Issues in reports.php (master) - Issues in master - Section214/PrintCenter - Measure and Improve Code Quality continuously with Scrutinizer

Issues (130)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/vendors/reports.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Vendor reports
 *
 * @package     PrintCenter\Vendor\Reports
 * @since       1.0.0
 */


// Exit if accessed directly
if( ! defined( 'ABSPATH' ) ) {
	exit;
}


/**
 * Vendor sales overview report
 *
 * @since       1.0.0
 * @return      void
 */
function printcenter_product_vendors_report_overview() {
	global $start_date, $end_date, $woocommerce, $wp_locale;
function myFunction($a, $b) {
    // Do something
}

	$args = array(
		'post_type'  => 'shop_order',
		'meta_query' => array(
			array(
				'key'     => '_commissions_processed',
				'value'   => 'yes',
				'compare' => '='
			)
		),
		'posts_per_page' => -1
	);

	if( version_compare( WC()->version, 2.2, ">=" ) ) {
		$args['post_status'] = array_keys( wc_get_order_statuses() );
	}

	$orders      = get_posts( $args );
	$total_sales = $total_orders = $total_earnings = $total_vendor_earnings = 0;

	foreach( $orders as $order ) {
		$order_obj               = new WC_Order( $order->ID );
		$items                   = $order_obj->get_items( 'line_item' );
		$product_vendor_earnings = 0;

		foreach( $items as $item_id => $item ) {
			$product_id = $order_obj->get_item_meta( $item_id, '_product_id', true );
			$line_total = $order_obj->get_item_meta( $item_id, '_line_total', true );

			if( $product_id && $line_total ) {
				$product_vendors = printcenter_get_product_vendors( $product_id );

				if( $product_vendors ) {
					$total_sales += $line_total;

					foreach( $product_vendors as $vendor ) {

						$comm_percent = printcenter_get_commission_percent( $product_id, $vendor->ID );

						if( $comm_percent && $comm_percent > 0 ) {
							$comm_amount              = (int) $line_total * ( $comm_percent / 100 );
							$product_vendor_earnings += $comm_amount;
							$total_vendor_earnings   += $comm_amount;
						}
					}

					$earnings        = ( $line_total - $total_vendor_earnings );
					$total_earnings += $earnings;
				}
			}
		}

		++$total_orders;
	}
	?>
	<div id="poststuff" class="woocommerce-reports-wrap">
		<div class="woocommerce-reports-sidebar">
			<div class="postbox">
				<h3><span><?php _e( 'Total sales', 'printcenter' ); ?></span></h3>
				<div class="inside">
					<p class="stat"><?php if( $total_sales > 0 ) { echo woocommerce_price( $total_sales ); } else { _e( 'n/a', 'printcenter' ); } ?></p>
				</div>
			</div>
			<div class="postbox">
				<h3><span><?php _e( 'Total orders', 'printcenter' ); ?></span></h3>
				<div class="inside">
					<p class="stat"><?php if( $total_orders > 0 ) { echo $total_orders; } else { _e( 'n/a', 'printcenter' ); } ?></p>
				</div>
			</div>
			<div class="postbox">
				<h3><span><?php _e( 'Average order total', 'printcenter' ); ?></span></h3>
				<div class="inside">
					<p class="stat"><?php if( $total_orders > 0 ) { echo woocommerce_price( $total_sales / $total_orders ); } else { _e( 'n/a', 'woocommerce' ); } ?></p>
				</div>
			</div>
			<div class="postbox">
				<h3><span><?php _e( 'Total earned', 'printcenter' ); ?></span></h3>
				<div class="inside">
					<p class="stat"><?php if( $total_earnings > 0 ) { echo woocommerce_price( $total_earnings ); } else { _e( 'n/a', 'woocommerce' ); } ?></p>
				</div>
			</div>
			<div class="postbox">
				<h3><span><?php _e( 'Total earned by vendors', 'printcenter' ); ?></span></h3>
				<div class="inside">
					<p class="stat"><?php if( $total_vendor_earnings > 0 ) { echo woocommerce_price( $total_vendor_earnings ); } else { _e( 'n/a', 'woocommerce' ); } ?></p>
				</div>
			</div>
		</div>
		<div class="woocommerce-reports-main">
			<div class="postbox">
				<h3><span><?php _e( 'This month\'s sales', 'printcenter' ); ?></span></h3>
				<div class="inside chart">
					<div id="placeholder" style="width:100%; overflow:hidden; height:568px; position:relative;"></div>
					<div id="cart_legend"></div>
				</div>
			</div>
		</div>
	</div>
	<?php

	$chart_data = array();
	$start_date = strtotime( date('Ymd', strtotime( date('Ym', current_time('timestamp') ) . '01' ) ) );
	$end_date   = strtotime( date('Ymd', current_time( 'timestamp' ) ) );

	for( $date = $start_date; $date <= $end_date; $date = strtotime( '+1 day', $date ) ) {
		$year                  = date( 'Y', $date );
		$month                 = date( 'n', $date );
		$day                   = date( 'j', $date );
		$total_vendor_earnings = $total_earnings = $order_count = $day_total_vendors = $day_total = 0;

		$args = array(
			'post_type'      => 'shop_order',
			'posts_per_page' => -1,
			'meta_query'     => array(
				array(
					'key'     => '_commissions_processed',
					'value'   => 'yes',
					'compare' => '='
				)
			),
			'year'     => $year,
			'monthnum' => $month,
			'day'      => $day,
			'orderby'  => 'date',
			'order'    => 'ASC'
		);

		if( version_compare( WC()->version, 2.2, ">=" ) ) {
			$args['post_status'] = array_keys( wc_get_order_statuses() );
		}

		$qry = new WP_Query( $args );

		$total_vendor_earnings = $total_earnings = 0;

		if( $qry->have_posts() ) {
			while( $qry->have_posts() ) {
				$qry->the_post();
				$order = new WC_Order( get_the_ID() );
				$items = $order_obj->get_items( 'line_item' );
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}

				foreach( $items as $item_id => $item ) {
					$product_id = $order_obj->get_item_meta( $item_id, '_product_id', true );
					$line_total = $order_obj->get_item_meta( $item_id, '_line_total', true );

					if( $product_id && $line_total ) {
						$product_vendors = printcenter_get_product_vendors( $product_id );

						if( $product_vendors ) {
							foreach( $product_vendors as $vendor ) {

								$comm_percent = printcenter_get_commission_percent( $product_id, $vendor->ID );

								if( $comm_percent && $comm_percent > 0 ) {
									$comm_amount            = (int) $line_total * ( $comm_percent / 100 );
									$total_vendor_earnings += $comm_amount;
								}
							}

							$earnings        = ( $line_total - $total_vendor_earnings );
							$total_earnings += $earnings;
						}
					}
				}

				$day_total         += $total_earnings;
				$day_total_vendors += $total_vendor_earnings;
				++$order_count;
			}
		}

		wp_reset_postdata();

		$chart_data[ __( 'Total earned', 'printcenter' ) ][] = array(
			$date . '000',
			$day_total
		);

		$chart_data[ __( 'Total earned by vendors', 'printcenter' ) ][] = array(
			$date . '000',
			$day_total_vendors
		);

		$chart_data[ __( 'Number of orders', 'printcenter' ) ][] = array(
			$date . '000',
			$order_count
		);
	}

	?>
	<script type="text/javascript">
		jQuery(function(){

			<?php
				// Variables
				foreach ( $chart_data as $name => $data ) {
					$varname = str_replace( '-', '_', sanitize_title( $name ) ) . '_data';
					echo 'var ' . $varname . ' = jQuery.parseJSON( \'' . json_encode( $data ) . '\' );';
				}
			?>

			var placeholder = jQuery("#placeholder");

			var plot = jQuery.plot(placeholder, [
				<?php
				$labels = array();

				foreach ( $chart_data as $name => $data ) {
					if( $name == __( 'Number of orders', 'printcenter' ) ) {
						$labels[] = '{ label: "' . esc_js( $name ) . '", data: ' . str_replace( '-', '_', sanitize_title( $name ) ) . '_data, yaxis: 2 }';
					} else {
						$labels[] = '{ label: "' . esc_js( $name ) . '", data: ' . str_replace( '-', '_', sanitize_title( $name ) ) . '_data }';
					}
				}

				echo implode( ',', $labels );
				?>
			], {
				legend: {
					container: jQuery('#cart_legend'),
					noColumns: 2
				},
				series: {
					lines: { show: true, fill: true },
					points: { show: true }
				},
				grid: {
					show: true,
					aboveData: false,
					color: '#aaa',
					backgroundColor: '#fff',
					borderWidth: 2,
					borderColor: '#aaa',
					clickable: false,
					hoverable: true
				},
				xaxis: {
					mode: "time",
					timeformat: "%d %b %y",
					monthNames: <?php echo json_encode( array_values( $wp_locale->month_abbrev ) ) ?>,
					tickLength: 1,
					minTickSize: [1, "day"]
				},
				yaxes: [ { min: 0, tickSize: 10, tickDecimals: 2 }, { position: "right", min: 0, tickDecimals: 2 } ]
		 	});

		 	placeholder.resize();

		 	<?php if( version_compare( $woocommerce->version, '2.1-beta-1', "<" ) && function_exists( 'woocommerce_tooltip_js' ) ) { woocommerce_tooltip_js(); } ?>
		});
	</script>
	<?php
}


/**
 * Sales report for each vendor
 *
 * @since       1.0.0
 * @return      void
 */
function printcenter_product_vendors_report_vendor_sales() {
	global $wpdb, $woocommerce;
function myFunction($a, $b) {
    // Do something
}

	$chosen_product_ids = $vendor_id = $vendor = false;

	if( isset( $_POST['vendor'] ) && ! empty( $_POST['vendor'] ) ) {
		$vendor_id = $_POST['vendor'];
		$vendor    = printcenter_get_vendor( $vendor_id );
		$products  = printcenter_get_vendor_products( $vendor_id );

		foreach( $products as $product ) {
			$chosen_product_ids[] = $product->ID;
		}
	}

	if( $vendor_id && $vendor ) {
		$option = '<option value="' . $vendor_id. '" selected="selected">' . $vendor->title . '</option>';
	} else {
		$option = '<option></option>';
	}

	?>
	<form method="post" action="">
		<p><select id="vendor" name="vendor" class="ajax_chosen_select_vendor" data-placeholder="<?php _e( 'Search for a vendor&hellip;', 'woo_vendors' ); ?>" style="width: 400px;"><?php echo $option; ?></select> <input type="submit" style="vertical-align: top;" class="button" value="<?php _e( 'Show', 'woocommerce' ); ?>" /></p>
		<script type="text/javascript">
			jQuery(function(){

				// Ajax Chosen Vendor Selectors
				jQuery('select.ajax_chosen_select_vendor').ajaxChosen({
					method: 		'GET',
					url: 			'<?php echo admin_url( "admin-ajax.php" ); ?>',
					dataType: 		'json',
					afterTypeDelay: 100,
					minTermLength: 	1,
					data:		{
						action: 	'printcenter_json_search_vendors',
						security: 	'<?php echo wp_create_nonce( "search-vendors" ); ?>'
					}
				}, function (data) {
					var terms = {};

					jQuery.each(data, function (i, val) {
						terms[i] = val;
					});

					return terms;
				});
			});
		</script>
	</form>
	<?php
	if( $chosen_product_ids && is_array( $chosen_product_ids ) ) {
		$start_date            = date( 'Ym', strtotime( '-12 MONTHS', current_time('timestamp') ) ) . '01';
		$end_date              = date( 'Ymd', current_time( 'timestamp' ) );
		$max_sales             = $max_totals = 0;
		$product_sales         = $product_totals = array();
		$chosen_product_titles = array();
		$children_ids          = array();

		foreach( $chosen_product_ids as $product_id ) {
			$children                = (array) get_posts( 'post_parent=' . $product_id . '&fields=ids&post_status=any&numberposts=-1' );
			$children_ids            = $children_ids + $children;
			$chosen_product_titles[] = get_the_title( $product_id );
		}

		// Get order items
		if( version_compare( WC()->version, 2.2, ">=" ) ) {
			$order_items = apply_filters( 'woocommerce_reports_product_sales_order_items', $wpdb->get_results( "
				SELECT order_item_meta_2.meta_value as product_id, posts.post_date, SUM( order_item_meta.meta_value ) as item_quantity, SUM( order_item_meta_3.meta_value ) as line_total
				FROM {$wpdb->prefix}woocommerce_order_items as order_items

				LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta ON order_items.order_item_id = order_item_meta.order_item_id
				LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_2 ON order_items.order_item_id = order_item_meta_2.order_item_id
				LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_3 ON order_items.order_item_id = order_item_meta_3.order_item_id
				LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID

				WHERE 	posts.post_type 	= 'shop_order'
				AND     posts.post_status   IN ( '" . implode( "','", array( 'wc-completed', 'wc-processing', 'wc-on-hold' ) ) . "' )
				AND 	order_item_meta_2.meta_value IN ('" . implode( "','", array_merge( $chosen_product_ids, $children_ids ) ) . "')
				AND 	order_items.order_item_type = 'line_item'
				AND 	order_item_meta.meta_key = '_qty'
				AND 	order_item_meta_2.meta_key = '_product_id'
				AND 	order_item_meta_3.meta_key = '_line_total'
				GROUP BY order_items.order_id
				ORDER BY posts.post_date ASC
			" ), array_merge( $chosen_product_ids, $children_ids ) );
		} else {
			$order_items = apply_filters( 'woocommerce_reports_product_sales_order_items', $wpdb->get_results( "
				SELECT order_item_meta_2.meta_value as product_id, posts.post_date, SUM( order_item_meta.meta_value ) as item_quantity, SUM( order_item_meta_3.meta_value ) as line_total
				FROM {$wpdb->prefix}woocommerce_order_items as order_items

				LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta ON order_items.order_item_id = order_item_meta.order_item_id
				LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_2 ON order_items.order_item_id = order_item_meta_2.order_item_id
				LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_3 ON order_items.order_item_id = order_item_meta_3.order_item_id
				LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID
				LEFT JOIN {$wpdb->term_relationships} AS rel ON posts.ID = rel.object_ID
				LEFT JOIN {$wpdb->term_taxonomy} AS tax USING( term_taxonomy_id )
				LEFT JOIN {$wpdb->terms} AS term USING( term_id )

				WHERE 	posts.post_type 	= 'shop_order'
				AND 	order_item_meta_2.meta_value IN ('" . implode( "','", array_merge( $chosen_product_ids, $children_ids ) ) . "')
				AND 	posts.post_status 	= 'publish'
				AND 	tax.taxonomy		= 'shop_order_status'
				AND		term.slug			IN ('" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "')
				AND 	order_items.order_item_type = 'line_item'
				AND 	order_item_meta.meta_key = '_qty'
				AND 	order_item_meta_2.meta_key = '_product_id'
				AND 	order_item_meta_3.meta_key = '_line_total'
				GROUP BY order_items.order_id
				ORDER BY posts.post_date ASC
			" ), array_merge( $chosen_product_ids, $children_ids ) );
		}

		$found_products = array();

		if( $order_items ) {
			foreach( $order_items as $order_item ) {
				if( $order_item->line_total == 0 && $order_item->item_quantity == 0 ) {
					continue;
				}

				$date                    = date( 'Ym', strtotime( $order_item->post_date ) );
				$comm_percent            = printcenter_get_commission_percent( $order_item->product_id, $vendor_id );
				$vendor_earnings         = $order_item->line_total * ( $comm_percent / 100 );
				$product_sales[ $date ]  = isset( $product_sales[ $date ] ) ? $product_sales[ $date ] + $order_item->item_quantity : $order_item->item_quantity;
				$product_totals[ $date ] = isset( $product_totals[ $date ] ) ? $product_totals[ $date ] + $vendor_earnings : $vendor_earnings;

				if ( $product_sales[ $date ] > $max_sales ) {
					$max_sales = $product_sales[ $date ];
				}

				if ( $product_totals[ $date ] > $max_totals ) {
					$max_totals = $product_totals[ $date ];
				}
			}
		}
		?>
		<h4><?php printf( __( 'Sales and earnings for %s:', 'printcenter' ), $vendor->title ); ?></h4>
		<table class="bar_chart">
			<thead>
				<tr>
					<th><?php _e( 'Month', 'printcenter' ); ?></th>
					<th colspan="2"><?php _e( 'Sales', 'printcenter' ); ?></th>
				</tr>
			</thead>
			<tbody>
				<?php
					if( sizeof( $product_sales ) > 0 ) {
						foreach( $product_sales as $date => $sales ) {
							$width       = ($sales>0) ? (round($sales) / round($max_sales)) * 100 : 0;
							$width2      = ($product_totals[$date]>0) ? (round($product_totals[$date]) / round($max_totals)) * 100 : 0;
							$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=' . urlencode( implode( ' ', $chosen_product_titles ) ) . '&m=' . date( 'Ym', strtotime( $date . '01' ) ) . '&shop_order_status=' . implode( ",", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) );
							$orders_link = apply_filters( 'woocommerce_reports_order_link', $orders_link, $chosen_product_ids, $chosen_product_titles );

							echo '<tr><th><a href="' . esc_url( $orders_link ) . '">' . date_i18n( 'F', strtotime( $date . '01' ) ) . '</a></th>
							<td width="1%"><span>' . esc_html( $sales ) . '</span><span class="alt">' . woocommerce_price( $product_totals[ $date ] ) . '</span></td>
							<td class="bars">
								<span style="width:' . esc_attr( $width ) . '%">&nbsp;</span>
								<span class="alt" style="width:' . esc_attr( $width2 ) . '%">&nbsp;</span>
							</td></tr>';
						}
					} else {
						echo '<tr><td colspan="3">' . __( 'No sales', 'woocommerce' ) . '</td></tr>';
					}
				?>
			</tbody>
		</table>
		<?php
	}
}

Issues (130)

Security Analysis not enabled

includes/vendors/reports.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Available Fixes

1. Pass all data via parameters

2. Create a class that maintains your state

1			<?php
			0 ignored issues – show Coding Style Compatibility introduced 2017-07-13 13:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 22 and the first side effect is on line 12. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			/**
3			* Vendor reports
4			*
5			* @package PrintCenter\Vendor\Reports
6			* @since 1.0.0
7			*/
8
9
10			// Exit if accessed directly
11			if( ! defined( 'ABSPATH' ) ) {
12			exit;
13			}
14
15
16			/**
17			* Vendor sales overview report
18			*
19			* @since 1.0.0
20			* @return void
21			*/
22			function printcenter_product_vendors_report_overview() {
23			global $start_date, $end_date, $woocommerce, $wp_locale;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
24
25			$args = array(
26			'post_type' => 'shop_order',
27			'meta_query' => array(
28			array(
29			'key' => '_commissions_processed',
30			'value' => 'yes',
31			'compare' => '='
32			)
33			),
34			'posts_per_page' => -1
35			);
36
37			if( version_compare( WC()->version, 2.2, ">=" ) ) {
38			$args['post_status'] = array_keys( wc_get_order_statuses() );
39			}
40
41			$orders = get_posts( $args );
42			$total_sales = $total_orders = $total_earnings = $total_vendor_earnings = 0;
43
44			foreach( $orders as $order ) {
45			$order_obj = new WC_Order( $order->ID );
46			$items = $order_obj->get_items( 'line_item' );
47			$product_vendor_earnings = 0;
48
49			foreach( $items as $item_id => $item ) {
50			$product_id = $order_obj->get_item_meta( $item_id, '_product_id', true );
51			$line_total = $order_obj->get_item_meta( $item_id, '_line_total', true );
52
53			if( $product_id && $line_total ) {
54			$product_vendors = printcenter_get_product_vendors( $product_id );
55
56			if( $product_vendors ) {
57			$total_sales += $line_total;
58
59			foreach( $product_vendors as $vendor ) {
			0 ignored issues – show Bug introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$product_vendors` of type `boolean` is not traversable. Loading history...
60			$comm_percent = printcenter_get_commission_percent( $product_id, $vendor->ID );
61
62			if( $comm_percent && $comm_percent > 0 ) {
63			$comm_amount = (int) $line_total * ( $comm_percent / 100 );
64			$product_vendor_earnings += $comm_amount;
65			$total_vendor_earnings += $comm_amount;
66			}
67			}
68
69			$earnings = ( $line_total - $total_vendor_earnings );
70			$total_earnings += $earnings;
71			}
72			}
73			}
74
75			++$total_orders;
76			}
77			?>
78			<div id="poststuff" class="woocommerce-reports-wrap">
79			<div class="woocommerce-reports-sidebar">
80			<div class="postbox">
81			<h3><span><?php _e( 'Total sales', 'printcenter' ); ?></span></h3>
82			<div class="inside">
83			<p class="stat"><?php if( $total_sales > 0 ) { echo woocommerce_price( $total_sales ); } else { _e( 'n/a', 'printcenter' ); } ?></p>
84			</div>
85			</div>
86			<div class="postbox">
87			<h3><span><?php _e( 'Total orders', 'printcenter' ); ?></span></h3>
88			<div class="inside">
89			<p class="stat"><?php if( $total_orders > 0 ) { echo $total_orders; } else { _e( 'n/a', 'printcenter' ); } ?></p>
90			</div>
91			</div>
92			<div class="postbox">
93			<h3><span><?php _e( 'Average order total', 'printcenter' ); ?></span></h3>
94			<div class="inside">
95			<p class="stat"><?php if( $total_orders > 0 ) { echo woocommerce_price( $total_sales / $total_orders ); } else { _e( 'n/a', 'woocommerce' ); } ?></p>
96			</div>
97			</div>
98			<div class="postbox">
99			<h3><span><?php _e( 'Total earned', 'printcenter' ); ?></span></h3>
100			<div class="inside">
101			<p class="stat"><?php if( $total_earnings > 0 ) { echo woocommerce_price( $total_earnings ); } else { _e( 'n/a', 'woocommerce' ); } ?></p>
102			</div>
103			</div>
104			<div class="postbox">
105			<h3><span><?php _e( 'Total earned by vendors', 'printcenter' ); ?></span></h3>
106			<div class="inside">
107			<p class="stat"><?php if( $total_vendor_earnings > 0 ) { echo woocommerce_price( $total_vendor_earnings ); } else { _e( 'n/a', 'woocommerce' ); } ?></p>
108			</div>
109			</div>
110			</div>
111			<div class="woocommerce-reports-main">
112			<div class="postbox">
113			<h3><span><?php _e( 'This month\'s sales', 'printcenter' ); ?></span></h3>
114			<div class="inside chart">
115			<div id="placeholder" style="width:100%; overflow:hidden; height:568px; position:relative;"></div>
116			<div id="cart_legend"></div>
117			</div>
118			</div>
119			</div>
120			</div>
121			<?php
122
123			$chart_data = array();
124			$start_date = strtotime( date('Ymd', strtotime( date('Ym', current_time('timestamp') ) . '01' ) ) );
125			$end_date = strtotime( date('Ymd', current_time( 'timestamp' ) ) );
126
127			for( $date = $start_date; $date <= $end_date; $date = strtotime( '+1 day', $date ) ) {
128			$year = date( 'Y', $date );
129			$month = date( 'n', $date );
130			$day = date( 'j', $date );
131			$total_vendor_earnings = $total_earnings = $order_count = $day_total_vendors = $day_total = 0;
132
133			$args = array(
134			'post_type' => 'shop_order',
135			'posts_per_page' => -1,
136			'meta_query' => array(
137			array(
138			'key' => '_commissions_processed',
139			'value' => 'yes',
140			'compare' => '='
141			)
142			),
143			'year' => $year,
144			'monthnum' => $month,
145			'day' => $day,
146			'orderby' => 'date',
147			'order' => 'ASC'
148			);
149
150			if( version_compare( WC()->version, 2.2, ">=" ) ) {
151			$args['post_status'] = array_keys( wc_get_order_statuses() );
152			}
153
154			$qry = new WP_Query( $args );
155
156			$total_vendor_earnings = $total_earnings = 0;
157
158			if( $qry->have_posts() ) {
159			while( $qry->have_posts() ) {
160			$qry->the_post();
161			$order = new WC_Order( get_the_ID() );
162			$items = $order_obj->get_items( 'line_item' );
			0 ignored issues – show Bug introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$order_obj` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
163
164			foreach( $items as $item_id => $item ) {
165			$product_id = $order_obj->get_item_meta( $item_id, '_product_id', true );
166			$line_total = $order_obj->get_item_meta( $item_id, '_line_total', true );
167
168			if( $product_id && $line_total ) {
169			$product_vendors = printcenter_get_product_vendors( $product_id );
170
171			if( $product_vendors ) {
172			foreach( $product_vendors as $vendor ) {
			0 ignored issues – show Bug introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$product_vendors` of type `boolean` is not traversable. Loading history...
173			$comm_percent = printcenter_get_commission_percent( $product_id, $vendor->ID );
174
175			if( $comm_percent && $comm_percent > 0 ) {
176			$comm_amount = (int) $line_total * ( $comm_percent / 100 );
177			$total_vendor_earnings += $comm_amount;
178			}
179			}
180
181			$earnings = ( $line_total - $total_vendor_earnings );
182			$total_earnings += $earnings;
183			}
184			}
185			}
186
187			$day_total += $total_earnings;
188			$day_total_vendors += $total_vendor_earnings;
189			++$order_count;
190			}
191			}
192
193			wp_reset_postdata();
194
195			$chart_data[ __( 'Total earned', 'printcenter' ) ][] = array(
196			$date . '000',
197			$day_total
198			);
199
200			$chart_data[ __( 'Total earned by vendors', 'printcenter' ) ][] = array(
201			$date . '000',
202			$day_total_vendors
203			);
204
205			$chart_data[ __( 'Number of orders', 'printcenter' ) ][] = array(
206			$date . '000',
207			$order_count
208			);
209			}
210
211			?>
212			<script type="text/javascript">
213			jQuery(function(){
214
215			<?php
216			// Variables
217			foreach ( $chart_data as $name => $data ) {
218			$varname = str_replace( '-', '_', sanitize_title( $name ) ) . '_data';
219			echo 'var ' . $varname . ' = jQuery.parseJSON( \'' . json_encode( $data ) . '\' );';
220			}
221			?>
222
223			var placeholder = jQuery("#placeholder");
224
225			var plot = jQuery.plot(placeholder, [
226			<?php
227			$labels = array();
228
229			foreach ( $chart_data as $name => $data ) {
230			if( $name == __( 'Number of orders', 'printcenter' ) ) {
231			$labels[] = '{ label: "' . esc_js( $name ) . '", data: ' . str_replace( '-', '_', sanitize_title( $name ) ) . '_data, yaxis: 2 }';
232			} else {
233			$labels[] = '{ label: "' . esc_js( $name ) . '", data: ' . str_replace( '-', '_', sanitize_title( $name ) ) . '_data }';
234			}
235			}
236
237			echo implode( ',', $labels );
238			?>
239			], {
240			legend: {
241			container: jQuery('#cart_legend'),
242			noColumns: 2
243			},
244			series: {
245			lines: { show: true, fill: true },
246			points: { show: true }
247			},
248			grid: {
249			show: true,
250			aboveData: false,
251			color: '#aaa',
252			backgroundColor: '#fff',
253			borderWidth: 2,
254			borderColor: '#aaa',
255			clickable: false,
256			hoverable: true
257			},
258			xaxis: {
259			mode: "time",
260			timeformat: "%d %b %y",
261			monthNames: <?php echo json_encode( array_values( $wp_locale->month_abbrev ) ) ?>,
262			tickLength: 1,
263			minTickSize: [1, "day"]
264			},
265			yaxes: [ { min: 0, tickSize: 10, tickDecimals: 2 }, { position: "right", min: 0, tickDecimals: 2 } ]
266			});
267
268			placeholder.resize();
269
270			<?php if( version_compare( $woocommerce->version, '2.1-beta-1', "<" ) && function_exists( 'woocommerce_tooltip_js' ) ) { woocommerce_tooltip_js(); } ?>
271			});
272			</script>
273			<?php
274			}
275
276
277			/**
278			* Sales report for each vendor
279			*
280			* @since 1.0.0
281			* @return void
282			*/
283			function printcenter_product_vendors_report_vendor_sales() {
284			global $wpdb, $woocommerce;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-10 04:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
285
286			$chosen_product_ids = $vendor_id = $vendor = false;
287
288			if( isset( $_POST['vendor'] ) && ! empty( $_POST['vendor'] ) ) {
289			$vendor_id = $_POST['vendor'];
290			$vendor = printcenter_get_vendor( $vendor_id );
291			$products = printcenter_get_vendor_products( $vendor_id );
292
293			foreach( $products as $product ) {
294			$chosen_product_ids[] = $product->ID;
295			}
296			}
297
298			if( $vendor_id && $vendor ) {
299			$option = '<option value="' . $vendor_id. '" selected="selected">' . $vendor->title . '</option>';
300			} else {
301			$option = '<option></option>';
302			}
303
304			?>
305			<form method="post" action="">
306			<p><select id="vendor" name="vendor" class="ajax_chosen_select_vendor" data-placeholder="<?php _e( 'Search for a vendor…', 'woo_vendors' ); ?>" style="width: 400px;"><?php echo $option; ?></select> <input type="submit" style="vertical-align: top;" class="button" value="<?php _e( 'Show', 'woocommerce' ); ?>" /></p>
307			<script type="text/javascript">
308			jQuery(function(){
309
310			// Ajax Chosen Vendor Selectors
311			jQuery('select.ajax_chosen_select_vendor').ajaxChosen({
312			method: 'GET',
313			url: '<?php echo admin_url( "admin-ajax.php" ); ?>',
314			dataType: 'json',
315			afterTypeDelay: 100,
316			minTermLength: 1,
317			data: {
318			action: 'printcenter_json_search_vendors',
319			security: '<?php echo wp_create_nonce( "search-vendors" ); ?>'
320			}
321			}, function (data) {
322			var terms = {};
323
324			jQuery.each(data, function (i, val) {
325			terms[i] = val;
326			});
327
328			return terms;
329			});
330			});
331			</script>
332			</form>
333			<?php
334			if( $chosen_product_ids && is_array( $chosen_product_ids ) ) {
335			$start_date = date( 'Ym', strtotime( '-12 MONTHS', current_time('timestamp') ) ) . '01';
336			$end_date = date( 'Ymd', current_time( 'timestamp' ) );
337			$max_sales = $max_totals = 0;
338			$product_sales = $product_totals = array();
339			$chosen_product_titles = array();
340			$children_ids = array();
341
342			foreach( $chosen_product_ids as $product_id ) {
343			$children = (array) get_posts( 'post_parent=' . $product_id . '&fields=ids&post_status=any&numberposts=-1' );
344			$children_ids = $children_ids + $children;
345			$chosen_product_titles[] = get_the_title( $product_id );
346			}
347
348			// Get order items
349			if( version_compare( WC()->version, 2.2, ">=" ) ) {
350			$order_items = apply_filters( 'woocommerce_reports_product_sales_order_items', $wpdb->get_results( "
351			SELECT order_item_meta_2.meta_value as product_id, posts.post_date, SUM( order_item_meta.meta_value ) as item_quantity, SUM( order_item_meta_3.meta_value ) as line_total
352			FROM {$wpdb->prefix}woocommerce_order_items as order_items
353
354			LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta ON order_items.order_item_id = order_item_meta.order_item_id
355			LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_2 ON order_items.order_item_id = order_item_meta_2.order_item_id
356			LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_3 ON order_items.order_item_id = order_item_meta_3.order_item_id
357			LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID
358
359			WHERE posts.post_type = 'shop_order'
360			AND posts.post_status IN ( '" . implode( "','", array( 'wc-completed', 'wc-processing', 'wc-on-hold' ) ) . "' )
361			AND order_item_meta_2.meta_value IN ('" . implode( "','", array_merge( $chosen_product_ids, $children_ids ) ) . "')
362			AND order_items.order_item_type = 'line_item'
363			AND order_item_meta.meta_key = '_qty'
364			AND order_item_meta_2.meta_key = '_product_id'
365			AND order_item_meta_3.meta_key = '_line_total'
366			GROUP BY order_items.order_id
367			ORDER BY posts.post_date ASC
368			" ), array_merge( $chosen_product_ids, $children_ids ) );
369			} else {
370			$order_items = apply_filters( 'woocommerce_reports_product_sales_order_items', $wpdb->get_results( "
371			SELECT order_item_meta_2.meta_value as product_id, posts.post_date, SUM( order_item_meta.meta_value ) as item_quantity, SUM( order_item_meta_3.meta_value ) as line_total
372			FROM {$wpdb->prefix}woocommerce_order_items as order_items
373
374			LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta ON order_items.order_item_id = order_item_meta.order_item_id
375			LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_2 ON order_items.order_item_id = order_item_meta_2.order_item_id
376			LEFT JOIN {$wpdb->prefix}woocommerce_order_itemmeta as order_item_meta_3 ON order_items.order_item_id = order_item_meta_3.order_item_id
377			LEFT JOIN {$wpdb->posts} AS posts ON order_items.order_id = posts.ID
378			LEFT JOIN {$wpdb->term_relationships} AS rel ON posts.ID = rel.object_ID
379			LEFT JOIN {$wpdb->term_taxonomy} AS tax USING( term_taxonomy_id )
380			LEFT JOIN {$wpdb->terms} AS term USING( term_id )
381
382			WHERE posts.post_type = 'shop_order'
383			AND order_item_meta_2.meta_value IN ('" . implode( "','", array_merge( $chosen_product_ids, $children_ids ) ) . "')
384			AND posts.post_status = 'publish'
385			AND tax.taxonomy = 'shop_order_status'
386			AND term.slug IN ('" . implode( "','", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) . "')
387			AND order_items.order_item_type = 'line_item'
388			AND order_item_meta.meta_key = '_qty'
389			AND order_item_meta_2.meta_key = '_product_id'
390			AND order_item_meta_3.meta_key = '_line_total'
391			GROUP BY order_items.order_id
392			ORDER BY posts.post_date ASC
393			" ), array_merge( $chosen_product_ids, $children_ids ) );
394			}
395
396			$found_products = array();
397
398			if( $order_items ) {
399			foreach( $order_items as $order_item ) {
400			if( $order_item->line_total == 0 && $order_item->item_quantity == 0 ) {
401			continue;
402			}
403
404			$date = date( 'Ym', strtotime( $order_item->post_date ) );
405			$comm_percent = printcenter_get_commission_percent( $order_item->product_id, $vendor_id );
406			$vendor_earnings = $order_item->line_total * ( $comm_percent / 100 );
407			$product_sales[ $date ] = isset( $product_sales[ $date ] ) ? $product_sales[ $date ] + $order_item->item_quantity : $order_item->item_quantity;
408			$product_totals[ $date ] = isset( $product_totals[ $date ] ) ? $product_totals[ $date ] + $vendor_earnings : $vendor_earnings;
409
410			if ( $product_sales[ $date ] > $max_sales ) {
411			$max_sales = $product_sales[ $date ];
412			}
413
414			if ( $product_totals[ $date ] > $max_totals ) {
415			$max_totals = $product_totals[ $date ];
416			}
417			}
418			}
419			?>
420			<h4><?php printf( __( 'Sales and earnings for %s:', 'printcenter' ), $vendor->title ); ?></h4>
421			<table class="bar_chart">
422			<thead>
423			<tr>
424			<th><?php _e( 'Month', 'printcenter' ); ?></th>
425			<th colspan="2"><?php _e( 'Sales', 'printcenter' ); ?></th>
426			</tr>
427			</thead>
428			<tbody>
429			<?php
430			if( sizeof( $product_sales ) > 0 ) {
431			foreach( $product_sales as $date => $sales ) {
432			$width = ($sales>0) ? (round($sales) / round($max_sales)) * 100 : 0;
433			$width2 = ($product_totals[$date]>0) ? (round($product_totals[$date]) / round($max_totals)) * 100 : 0;
434			$orders_link = admin_url( 'edit.php?s&post_status=all&post_type=shop_order&action=-1&s=' . urlencode( implode( ' ', $chosen_product_titles ) ) . '&m=' . date( 'Ym', strtotime( $date . '01' ) ) . '&shop_order_status=' . implode( ",", apply_filters( 'woocommerce_reports_order_statuses', array( 'completed', 'processing', 'on-hold' ) ) ) );
435			$orders_link = apply_filters( 'woocommerce_reports_order_link', $orders_link, $chosen_product_ids, $chosen_product_titles );
436
437			echo '<tr><th><a href="' . esc_url( $orders_link ) . '">' . date_i18n( 'F', strtotime( $date . '01' ) ) . '</a></th>
438			<td width="1%"><span>' . esc_html( $sales ) . '</span><span class="alt">' . woocommerce_price( $product_totals[ $date ] ) . '</span></td>
439			<td class="bars">
440			<span style="width:' . esc_attr( $width ) . '%"> </span>
441			<span class="alt" style="width:' . esc_attr( $width2 ) . '%"> </span>
442			</td></tr>';
443			}
444			} else {
445			echo '<tr><td colspan="3">' . __( 'No sales', 'woocommerce' ) . '</td></tr>';
446			}
447			?>
448			</tbody>
449			</table>
450			<?php
451			}
452			}

Section214 / PrintCenter

Issues (130)

Security Analysis not enabled

includes/vendors/reports.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Available Fixes

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like