Issues in class.wpcom-json-api-comment-endpoint.php - New Issues - Inspection of "Simplify conditional checks" - Automattic/jetpack - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — update/crm-integration-fixes ( a3fc2b )

by Jeremy

created 2020-07-31 11:37 UTC

class.wpcom-json-api-comment-endpoint.php (7 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php


abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
	public $comment_object_format = array(
		// explicitly document and cast all output
		'ID'          => '(int) The comment ID.',
		'post'        => "(object>post_reference) A reference to the comment's post.",
		'author'      => '(object>author) The author of the comment.',
		'date'        => "(ISO 8601 datetime) The comment's creation time.",
		'URL'         => '(URL) The full permalink URL to the comment.',
		'short_URL'   => '(URL) The wp.me short URL.',
		'content'     => '(HTML) <code>context</code> dependent.',
		'raw_content' => '(string) Raw comment content.',
		'status'      => array(
			'approved'   => 'The comment has been approved.',
			'unapproved' => 'The comment has been held for review in the moderation queue.',
			'spam'       => 'The comment has been marked as spam.',
			'trash'      => 'The comment is in the trash.',
		),
		'parent' => "(object>comment_reference|false) A reference to the comment's parent, if it has one.",
		'type'   => array(
			'comment'   => 'The comment is a regular comment.',
			'trackback' => 'The comment is a trackback.',
			'pingback'  => 'The comment is a pingback.',
			'review'    => 'The comment is a product review.',
		),
		'like_count'   => '(int) The number of likes for this comment.',
		'i_like'       => '(bool) Does the current user like this comment?',
		'meta'         => '(object) Meta data',
		'can_moderate' => '(bool) Whether current user can moderate the comment.',
	);

	// public $response_format =& $this->comment_object_format;

	function __construct( $args ) {
		if ( !$this->response_format ) {
			$this->response_format =& $this->comment_object_format;
		}
		parent::__construct( $args );
	}

	function get_comment( $comment_id, $context ) {
		global $blog_id;

		$comment = get_comment( $comment_id );
		if ( !$comment || is_wp_error( $comment ) ) {
			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );

		}

		$types = array( '', 'comment', 'pingback', 'trackback', 'review' );
		if ( !in_array( $comment->comment_type, $types ) ) {
			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );

		}

		$post = get_post( $comment->comment_post_ID );
		if ( !$post || is_wp_error( $post ) ) {
			return new WP_Error( 'unknown_post', 'Unknown post', 404 );

		}

		$status = wp_get_comment_status( $comment->comment_ID );

		// Permissions
		switch ( $context ) {
		case 'edit' :
			if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
				return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );

			}

			$GLOBALS['post'] = $post;
			$comment         = get_comment_to_edit( $comment->comment_ID );
			foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
				$comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
			}
			break;
		case 'display' :
			if ( 'approved' !== $status ) {
				$current_user_id = get_current_user_id();
				$user_can_read_comment = false;
				if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
					$user_can_read_comment = true;
				} elseif (
					$comment->comment_author_email && $comment->comment_author
				&&
					isset( $this->api->token_details['user'] )
				&&
					isset( $this->api->token_details['user']['user_email'] )
				&&
					$this->api->token_details['user']['user_email'] === $comment->comment_author_email
				&&
					$this->api->token_details['user']['display_name'] === $comment->comment_author
				) {
					$user_can_read_comment = true;
				} else {
					$user_can_read_comment = current_user_can( 'edit_posts' );
				}

				if ( !$user_can_read_comment ) {
					return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );

				}
			}

			$GLOBALS['post'] = $post;
			setup_postdata( $post );
			break;
		default :
			return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );

		}

		$can_view = $this->user_can_view_post( $post->ID );
		if ( !$can_view || is_wp_error( $can_view ) ) {
			return $can_view;
		}

		$GLOBALS['comment'] = $comment;
		$response           = array();

		foreach ( array_keys( $this->comment_object_format ) as $key ) {
			switch ( $key ) {
			case 'ID' :
				// explicitly cast all output
				$response[$key] = (int) $comment->comment_ID;
				break;
			case 'post' :
				$response[$key] = (object) array(
					'ID'   => (int) $post->ID,
					'title' => (string) get_the_title( $post->ID ),
					'type' => (string) $post->post_type,
					'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
				);
				break;
			case 'author' :
				$response[$key] = (object) $this->get_author( $comment, current_user_can( 'edit_comment', $comment->comment_ID ) );
				break;
			case 'date' :
				$response[$key] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
				break;
			case 'URL' :
				$response[$key] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
				break;
			case 'short_URL' :
				// @todo - pagination
				$response[$key] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
				break;
			case 'content' :
				if ( 'display' === $context ) {
					ob_start();
					comment_text();
					$response[$key] = (string) ob_get_clean();
				} else {
					$response[$key] = (string) $comment->comment_content;
				}
				break;
			case 'raw_content':
				$response[$key] = (string) $comment->comment_content;
				break;
			case 'status' :
				$response[$key] = (string) $status;
				break;
			case 'parent' : // (object|false)
				if ( $comment->comment_parent ) {
					$parent = get_comment( $comment->comment_parent );
					$response[$key] = (object) array(
						'ID'   => (int) $parent->comment_ID,
						'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
						'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
					);
				} else {
					$response[$key] = false;
				}
				break;
			case 'type' :
				$response[$key] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
				break;
			case 'like_count' :
				if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
					$response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );

				}
				break;
			case 'i_like' :
				if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
					$response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID );
				}
				break;
			case 'meta' :
				$response[$key] = (object) array(
					'links' => (object) array(
						'self'    => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
						'help'    => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
						'site'    => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
						'post'    => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
						'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
						'likes'   => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
					),
				);
				break;
			case 'can_moderate':
				$response[ $key ] = (bool) current_user_can( 'edit_comment', $comment_id );
				break;
			}
		}

		unset( $GLOBALS['comment'], $GLOBALS['post'] );
		return $response;
	}
}



1			<?php
2
3
4			abstract class WPCOM_JSON_API_Comment_Endpoint extends WPCOM_JSON_API_Endpoint {
5			public $comment_object_format = array(
6			// explicitly document and cast all output
7			'ID' => '(int) The comment ID.',
8			'post' => "(object>post_reference) A reference to the comment's post.",
9			'author' => '(object>author) The author of the comment.',
10			'date' => "(ISO 8601 datetime) The comment's creation time.",
11			'URL' => '(URL) The full permalink URL to the comment.',
12			'short_URL' => '(URL) The wp.me short URL.',
13			'content' => '(HTML) <code>context</code> dependent.',
14			'raw_content' => '(string) Raw comment content.',
15			'status' => array(
16			'approved' => 'The comment has been approved.',
17			'unapproved' => 'The comment has been held for review in the moderation queue.',
18			'spam' => 'The comment has been marked as spam.',
19			'trash' => 'The comment is in the trash.',
20			),
21			'parent' => "(object>comment_reference\|false) A reference to the comment's parent, if it has one.",
22			'type' => array(
23			'comment' => 'The comment is a regular comment.',
24			'trackback' => 'The comment is a trackback.',
25			'pingback' => 'The comment is a pingback.',
26			'review' => 'The comment is a product review.',
27			),
28			'like_count' => '(int) The number of likes for this comment.',
29			'i_like' => '(bool) Does the current user like this comment?',
30			'meta' => '(object) Meta data',
31			'can_moderate' => '(bool) Whether current user can moderate the comment.',
32			);
33
34			// public $response_format =& $this->comment_object_format;
35
36			function __construct( $args ) {
37			if ( !$this->response_format ) {
38			$this->response_format =& $this->comment_object_format;
39			}
40			parent::__construct( $args );
41			}
42
43			function get_comment( $comment_id, $context ) {
44			global $blog_id;
45
46			$comment = get_comment( $comment_id );
47			if ( !$comment \|\| is_wp_error( $comment ) ) {
48			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `WP_Error::__construct()` has too many arguments starting with `'unknown_comment'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
49			}
50
51			$types = array( '', 'comment', 'pingback', 'trackback', 'review' );
52			if ( !in_array( $comment->comment_type, $types ) ) {
53			return new WP_Error( 'unknown_comment', 'Unknown comment', 404 );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `WP_Error::__construct()` has too many arguments starting with `'unknown_comment'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
54			}
55
56			$post = get_post( $comment->comment_post_ID );
57			if ( !$post \|\| is_wp_error( $post ) ) {
58			return new WP_Error( 'unknown_post', 'Unknown post', 404 );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `WP_Error::__construct()` has too many arguments starting with `'unknown_post'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
59			}
60
61			$status = wp_get_comment_status( $comment->comment_ID );
62
63			// Permissions
64			switch ( $context ) {
65			case 'edit' :
66			if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
67			return new WP_Error( 'unauthorized', 'User cannot edit comment', 403 );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `WP_Error::__construct()` has too many arguments starting with `'unauthorized'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
68			}
69
70			$GLOBALS['post'] = $post;
71			$comment = get_comment_to_edit( $comment->comment_ID );
72			foreach ( array( 'comment_author', 'comment_author_email', 'comment_author_url' ) as $field ) {
73			$comment->$field = htmlspecialchars_decode( $comment->$field, ENT_QUOTES );
74			}
75			break;
76			case 'display' :
77			if ( 'approved' !== $status ) {
78			$current_user_id = get_current_user_id();
79			$user_can_read_comment = false;
80			if ( $current_user_id && $comment->user_id && $current_user_id == $comment->user_id ) {
81			$user_can_read_comment = true;
82			} elseif (
83			$comment->comment_author_email && $comment->comment_author
84			&&
85			isset( $this->api->token_details['user'] )
86			&&
87			isset( $this->api->token_details['user']['user_email'] )
88			&&
89			$this->api->token_details['user']['user_email'] === $comment->comment_author_email
90			&&
91			$this->api->token_details['user']['display_name'] === $comment->comment_author
92			) {
93			$user_can_read_comment = true;
94			} else {
95			$user_can_read_comment = current_user_can( 'edit_posts' );
96			}
97
98			if ( !$user_can_read_comment ) {
99			return new WP_Error( 'unauthorized', 'User cannot read unapproved comment', 403 );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `WP_Error::__construct()` has too many arguments starting with `'unauthorized'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
100			}
101			}
102
103			$GLOBALS['post'] = $post;
104			setup_postdata( $post );
105			break;
106			default :
107			return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
			0 ignored issues – show Unused Code introduced 2019-06-17 08:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `WP_Error::__construct()` has too many arguments starting with `'invalid_context'`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
108			}
109
110			$can_view = $this->user_can_view_post( $post->ID );
111			if ( !$can_view \|\| is_wp_error( $can_view ) ) {
112			return $can_view;
113			}
114
115			$GLOBALS['comment'] = $comment;
116			$response = array();
117
118			foreach ( array_keys( $this->comment_object_format ) as $key ) {
119			switch ( $key ) {
120			case 'ID' :
121			// explicitly cast all output
122			$response[$key] = (int) $comment->comment_ID;
123			break;
124			case 'post' :
125			$response[$key] = (object) array(
126			'ID' => (int) $post->ID,
127			'title' => (string) get_the_title( $post->ID ),
128			'type' => (string) $post->post_type,
129			'link' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $post->ID ),
130			);
131			break;
132			case 'author' :
133			$response[$key] = (object) $this->get_author( $comment, current_user_can( 'edit_comment', $comment->comment_ID ) );
134			break;
135			case 'date' :
136			$response[$key] = (string) $this->format_date( $comment->comment_date_gmt, $comment->comment_date );
137			break;
138			case 'URL' :
139			$response[$key] = (string) esc_url_raw( get_comment_link( $comment->comment_ID ) );
140			break;
141			case 'short_URL' :
142			// @todo - pagination
143			$response[$key] = (string) esc_url_raw( wp_get_shortlink( $post->ID ) . "%23comment-{$comment->comment_ID}" );
144			break;
145			case 'content' :
146			if ( 'display' === $context ) {
147			ob_start();
148			comment_text();
149			$response[$key] = (string) ob_get_clean();
150			} else {
151			$response[$key] = (string) $comment->comment_content;
152			}
153			break;
154			case 'raw_content':
155			$response[$key] = (string) $comment->comment_content;
156			break;
157			case 'status' :
158			$response[$key] = (string) $status;
159			break;
160			case 'parent' : // (object\|false)
161			if ( $comment->comment_parent ) {
162			$parent = get_comment( $comment->comment_parent );
163			$response[$key] = (object) array(
164			'ID' => (int) $parent->comment_ID,
165			'type' => (string) ( $parent->comment_type ? $parent->comment_type : 'comment' ),
166			'link' => (string) $this->links->get_comment_link( $blog_id, $parent->comment_ID ),
167			);
168			} else {
169			$response[$key] = false;
170			}
171			break;
172			case 'type' :
173			$response[$key] = (string) ( $comment->comment_type ? $comment->comment_type : 'comment' );
174			break;
175			case 'like_count' :
176			if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
177			$response[ $key ] = (int) $this->api->comment_like_count( $blog_id, $post->ID, $comment->comment_ID );
			0 ignored issues – show Bug introduced 2015-11-20 23:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `comment_like_count()` does not seem to exist on `object<WPCOM_JSON_API>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
178			}
179			break;
180			case 'i_like' :
181			if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
182			$response[ $key ] = (bool) Likes::comment_like_current_user_likes( $blog_id, $comment->comment_ID );
183			}
184			break;
185			case 'meta' :
186			$response[$key] = (object) array(
187			'links' => (object) array(
188			'self' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID ),
189			'help' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'help' ),
190			'site' => (string) $this->links->get_site_link( $this->api->get_blog_id_for_output() ),
191			'post' => (string) $this->links->get_post_link( $this->api->get_blog_id_for_output(), $comment->comment_post_ID ),
192			'replies' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/' ),
193			'likes' => (string) $this->links->get_comment_link( $this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/' ),
194			),
195			);
196			break;
197			case 'can_moderate':
198			$response[ $key ] = (bool) current_user_can( 'edit_comment', $comment_id );
199			break;
200			}
201			}
202
203			unset( $GLOBALS['comment'], $GLOBALS['post'] );
204			return $response;
205			}
206			}
207
208

Automattic / jetpack

Push — update/crm-integration-fixes ( a3fc2b )

class.wpcom-json-api-comment-endpoint.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like