Issues in CMB2_Options.php (trunk) - Issues in trunk - WebDevStudios/CMB2 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (435)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/CMB2_Options.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * CMB2 Utility classes for handling multi-dimensional array data for options
 *
 * @category  WordPress_Plugin
 * @package   CMB2
 * @author    WebDevStudios
 * @license   GPL-2.0+
 * @link      http://webdevstudios.com
 */

/**
 * Retrieves an instance of CMB2_Option based on the option key
 *
 * @package   CMB2
 * @author    WebDevStudios
 */
class CMB2_Options {
namespace YourVendor;

class YourClass { }
	/**
	 * Array of all CMB2_Option instances
	 *
	 * @var   array
	 * @since 1.0.0
	 */
	protected static $option_sets = array();

	public static function get( $option_key ) {

		if ( empty( self::$option_sets ) || empty( self::$option_sets[ $option_key ] ) ) {
			self::$option_sets[ $option_key ] = new CMB2_Option( $option_key );
		}

		return self::$option_sets[ $option_key ];
	}
}

/**
 * Handles getting/setting of values to an option array
 * for a specific option key
 *
 * @package   CMB2
 * @author    WebDevStudios
 */
class CMB2_Option {
namespace YourVendor;

class YourClass { }

	/**
	 * Options array
	 *
	 * @var array
	 */
	protected $options = array();

	/**
	 * Current option key
	 *
	 * @var string
	 */
	protected $key = '';

	/**
	 * Initiate option object
	 *
	 * @param string $option_key Option key where data will be saved.
	 *                           Leave empty for temporary data store.
	 * @since 2.0.0
	 */
	public function __construct( $option_key = '' ) {
		$this->key = ! empty( $option_key ) ? $option_key : '';
	}

	/**
	 * Delete the option from the db
	 *
	 * @since  2.0.0
	 * @return bool  Delete success or failure
	 */
	public function delete_option() {
		$deleted = $this->key ? delete_option( $this->key ) : true;
		$this->options = $deleted ? array() : $this->options;
		return $this->options;
	}

	/**
	 * Removes an option from an option array
	 *
	 * @since  1.0.1
	 * @param  string $field_id Option array field key
	 * @return array             Modified options
	 */
	public function remove( $field_id, $resave = false ) {

		$this->get_options();

		if ( isset( $this->options[ $field_id ] ) ) {
			unset( $this->options[ $field_id ] );
		}

		if ( $resave ) {
			$this->set();
		}

		return $this->options;
	}

	/**
	 * Retrieves an option from an option array
	 *
	 * @since  1.0.1
	 * @param  string $field_id Option array field key
	 * @param  mixed  $default  Fallback value for the option
	 * @return array             Requested field or default
	 */
	public function get( $field_id, $default = false ) {
		$opts = $this->get_options();

		if ( 'all' == $field_id ) {
			return $opts;
		} elseif ( array_key_exists( $field_id, $opts ) ) {
			return false !== $opts[ $field_id ] ? $opts[ $field_id ] : $default;
		}

		return $default;
	}

	/**
	 * Updates Option data
	 *
	 * @since  1.0.1
	 * @param  string $field_id   Option array field key
	 * @param  mixed  $value      Value to update data with
	 * @param  bool   $resave     Whether to re-save the data
	 * @param  bool   $single     Whether data should not be an array
	 * @return boolean             Return status of update
	 */
	public function update( $field_id, $value = '', $resave = false, $single = true ) {
		$this->get_options();

		if ( true !== $field_id ) {

			if ( ! $single ) {
				// If multiple, add to array
				$this->options[ $field_id ][] = $value;
			} else {
				$this->options[ $field_id ] = $value;
			}
		}

		if ( $resave || true === $field_id ) {
			return $this->set();
		}

		return true;
	}

	/**
	 * Saves the option array
	 * Needs to be run after finished using remove/update_option
	 *
	 * @uses apply_filters() Calls 'cmb2_override_option_save_{$this->key}' hook
	 * to allow overwriting the option value to be stored.
	 *
	 * @since  1.0.1
	 * @param  array $options Optional options to override
	 * @return bool           Success/Failure
	 */
	public function set( $options = array() ) {
		$this->options = ! empty( $options ) || empty( $options ) && empty( $this->key )
			? $options
			: $this->options;

		if ( empty( $this->key ) ) {
			return false;
		}

		$test_save = apply_filters( "cmb2_override_option_save_{$this->key}", 'cmb2_no_override_option_save', $this->options, $this );

		if ( 'cmb2_no_override_option_save' !== $test_save ) {
			return $test_save;
		}

		// If no override, update the option
		return update_option( $this->key, $this->options );
	}

	/**
	 * Retrieve option value based on name of option.
	 *
	 * @uses apply_filters() Calls 'cmb2_override_option_get_{$this->key}' hook to allow
	 * 	overwriting the option value to be retrieved.
	 *
	 * @since  1.0.1
	 * @param  mixed $default Optional. Default value to return if the option does not exist.
	 * @return mixed          Value set for the option.
	 */
	public function get_options( $default = null ) {
		if ( empty( $this->options ) && ! empty( $this->key ) ) {

			$test_get = apply_filters( "cmb2_override_option_get_{$this->key}", 'cmb2_no_override_option_get', $default, $this );

			if ( 'cmb2_no_override_option_get' !== $test_get ) {
				$this->options = $test_get;
			} else {
				// If no override, get the option
				$this->options = get_option( $this->key, $default );
			}
		}

		return (array) $this->options;
	}

}


1		<?php
2		/**
3		* CMB2 Utility classes for handling multi-dimensional array data for options
4		*
5		* @category WordPress_Plugin
6		* @package CMB2
7		* @author WebDevStudios
8		* @license GPL-2.0+
9		* @link http://webdevstudios.com
10		*/
11
12		/**
13		* Retrieves an instance of CMB2_Option based on the option key
14		*
15		* @package CMB2
16		* @author WebDevStudios
17		*/
18		class CMB2_Options {
		0 ignored issues – show Coding Style Compatibility introduced 2015-11-24 04:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
19		/**
20		* Array of all CMB2_Option instances
21		*
22		* @var array
23		* @since 1.0.0
24		*/
25		protected static $option_sets = array();
26
27	14	public static function get( $option_key ) {
28
29	14	if ( empty( self::$option_sets ) \|\| empty( self::$option_sets[ $option_key ] ) ) {
30	6	self::$option_sets[ $option_key ] = new CMB2_Option( $option_key );
31	6	}
32
33	14	return self::$option_sets[ $option_key ];
34		}
35		}
36
37		/**
38		* Handles getting/setting of values to an option array
39		* for a specific option key
40		*
41		* @package CMB2
42		* @author WebDevStudios
43		*/
44		class CMB2_Option {
		0 ignored issues – show Coding Style Compatibility introduced 2015-11-24 04:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2015-11-24 04:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
45
46		/**
47		* Options array
48		*
49		* @var array
50		*/
51		protected $options = array();
52
53		/**
54		* Current option key
55		*
56		* @var string
57		*/
58		protected $key = '';
59
60		/**
61		* Initiate option object
62		*
63		* @param string $option_key Option key where data will be saved.
64		* Leave empty for temporary data store.
65		* @since 2.0.0
66		*/
67	6	public function __construct( $option_key = '' ) {
68	6	$this->key = ! empty( $option_key ) ? $option_key : '';
69	6	}
70
71		/**
72		* Delete the option from the db
73		*
74		* @since 2.0.0
75		* @return bool Delete success or failure
76		*/
77		public function delete_option() {
78		$deleted = $this->key ? delete_option( $this->key ) : true;
79		$this->options = $deleted ? array() : $this->options;
80		return $this->options;
81		}
82
83		/**
84		* Removes an option from an option array
85		*
86		* @since 1.0.1
87		* @param string $field_id Option array field key
88		* @return array Modified options
89		*/
90	1	public function remove( $field_id, $resave = false ) {
91
92	1	$this->get_options();
93
94	1	if ( isset( $this->options[ $field_id ] ) ) {
95		unset( $this->options[ $field_id ] );
96		}
97
98	1	if ( $resave ) {
99		$this->set();
100		}
101
102	1	return $this->options;
103		}
104
105		/**
106		* Retrieves an option from an option array
107		*
108		* @since 1.0.1
109		* @param string $field_id Option array field key
110		* @param mixed $default Fallback value for the option
111		* @return array Requested field or default
112		*/
113	7	public function get( $field_id, $default = false ) {
114	7	$opts = $this->get_options();
115
116	7	if ( 'all' == $field_id ) {
117		return $opts;
118	7	} elseif ( array_key_exists( $field_id, $opts ) ) {
119	3	return false !== $opts[ $field_id ] ? $opts[ $field_id ] : $default;
120		}
121
122	4	return $default;
123		}
124
125		/**
126		* Updates Option data
127		*
128		* @since 1.0.1
129		* @param string $field_id Option array field key
130		* @param mixed $value Value to update data with
131		* @param bool $resave Whether to re-save the data
132		* @param bool $single Whether data should not be an array
133		* @return boolean Return status of update
134		*/
135	9	public function update( $field_id, $value = '', $resave = false, $single = true ) {
136	9	$this->get_options();
137
138	9	if ( true !== $field_id ) {
139
140	9	if ( ! $single ) {
141		// If multiple, add to array
142		$this->options[ $field_id ][] = $value;
143		} else {
144	9	$this->options[ $field_id ] = $value;
145		}
146	9	}
147
148	9	if ( $resave \|\| true === $field_id ) {
149	3	return $this->set();
150		}
151
152	6	return true;
153		}
154
155		/**
156		* Saves the option array
157		* Needs to be run after finished using remove/update_option
158		*
159		* @uses apply_filters() Calls 'cmb2_override_option_save_{$this->key}' hook
160		* to allow overwriting the option value to be stored.
161		*
162		* @since 1.0.1
163		* @param array $options Optional options to override
164		* @return bool Success/Failure
165		*/
166	9	public function set( $options = array() ) {
167	9	$this->options = ! empty( $options ) \|\| empty( $options ) && empty( $this->key )
168	9	? $options
169	9	: $this->options;
170
171	9	if ( empty( $this->key ) ) {
172	4	return false;
173		}
174
175	5	$test_save = apply_filters( "cmb2_override_option_save_{$this->key}", 'cmb2_no_override_option_save', $this->options, $this );
176
177	5	if ( 'cmb2_no_override_option_save' !== $test_save ) {
178		return $test_save;
179		}
180
181		// If no override, update the option
182	5	return update_option( $this->key, $this->options );
183		}
184
185		/**
186		* Retrieve option value based on name of option.
187		*
188		* @uses apply_filters() Calls 'cmb2_override_option_get_{$this->key}' hook to allow
189		* overwriting the option value to be retrieved.
190		*
191		* @since 1.0.1
192		* @param mixed $default Optional. Default value to return if the option does not exist.
193		* @return mixed Value set for the option.
194		*/
195	13	public function get_options( $default = null ) {
196	13	if ( empty( $this->options ) && ! empty( $this->key ) ) {
197
198	4	$test_get = apply_filters( "cmb2_override_option_get_{$this->key}", 'cmb2_no_override_option_get', $default, $this );
199
200	4	if ( 'cmb2_no_override_option_get' !== $test_get ) {
201		$this->options = $test_get;
202		} else {
203		// If no override, get the option
204	4	$this->options = get_option( $this->key, $default );
205		}
206	4	}
207
208	13	return (array) $this->options;
209		}
210
211		}
212

WebDevStudios / CMB2

Issues (435)

Security Analysis not enabled

includes/CMB2_Options.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like