AyeCode /
invoicing
| Conditions | 30 |
| Paths | > 20000 |
| Total Lines | 212 |
| Code Lines | 96 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 1 | ||
| Bugs | 0 | Features | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 332 | public function count( $args = array() ) { |
||
| 333 | |||
| 334 | global $wpdb; |
||
| 335 | |||
| 336 | $where = ' WHERE 1=1 '; |
||
| 337 | |||
| 338 | // specific customers |
||
| 339 | if( ! empty( $args['id'] ) ) { |
||
| 340 | |||
| 341 | if( is_array( $args['id'] ) ) { |
||
| 342 | $ids = implode( ',', array_map('intval', $args['id'] ) ); |
||
| 343 | } else { |
||
| 344 | $ids = intval( $args['id'] ); |
||
| 345 | } |
||
| 346 | |||
| 347 | $where .= " AND `id` IN( {$ids} ) "; |
||
| 348 | |||
| 349 | } |
||
| 350 | |||
| 351 | // Specific products |
||
| 352 | if( ! empty( $args['product_id'] ) ) { |
||
| 353 | |||
| 354 | if( is_array( $args['product_id'] ) ) { |
||
| 355 | $product_ids = implode( ',', array_map('intval', $args['product_id'] ) ); |
||
| 356 | } else { |
||
| 357 | $product_ids = intval( $args['product_id'] ); |
||
| 358 | } |
||
| 359 | |||
| 360 | $where .= " AND `product_id` IN( {$product_ids} ) "; |
||
| 361 | |||
| 362 | } |
||
| 363 | |||
| 364 | // Specific parent payments |
||
| 365 | if( ! empty( $args['parent_payment_id'] ) ) { |
||
| 366 | |||
| 367 | if( is_array( $args['parent_payment_id'] ) ) { |
||
| 368 | $parent_payment_ids = implode( ',', array_map('intval', $args['parent_payment_id'] ) ); |
||
| 369 | } else { |
||
| 370 | $parent_payment_ids = intval( $args['parent_payment_id'] ); |
||
| 371 | } |
||
| 372 | |||
| 373 | $where .= " AND `parent_payment_id` IN( {$parent_payment_ids} ) "; |
||
| 374 | |||
| 375 | } |
||
| 376 | |||
| 377 | // Subscriptoins for specific customers |
||
| 378 | if( ! empty( $args['customer_id'] ) ) { |
||
| 379 | |||
| 380 | if( is_array( $args['customer_id'] ) ) { |
||
| 381 | $customer_ids = implode( ',', array_map('intval', $args['customer_id'] ) ); |
||
| 382 | } else { |
||
| 383 | $customer_ids = intval( $args['customer_id'] ); |
||
| 384 | } |
||
| 385 | |||
| 386 | $where .= " AND `customer_id` IN( {$customer_ids} ) "; |
||
| 387 | |||
| 388 | } |
||
| 389 | |||
| 390 | // Subscriptions for specific profile IDs |
||
| 391 | if( ! empty( $args['profile_id'] ) ) { |
||
| 392 | |||
| 393 | if( is_array( $args['profile_id'] ) ) { |
||
| 394 | $profile_ids = implode( ',', array_map('intval', $args['profile_id'] ) ); |
||
| 395 | } else { |
||
| 396 | $profile_ids = intval( $args['profile_id'] ); |
||
| 397 | } |
||
| 398 | |||
| 399 | $where .= " AND `profile_id` IN( {$profile_ids} ) "; |
||
| 400 | |||
| 401 | } |
||
| 402 | |||
| 403 | // Specific transaction IDs |
||
| 404 | if( ! empty( $args['transaction_id'] ) ) { |
||
| 405 | |||
| 406 | if( is_array( $args['transaction_id'] ) ) { |
||
| 407 | $transaction_ids = implode( ',', array_map('sanitize_text_field', $args['transaction_id'] ) ); |
||
| 408 | } else { |
||
| 409 | $transaction_ids = sanitize_text_field( $args['transaction_id'] ); |
||
| 410 | } |
||
| 411 | |||
| 412 | $where .= " AND `transaction_id` IN( {$transaction_ids} ) "; |
||
| 413 | |||
| 414 | } |
||
| 415 | |||
| 416 | // Subscriptions for specific statuses |
||
| 417 | if( ! empty( $args['status'] ) ) { |
||
| 418 | |||
| 419 | if( is_array( $args['status'] ) ) { |
||
| 420 | $statuses = implode( ',', $args['status'] ); |
||
| 421 | $where .= " AND `status` IN( {$statuses} ) "; |
||
| 422 | } else { |
||
| 423 | $statuses = $args['status']; |
||
| 424 | $where .= " AND `status` = '{$statuses}' "; |
||
| 425 | } |
||
| 426 | |||
| 427 | |||
| 428 | |||
| 429 | } |
||
| 430 | |||
| 431 | // Subscriptions created for a specific date or in a date range |
||
| 432 | if( ! empty( $args['date'] ) ) { |
||
| 433 | |||
| 434 | if( is_array( $args['date'] ) ) { |
||
| 435 | |||
| 436 | if( ! empty( $args['date']['start'] ) ) { |
||
| 437 | |||
| 438 | $start = date( 'Y-m-d H:i:s', strtotime( $args['date']['start'] ) ); |
||
| 439 | |||
| 440 | $where .= " AND `created` >= '{$start}'"; |
||
| 441 | |||
| 442 | } |
||
| 443 | |||
| 444 | if( ! empty( $args['date']['end'] ) ) { |
||
| 445 | |||
| 446 | $end = date( 'Y-m-d H:i:s', strtotime( $args['date']['end'] ) ); |
||
| 447 | |||
| 448 | $where .= " AND `created` <= '{$end}'"; |
||
| 449 | |||
| 450 | } |
||
| 451 | |||
| 452 | } else { |
||
| 453 | |||
| 454 | $year = date( 'Y', strtotime( $args['date'] ) ); |
||
| 455 | $month = date( 'm', strtotime( $args['date'] ) ); |
||
| 456 | $day = date( 'd', strtotime( $args['date'] ) ); |
||
| 457 | |||
| 458 | $where .= " AND $year = YEAR ( created ) AND $month = MONTH ( created ) AND $day = DAY ( created )"; |
||
| 459 | } |
||
| 460 | |||
| 461 | } |
||
| 462 | |||
| 463 | // Subscriptions with a specific expiration date or in an expiration date range |
||
| 464 | if( ! empty( $args['expiration'] ) ) { |
||
| 465 | |||
| 466 | if( is_array( $args['expiration'] ) ) { |
||
| 467 | |||
| 468 | if( ! empty( $args['expiration']['start'] ) ) { |
||
| 469 | |||
| 470 | $start = date( 'Y-m-d H:i:s', strtotime( $args['expiration']['start'] ) ); |
||
| 471 | |||
| 472 | $where .= " AND `expiration` >= '{$start}'"; |
||
| 473 | |||
| 474 | } |
||
| 475 | |||
| 476 | if( ! empty( $args['expiration']['end'] ) ) { |
||
| 477 | |||
| 478 | $end = date( 'Y-m-d H:i:s', strtotime( $args['expiration']['end'] ) ); |
||
| 479 | |||
| 480 | $where .= " AND `expiration` <= '{$end}'"; |
||
| 481 | |||
| 482 | } |
||
| 483 | |||
| 484 | } else { |
||
| 485 | |||
| 486 | $year = date( 'Y', strtotime( $args['expiration'] ) ); |
||
| 487 | $month = date( 'm', strtotime( $args['expiration'] ) ); |
||
| 488 | $day = date( 'd', strtotime( $args['expiration'] ) ); |
||
| 489 | |||
| 490 | $where .= " AND $year = YEAR ( expiration ) AND $month = MONTH ( expiration ) AND $day = DAY ( expiration )"; |
||
| 491 | } |
||
| 492 | |||
| 493 | } |
||
| 494 | |||
| 495 | if ( ! empty( $args['search'] ) ) { |
||
| 496 | |||
| 497 | if( false !== strpos( 'id:', $args['search'] ) ) { |
||
| 498 | |||
| 499 | $args['search'] = trim( str_replace( 'id:', '', $args['search'] ) ); |
||
| 500 | $where .= " AND `id` = '" . esc_sql( $args['search'] ) . "'"; |
||
| 501 | |||
| 502 | } else if( false !== strpos( $args['search'], 'txn:' ) ) { |
||
| 503 | |||
| 504 | $args['search'] = trim( str_replace( 'txn:', '', $args['search'] ) ); |
||
| 505 | $where .= " AND `transaction_id` = '" . esc_sql( $args['search'] ) . "'"; |
||
| 506 | |||
| 507 | } else if( false !== strpos( $args['search'], 'profile_id:' ) ) { |
||
| 508 | |||
| 509 | $args['search'] = trim( str_replace( 'profile_id:', '', $args['search'] ) ); |
||
| 510 | $where .= " AND `profile_id` = '" . esc_sql( $args['search'] ) . "'"; |
||
| 511 | |||
| 512 | } else if( false !== strpos( $args['search'], 'product_id:' ) ) { |
||
| 513 | |||
| 514 | $args['search'] = trim( str_replace( 'product_id:', '', $args['search'] ) ); |
||
| 515 | $where .= " AND `product_id` = '" . esc_sql( $args['search'] ) . "'"; |
||
| 516 | |||
| 517 | } else if( false !== strpos( $args['search'], 'customer_id:' ) ) { |
||
| 518 | |||
| 519 | $args['search'] = trim( str_replace( 'customer_id:', '', $args['search'] ) ); |
||
| 520 | $where .= " AND `customer_id` = '" . esc_sql( $args['search'] ) . "'"; |
||
| 521 | |||
| 522 | } else { |
||
| 523 | |||
| 524 | $where .= " AND ( `parent_payment_id` LIKE '%%" . esc_sql( $args['search'] ) . "%%' OR `profile_id` LIKE '%%" . esc_sql( $args['search'] ) . "%%' OR `transaction_id` LIKE '%%" . esc_sql( $args['search'] ) . "%%' OR `product_id` LIKE '%%" . esc_sql( $args['search'] ) . "%%' OR `id` = '" . esc_sql( $args['search'] ) . "' )"; |
||
| 525 | |||
| 526 | } |
||
| 527 | |||
| 528 | } |
||
| 529 | |||
| 530 | $cache_key = md5( 'wpinv_subscriptions_count' . serialize( $args ) ); |
||
| 531 | |||
| 532 | $count = wp_cache_get( $cache_key, 'subscriptions' ); |
||
| 533 | |||
| 534 | if( $count === false ) { |
||
| 535 | |||
| 536 | $sql = "SELECT COUNT($this->primary_key) FROM " . $this->table_name . "{$where};"; |
||
| 537 | $count = $wpdb->get_var( $sql ); |
||
| 538 | |||
| 539 | wp_cache_set( $cache_key, $count, 'subscriptions', 3600 ); |
||
| 540 | |||
| 541 | } |
||
| 542 | |||
| 543 | return absint( $count ); |
||
| 544 | |||
| 586 | } |
Loading history...
$argscan contain request data and is used in variable name context(s) leading to a potential security vulnerability.1 path for user data to reach this point
$_GET,andIssetNode ? $_GET['status'] : 'any'is assigned to$statusin includes/admin/class-wpinv-subscriptions-list-table.php on line 339
$statusis assigned to$argsin includes/admin/class-wpinv-subscriptions-list-table.php on line 355
in includes/admin/class-wpinv-subscriptions-list-table.php on line 358
$argsin includes/class-wpinv-subscriptions-db.php on line 85
Used in variable context
wp_parse_args()is calledin includes/class-wpinv-subscriptions-db.php on line 97
$argsin wordpress/wp-includes/functions.php on line 4294
wp_parse_str()is calledin wordpress/wp-includes/functions.php on line 4300
$stringin wordpress/wp-includes/formatting.php on line 4865
parse_str()is calledin wordpress/wp-includes/formatting.php on line 4866
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); }For numeric data, we recommend to explicitly cast the data: