Issues in class.loader.php (master) - Issues in master - Section214/PrintCenter - Measure and Improve Code Quality continuously with Scrutinizer

Issues (130)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/class.loader.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * PrintCenter Loader
 *
 * The Loader class bootstraps components that are required
 * during both the install process and instantiation of the
 * main PrintCenter class. This allows us to load PrintCenter
 * on plugins_loaded and still access required components from
 * the register_plugin_activation hook.
 *
 * @package     PrintCenter\Loader
 * @since       1.0.0
 */


// Exit if accessed directly
if( ! defined( 'ABSPATH' ) ) {
	exit;
}


/**
 * PrintCenter_Loader class
 *
 * A general use class for bootstrapping components required during load and install.
 *
 * @since       1.0.0
 */
class PrintCenter_Loader {


	/**
	 * @var         string $plugin_file The main plugin file
	 * @since       1.0.0
	 */
	public $plugin_file;


	/**
	 * @access      public
	 * @since       1.0.0
	 * @var         object $ssi The SSI API object
	 */
	public $ssi;


	/**
	 * @access      public
	 * @since       1.0.0
	 * @var         object $shipping The Shipping API object
	 */
	public $shipping;


	/**
	 * @access      public
	 * @var         object $settings The Domain Power Pack settings object
	 * @since       1.0.0
	 */
	public $settings;


	/**
	 * Setup the loader
	 *
	 * @access      public
	 * @since       1.0.0
	 * @param       string $plugin_file The main plugin file
	 */
	public function __construct( $plugin_file ) {
		// We need the main plugin file reference
		$this->plugin_file = $plugin_file;

		$this->setup_constants();
		$this->load_textdomain();
		$this->includes();
		$this->hooks();
		$this->ssi = new SSI_API();
		$this->shipping = new Shipping_API();
	}


	/**
	 * Setup plugin constants
	 *
	 * @access      private
	 * @since       1.0.0
	 * @return      void
	 */
	private function setup_constants() {

		// Plugin version
		if( ! defined( 'PRINTCENTER_VER' ) ) {
			define( 'PRINTCENTER_VER', '1.0.0' );
		}

		// Plugin path
		if( ! defined( 'PRINTCENTER_DIR' ) ) {
			define( 'PRINTCENTER_DIR', plugin_dir_path( $this->plugin_file ) );
		}

		// Plugin URL
		if( ! defined( 'PRINTCENTER_URL' ) ) {
			define( 'PRINTCENTER_URL', plugin_dir_url( $this->plugin_file ) );
		}

		// Plugin file
		if( ! defined( 'PRINTCENTER_FILE' ) ) {
			define( 'PRINTCENTER_FILE', $this->plugin_file );
		}
	}


	/**
	 * Include required files
	 *
	 * @access      private
	 * @since       1.0.0
	 * @global      array $printcenter_options The options array
	 * @return      void
	 */
	private function includes() {
		global $printcenter_options, $woo_vendors;

		require_once PRINTCENTER_DIR . 'includes/actions.php';
		require_once PRINTCENTER_DIR . 'includes/scripts.php';
		require_once PRINTCENTER_DIR . 'includes/functions.php';
		require_once PRINTCENTER_DIR . 'includes/post-types.php';

		// Libraries
		require_once PRINTCENTER_DIR . 'includes/libraries/Array2XML.php';
		require_once PRINTCENTER_DIR . 'includes/libraries/xmlstr_to_array.php';

		if( is_admin() ) {
			require_once PRINTCENTER_DIR . 'includes/admin/settings.php';
			require_once PRINTCENTER_DIR . 'includes/admin/contextual-help.php';
			require_once PRINTCENTER_DIR . 'includes/admin/product-settings.php';
			require_once PRINTCENTER_DIR . 'includes/admin/ssi-products/meta-boxes.php';
			require_once PRINTCENTER_DIR . 'includes/ssitest.php';
		}

		// Settings
		if( ! class_exists( 'S214_Settings' ) ) {
			require_once PRINTCENTER_DIR . 'includes/libraries/S214-Settings/source/class.s214-settings.php';
		}

		$this->settings = new S214_Settings( 'printcenter', 'ssi' );
		$printcenter_options = $this->settings->get_settings();

		// TGM
		if( ! class_exists( 'TGM_Plugin_Activation' ) ) {
			require_once PRINTCENTER_DIR . 'includes/libraries/tgm-plugin-activation/class-tgm-plugin-activation.php';
		}

		// SSI files
		require_once PRINTCENTER_DIR . 'includes/class.ssi-api.php';
		require_once PRINTCENTER_DIR . 'includes/class.shipping-api.php';

		// Vendor files
		require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors.php';
		require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors-commissions.php';
		require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors-widget.php';
		require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors-export-handler.php';
		require_once PRINTCENTER_DIR . 'includes/vendors/actions.php';
		require_once PRINTCENTER_DIR . 'includes/vendors/functions.php';
		require_once PRINTCENTER_DIR . 'includes/vendors/reports.php';

		$woo_vendors                 = new WooCommerce_Product_Vendors( __FILE__ );
		$woo_vendors->commissions    = new WooCommerce_Product_Vendors_Commissions( __FILE__ );

		$woo_vendors->export_handler = new WooCommerce_Product_Vendors_Export_Handler();


		if( ! class_exists( 'S214_Plugin_Updater' ) ) {
			require_once PRINTCENTER_DIR . 'includes/libraries/S214_Plugin_Updater.php';
		}
	}


	/**
	 * Run action and filter hooks
	 *
	 * @access      private
	 * @since       1.0.0
	 * @return      void
	 */
	private function hooks() {
		add_action( 'tgmpa_register', array( $this, 'plugin_activation' ) );

		// Licensing
		if( is_admin() && current_user_can( 'update_plugins' ) ) {
			$license = get_option( 'printcenter_license', false );

			if( $license == 'valid' ) {
				$update = new S214_Plugin_Updater( 'https://section214.com', $this->plugin_file, array(
					'version' => PRINTCENTER_VER,
					'license' => '98731c11ef37695fa07a7b0151e0a00e',
					'item_id' => 39378,
					'author'  => 'Daniel J Griffiths'
				) );
			} else {
				add_action( 'admin_init', 'printcenter_register_site' );
			}
		}
	}


	/**
	 * Loads the plugin language files
	 *
	 * @access      public
	 * @since       1.0.0
	 * @return      void
	 */
	public function load_textdomain() {
		// Set filter for plugin languages directory
		$lang_dir = dirname( plugin_basename( PRINTCENTER_FILE ) ) . '/languages/';
		$lang_dir = apply_filters( 'printcenter_languages_directory', $lang_dir );

		// Traditional WordPress plugin locale filter
		$locale = apply_filters( 'plugin_locale',  get_locale(), 'printcenter' );
		$mofile = sprintf( '%1$s-%2$s.mo', 'printcenter', $locale );

		// Setup paths to current locale file
		$mofile_local  = $lang_dir . $mofile;
		$mofile_global = WP_LANG_DIR . '/printcenter/' . $mofile;
		$mofile_core   = WP_LANG_DIR . '/plugins/printcenter/' . $mofile;

		if( file_exists( $mofile_global ) ) {
			// Look in global /wp-content/languages/printcenter/ folder
			load_textdomain( 'printcenter', $mofile_global );
		} elseif( file_exists( $mofile_local ) ) {
			// Look in local /wp-content/plugins/printcenter/languages/ folder
			load_textdomain( 'printcenter', $mofile_local );
		} elseif( file_exists( $mofile_core ) ) {
			// Look in core /wp-content/languages/plugins/printcenter/ folder
			load_textdomain( 'printcenter', $mofile_core );
		} else {
			// Load the default language files
			load_plugin_textdomain( 'printcenter', false, $lang_dir );
		}
	}


	/**
	 * Plugin activation
	 *
	 * @access      public
	 * @since       1.0.0
	 * @return      void
	 */
	public function plugin_activation() {
		$plugins = array(
			array(
				'name'     => __( 'JC WooCommerce Advanced Attributes', 'printcenter' ),
				'slug'     => 'jc-woocommerce-advanced-attributes',
				'source'   => PRINTCENTER_URL . 'assets/plugins/advanced-product-attributes.zip',
				'required' => true
			),
			array(
				'name'     => __( 'WooCommerce', 'printcenter' ),
				'slug'     => 'woocommerce',
				'required' => true
			),
			array(
				'name'     => 'Weight Based Shipping for Woocommerce',
				'slug'     => 'weight-based-shipping-for-woocommerce',
				'required' => true
			),
			array(
				'name'     => 'WordPress REST API (Version 2)',
				'slug'     => 'rest-api',
				'required' => true
			)
		);

		$config = array(
			'id'           => 'printcenter',
			'default_path' => PRINTCENTER_URL . 'assets/plugins',
			'menu'         => 'printcenter-deps',
			'parent_slug'  => 'edit.php?post_type=shop_commission',
			'capability'   => 'install_plugins',
			'has_notices'  => true,
			'dismissable'  => false,
			'is_automatic' => false,
			'strings'      => array(
				'page_title'                     => __( 'Install PrintCenter Dependencies', 'printcenter' ),
				'menu_title'                     => __( 'Install Dependencies', 'printcenter' ),
				'notice_can_install_required'    => _n_noop( 'PrintCenter requires the following plugin: %1$s.', 'PrintCenter requires the following plugins: %1$s.', 'printcenter' ),
				'notice_can_install_recommended' => _n_noop( 'PrintCenter recommends the following plugin: %1$s.', 'PrintCenter recommends the following plugins: %1$s.', 'printcenter' ),
				'notice_ask_to_update'           => _n_noop( 'The following plugin needs to be updated to ensure compatibility with PrintCenter: %1$s', 'The following plugins need to be updated to ensure compatibility with PrintCenter', 'printcenter' ),
				'return'                         => __( 'Return to PrintCenter Dependency Installer', 'printcenter' ),
				'plugin_needs_higher_version'    => __( 'Plugin not activated. A more recent version of %s is required for PrintCenter.', 'printcenter' )
			)
		);

		tgmpa( $plugins, $config );
	}
}


1			<?php
2			/**
3			* PrintCenter Loader
4			*
5			* The Loader class bootstraps components that are required
6			* during both the install process and instantiation of the
7			* main PrintCenter class. This allows us to load PrintCenter
8			* on plugins_loaded and still access required components from
9			* the register_plugin_activation hook.
10			*
11			* @package PrintCenter\Loader
12			* @since 1.0.0
13			*/
14
15
16			// Exit if accessed directly
17			if( ! defined( 'ABSPATH' ) ) {
18			exit;
19			}
20
21
22			/**
23			* PrintCenter_Loader class
24			*
25			* A general use class for bootstrapping components required during load and install.
26			*
27			* @since 1.0.0
28			*/
29			class PrintCenter_Loader {
30
31
32			/**
33			* @var string $plugin_file The main plugin file
34			* @since 1.0.0
35			*/
36			public $plugin_file;
37
38
39			/**
40			* @access public
41			* @since 1.0.0
42			* @var object $ssi The SSI API object
43			*/
44			public $ssi;
45
46
47			/**
48			* @access public
49			* @since 1.0.0
50			* @var object $shipping The Shipping API object
51			*/
52			public $shipping;
53
54
55			/**
56			* @access public
57			* @var object $settings The Domain Power Pack settings object
58			* @since 1.0.0
59			*/
60			public $settings;
61
62
63			/**
64			* Setup the loader
65			*
66			* @access public
67			* @since 1.0.0
68			* @param string $plugin_file The main plugin file
69			*/
70			public function __construct( $plugin_file ) {
71			// We need the main plugin file reference
72			$this->plugin_file = $plugin_file;
73
74			$this->setup_constants();
75			$this->load_textdomain();
76			$this->includes();
77			$this->hooks();
78			$this->ssi = new SSI_API();
79			$this->shipping = new Shipping_API();
80			}
81
82
83			/**
84			* Setup plugin constants
85			*
86			* @access private
87			* @since 1.0.0
88			* @return void
89			*/
90			private function setup_constants() {
91
92			// Plugin version
93			if( ! defined( 'PRINTCENTER_VER' ) ) {
94			define( 'PRINTCENTER_VER', '1.0.0' );
95			}
96
97			// Plugin path
98			if( ! defined( 'PRINTCENTER_DIR' ) ) {
99			define( 'PRINTCENTER_DIR', plugin_dir_path( $this->plugin_file ) );
100			}
101
102			// Plugin URL
103			if( ! defined( 'PRINTCENTER_URL' ) ) {
104			define( 'PRINTCENTER_URL', plugin_dir_url( $this->plugin_file ) );
105			}
106
107			// Plugin file
108			if( ! defined( 'PRINTCENTER_FILE' ) ) {
109			define( 'PRINTCENTER_FILE', $this->plugin_file );
110			}
111			}
112
113
114			/**
115			* Include required files
116			*
117			* @access private
118			* @since 1.0.0
119			* @global array $printcenter_options The options array
120			* @return void
121			*/
122			private function includes() {
123			global $printcenter_options, $woo_vendors;
124
125			require_once PRINTCENTER_DIR . 'includes/actions.php';
126			require_once PRINTCENTER_DIR . 'includes/scripts.php';
127			require_once PRINTCENTER_DIR . 'includes/functions.php';
128			require_once PRINTCENTER_DIR . 'includes/post-types.php';
129
130			// Libraries
131			require_once PRINTCENTER_DIR . 'includes/libraries/Array2XML.php';
132			require_once PRINTCENTER_DIR . 'includes/libraries/xmlstr_to_array.php';
133
134			if( is_admin() ) {
135			require_once PRINTCENTER_DIR . 'includes/admin/settings.php';
136			require_once PRINTCENTER_DIR . 'includes/admin/contextual-help.php';
137			require_once PRINTCENTER_DIR . 'includes/admin/product-settings.php';
138			require_once PRINTCENTER_DIR . 'includes/admin/ssi-products/meta-boxes.php';
139			require_once PRINTCENTER_DIR . 'includes/ssitest.php';
140			}
141
142			// Settings
143			if( ! class_exists( 'S214_Settings' ) ) {
144			require_once PRINTCENTER_DIR . 'includes/libraries/S214-Settings/source/class.s214-settings.php';
145			}
146
147			$this->settings = new S214_Settings( 'printcenter', 'ssi' );
148			$printcenter_options = $this->settings->get_settings();
149
150			// TGM
151			if( ! class_exists( 'TGM_Plugin_Activation' ) ) {
152			require_once PRINTCENTER_DIR . 'includes/libraries/tgm-plugin-activation/class-tgm-plugin-activation.php';
153			}
154
155			// SSI files
156			require_once PRINTCENTER_DIR . 'includes/class.ssi-api.php';
157			require_once PRINTCENTER_DIR . 'includes/class.shipping-api.php';
158
159			// Vendor files
160			require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors.php';
161			require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors-commissions.php';
162			require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors-widget.php';
163			require_once PRINTCENTER_DIR . 'includes/vendors/class.product-vendors-export-handler.php';
164			require_once PRINTCENTER_DIR . 'includes/vendors/actions.php';
165			require_once PRINTCENTER_DIR . 'includes/vendors/functions.php';
166			require_once PRINTCENTER_DIR . 'includes/vendors/reports.php';
167
168			$woo_vendors = new WooCommerce_Product_Vendors( __FILE__ );
169			$woo_vendors->commissions = new WooCommerce_Product_Vendors_Commissions( __FILE__ );
			0 ignored issues – show Bug introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `commissions` does not seem to exist in `WooCommerce_Product_Vendors`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
170			$woo_vendors->export_handler = new WooCommerce_Product_Vendors_Export_Handler();
			0 ignored issues – show Bug introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `export_handler` does not seem to exist in `WooCommerce_Product_Vendors`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
171
172			if( ! class_exists( 'S214_Plugin_Updater' ) ) {
173			require_once PRINTCENTER_DIR . 'includes/libraries/S214_Plugin_Updater.php';
174			}
175			}
176
177
178			/**
179			* Run action and filter hooks
180			*
181			* @access private
182			* @since 1.0.0
183			* @return void
184			*/
185			private function hooks() {
186			add_action( 'tgmpa_register', array( $this, 'plugin_activation' ) );
187
188			// Licensing
189			if( is_admin() && current_user_can( 'update_plugins' ) ) {
190			$license = get_option( 'printcenter_license', false );
191
192			if( $license == 'valid' ) {
193			$update = new S214_Plugin_Updater( 'https://section214.com', $this->plugin_file, array(
194			'version' => PRINTCENTER_VER,
195			'license' => '98731c11ef37695fa07a7b0151e0a00e',
196			'item_id' => 39378,
197			'author' => 'Daniel J Griffiths'
198			) );
199			} else {
200			add_action( 'admin_init', 'printcenter_register_site' );
201			}
202			}
203			}
204
205
206			/**
207			* Loads the plugin language files
208			*
209			* @access public
210			* @since 1.0.0
211			* @return void
212			*/
213			public function load_textdomain() {
214			// Set filter for plugin languages directory
215			$lang_dir = dirname( plugin_basename( PRINTCENTER_FILE ) ) . '/languages/';
216			$lang_dir = apply_filters( 'printcenter_languages_directory', $lang_dir );
217
218			// Traditional WordPress plugin locale filter
219			$locale = apply_filters( 'plugin_locale', get_locale(), 'printcenter' );
220			$mofile = sprintf( '%1$s-%2$s.mo', 'printcenter', $locale );
221
222			// Setup paths to current locale file
223			$mofile_local = $lang_dir . $mofile;
224			$mofile_global = WP_LANG_DIR . '/printcenter/' . $mofile;
225			$mofile_core = WP_LANG_DIR . '/plugins/printcenter/' . $mofile;
226
227			if( file_exists( $mofile_global ) ) {
228			// Look in global /wp-content/languages/printcenter/ folder
229			load_textdomain( 'printcenter', $mofile_global );
230			} elseif( file_exists( $mofile_local ) ) {
231			// Look in local /wp-content/plugins/printcenter/languages/ folder
232			load_textdomain( 'printcenter', $mofile_local );
233			} elseif( file_exists( $mofile_core ) ) {
234			// Look in core /wp-content/languages/plugins/printcenter/ folder
235			load_textdomain( 'printcenter', $mofile_core );
236			} else {
237			// Load the default language files
238			load_plugin_textdomain( 'printcenter', false, $lang_dir );
239			}
240			}
241
242
243			/**
244			* Plugin activation
245			*
246			* @access public
247			* @since 1.0.0
248			* @return void
249			*/
250			public function plugin_activation() {
251			$plugins = array(
252			array(
253			'name' => __( 'JC WooCommerce Advanced Attributes', 'printcenter' ),
254			'slug' => 'jc-woocommerce-advanced-attributes',
255			'source' => PRINTCENTER_URL . 'assets/plugins/advanced-product-attributes.zip',
256			'required' => true
257			),
258			array(
259			'name' => __( 'WooCommerce', 'printcenter' ),
260			'slug' => 'woocommerce',
261			'required' => true
262			),
263			array(
264			'name' => 'Weight Based Shipping for Woocommerce',
265			'slug' => 'weight-based-shipping-for-woocommerce',
266			'required' => true
267			),
268			array(
269			'name' => 'WordPress REST API (Version 2)',
270			'slug' => 'rest-api',
271			'required' => true
272			)
273			);
274
275			$config = array(
276			'id' => 'printcenter',
277			'default_path' => PRINTCENTER_URL . 'assets/plugins',
278			'menu' => 'printcenter-deps',
279			'parent_slug' => 'edit.php?post_type=shop_commission',
280			'capability' => 'install_plugins',
281			'has_notices' => true,
282			'dismissable' => false,
283			'is_automatic' => false,
284			'strings' => array(
285			'page_title' => __( 'Install PrintCenter Dependencies', 'printcenter' ),
286			'menu_title' => __( 'Install Dependencies', 'printcenter' ),
287			'notice_can_install_required' => _n_noop( 'PrintCenter requires the following plugin: %1$s.', 'PrintCenter requires the following plugins: %1$s.', 'printcenter' ),
288			'notice_can_install_recommended' => _n_noop( 'PrintCenter recommends the following plugin: %1$s.', 'PrintCenter recommends the following plugins: %1$s.', 'printcenter' ),
289			'notice_ask_to_update' => _n_noop( 'The following plugin needs to be updated to ensure compatibility with PrintCenter: %1$s', 'The following plugins need to be updated to ensure compatibility with PrintCenter', 'printcenter' ),
290			'return' => __( 'Return to PrintCenter Dependency Installer', 'printcenter' ),
291			'plugin_needs_higher_version' => __( 'Plugin not activated. A more recent version of %s is required for PrintCenter.', 'printcenter' )
292			)
293			);
294
295			tgmpa( $plugins, $config );
296			}
297			}
298

Section214 / PrintCenter

Issues (130)

Security Analysis not enabled

includes/class.loader.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like