Issues in functions-ajax.php (master) - Issues in master - ThemeAvenue/BetterOptin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (103)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/functions-ajax.php (4 issues)

Labels

Severity

Major 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * BetterOptin Ajax
 *
 * @package   BetterOptin/Ajax
 * @author    ThemeAvenue <[email protected]>
 * @license   GPL-2.0+
 * @link      http://themeavenue.net
 * @copyright 2015 ThemeAvenue
 */

// If this file is called directly, abort.
if ( ! defined( 'WPINC' ) ) {
	die;
}

add_action( 'wp_ajax_wpbo_check_page_availability', 'wpbo_check_page_availability' );
/**
 * Check page availability.
 *
 * When the user adds a new page where the current popup should be triggered,
 * we check if the page is not already used by another popup.
 *
 * As we can't have 2 popups on one page, we only want to keep one popup per page. Hence,
 * we tell the user that the page he just selected
 *
 * @return string
 */
function wpbo_check_page_availability() {

	$current_id = isset( $_POST['current_id'] ) ? $_POST['current_id'] : false; // The current post ID (popup currently being edited)
	$selected   = isset( $_POST['selected_all'] ) ? explode( ',', $_POST['selected_all'] ) : array(); // All selected items
	$messages   = '0'; // Default string to return

	if ( is_array( $selected ) && count( $selected ) > 0 && false !== $current_id ) {

		$relationships = get_option( 'wpbo_popup_relationships', array() );

		foreach ( $selected as $post_id ) {

			if ( array_key_exists( $post_id, $relationships ) && $current_id != $relationships[ $post_id ] ) {

				/* Page details */
				$post  = get_post( $post_id );
				$title = $post->post_title;

				/* Popup details */
				$popup  = get_post( $relationships[ $post_id ] );
				$ptitle = $popup->post_title;
				$plink  = add_query_arg( array( 'post' => $popup->ID, 'action' => 'edit' ), admin_url( 'post.php' ) );

				$msg = '<p>';
				$msg .= sprintf( __( 'The page %s (#%s) is already used by the popup <a href="%s" target="_blank">%s</a> (#%s).', 'betteroptin' ), "<strong><em>$title</em></strong>", $post_id, $plink, $ptitle, $popup->ID );
				$msg .= '</p>';

				/* Convert $messages into an array when there is at least one warning message to save */
				if ( ! is_array( $messages ) ) {
					$messages = array();
				}

				array_push( $messages, $msg );
			}

		}

	}

	/* Convert the possible messages to string before we return it */
	if ( is_array( $messages ) ) {

		/* Explain what's going to happen next */
		array_push( $messages, '<p><em>' . __( 'TIP: If you keep the conflicting page(s) selected, they will be removed from the other popup(s).', 'betteroptin' ) . '</em></p>' );

		/* Convert to string */
		$messages = implode( '', $messages );
	}

	echo $messages;
	die();

}

add_action( 'wp_ajax_wpbo_get_graph_data', 'wpbo_get_graph_data' );
/**
 * Retrieve data to feed the graph.
 *
 * @since  1.0.0
 * @return string Records encoded in JSON
 */
function wpbo_get_graph_data() {

	$query     = array( 'data_type' => 'any', 'limit' => - 1 );
	$timeframe = unserialize( stripslashes( $_POST['wpbo_analytics_time'] ) );
	$popup     = isset( $_POST['wpbo_analytics_popup'] ) ? $_POST['wpbo_analytics_popup'] : 'all';
	$period    = isset( $_POST['wpbo_analytics_period'] ) ? $_POST['wpbo_analytics_period'] : 'today';

	/* Set the period */
	$query['period'] = $timeframe;

	/* Select the popup */
	if ( 'all' != $popup ) {
		$query['popup_id'] = intval( $popup );
	}

	/* Separate impressions and conversions */
	$query_i              = $query;
	$query_i['data_type'] = 'impression';

	$query_c              = $query;
	$query_c['data_type'] = 'conversion';

	/* Get the datas */
	$impressions = wpbo_db_get_datas( $query_i, 'OBJECT' );
	$conversions = wpbo_db_get_datas( $query_c, 'OBJECT' );

	/* Set the scale */
	$scale = date( 'Y-m-d' );

	switch ( $period ):

		case 'today':
			$scale       = 'Y-m-d H:00:00';
			$timeformat  = '%d/%b';
			$minticksize = array( 1, 'hour' );
			$min         = strtotime( date( 'Y-m-d 00:00:00' ) );
			$max         = strtotime( date( 'Y-m-d 23:59:59' ) );
			break;

		case 'this_week':
			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%a';
			$minticksize = array( 1, 'day' );
			$min         = strtotime( 'last monday' );
			$max         = strtotime( 'next sunday' );
			break;

		case 'last_week':
			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%a';
			$minticksize = array( 1, 'day' );
			$min         = strtotime( 'last monday -7 days' );
			$max         = strtotime( 'next sunday -7 days' );
			break;

		case 'this_month':
			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%a';
			$minticksize = array( 1, 'day' );
			$min         = strtotime( 'first day of this month' );
			$max         = strtotime( 'last day of this month' );
			break;

		case 'last_month':
			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%a';
			$minticksize = array( 1, 'day' );
			$min         = strtotime( 'first day of last month' );
			$max         = strtotime( 'last day of last month' );
			break;

		case 'this_quarter':

			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%b';
			$minticksize = array( 1, 'month' );
			$quarters    = array( 1, 4, 7, 10 );
			$month       = intval( date( 'm' ) );

			if ( in_array( $month, $quarters ) ) {
				$current = date( 'Y-m-d', time() );
			} else {

				/* Get first month of this quarter */
				while ( ! in_array( $month, $quarters ) ) {
					$month = $month - 1;
				}

				$current = date( 'Y' ) . '-' . $month . '-' . '01';

			}

			$current = strtotime( $current );
			$min     = strtotime( 'first day of this month', $current );
			$max     = strtotime( 'last day of this month', strtotime( '+2 months', $current ) );

			break;

		case 'last_quarter':

			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%b';
			$minticksize = array( 1, 'month' );
			$quarters    = array( 1, 4, 7, 10 );
			$month       = intval( date( 'm' ) ) - 3;
			$rewind      = false;

			if ( in_array( $month, $quarters ) ) {
				$current = date( 'Y-m-d', time() );
			} else {

				/* Get first month of this quarter */
				while ( ! in_array( $month, $quarters ) ) {

					$month = $month - 1;

					/* Rewind to last year after we passed January */
					if ( 0 === $month ) {
						$month = 12;
					}
				}

				$current = date( 'Y' ) . '-' . $month . '-' . '01';

			}

			/* Set the theorical current date */
			$current = false === $rewind ? strtotime( $current ) : strtotime( '-1 year', $current );
			$min     = strtotime( 'first day of this month', $current );
			$max     = strtotime( 'last day of this month', strtotime( '+2 months', $current ) );

			break;

		case 'this_year':
			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%b';
			$minticksize = array( 1, 'month' );
			$min         = strtotime( 'first day of January', time() );
			$max         = strtotime( 'last day of December', time() );
			break;

		case 'last_year':
			$scale       = 'Y-m-d 00:00:00';
			$timeformat  = '%b';
			$minticksize = array( 1, 'month' );
			$min         = strtotime( 'first day of January last year', time() );
			$max         = strtotime( 'last day of December last year', time() );
			break;

	endswitch;

	/* Propare global array */
	$datas = array(
		'impressionsData' => array(
			'label' => __( 'Impressions', 'betteroptin' ),
			'id'    => 'impressions',
			'data'  => array()
		),
		'conversionsData' => array(
			'label' => __( 'Conversions', 'betteroptin' ),
			'id'    => 'conversions',
			'data'  => array()
		),
		'scale'           => array(
			'minTickSize' => $minticksize,
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
			'timeformat'  => $timeformat
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
		),
		'min'             => $min * 1000,
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
		'max'             => $max * 1000
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
	);

	/* Get the count on the scaled timestamp */
	$imp_array = wpbo_array_merge_combine( $impressions, $scale );
	$con_array = wpbo_array_merge_combine( $conversions, $scale );

	// Get a complete data array for the given timeframe (meaning there is a value for evey single time point)
	$increment = "$minticksize[0] $minticksize[1]"; // Increment formatted to be used in strtotime()
	$imp_array = wpbo_fill_hits_period( $imp_array, $min, $max, $increment, $scale );
	$con_array = wpbo_fill_hits_period( $con_array, $min, $max, $increment, $scale );

	/* Add the hits to datas array */
	$datas['impressionsData']['data'] = $imp_array;
	$datas['conversionsData']['data'] = $con_array;

	/* Return results to script */
	echo json_encode( $datas );
	die();

}

add_action( 'wp_ajax_wpbo_tour_completed', 'wpbo_tour_completed' );
/**
 * Dismiss Customizer Tour
 *
 * Mark the tour as completed in the user profile
 * if the tour is actually completed or if the user
 * closes the popup window.
 *
 * @since  1.0.0
 * @return integer|boolean Row ID on successful update, false on failure
 */
function wpbo_tour_completed() {

	$user_id = get_current_user_id();

	/* Make sure we have a user */
	if ( 0 === $user_id ) {
		return false;
	}

	/* Get dismissed pointers */
	$dismissed = get_user_meta( $user_id, 'dismissed_wp_pointers', true );
	$pointers  = explode( ',', $dismissed );

	/* Add ours */
	if ( ! in_array( 'wpbo_tour', $pointers ) ) {
		array_push( $pointers, 'wpbo_tour' );
	}

	/* Update the dismissed pointers for this user */
	$update = update_user_meta( $user_id, 'dismissed_wp_pointers', implode( ',', $pointers ), $dismissed );

	echo $update;
	die;

}

add_action( 'wp_ajax_wpbo_get_doc', 'wpbo_get_documentation' );
/**
 * Get plugin documentation.
 *
 * Use the JSON API to get the doc from
 * http://support.themeavenue.net
 *
 * @since  1.0.0
 * @return string Documentation page content
 */
function wpbo_get_documentation() {

	$doc = get_transient( 'wpbo_documentation' );

	if ( false === $doc ) {

		$post_id  = 91149;
		$route    = 'https://betteropt.in/wp-json/wp/v2/pages/';
		$response = wp_remote_get( $route . $post_id );

		if ( 200 === $response['response']['code'] ) {

			$doc = wp_remote_retrieve_body( $response );
			$doc = json_decode( $doc );
			$doc = $doc->content->rendered;
			set_transient( 'wpbo_documentation', $doc, 60 * 60 * 72 );

		}

	}

	if ( false === $doc ) {
		printf( __( 'Oops! We were unable to fetch the documentation from our support site. Please <a href="%s" target="_blank">click here to see the doc on our site</a>.', 'betteroptin' ), esc_url( 'https://betteropt.in/documentation/' ) );
	} else {
		echo $doc;
	}

	die;

}

add_action( 'wp_ajax_wpbo_refresh_doc', 'wpbo_refresh_documentation' );
/**
 * Delete transient options for documentation.
 *
 * @since  2.0.2
 * @return void
 */
function wpbo_refresh_documentation() {

	delete_transient( 'wpbo_documentation' );

	die;

}

add_action( 'wp_ajax_wpbo_new_impression', 'wpbo_new_impression' );
add_action( 'wp_ajax_nopriv_wpbo_new_impression', 'wpbo_new_impression' );
/**
 * Record popup impression.
 *
 * @since  1.0.0
 *
 * @param int $popup_id ID of the popup to increment
 *
 * @return integer Total number of impressions
 */
function wpbo_new_impression( $popup_id = 0 ) {

	if ( empty( $popup_id ) && isset( $_POST['popup_id'] ) ) {
		$popup_id = (int) filter_input( INPUT_POST, 'popup_id', FILTER_SANITIZE_NUMBER_INT );
	}

	if ( 0 === $popup_id || empty( $popup_id ) ) {
		echo 'Incorrect popup ID';
		die();
	}

	if ( ! WPBO_Popup::popup_exists( $popup_id ) ) {
		echo 'Not a popup';
		die();
	}

	$popup = new WPBO_Popup( $popup_id );

	echo $popup->new_impression();
	die();

}

Issues (103)

Security Analysis not enabled

includes/functions-ajax.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

1		<?php
2		/**
3		* BetterOptin Ajax
4		*
5		* @package BetterOptin/Ajax
6		* @author ThemeAvenue <[email protected]>
7		* @license GPL-2.0+
8		* @link http://themeavenue.net
9		* @copyright 2015 ThemeAvenue
10		*/
11
12		// If this file is called directly, abort.
13		if ( ! defined( 'WPINC' ) ) {
14		die;
15		}
16
17		add_action( 'wp_ajax_wpbo_check_page_availability', 'wpbo_check_page_availability' );
18		/**
19		* Check page availability.
20		*
21		* When the user adds a new page where the current popup should be triggered,
22		* we check if the page is not already used by another popup.
23		*
24		* As we can't have 2 popups on one page, we only want to keep one popup per page. Hence,
25		* we tell the user that the page he just selected
26		*
27		* @return string
28		*/
29		function wpbo_check_page_availability() {
30
31		$current_id = isset( $_POST['current_id'] ) ? $_POST['current_id'] : false; // The current post ID (popup currently being edited)
32		$selected = isset( $_POST['selected_all'] ) ? explode( ',', $_POST['selected_all'] ) : array(); // All selected items
33		$messages = '0'; // Default string to return
34
35		if ( is_array( $selected ) && count( $selected ) > 0 && false !== $current_id ) {
36
37		$relationships = get_option( 'wpbo_popup_relationships', array() );
38
39		foreach ( $selected as $post_id ) {
40
41		if ( array_key_exists( $post_id, $relationships ) && $current_id != $relationships[ $post_id ] ) {
42
43		/* Page details */
44		$post = get_post( $post_id );
45		$title = $post->post_title;
46
47		/* Popup details */
48		$popup = get_post( $relationships[ $post_id ] );
49		$ptitle = $popup->post_title;
50		$plink = add_query_arg( array( 'post' => $popup->ID, 'action' => 'edit' ), admin_url( 'post.php' ) );
51
52		$msg = '<p>';
53		$msg .= sprintf( __( 'The page %s (#%s) is already used by the popup <a href="%s" target="_blank">%s</a> (#%s).', 'betteroptin' ), "<strong><em>$title</em></strong>", $post_id, $plink, $ptitle, $popup->ID );
54		$msg .= '</p>';
55
56		/* Convert $messages into an array when there is at least one warning message to save */
57		if ( ! is_array( $messages ) ) {
58		$messages = array();
59		}
60
61		array_push( $messages, $msg );
62		}
63
64		}
65
66		}
67
68		/* Convert the possible messages to string before we return it */
69		if ( is_array( $messages ) ) {
70
71		/* Explain what's going to happen next */
72		array_push( $messages, '<p><em>' . __( 'TIP: If you keep the conflicting page(s) selected, they will be removed from the other popup(s).', 'betteroptin' ) . '</em></p>' );
73
74		/* Convert to string */
75		$messages = implode( '', $messages );
76		}
77
78		echo $messages;
79		die();
80
81		}
82
83		add_action( 'wp_ajax_wpbo_get_graph_data', 'wpbo_get_graph_data' );
84		/**
85		* Retrieve data to feed the graph.
86		*
87		* @since 1.0.0
88		* @return string Records encoded in JSON
89		*/
90		function wpbo_get_graph_data() {
91
92		$query = array( 'data_type' => 'any', 'limit' => - 1 );
93		$timeframe = unserialize( stripslashes( $_POST['wpbo_analytics_time'] ) );
94		$popup = isset( $_POST['wpbo_analytics_popup'] ) ? $_POST['wpbo_analytics_popup'] : 'all';
95		$period = isset( $_POST['wpbo_analytics_period'] ) ? $_POST['wpbo_analytics_period'] : 'today';
96
97		/* Set the period */
98		$query['period'] = $timeframe;
99
100		/* Select the popup */
101		if ( 'all' != $popup ) {
102		$query['popup_id'] = intval( $popup );
103		}
104
105		/* Separate impressions and conversions */
106		$query_i = $query;
107		$query_i['data_type'] = 'impression';
108
109		$query_c = $query;
110		$query_c['data_type'] = 'conversion';
111
112		/* Get the datas */
113		$impressions = wpbo_db_get_datas( $query_i, 'OBJECT' );
114		$conversions = wpbo_db_get_datas( $query_c, 'OBJECT' );
115
116		/* Set the scale */
117		$scale = date( 'Y-m-d' );
118
119		switch ( $period ):
120
121	View Code Duplication	case 'today':
122		$scale = 'Y-m-d H:00:00';
123		$timeformat = '%d/%b';
124		$minticksize = array( 1, 'hour' );
125		$min = strtotime( date( 'Y-m-d 00:00:00' ) );
126		$max = strtotime( date( 'Y-m-d 23:59:59' ) );
127		break;
128
129	View Code Duplication	case 'this_week':
130		$scale = 'Y-m-d 00:00:00';
131		$timeformat = '%a';
132		$minticksize = array( 1, 'day' );
133		$min = strtotime( 'last monday' );
134		$max = strtotime( 'next sunday' );
135		break;
136
137	View Code Duplication	case 'last_week':
138		$scale = 'Y-m-d 00:00:00';
139		$timeformat = '%a';
140		$minticksize = array( 1, 'day' );
141		$min = strtotime( 'last monday -7 days' );
142		$max = strtotime( 'next sunday -7 days' );
143		break;
144
145	View Code Duplication	case 'this_month':
146		$scale = 'Y-m-d 00:00:00';
147		$timeformat = '%a';
148		$minticksize = array( 1, 'day' );
149		$min = strtotime( 'first day of this month' );
150		$max = strtotime( 'last day of this month' );
151		break;
152
153	View Code Duplication	case 'last_month':
154		$scale = 'Y-m-d 00:00:00';
155		$timeformat = '%a';
156		$minticksize = array( 1, 'day' );
157		$min = strtotime( 'first day of last month' );
158		$max = strtotime( 'last day of last month' );
159		break;
160
161		case 'this_quarter':
162
163		$scale = 'Y-m-d 00:00:00';
164		$timeformat = '%b';
165		$minticksize = array( 1, 'month' );
166		$quarters = array( 1, 4, 7, 10 );
167		$month = intval( date( 'm' ) );
168
169	View Code Duplication	if ( in_array( $month, $quarters ) ) {
170		$current = date( 'Y-m-d', time() );
171		} else {
172
173		/* Get first month of this quarter */
174		while ( ! in_array( $month, $quarters ) ) {
175		$month = $month - 1;
176		}
177
178		$current = date( 'Y' ) . '-' . $month . '-' . '01';
179
180		}
181
182		$current = strtotime( $current );
183		$min = strtotime( 'first day of this month', $current );
184		$max = strtotime( 'last day of this month', strtotime( '+2 months', $current ) );
185
186		break;
187
188		case 'last_quarter':
189
190		$scale = 'Y-m-d 00:00:00';
191		$timeformat = '%b';
192		$minticksize = array( 1, 'month' );
193		$quarters = array( 1, 4, 7, 10 );
194		$month = intval( date( 'm' ) ) - 3;
195		$rewind = false;
196
197	View Code Duplication	if ( in_array( $month, $quarters ) ) {
198		$current = date( 'Y-m-d', time() );
199		} else {
200
201		/* Get first month of this quarter */
202		while ( ! in_array( $month, $quarters ) ) {
203
204		$month = $month - 1;
205
206		/* Rewind to last year after we passed January */
207		if ( 0 === $month ) {
208		$month = 12;
209		}
210		}
211
212		$current = date( 'Y' ) . '-' . $month . '-' . '01';
213
214		}
215
216		/* Set the theorical current date */
217		$current = false === $rewind ? strtotime( $current ) : strtotime( '-1 year', $current );
218		$min = strtotime( 'first day of this month', $current );
219		$max = strtotime( 'last day of this month', strtotime( '+2 months', $current ) );
220
221		break;
222
223	View Code Duplication	case 'this_year':
224		$scale = 'Y-m-d 00:00:00';
225		$timeformat = '%b';
226		$minticksize = array( 1, 'month' );
227		$min = strtotime( 'first day of January', time() );
228		$max = strtotime( 'last day of December', time() );
229		break;
230
231	View Code Duplication	case 'last_year':
232		$scale = 'Y-m-d 00:00:00';
233		$timeformat = '%b';
234		$minticksize = array( 1, 'month' );
235		$min = strtotime( 'first day of January last year', time() );
236		$max = strtotime( 'last day of December last year', time() );
237		break;
238
239		endswitch;
240
241		/* Propare global array */
242		$datas = array(
243		'impressionsData' => array(
244		'label' => __( 'Impressions', 'betteroptin' ),
245		'id' => 'impressions',
246		'data' => array()
247		),
248		'conversionsData' => array(
249		'label' => __( 'Conversions', 'betteroptin' ),
250		'id' => 'conversions',
251		'data' => array()
252		),
253		'scale' => array(
254		'minTickSize' => $minticksize,
		0 ignored issues – show Bug introduced 2015-11-30 08:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$minticksize` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
255		'timeformat' => $timeformat
		0 ignored issues – show Bug introduced 2015-11-30 08:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$timeformat` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
256		),
257		'min' => $min * 1000,
		0 ignored issues – show Bug introduced 2015-11-30 08:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$min` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
258		'max' => $max * 1000
		0 ignored issues – show Bug introduced 2015-11-30 08:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$max` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
259		);
260
261		/* Get the count on the scaled timestamp */
262		$imp_array = wpbo_array_merge_combine( $impressions, $scale );
263		$con_array = wpbo_array_merge_combine( $conversions, $scale );
264
265		// Get a complete data array for the given timeframe (meaning there is a value for evey single time point)
266		$increment = "$minticksize[0] $minticksize[1]"; // Increment formatted to be used in strtotime()
267		$imp_array = wpbo_fill_hits_period( $imp_array, $min, $max, $increment, $scale );
268		$con_array = wpbo_fill_hits_period( $con_array, $min, $max, $increment, $scale );
269
270		/* Add the hits to datas array */
271		$datas['impressionsData']['data'] = $imp_array;
272		$datas['conversionsData']['data'] = $con_array;
273
274		/* Return results to script */
275		echo json_encode( $datas );
276		die();
277
278		}
279
280		add_action( 'wp_ajax_wpbo_tour_completed', 'wpbo_tour_completed' );
281		/**
282		* Dismiss Customizer Tour
283		*
284		* Mark the tour as completed in the user profile
285		* if the tour is actually completed or if the user
286		* closes the popup window.
287		*
288		* @since 1.0.0
289		* @return integer\|boolean Row ID on successful update, false on failure
290		*/
291		function wpbo_tour_completed() {
292
293		$user_id = get_current_user_id();
294
295		/* Make sure we have a user */
296		if ( 0 === $user_id ) {
297		return false;
298		}
299
300		/* Get dismissed pointers */
301		$dismissed = get_user_meta( $user_id, 'dismissed_wp_pointers', true );
302		$pointers = explode( ',', $dismissed );
303
304		/* Add ours */
305		if ( ! in_array( 'wpbo_tour', $pointers ) ) {
306		array_push( $pointers, 'wpbo_tour' );
307		}
308
309		/* Update the dismissed pointers for this user */
310		$update = update_user_meta( $user_id, 'dismissed_wp_pointers', implode( ',', $pointers ), $dismissed );
311
312		echo $update;
313		die;
314
315		}
316
317		add_action( 'wp_ajax_wpbo_get_doc', 'wpbo_get_documentation' );
318		/**
319		* Get plugin documentation.
320		*
321		* Use the JSON API to get the doc from
322		* http://support.themeavenue.net
323		*
324		* @since 1.0.0
325		* @return string Documentation page content
326		*/
327		function wpbo_get_documentation() {
328
329		$doc = get_transient( 'wpbo_documentation' );
330
331		if ( false === $doc ) {
332
333		$post_id = 91149;
334		$route = 'https://betteropt.in/wp-json/wp/v2/pages/';
335		$response = wp_remote_get( $route . $post_id );
336
337		if ( 200 === $response['response']['code'] ) {
338
339		$doc = wp_remote_retrieve_body( $response );
340		$doc = json_decode( $doc );
341		$doc = $doc->content->rendered;
342		set_transient( 'wpbo_documentation', $doc, 60 * 60 * 72 );
343
344		}
345
346		}
347
348		if ( false === $doc ) {
349		printf( __( 'Oops! We were unable to fetch the documentation from our support site. Please <a href="%s" target="_blank">click here to see the doc on our site</a>.', 'betteroptin' ), esc_url( 'https://betteropt.in/documentation/' ) );
350		} else {
351		echo $doc;
352		}
353
354		die;
355
356		}
357
358		add_action( 'wp_ajax_wpbo_refresh_doc', 'wpbo_refresh_documentation' );
359		/**
360		* Delete transient options for documentation.
361		*
362		* @since 2.0.2
363		* @return void
364		*/
365		function wpbo_refresh_documentation() {
366
367		delete_transient( 'wpbo_documentation' );
368
369		die;
370
371		}
372
373		add_action( 'wp_ajax_wpbo_new_impression', 'wpbo_new_impression' );
374		add_action( 'wp_ajax_nopriv_wpbo_new_impression', 'wpbo_new_impression' );
375		/**
376		* Record popup impression.
377		*
378		* @since 1.0.0
379		*
380		* @param int $popup_id ID of the popup to increment
381		*
382		* @return integer Total number of impressions
383		*/
384		function wpbo_new_impression( $popup_id = 0 ) {
385
386		if ( empty( $popup_id ) && isset( $_POST['popup_id'] ) ) {
387		$popup_id = (int) filter_input( INPUT_POST, 'popup_id', FILTER_SANITIZE_NUMBER_INT );
388		}
389
390		if ( 0 === $popup_id \|\| empty( $popup_id ) ) {
391		echo 'Incorrect popup ID';
392		die();
393		}
394
395		if ( ! WPBO_Popup::popup_exists( $popup_id ) ) {
396		echo 'Not a popup';
397		die();
398		}
399
400		$popup = new WPBO_Popup( $popup_id );
401
402		echo $popup->new_impression();
403		die();
404
405		}

ThemeAvenue / BetterOptin

Issues (103)

Security Analysis not enabled

includes/functions-ajax.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like