Issues in uninstall.php (master) - Issues in master - WordImpress/Give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4296)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

uninstall.php (34 issues)

Severity

Unknown 34

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Uninstall Give
 *
 * @package     Give
 * @subpackage  Uninstall
 * @copyright   Copyright (c) 2016, WordImpress
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.0
 */

// Exit if accessed directly.
if ( ! defined( 'WP_UNINSTALL_PLUGIN' ) ) {
	exit;
}

// Load Give file.
include_once( 'give.php' );

global $wpdb, $wp_roles;


if ( give_is_setting_enabled( give_get_option( 'uninstall_on_delete' ) ) ) {

	// Delete All the Custom Post Types.
	$give_taxonomies = array( 'form_category', 'form_tag' );
	$give_post_types = array( 'give_forms', 'give_payment' );
	foreach ( $give_post_types as $post_type ) {

		$give_taxonomies = array_merge( $give_taxonomies, get_object_taxonomies( $post_type ) );
		$items           = get_posts( array(
			'post_type'   => $post_type,
			'post_status' => 'any',
			'numberposts' => - 1,
			'fields'      => 'ids',
		) );

		if ( $items ) {
			foreach ( $items as $item ) {
				wp_delete_post( $item, true );
			}
		}
	}

	// Delete All the Terms & Taxonomies.
	foreach ( array_unique( array_filter( $give_taxonomies ) ) as $taxonomy ) {

		$terms = $wpdb->get_results( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ('%s') ORDER BY t.name ASC", $taxonomy ) );


		// Delete Terms.
		if ( $terms ) {
			foreach ( $terms as $term ) {
				$wpdb->delete( $wpdb->term_taxonomy, array( 'term_taxonomy_id' => $term->term_taxonomy_id ) );
				$wpdb->delete( $wpdb->terms, array( 'term_id' => $term->term_id ) );
			}
		}

		// Delete Taxonomies.
		$wpdb->delete( $wpdb->term_taxonomy, array( 'taxonomy' => $taxonomy ), array( '%s' ) );
	}

	// Delete the Plugin Pages.
	$give_created_pages = array( 'success_page', 'failure_page', 'history_page' );
	foreach ( $give_created_pages as $p ) {
		$page = give_get_option( $p, false );
		if ( $page ) {
			wp_delete_post( $page, true );
		}
	}

	// Delete Capabilities.
	Give()->roles = new Give_Roles();
	Give()->roles->remove_caps();

	// Delete the Roles.
	$give_roles = array( 'give_manager', 'give_accountant', 'give_worker', 'give_donor' );
	foreach ( $give_roles as $role ) {
		remove_role( $role );
	}

	// Remove all database tables.
	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_donors' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_donormeta' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_customers' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_customermeta' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_paymentmeta' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_formmeta' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_logs' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_logmeta' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_sequential_ordering' );

	$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_sessions' );


	// Cleanup Cron Events.
	wp_clear_scheduled_hook( 'give_daily_scheduled_events' );
	wp_clear_scheduled_hook( 'give_weekly_scheduled_events' );
	wp_clear_scheduled_hook( 'give_daily_cron' );
	wp_clear_scheduled_hook( 'give_weekly_cron' );

	// Get all options.
	$give_option_names = $wpdb->get_col(

		$wpdb->prepare(
			"SELECT option_name FROM {$wpdb->options} where option_name LIKE '%%%s%%'",
			'give'
		)
	);

	if ( ! empty( $give_option_names ) ) {
		// Convert option name to transient or option name.
		$new_give_option_names = array();

		// Delete all the Plugin Options.
		foreach ( $give_option_names as $option ) {
			if ( false !== strpos( $option, 'give_cache' ) ) {
				Give_Cache::delete( $option );
			} else {
				delete_option( $option );
			}
		}
	}
}


1			<?php
2			/**
3			* Uninstall Give
4			*
5			* @package Give
6			* @subpackage Uninstall
7			* @copyright Copyright (c) 2016, WordImpress
8			* @license https://opensource.org/licenses/gpl-license GNU Public License
9			* @since 1.0
10			*/
11
12			// Exit if accessed directly.
13			if ( ! defined( 'WP_UNINSTALL_PLUGIN' ) ) {
14			exit;
15			}
16
17			// Load Give file.
18			include_once( 'give.php' );
19
20			global $wpdb, $wp_roles;
21
22
23			if ( give_is_setting_enabled( give_get_option( 'uninstall_on_delete' ) ) ) {
24
25			// Delete All the Custom Post Types.
26			$give_taxonomies = array( 'form_category', 'form_tag' );
27			$give_post_types = array( 'give_forms', 'give_payment' );
28			foreach ( $give_post_types as $post_type ) {
29
30			$give_taxonomies = array_merge( $give_taxonomies, get_object_taxonomies( $post_type ) );
31			$items = get_posts( array(
32			'post_type' => $post_type,
33			'post_status' => 'any',
34			'numberposts' => - 1,
35			'fields' => 'ids',
36			) );
37
38			if ( $items ) {
39			foreach ( $items as $item ) {
40			wp_delete_post( $item, true );
41			}
42			}
43			}
44
45			// Delete All the Terms & Taxonomies.
46			foreach ( array_unique( array_filter( $give_taxonomies ) ) as $taxonomy ) {
47
48			$terms = $wpdb->get_results( $wpdb->prepare( "SELECT t., tt. FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ('%s') ORDER BY t.name ASC", $taxonomy ) );
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
49
50			// Delete Terms.
51			if ( $terms ) {
52			foreach ( $terms as $term ) {
53			$wpdb->delete( $wpdb->term_taxonomy, array( 'term_taxonomy_id' => $term->term_taxonomy_id ) );
54			$wpdb->delete( $wpdb->terms, array( 'term_id' => $term->term_id ) );
55			}
56			}
57
58			// Delete Taxonomies.
59			$wpdb->delete( $wpdb->term_taxonomy, array( 'taxonomy' => $taxonomy ), array( '%s' ) );
60			}
61
62			// Delete the Plugin Pages.
63			$give_created_pages = array( 'success_page', 'failure_page', 'history_page' );
64			foreach ( $give_created_pages as $p ) {
65			$page = give_get_option( $p, false );
66			if ( $page ) {
67			wp_delete_post( $page, true );
68			}
69			}
70
71			// Delete Capabilities.
72			Give()->roles = new Give_Roles();
73			Give()->roles->remove_caps();
74
75			// Delete the Roles.
76			$give_roles = array( 'give_manager', 'give_accountant', 'give_worker', 'give_donor' );
77			foreach ( $give_roles as $role ) {
78			remove_role( $role );
79			}
80
81			// Remove all database tables.
82			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_donors' );
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
83			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_donormeta' );
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
84			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_customers' );
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
85			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_customermeta' );
			0 ignored issues – show introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
86			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_paymentmeta' );
			0 ignored issues – show introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
87			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_formmeta' );
			0 ignored issues – show introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
88			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_logs' );
			0 ignored issues – show introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
89			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_logmeta' );
			0 ignored issues – show introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-01-17 19:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
90			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_sequential_ordering' );
			0 ignored issues – show introduced 2018-05-02 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-05-02 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-05-02 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
91			$wpdb->query( 'DROP TABLE IF EXISTS ' . $wpdb->prefix . 'give_sessions' );
			0 ignored issues – show introduced 2018-07-24 22:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2018-07-24 22:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history... introduced 2018-07-24 22:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Attempting a database schema change is highly discouraged. Loading history...
92
93			// Cleanup Cron Events.
94			wp_clear_scheduled_hook( 'give_daily_scheduled_events' );
95			wp_clear_scheduled_hook( 'give_weekly_scheduled_events' );
96			wp_clear_scheduled_hook( 'give_daily_cron' );
97			wp_clear_scheduled_hook( 'give_weekly_cron' );
98
99			// Get all options.
100			$give_option_names = $wpdb->get_col(
			0 ignored issues – show introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call is discouraged. Loading history... introduced 2017-08-01 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this Usage of a direct database call without caching is prohibited. Use wp_cache_get / wp_cache_set. Loading history...
101			$wpdb->prepare(
102			"SELECT option_name FROM {$wpdb->options} where option_name LIKE '%%%s%%'",
103			'give'
104			)
105			);
106
107			if ( ! empty( $give_option_names ) ) {
108			// Convert option name to transient or option name.
109			$new_give_option_names = array();
110
111			// Delete all the Plugin Options.
112			foreach ( $give_option_names as $option ) {
113			if ( false !== strpos( $option, 'give_cache' ) ) {
114			Give_Cache::delete( $option );
115			} else {
116			delete_option( $option );
117			}
118			}
119			}
120			}
121

WordImpress / Give

Issues (4296)

Security Analysis not enabled

uninstall.php (34 issues)

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like