output for this endpoint..
		$return['embed_url'] = $embed_url;
		$return['result'] = $render['result'];

		$return = $this->add_assets( $return, $render['loaded_scripts'], $render['loaded_styles'] );

		return $return;
	}

}


1			<?php
2
3			new WPCOM_JSON_API_Render_Embed_Endpoint( array(
4			'description' => "Get a rendered embed for a site. Note: The current user must have publishing access.",
5			'group' => 'sites',
6			'stat' => 'embeds:render',
7			'method' => 'GET',
8			'path' => '/sites/%s/embeds/render',
9			'path_labels' => array(
10			'$site' => '(int\|string) Site ID or domain',
11			),
12			'query_parameters' => array(
13			'embed_url' => '(string) The query-string encoded embed URL to render. Required. Only accepts one at a time.',
14			),
15			'response_format' => array(
16			'embed_url' => '(string) The embed_url that was passed in for rendering.',
17			'result' => '(html) The rendered HTML result of the embed.',
18			),
19			'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/apiexamples.wordpress.com/embeds/render?embed_url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DSQEQr7c0-dw',
20			'example_request_data' => array(
21			'headers' => array(
22			'authorization' => 'Bearer YOUR_API_TOKEN'
23			),
24			)
25			) );
26
27			class WPCOM_JSON_API_Render_Embed_Endpoint extends WPCOM_JSON_API_Render_Endpoint {
28			// /sites/%s/embeds/render -> $blog_id
29			function callback( $path = '', $blog_id = 0 ) {
30			$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) );
31			if ( is_wp_error( $blog_id ) ) {
32			return $blog_id;
33			}
34
35			if ( ! current_user_can( 'edit_posts' ) ) {
36			return new WP_Error( 'unauthorized', __( 'Your token must have permission to post on this blog.', 'jetpack' ), 403 );
37			}
38
39			$args = $this->query_args();
40			$embed_url = trim( $args['embed_url'] );
41
42			// quick validation
43			if ( ! preg_match_all( '\|^\s(https?://[^\s"]+)\s$\|im', $embed_url, $matches ) ) {
44			return new WP_Error( 'invalid_embed_url', __( 'The embed_url parameter must be a valid URL.', 'jetpack' ), 400 );
45			}
46
47			if ( count( $matches[1] ) > 1 ) {
48			return new WP_Error( 'invalid_embed', __( 'Only one embed can be rendered at a time.', 'jetpack' ), 400 );
49			}
50
51			$embed_url = array_shift( $matches[1] );
52			$parts = wp_parse_url( $embed_url );
53			if ( ! $parts ) {
			0 ignored issues – show Bug Best Practice introduced 2020-10-23 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$parts` of type `string\|false` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
54			return new WP_Error( 'invalid_embed_url', __( 'The embed_url parameter must be a valid URL.', 'jetpack' ), 400 );
55			}
56
57			global $wp_embed;
58			$render = $this->process_render( array( $this, 'do_embed' ), $embed_url );
59
60			// if nothing happened, then the shortcode does not exist.
61			$is_an_embed = ( $embed_url != $render['result'] && $wp_embed->maybe_make_link( $embed_url ) != $render['result'] );
62			if ( ! $is_an_embed ) {
63			return new WP_Error( 'invalid_embed', __( 'The requested URL is not an embed.', 'jetpack' ), 400 );
64			}
65
66			// our output for this endpoint..
67			$return['embed_url'] = $embed_url;
68			$return['result'] = $render['result'];
69
70			$return = $this->add_assets( $return, $render['loaded_scripts'], $render['loaded_styles'] );
71
72			return $return;
73			}
74
75			}
76

Automattic / jetpack

Push — fix/instant-search-non-ascii ( b82854...f54339 )

class.wpcom-json-api-render-embed-endpoint.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like