Issues in class-ayecode-addons.php (master) - Issues in master - AyeCode/invoicing - Measure and Improve Code Quality continuously with Scrutinizer

Issues (850)

Security Analysis 4 potential vulnerabilities

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection (1)

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection (2)

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting (1)

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/libraries/class-ayecode-addons.php (2 issues)

Labels

Severity

<?php
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) exit;
if(!class_exists('Ayecode_Addons')) {

    abstract class Ayecode_Addons
    {

        /**
         * Get things started
         *
         * @access  public
         */
        public function __construct()
        {
        }

        /**
         * Get the extensions page tabs.
         *
         * @return array of tabs.
         */
        public function get_tabs()
        {
            return array();
        }

        /**
         * Get sections for the addons screen
         *
         * @return array of objects
         */
        public function get_sections()
        {

            return array(); //@todo we prob don't need these yet.
        }

        /**
         * Get section content for the addons screen.
         *
         * @param  string $section_id
         *
         * @return array
         */
        public function get_section_data($section_id)
        {
            return array();
        }

        /**
         * Get section for the addons screen.
         *
         * @param  string $section_id
         *
         * @return object|bool
         */
        public function get_tab($tab_id)
        {
            $tabs = $this->get_tabs();
            if (isset($tabs[$tab_id])) {
                return $tabs[$tab_id];
            }
            return false;
        }

        /**
         * Get section for the addons screen.
         *
         * @param  string $section_id
         *
         * @return object|bool
         */
        public function get_section($section_id)
        {
            $sections = $this->get_sections();
            if (isset($sections[$section_id])) {
                return $sections[$section_id];
            }
            return false;
        }

        /**
         * Outputs a button.
         *
         * @param object $addon
         */
        public function output_button($addon)
        {
            // override this function to output action button for each add on
        }

        /**
         * Handles output of the addons page in admin.
         */
        public function output()
        {
            // override this function to output extensions screen
        }

        /**
         * Check if a plugin is installed (only works if WPEU is installed and active)
         *
         * @param $id
         *
         * @return bool
         */
        public function is_plugin_installed($id, $addon = '')
        {
            $all_plugins = get_plugins();

            $installed = false;

            foreach ($all_plugins as $p_slug => $plugin) {

                if (isset($plugin['Update ID']) && $id == $plugin['Update ID']) {
                    $installed = true;
                } elseif (!empty($addon)) {

                }

            }

            return $installed;
        }

        public function install_plugin_install_status($addon)
        {

            // Default to a "new" plugin
            $status = 'install';
            $url = isset($addon->info->link) ? $addon->info->link : false;
            $file = false;

            $slug = isset($addon->info->slug) ? $addon->info->slug : '';

            if (!empty($addon->licensing->edd_slug)) {
                $slug = $addon->licensing->edd_slug;
            }
            $id = !empty($addon->info->id) ? absint($addon->info->id) : '';
            $version = isset($addon->licensing->version) ? $addon->licensing->version : '';

            // get the slug

            $all_plugins = get_plugins();
            foreach ($all_plugins as $p_slug => $plugin) {

                if ($id && isset($plugin['Update ID']) && $id == $plugin['Update ID']) {
                    $status = 'installed';
                    $file = $p_slug;
                    break;
                } elseif (!empty($addon->licensing->edd_slug)) {
                    if (strpos($p_slug, $addon->licensing->edd_slug . '/') === 0) {
                        $status = 'installed';
                        $file = $p_slug;
                        break;
                    }
                }
            }

            return compact('status', 'url', 'version', 'file');
        }

        /**
         * Check if a theme is installed.
         *
         * @param $id
         *
         * @return bool
         */
        public function is_theme_installed($addon)
        {
            $all_themes = wp_get_themes();

            $slug = isset($addon->info->slug) ? $addon->info->slug : '';
            if (!empty($addon->licensing->edd_slug)) {
                $slug = $addon->licensing->edd_slug;
            }


            foreach ($all_themes as $key => $theme) {
                if ($slug == $key) {
                    return true;
                }
            }

            return false;
        }

        /**
         * Check if a theme is active.
         *
         * @param $addon
         *
         * @return bool
         */
        public function is_theme_active($addon)
        {
            $theme = wp_get_theme();

            //manuall checks
            if ($addon->info->title == "Whoop!") {
                $addon->info->title = "Whoop";
            }


            if ($addon->info->title == $theme->get('Name')) {
                return true;
            }

            return false;
        }

        /**
         * Get theme activation url.
         *
         * @param $addon
         *
         * @return bool
         */
        public function get_theme_activation_url($addon)
        {
            $themes = wp_prepare_themes_for_js();

            //manuall checks
            if ($addon->info->title == "Whoop!") {
                $addon->info->title = "Whoop";
            }


            foreach ($themes as $theme) {
                if ($addon->info->title == $theme['name']) {
                    return $theme['actions']['activate'];
                }
            }

            return false;
        }

        /**
         * Get theme install url.
         *
         * @param $addon
         *
         * @return bool
         */
        public function get_theme_install_url($slug)
        {

            $install_url = add_query_arg(array(
                'action' => 'install-theme',
                'theme' => urlencode($slug),
            ), admin_url('update.php'));
            $install_url = wp_nonce_url($install_url, 'install-theme_' . $slug);

            return $install_url;

        }

        /**
         * A list of recommended wp.org plugins.
         * @return array
         */
        public function get_recommend_wp_plugins()
        {
            return array();
        }

        /**
         * Format the recommended list of wp.org plugins for our extensions section output.
         *
         * @return array
         */
        public function get_recommend_wp_plugins_edd_formatted()
        {
            $formatted = array();
            $plugins = $this->get_recommend_wp_plugins();

            foreach ($plugins as $plugin) {
                $product = new stdClass();
                $product->info = new stdClass();
                $product->info->id = '';
                $product->info->slug = isset($plugin['slug']) ? $plugin['slug'] : '';
                $product->info->title = isset($plugin['name']) ? $plugin['name'] : '';
                $product->info->excerpt = isset($plugin['desc']) ? $plugin['desc'] : '';
                $product->info->link = isset($plugin['url']) ? $plugin['url'] : '';
                $product->info->thumbnail = isset($plugin['thumbnail']) ? $plugin['thumbnail'] : "https://ps.w.org/" . $plugin['slug'] . "/assets/banner-772x250.png";
                $formatted[] = $product;
            }

            return $formatted;
        }
    }
}

1			<?php
2			// Exit if accessed directly
3			if ( ! defined( 'ABSPATH' ) ) exit;
4			if(!class_exists('Ayecode_Addons')) {
5
6			abstract class Ayecode_Addons
7			{
8
9			/**
10			* Get things started
11			*
12			* @access public
13			*/
14			public function __construct()
15			{
16			}
17
18			/**
19			* Get the extensions page tabs.
20			*
21			* @return array of tabs.
22			*/
23			public function get_tabs()
24			{
25			return array();
26			}
27
28			/**
29			* Get sections for the addons screen
30			*
31			* @return array of objects
32			*/
33			public function get_sections()
34			{
35
36			return array(); //@todo we prob don't need these yet.
37			}
38
39			/**
40			* Get section content for the addons screen.
41			*
42			* @param string $section_id
43			*
44			* @return array
45			*/
46			public function get_section_data($section_id)
47			{
48			return array();
49			}
50
51			/**
52			* Get section for the addons screen.
53			*
54			* @param string $section_id
55			*
56			* @return object\|bool
57			*/
58			public function get_tab($tab_id)
59			{
60			$tabs = $this->get_tabs();
61			if (isset($tabs[$tab_id])) {
62			return $tabs[$tab_id];
63			}
64			return false;
65			}
66
67			/**
68			* Get section for the addons screen.
69			*
70			* @param string $section_id
71			*
72			* @return object\|bool
73			*/
74			public function get_section($section_id)
75			{
76			$sections = $this->get_sections();
77			if (isset($sections[$section_id])) {
78			return $sections[$section_id];
79			}
80			return false;
81			}
82
83			/**
84			* Outputs a button.
85			*
86			* @param object $addon
87			*/
88			public function output_button($addon)
89			{
90			// override this function to output action button for each add on
91			}
92
93			/**
94			* Handles output of the addons page in admin.
95			*/
96			public function output()
97			{
98			// override this function to output extensions screen
99			}
100
101			/**
102			* Check if a plugin is installed (only works if WPEU is installed and active)
103			*
104			* @param $id
105			*
106			* @return bool
107			*/
108			public function is_plugin_installed($id, $addon = '')
109			{
110			$all_plugins = get_plugins();
111
112			$installed = false;
113
114			foreach ($all_plugins as $p_slug => $plugin) {
115
116			if (isset($plugin['Update ID']) && $id == $plugin['Update ID']) {
117			$installed = true;
118			} elseif (!empty($addon)) {
119
120			}
121
122			}
123
124			return $installed;
125			}
126
127			public function install_plugin_install_status($addon)
128			{
129
130			// Default to a "new" plugin
131			$status = 'install';
132			$url = isset($addon->info->link) ? $addon->info->link : false;
133			$file = false;
134
135			$slug = isset($addon->info->slug) ? $addon->info->slug : '';
			0 ignored issues – show Unused Code introduced 2020-01-24 13:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$slug` is dead and can be removed. Loading history...
136			if (!empty($addon->licensing->edd_slug)) {
137			$slug = $addon->licensing->edd_slug;
138			}
139			$id = !empty($addon->info->id) ? absint($addon->info->id) : '';
140			$version = isset($addon->licensing->version) ? $addon->licensing->version : '';
141
142			// get the slug
143
144			$all_plugins = get_plugins();
145			foreach ($all_plugins as $p_slug => $plugin) {
146
147			if ($id && isset($plugin['Update ID']) && $id == $plugin['Update ID']) {
148			$status = 'installed';
149			$file = $p_slug;
150			break;
151			} elseif (!empty($addon->licensing->edd_slug)) {
152			if (strpos($p_slug, $addon->licensing->edd_slug . '/') === 0) {
153			$status = 'installed';
154			$file = $p_slug;
155			break;
156			}
157			}
158			}
159
160			return compact('status', 'url', 'version', 'file');
161			}
162
163			/**
164			* Check if a theme is installed.
165			*
166			* @param $id
167			*
168			* @return bool
169			*/
170			public function is_theme_installed($addon)
171			{
172			$all_themes = wp_get_themes();
173
174			$slug = isset($addon->info->slug) ? $addon->info->slug : '';
175			if (!empty($addon->licensing->edd_slug)) {
176			$slug = $addon->licensing->edd_slug;
177			}
178
179
180			foreach ($all_themes as $key => $theme) {
181			if ($slug == $key) {
182			return true;
183			}
184			}
185
186			return false;
187			}
188
189			/**
190			* Check if a theme is active.
191			*
192			* @param $addon
193			*
194			* @return bool
195			*/
196			public function is_theme_active($addon)
197			{
198			$theme = wp_get_theme();
199
200			//manuall checks
201			if ($addon->info->title == "Whoop!") {
202			$addon->info->title = "Whoop";
203			}
204
205
206			if ($addon->info->title == $theme->get('Name')) {
207			return true;
208			}
209
210			return false;
211			}
212
213			/**
214			* Get theme activation url.
215			*
216			* @param $addon
217			*
218			* @return bool
219			*/
220			public function get_theme_activation_url($addon)
221			{
222			$themes = wp_prepare_themes_for_js();
223
224			//manuall checks
225			if ($addon->info->title == "Whoop!") {
226			$addon->info->title = "Whoop";
227			}
228
229
230			foreach ($themes as $theme) {
231			if ($addon->info->title == $theme['name']) {
232			return $theme['actions']['activate'];
233			}
234			}
235
236			return false;
237			}
238
239			/**
240			* Get theme install url.
241			*
242			* @param $addon
243			*
244			* @return bool
245			*/
246			public function get_theme_install_url($slug)
247			{
248
249			$install_url = add_query_arg(array(
250			'action' => 'install-theme',
251			'theme' => urlencode($slug),
252			), admin_url('update.php'));
253			$install_url = wp_nonce_url($install_url, 'install-theme_' . $slug);
254
255			return $install_url;
			0 ignored issues – show Bug Best Practice introduced 2020-01-24 13:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $install_url` returns the type `string` which is incompatible with the documented return type `boolean`. Loading history...
256			}
257
258			/**
259			* A list of recommended wp.org plugins.
260			* @return array
261			*/
262			public function get_recommend_wp_plugins()
263			{
264			return array();
265			}
266
267			/**
268			* Format the recommended list of wp.org plugins for our extensions section output.
269			*
270			* @return array
271			*/
272			public function get_recommend_wp_plugins_edd_formatted()
273			{
274			$formatted = array();
275			$plugins = $this->get_recommend_wp_plugins();
276
277			foreach ($plugins as $plugin) {
278			$product = new stdClass();
279			$product->info = new stdClass();
280			$product->info->id = '';
281			$product->info->slug = isset($plugin['slug']) ? $plugin['slug'] : '';
282			$product->info->title = isset($plugin['name']) ? $plugin['name'] : '';
283			$product->info->excerpt = isset($plugin['desc']) ? $plugin['desc'] : '';
284			$product->info->link = isset($plugin['url']) ? $plugin['url'] : '';
285			$product->info->thumbnail = isset($plugin['thumbnail']) ? $plugin['thumbnail'] : "https://ps.w.org/" . $plugin['slug'] . "/assets/banner-772x250.png";
286			$formatted[] = $product;
287			}
288
289			return $formatted;
290			}
291			}
292			}

AyeCode / invoicing

Issues (850)

Security Analysis 4 potential vulnerabilities

includes/libraries/class-ayecode-addons.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like