Issues in class-gmb-admin.php (master) - Issues in master - WordImpress/Google-Maps-Builder - Measure and Improve Code Quality continuously with Scrutinizer

Issues (23)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/admin/class-gmb-admin.php (8 issues)

Labels

Severity

Minor 8

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Google Maps Admin
 *
 * The admin is considered the single post view where you build maps
 *
 * @package   Google_Maps_Builder_Admin
 * @author    Devin Walker <[email protected]>
 * @license   GPL-2.0+
 * @link      http://wordimpress.com
 * @copyright 2016 WordImpress, Devin Walker
 */

/**
 * Class Google_Maps_Builder_Admin
 */
class Google_Maps_Builder_Admin extends Google_Maps_Builder_Core_Admin {

	/**
	 * Instance of this class.
	 *
	 * @since    1.0.0
	 *
	 * @var      object
	 */
	protected static $instance = null;

	/**
	 * Initialize the plugin by loading admin scripts & styles and adding a
	 * settings page and menu.
	 *
	 * @since     1.0.0
	 */
	public function __construct() {

		parent::__construct();

		add_action( 'cmb2_render_google_maps_preview', array( $this, 'cmb2_render_google_maps_preview' ), 10, 2 );
		// Load admin style sheet and JavaScript.
		add_action( 'wp_ajax_hide_welcome', array( $this, 'hide_welcome_callback' ) );

		//Add links/information to plugin row meta
		add_filter( 'cmb2_get_metabox_form_format', array( $this, 'gmb_modify_cmb2_form_output' ), 10, 3 );

		//Widget upsell
		add_action( 'gmb_after_widget_form', array( $this, 'widget_upsell' ) );

		//Useful class for free-only styling
		add_filter( 'admin_body_class', array( $this, 'admin_body_classes' ) );

		// Remove quick edit link and added preview map link.
		add_filter( 'post_row_actions', array( $this, 'remove_row_actions' ), 10, 2 );
		add_action( 'wp_ajax_preview_map_action', array( $this, 'preview_map_action_callback' ) );

	}

	/**
	 *  Custom Google Geocoder field
	 *
	 * @since  1.0.0
	 */
	function cmb2_render_google_maps_preview( $field, $meta ) {


		/* @var $post */
		global $post;
function myFunction($a, $b) {
    // Do something
}

		$meta            = wp_parse_args( $meta, array() );
		$wh_value        = get_post_meta( $post->ID, 'gmb_width_height', true );
		$lat_lng         = get_post_meta( $post->ID, 'gmb_lat_lng', true );
		$default_options = $this->get_default_map_options();

		$output = '<div class="places-loading wpgp-loading">' . __( 'Loading Places', 'google-maps-builder' ) . '</div><div id="google-map-wrap">';
		$output .= '<div id="map" style="height:600px; width:100%;"></div>';

		$output .= '<div class="map-modal-upsell"><p class="upsell-intro">' . __( 'Want more?', 'google-maps-builder' ) . '</p><a href="https://wordimpress.com/plugins/maps-builder-pro?utm_source=MBF&utm_medium=BANNER&utm_content=MODAL&utm_campaign=MBF%20Modal" class="button button-small upsell-button" target="_blank">' . __( 'Go Pro!', 'google-maps-builder' ) . '</a></div>';

		//Toolbar
		$output .= '<div id="map-toolbar">';
		$output .= '<button class="add-location button button-small gmb-magnific-inline" data-target="cmb2-id-gmb-geocoder" data-auto-focus="true"><span class="dashicons dashicons-pressthis"></span>' . __( 'Add Location', 'google-maps-builder' ) . '</button>';
		$output .= '<button class="drop-marker button button-small"><span class="dashicons dashicons-location"></span>' . __( 'Drop a Marker', 'google-maps-builder' ) . '</button>';
		$output .= '<button class="goto-location button button-small gmb-magnific-inline" data-target="map-autocomplete-wrap" data-auto-focus="true"><span class="dashicons dashicons-admin-site"></span>' . __( 'Goto Location', 'google-maps-builder' ) . '</button>';
		$output .= '<button class="edit-title button  button-small gmb-magnific-inline" data-target="map-title-wrap" data-auto-focus="true"><span class="dashicons dashicons-edit"></span>' . __( 'Edit Map Title', 'google-maps-builder' ) . '</button>';

		$output .= '<div class="live-lat-lng-wrap clearfix">';
		$output .= '<button disabled class="update-lat-lng button button-small">' . __( 'Set Lat/Lng', 'google-maps-builder' ) . '</button>';
		$output .= '<div class="live-latitude-wrap"><span class="live-latitude-label">' . __( 'Lat:', 'google-maps-builder' ) . '</span><span class="live-latitude">' . ( isset( $lat_lng['latitude'] ) ? $lat_lng['latitude'] : '' ) . '</span></div>';
		$output .= '<div class="live-longitude-wrap"><span class="live-longitude-label">' . __( 'Lng:', 'google-maps-builder' ) . '</span><span class="live-longitude">' . ( isset( $lat_lng['longitude'] ) ? $lat_lng['longitude'] : '' ) . '</span></div>';
		$output .= '</div>'; //End .live-lat-lng-wrap
		$output .= '</div>'; //End #map-toolbar
		$output .= '</div>'; //End #map


		//@TODO: Obviously Need Wrapper function
		$output .= '<div class="white-popup mfp-hide map-title-wrap">';
		$output .= '<div class="inner-modal-wrap">';
		$output .= '<div class="inner-modal-container">';
		$output .= '<div class="inner-modal clearfix">';
		$output .= '<label for="post_title" class="map-title">' . __( 'Map Title', 'google-maps-builder' ) . '</label>';
		$output .= '<p class="cmb2-metabox-description">' . __( 'Give your Map a descriptive title', 'google-maps-builder' ) . '</p>';
		$output .= '<button type="button" class="gmb-modal-close">&times;</button><input type="text" name="model_post_title" size="30" value="' . get_the_title() . '" id="modal_title" spellcheck="true" autocomplete="off" placeholder="' . __( 'Enter map title', 'google-maps-builder' ) . '">';
		$output .= '</div>';
		$output .= '</div>';
		$output .= '</div>';
		$output .= '</div>';

		$output .= '<div class="white-popup mfp-hide map-autocomplete-wrap">';
		$output .= '<div class="inner-modal-wrap">';
		$output .= '<div class="inner-modal-container">';
		$output .= '<div class="inner-modal clearfix">';
		$output .= '<label for="map-location-autocomplete" class="map-title">' . __( 'Enter a Location', 'google-maps-builder' ) . '</label>';
		$output .= '<p class="cmb2-metabox-description">' . __( 'Type your point of interest below and the map will be re-centered over that location', 'google-maps-builder' ) . '</p>';
		$output .= '<button type="button" class="gmb-modal-close">&times;</button>';
		$output .= '<input type="text" name="" size="30" id="map-location-autocomplete">';
		$output .= '</div>';
		$output .= '</div>';
		$output .= '</div>';
		$output .= '</div>';

		$output .= '<div class="warning-message wpgp-message"></div>';

		//Markers Modal
		gmb_include_view( 'admin/views/markers.php', false, $this->view_data() );

		echo apply_filters( 'google_maps_preview', $output );

	}

	/**
	 * Modify CMB2 Default Form Output
	 *
	 * @param string @args
	 *
	 * @since 2.0
	 *
	 * @param $form_format
	 * @param $object_id
	 * @param $cmb
	 *
	 * @return string
	 */
	function gmb_modify_cmb2_form_output( $form_format, $object_id, $cmb ) {


		//only modify the give settings form
		if ( 'gmb_settings' == $object_id && 'plugin_options' == $cmb->cmb_id ) {

			return '<form class="cmb-form" method="post" id="%1$s" enctype="multipart/form-data" encoding="multipart/form-data"><input type="hidden" name="object_id" value="%2$s">%3$s<div class="gmb-submit-wrap"><input type="submit" name="submit-cmb" value="' . __( 'Save Settings', 'give' ) . '" class="button-primary"></div></form>';
		}

		return $form_format;

	}


	/**
	 * Add upsell to the widget form
	 *
	 * @since 2.1.0
	 *
	 * @uses "gmb_after_widget_form" action
	 */
	public function widget_upsell() {
		?>
		<div class="gmb-widget-upgrade clear">
			<span class="powered-by"></span>
			<a href="https://wordimpress.com/plugins/maps-builder-pro?utm_source=MBF&utm_medium=BANNER&utm_content=WIDGET&utm_campaign=MBF%20Widgets" target="_blank" class="button button-small">
				<?php _e( 'Upgrade to Pro', 'google-maps-builder' ); ?>
				<span class="new-window"></span>
			</a>
		</div>
		<?php

	}


	/**
	 * Adds a Free
	 *
	 * @param  String $classes Current body classes.
	 *
	 * @return String          Altered body classes.
	 */
	function admin_body_classes( $classes ) {


		global $post;
function myFunction($a, $b) {
    // Do something
}

		if ( isset( $post->post_type ) && $post->post_type == 'google_maps' ) {
			$classes .= 'maps-builder-free';
		}

		return $classes;

	}

	/**
	 * @param $actions contains actions for edit, quick edit etc...
	 * @param $post contains global post value
	 *
	 * @return mixed
	 */

	function remove_row_actions( $actions, $post ) {

		global $current_screen;
function myFunction($a, $b) {
    // Do something
}
		if ( $current_screen->post_type != 'google_maps' ) {
			return $actions;
		}
		add_thickbox();


		?>
		<style>
			div#TB_ajaxContent {
				width: 100% !important;
				box-sizing: border-box;
				max-width: 100%;
				height: calc(100% - 30px) !important;
				overflow: hidden;
				padding: 0;
			}

			div#TB_window {
				width: 75% !important;
				height: 65%;
				margin: 0 auto !important;
				left: 0;
				right: 0;
				max-width: 75% !important;
				top: 10%;
				box-sizing: border-box;
				padding: 15px;
				overflow: hidden;
			}
		</style>
		<div id="gmb-preview-map"></div>
		<?php

		// Remove the Quick Edit link
		if ( isset( $actions['inline hide-if-no-js'] ) ) {
			unset( $actions['inline hide-if-no-js'] );
			$actions['custom'] = '<a href="#TB_inline?width=1400px&height=600px&inlineId=gmb-preview-map" data-id="' . $post->ID . '" class="thickbox gmb-load-map">' . sprintf( __( 'Preview Map', 'google-maps-builder' ) ) . '</a>';
		}

		return $actions;
	}

	/**
	 * Callback function for preview map.
	 */
	function preview_map_action_callback() {

		$map_id = isset( $_POST['map_id'] ) ? $_POST['map_id'] : '';
		//gather data for this shortcode
		$post        = get_post( $map_id );
		$all_meta    = get_post_custom( $map_id );
		$visual_info = maybe_unserialize( $all_meta['gmb_width_height'][0] );
		$lat_lng     = maybe_unserialize( $all_meta['gmb_lat_lng'][0] );
		//Put markers into an array for JS usage
		$map_marker_array   = array();
		$markers_repeatable = isset( $all_meta['gmb_markers_group'][0] ) ? maybe_unserialize( $all_meta['gmb_markers_group'][0] ) : '';
		if ( is_array( $markers_repeatable ) ) {
			foreach ( $markers_repeatable as $marker ) {
				array_push( $map_marker_array, $marker );
			}
		}
		//Send data for AJAX usage
		//Add params to AJAX for Shortcode Usage
		//@see: http://benjaminrojas.net/using-wp_localize_script-dynamically/
		$localized_data = apply_filters( 'gmb_localized_data', array(
			$post->ID => array(
				'id'               => $post->ID,
				'map_params'       => array(
					'title'          => $post->post_title,
					'width'          => $visual_info['width'],
					'height'         => $visual_info['height'],
					'latitude'       => $lat_lng['latitude'],
					'longitude'      => $lat_lng['longitude'],
					'zoom'           => ! empty( $all_meta['gmb_zoom'][0] ) ? $all_meta['gmb_zoom'][0] : '15',
					'default_marker' => apply_filters( 'gmb_default_marker', GMB_PLUGIN_URL . 'assets/img/spotlight-poi.png' ),
				),
				'map_controls'     => array(
					'zoom_control'      => ! empty( $all_meta['gmb_zoom_control'][0] ) ? strtoupper( $all_meta['gmb_zoom_control'][0] ) : 'STANDARD',
					'pan_control'       => ! empty( $all_meta['gmb_pan'][0] ) ? $all_meta['gmb_pan'][0] : 'none',
					'map_type_control'  => ! empty( $all_meta['gmb_map_type_control'][0] ) ? $all_meta['gmb_map_type_control'][0] : 'none',
					'draggable'         => ! empty( $all_meta['gmb_draggable'][0] ) ? $all_meta['gmb_draggable'][0] : 'none',
					'double_click_zoom' => ! empty( $all_meta['gmb_double_click'][0] ) ? $all_meta['gmb_double_click'][0] : 'none',
					'wheel_zoom'        => ! empty( $all_meta['gmb_wheel_zoom'][0] ) ? $all_meta['gmb_wheel_zoom'][0] : 'none',
					'street_view'       => ! empty( $all_meta['gmb_street_view'][0] ) ? $all_meta['gmb_street_view'][0] : 'none',
				),
				'map_theme'        => array(
					'map_type'       => ! empty( $all_meta['gmb_type'][0] ) ? $all_meta['gmb_type'][0] : 'RoadMap',
					'map_theme_json' => ! empty( $all_meta['gmb_theme_json'][0] ) ? $all_meta['gmb_theme_json'][0] : 'none',

				),
				'map_markers'      => $map_marker_array,
				'plugin_url'       => GMB_PLUGIN_URL,
				'places_api'       => array(
					'show_places'   => ! empty( $all_meta['gmb_show_places'][0] ) ? $all_meta['gmb_show_places'][0] : 'no',
					'search_radius' => ! empty( $all_meta['gmb_search_radius'][0] ) ? $all_meta['gmb_search_radius'][0] : '3000',
					'search_places' => ! empty( $all_meta['gmb_places_search_multicheckbox'][0] ) ? maybe_unserialize( $all_meta['gmb_places_search_multicheckbox'][0] ) : '',
				),
				'map_markers_icon' => ! empty( $all_meta['gmb_map_marker'] ) ? $all_meta['gmb_map_marker'][0] : 'none',
			),
		) );

		$maphtml                    = '<div class="google-maps-builder-wrap"> 	<div id="google-maps-builder-' . $map_id . '" class="google-maps-builder" data-map-id="' . $map_id . '" style="width: 1400px; height:600px;"></div></div>';
		$responseArray              = array();
		$responseArray['localized'] = $localized_data;
		$responseArray['maphtml']   = $maphtml;
		echo wp_send_json( $responseArray );
		wp_die();
	}


} //end class


Issues (23)

Security Analysis no request data

includes/admin/class-gmb-admin.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1			<?php
2			/**
3			* Google Maps Admin
4			*
5			* The admin is considered the single post view where you build maps
6			*
7			* @package Google_Maps_Builder_Admin
8			* @author Devin Walker <[email protected]>
9			* @license GPL-2.0+
10			* @link http://wordimpress.com
11			* @copyright 2016 WordImpress, Devin Walker
12			*/
13
14			/**
15			* Class Google_Maps_Builder_Admin
16			*/
17			class Google_Maps_Builder_Admin extends Google_Maps_Builder_Core_Admin {
18
19			/**
20			* Instance of this class.
21			*
22			* @since 1.0.0
23			*
24			* @var object
25			*/
26			protected static $instance = null;
27
28			/**
29			* Initialize the plugin by loading admin scripts & styles and adding a
30			* settings page and menu.
31			*
32			* @since 1.0.0
33			*/
34			public function __construct() {
35
36			parent::__construct();
37
38			add_action( 'cmb2_render_google_maps_preview', array( $this, 'cmb2_render_google_maps_preview' ), 10, 2 );
39			// Load admin style sheet and JavaScript.
40			add_action( 'wp_ajax_hide_welcome', array( $this, 'hide_welcome_callback' ) );
41
42			//Add links/information to plugin row meta
43			add_filter( 'cmb2_get_metabox_form_format', array( $this, 'gmb_modify_cmb2_form_output' ), 10, 3 );
44
45			//Widget upsell
46			add_action( 'gmb_after_widget_form', array( $this, 'widget_upsell' ) );
47
48			//Useful class for free-only styling
49			add_filter( 'admin_body_class', array( $this, 'admin_body_classes' ) );
50
51			// Remove quick edit link and added preview map link.
52			add_filter( 'post_row_actions', array( $this, 'remove_row_actions' ), 10, 2 );
53			add_action( 'wp_ajax_preview_map_action', array( $this, 'preview_map_action_callback' ) );
54
55			}
56
57			/**
58			* Custom Google Geocoder field
59			*
60			* @since 1.0.0
61			*/
62			function cmb2_render_google_maps_preview( $field, $meta ) {
			0 ignored issues – show Best Practice introduced 2016-05-13 22:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
63
64			/* @var $post */
65			global $post;
			0 ignored issues – show Compatibility Best Practice introduced 2016-07-15 00:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
66
67			$meta = wp_parse_args( $meta, array() );
68			$wh_value = get_post_meta( $post->ID, 'gmb_width_height', true );
69			$lat_lng = get_post_meta( $post->ID, 'gmb_lat_lng', true );
70			$default_options = $this->get_default_map_options();
71
72			$output = '<div class="places-loading wpgp-loading">' . __( 'Loading Places', 'google-maps-builder' ) . '</div><div id="google-map-wrap">';
73			$output .= '<div id="map" style="height:600px; width:100%;"></div>';
74
75			$output .= '<div class="map-modal-upsell"><p class="upsell-intro">' . __( 'Want more?', 'google-maps-builder' ) . '</p><a href="https://wordimpress.com/plugins/maps-builder-pro?utm_source=MBF&utm_medium=BANNER&utm_content=MODAL&utm_campaign=MBF%20Modal" class="button button-small upsell-button" target="_blank">' . __( 'Go Pro!', 'google-maps-builder' ) . '</a></div>';
76
77			//Toolbar
78			$output .= '<div id="map-toolbar">';
79			$output .= '<button class="add-location button button-small gmb-magnific-inline" data-target="cmb2-id-gmb-geocoder" data-auto-focus="true"><span class="dashicons dashicons-pressthis"></span>' . __( 'Add Location', 'google-maps-builder' ) . '</button>';
80			$output .= '<button class="drop-marker button button-small"><span class="dashicons dashicons-location"></span>' . __( 'Drop a Marker', 'google-maps-builder' ) . '</button>';
81			$output .= '<button class="goto-location button button-small gmb-magnific-inline" data-target="map-autocomplete-wrap" data-auto-focus="true"><span class="dashicons dashicons-admin-site"></span>' . __( 'Goto Location', 'google-maps-builder' ) . '</button>';
82			$output .= '<button class="edit-title button button-small gmb-magnific-inline" data-target="map-title-wrap" data-auto-focus="true"><span class="dashicons dashicons-edit"></span>' . __( 'Edit Map Title', 'google-maps-builder' ) . '</button>';
83
84			$output .= '<div class="live-lat-lng-wrap clearfix">';
85			$output .= '<button disabled class="update-lat-lng button button-small">' . __( 'Set Lat/Lng', 'google-maps-builder' ) . '</button>';
86			$output .= '<div class="live-latitude-wrap"><span class="live-latitude-label">' . __( 'Lat:', 'google-maps-builder' ) . '</span><span class="live-latitude">' . ( isset( $lat_lng['latitude'] ) ? $lat_lng['latitude'] : '' ) . '</span></div>';
87			$output .= '<div class="live-longitude-wrap"><span class="live-longitude-label">' . __( 'Lng:', 'google-maps-builder' ) . '</span><span class="live-longitude">' . ( isset( $lat_lng['longitude'] ) ? $lat_lng['longitude'] : '' ) . '</span></div>';
88			$output .= '</div>'; //End .live-lat-lng-wrap
89			$output .= '</div>'; //End #map-toolbar
90			$output .= '</div>'; //End #map
91
92
93			//@TODO: Obviously Need Wrapper function
94			$output .= '<div class="white-popup mfp-hide map-title-wrap">';
95			$output .= '<div class="inner-modal-wrap">';
96			$output .= '<div class="inner-modal-container">';
97			$output .= '<div class="inner-modal clearfix">';
98			$output .= '<label for="post_title" class="map-title">' . __( 'Map Title', 'google-maps-builder' ) . '</label>';
99			$output .= '<p class="cmb2-metabox-description">' . __( 'Give your Map a descriptive title', 'google-maps-builder' ) . '</p>';
100			$output .= '<button type="button" class="gmb-modal-close">×</button><input type="text" name="model_post_title" size="30" value="' . get_the_title() . '" id="modal_title" spellcheck="true" autocomplete="off" placeholder="' . __( 'Enter map title', 'google-maps-builder' ) . '">';
101			$output .= '</div>';
102			$output .= '</div>';
103			$output .= '</div>';
104			$output .= '</div>';
105
106			$output .= '<div class="white-popup mfp-hide map-autocomplete-wrap">';
107			$output .= '<div class="inner-modal-wrap">';
108			$output .= '<div class="inner-modal-container">';
109			$output .= '<div class="inner-modal clearfix">';
110			$output .= '<label for="map-location-autocomplete" class="map-title">' . __( 'Enter a Location', 'google-maps-builder' ) . '</label>';
111			$output .= '<p class="cmb2-metabox-description">' . __( 'Type your point of interest below and the map will be re-centered over that location', 'google-maps-builder' ) . '</p>';
112			$output .= '<button type="button" class="gmb-modal-close">×</button>';
113			$output .= '<input type="text" name="" size="30" id="map-location-autocomplete">';
114			$output .= '</div>';
115			$output .= '</div>';
116			$output .= '</div>';
117			$output .= '</div>';
118
119			$output .= '<div class="warning-message wpgp-message"></div>';
120
121			//Markers Modal
122			gmb_include_view( 'admin/views/markers.php', false, $this->view_data() );
123
124			echo apply_filters( 'google_maps_preview', $output );
125
126			}
127
128			/**
129			* Modify CMB2 Default Form Output
130			*
131			* @param string @args
132			*
133			* @since 2.0
134			*
135			* @param $form_format
136			* @param $object_id
137			* @param $cmb
138			*
139			* @return string
140			*/
141			function gmb_modify_cmb2_form_output( $form_format, $object_id, $cmb ) {
			0 ignored issues – show Best Practice introduced 2016-07-15 00:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
142
143			//only modify the give settings form
144			if ( 'gmb_settings' == $object_id && 'plugin_options' == $cmb->cmb_id ) {
145
146			return '<form class="cmb-form" method="post" id="%1$s" enctype="multipart/form-data" encoding="multipart/form-data"><input type="hidden" name="object_id" value="%2$s">%3$s<div class="gmb-submit-wrap"><input type="submit" name="submit-cmb" value="' . __( 'Save Settings', 'give' ) . '" class="button-primary"></div></form>';
147			}
148
149			return $form_format;
150
151			}
152
153
154			/**
155			* Add upsell to the widget form
156			*
157			* @since 2.1.0
158			*
159			* @uses "gmb_after_widget_form" action
160			*/
161			public function widget_upsell() {
162			?>
163			<div class="gmb-widget-upgrade clear">
164			<span class="powered-by"></span>
165			<a href="https://wordimpress.com/plugins/maps-builder-pro?utm_source=MBF&utm_medium=BANNER&utm_content=WIDGET&utm_campaign=MBF%20Widgets" target="_blank" class="button button-small">
166			<?php _e( 'Upgrade to Pro', 'google-maps-builder' ); ?>
167			<span class="new-window"></span>
168			</a>
169			</div>
170			<?php
171
172			}
173
174
175			/**
176			* Adds a Free
177			*
178			* @param String $classes Current body classes.
179			*
180			* @return String Altered body classes.
181			*/
182			function admin_body_classes( $classes ) {
			0 ignored issues – show Best Practice introduced 2016-07-15 00:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
183
184			global $post;
			0 ignored issues – show Compatibility Best Practice introduced 2016-05-13 22:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
185
186			if ( isset( $post->post_type ) && $post->post_type == 'google_maps' ) {
187			$classes .= 'maps-builder-free';
188			}
189
190			return $classes;
191
192			}
193
194			/**
195			* @param $actions contains actions for edit, quick edit etc...
196			* @param $post contains global post value
197			*
198			* @return mixed
199			*/
200
201			function remove_row_actions( $actions, $post ) {
			0 ignored issues – show Best Practice introduced 2018-08-17 10:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
202			global $current_screen;
			0 ignored issues – show Compatibility Best Practice introduced 2018-08-17 10:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
203			if ( $current_screen->post_type != 'google_maps' ) {
204			return $actions;
205			}
206			add_thickbox();
207
208
209			?>
210			<style>
211			div#TB_ajaxContent {
212			width: 100% !important;
213			box-sizing: border-box;
214			max-width: 100%;
215			height: calc(100% - 30px) !important;
216			overflow: hidden;
217			padding: 0;
218			}
219
220			div#TB_window {
221			width: 75% !important;
222			height: 65%;
223			margin: 0 auto !important;
224			left: 0;
225			right: 0;
226			max-width: 75% !important;
227			top: 10%;
228			box-sizing: border-box;
229			padding: 15px;
230			overflow: hidden;
231			}
232			</style>
233			<div id="gmb-preview-map"></div>
234			<?php
235
236			// Remove the Quick Edit link
237			if ( isset( $actions['inline hide-if-no-js'] ) ) {
238			unset( $actions['inline hide-if-no-js'] );
239			$actions['custom'] = '<a href="#TB_inline?width=1400px&height=600px&inlineId=gmb-preview-map" data-id="' . $post->ID . '" class="thickbox gmb-load-map">' . sprintf( __( 'Preview Map', 'google-maps-builder' ) ) . '</a>';
240			}
241
242			return $actions;
243			}
244
245			/**
246			* Callback function for preview map.
247			*/
248			function preview_map_action_callback() {
			0 ignored issues – show Best Practice introduced 2018-08-17 10:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
249			$map_id = isset( $_POST['map_id'] ) ? $_POST['map_id'] : '';
250			//gather data for this shortcode
251			$post = get_post( $map_id );
252			$all_meta = get_post_custom( $map_id );
253			$visual_info = maybe_unserialize( $all_meta['gmb_width_height'][0] );
254			$lat_lng = maybe_unserialize( $all_meta['gmb_lat_lng'][0] );
255			//Put markers into an array for JS usage
256			$map_marker_array = array();
257			$markers_repeatable = isset( $all_meta['gmb_markers_group'][0] ) ? maybe_unserialize( $all_meta['gmb_markers_group'][0] ) : '';
258			if ( is_array( $markers_repeatable ) ) {
259			foreach ( $markers_repeatable as $marker ) {
260			array_push( $map_marker_array, $marker );
261			}
262			}
263			//Send data for AJAX usage
264			//Add params to AJAX for Shortcode Usage
265			//@see: http://benjaminrojas.net/using-wp_localize_script-dynamically/
266			$localized_data = apply_filters( 'gmb_localized_data', array(
267			$post->ID => array(
268			'id' => $post->ID,
269			'map_params' => array(
270			'title' => $post->post_title,
271			'width' => $visual_info['width'],
272			'height' => $visual_info['height'],
273			'latitude' => $lat_lng['latitude'],
274			'longitude' => $lat_lng['longitude'],
275			'zoom' => ! empty( $all_meta['gmb_zoom'][0] ) ? $all_meta['gmb_zoom'][0] : '15',
276			'default_marker' => apply_filters( 'gmb_default_marker', GMB_PLUGIN_URL . 'assets/img/spotlight-poi.png' ),
277			),
278			'map_controls' => array(
279			'zoom_control' => ! empty( $all_meta['gmb_zoom_control'][0] ) ? strtoupper( $all_meta['gmb_zoom_control'][0] ) : 'STANDARD',
280			'pan_control' => ! empty( $all_meta['gmb_pan'][0] ) ? $all_meta['gmb_pan'][0] : 'none',
281			'map_type_control' => ! empty( $all_meta['gmb_map_type_control'][0] ) ? $all_meta['gmb_map_type_control'][0] : 'none',
282			'draggable' => ! empty( $all_meta['gmb_draggable'][0] ) ? $all_meta['gmb_draggable'][0] : 'none',
283			'double_click_zoom' => ! empty( $all_meta['gmb_double_click'][0] ) ? $all_meta['gmb_double_click'][0] : 'none',
284			'wheel_zoom' => ! empty( $all_meta['gmb_wheel_zoom'][0] ) ? $all_meta['gmb_wheel_zoom'][0] : 'none',
285			'street_view' => ! empty( $all_meta['gmb_street_view'][0] ) ? $all_meta['gmb_street_view'][0] : 'none',
286			),
287			'map_theme' => array(
288			'map_type' => ! empty( $all_meta['gmb_type'][0] ) ? $all_meta['gmb_type'][0] : 'RoadMap',
289			'map_theme_json' => ! empty( $all_meta['gmb_theme_json'][0] ) ? $all_meta['gmb_theme_json'][0] : 'none',
290
291			),
292			'map_markers' => $map_marker_array,
293			'plugin_url' => GMB_PLUGIN_URL,
294			'places_api' => array(
295			'show_places' => ! empty( $all_meta['gmb_show_places'][0] ) ? $all_meta['gmb_show_places'][0] : 'no',
296			'search_radius' => ! empty( $all_meta['gmb_search_radius'][0] ) ? $all_meta['gmb_search_radius'][0] : '3000',
297			'search_places' => ! empty( $all_meta['gmb_places_search_multicheckbox'][0] ) ? maybe_unserialize( $all_meta['gmb_places_search_multicheckbox'][0] ) : '',
298			),
299			'map_markers_icon' => ! empty( $all_meta['gmb_map_marker'] ) ? $all_meta['gmb_map_marker'][0] : 'none',
300			),
301			) );
302
303			$maphtml = '<div class="google-maps-builder-wrap"> <div id="google-maps-builder-' . $map_id . '" class="google-maps-builder" data-map-id="' . $map_id . '" style="width: 1400px; height:600px;"></div></div>';
304			$responseArray = array();
305			$responseArray['localized'] = $localized_data;
306			$responseArray['maphtml'] = $maphtml;
307			echo wp_send_json( $responseArray );
308			wp_die();
309			}
310
311
312			} //end class
313

WordImpress / Google-Maps-Builder

Issues (23)

Security Analysis no request data

includes/admin/class-gmb-admin.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like