EES_Shortcode::sanitize_attributes() - Code Metrics - Inspection of "Daily Inspection: skip sanitization for attributes..." - eventespresso/event-espresso-core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — BUG-10458-sql-injection-via-sh... (c8fb1e)

unknown

created 2017-02-02 21:22 UTC

EES_Shortcode::sanitize_attributes() C

↳ Parent: EES_Shortcode

Complexity

Conditions	11
Paths	17

Size

Total Lines	37
Code Lines	27

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	11
eloc	27
nc	17
nop	2
dl	0
loc	37
rs	5.2653
c	0
b	0
f	0

How to fix Complexity

<?php if ( ! defined('EVENT_ESPRESSO_VERSION')) exit('No direct script access allowed');
/**
 * Event Espresso
 *
 * Event Registration and Management Plugin for WordPress
 *
 * @ package			Event Espresso
 * @ author				Event Espresso
 * @ copyright		(c) 2008-2011 Event Espresso  All Rights Reserved.
 * @ license			http://eventespresso.com/support/terms-conditions/   * see Plugin Licensing *
 * @ link					http://www.eventespresso.com
 * @ version		 	4.0
 *
 * ------------------------------------------------------------------------
 *
 * EES_Shortcode
 *
 * @package			Event Espresso
 * @subpackage	/shortcodes/
 * @author				Brent Christensen
 *
 * ------------------------------------------------------------------------
 */
abstract class EES_Shortcode extends EE_Base {

	/**
	 * @protected 	public
	 * @var 	array $_attributes
	 */
	protected $_attributes = array();

	/**
	 * run - initial shortcode module setup called during "parse_request" hook by
	 * \EE_Front_Controller::_initialize_shortcodes() IF this shortcode is going to execute during this request !
	 * It may also get called by \EES_Shortcode::fallback_shortcode_processor() if the shortcode is being implemented
	 * by a theme or plugin in a non-standard way.
	 * Basically this method is primarily used for loading resources and assets like CSS or JS
	 * that will be required by the shortcode when it is actually processed.
	 * Please note that assets may not load if the fallback_shortcode_processor() is being used.
	 *
	 * @access    public
	 * @param WP $WP
	 * @return    void
	 */
	public abstract function run( WP $WP );



	/**
	 * 	process_shortcode
	 * 	this method is the callback function for the actual shortcode, and is what runs when WP encounters the shortcode within the_content
	 *
	 *  @access 	public
	 *  @param		array 	$attributes
	 *  @return 	mixed
	 */
	public abstract function process_shortcode( $attributes = array() );



	/**
	 *    instance - returns instance of child class object
	 *
	 * @access 	public
	 * @param 	string $shortcode_class
	 * @return 	\EES_Shortcode
	 */
	final public static function instance( $shortcode_class = null ) {
		$shortcode_class = ! empty( $shortcode_class ) ? $shortcode_class : get_called_class();
		if ( $shortcode_class === 'EES_Shortcode' || empty( $shortcode_class )) {
			return null;
		}
		$shortcode = str_replace( 'EES_', '', strtoupper( $shortcode_class ));
		$shortcode_obj = isset( EE_Registry::instance()->shortcodes->{$shortcode} )
            ? EE_Registry::instance()->shortcodes->{$shortcode}
            : null;
		return $shortcode_obj instanceof $shortcode_class || $shortcode_class === 'self'
            ? $shortcode_obj
            : new $shortcode_class();
	}




	/**
	 *    fallback_shortcode_processor - create instance and call process_shortcode
	 *    NOTE: shortcode may not function perfectly dues to missing assets, but it's better than not having things work at all
	 *
	 * @access 	public
	 * @param 	$attributes
	 * @return 	mixed
	 */
	final public static function fallback_shortcode_processor( $attributes ) {
		if ( EE_Maintenance_Mode::disable_frontend_for_maintenance() ) {
			return null;
		}
		// what shortcode was actually parsed ?
		$shortcode_class = get_called_class();
		// notify rest of system that fallback processor was triggered
		add_filter( 'FHEE__fallback_shortcode_processor__' . $shortcode_class, '__return_true' );
		// get instance of actual shortcode
		$shortcode_obj = self::instance( $shortcode_class );
		// verify class
		if ( $shortcode_obj instanceof EES_Shortcode ) {
			global $wp;
			$shortcode_obj->run( $wp );
			// set attributes and run the shortcode
			$shortcode_obj->_attributes = (array)$attributes;
			return $shortcode_obj->process_shortcode( $shortcode_obj->_attributes );
		} else {
			return null;
		}
	}




	/**
	 *    invalid_shortcode_processor -  used in cases where we know the shortcode is invalid, most likely due to a deactivated addon, and simply returns an empty string
	 *
	 * @access 	public
	 * @param 	$attributes
	 * @return 	string
	 */
	final public static function invalid_shortcode_processor( $attributes ) {

		return '';
	}



	/**
	 * class constructor - should ONLY be instantiated by EE_Front_Controller
	 */
	final public function __construct() {
		// get classname, remove EES_prefix, and convert to UPPERCASE
		$shortcode = strtoupper( str_replace( 'EES_', '', get_class( $this )));
		// assign shortcode to the preferred callback, which overwrites the "fallback shortcode processor" assigned earlier
		add_shortcode( $shortcode, array( $this, 'process_shortcode' ));
		// make sure system knows this is an EE page
		EE_Registry::instance()->REQ->set_espresso_page( TRUE );
	}



    /**
     * @param array $attributes
     * @param array $custom_sanitization
     * @return array
     */
    public static function sanitize_attributes(array $attributes, $custom_sanitization = array())
    {
        foreach ($attributes as $key => $value) {
            // is a custom sanitization callback specified ?
            if ( isset($custom_sanitization[$key])) {
                $callback = $custom_sanitization[$key];
                if ($callback === 'skip_sanitization') {
                    $attributes[$key] = $value;
                    continue;
                } else if (function_exists($callback)){
                    $attributes[$key] = $callback($value);
                    continue;
                }
            }
            switch (true) {
                case $value === null :
                case is_int($value) :
                case is_float($value) :
                    // typical booleans
                case in_array($value, array(true, 'true', '1', 'on', 'yes', false, 'false', '0', 'off', 'no'), true) :
                    $attributes[$key] = $value;
                    break;
                case is_string($value) :
                    $attributes[$key] = sanitize_text_field($value);
                    break;
                case is_array($value) :
                    $attributes[$key] = \EES_Shortcode::sanitize_attributes($value);
                    break;
                default :
                    // only remaining data types are Object and Resource
                    // which are not allowed as shortcode attributes
                    $attributes[$key] = null;
                    break;
            }
        }
        return $attributes;
	}


}
// End of file EES_Shortcode.shortcode.php
// Location: /shortcodes/EES_Shortcode.shortcode.php

1			<?php if ( ! defined('EVENT_ESPRESSO_VERSION')) exit('No direct script access allowed');
2			/**
3			* Event Espresso
4			*
5			* Event Registration and Management Plugin for WordPress
6			*
7			* @ package Event Espresso
8			* @ author Event Espresso
9			* @ copyright (c) 2008-2011 Event Espresso All Rights Reserved.
10			* @ license http://eventespresso.com/support/terms-conditions/ * see Plugin Licensing *
11			* @ link http://www.eventespresso.com
12			* @ version 4.0
13			*
14			* ------------------------------------------------------------------------
15			*
16			* EES_Shortcode
17			*
18			* @package Event Espresso
19			* @subpackage /shortcodes/
20			* @author Brent Christensen
21			*
22			* ------------------------------------------------------------------------
23			*/
24			abstract class EES_Shortcode extends EE_Base {
25
26			/**
27			* @protected public
28			* @var array $_attributes
29			*/
30			protected $_attributes = array();
31
32			/**
33			* run - initial shortcode module setup called during "parse_request" hook by
34			* \EE_Front_Controller::_initialize_shortcodes() IF this shortcode is going to execute during this request !
35			* It may also get called by \EES_Shortcode::fallback_shortcode_processor() if the shortcode is being implemented
36			* by a theme or plugin in a non-standard way.
37			* Basically this method is primarily used for loading resources and assets like CSS or JS
38			* that will be required by the shortcode when it is actually processed.
39			* Please note that assets may not load if the fallback_shortcode_processor() is being used.
40			*
41			* @access public
42			* @param WP $WP
43			* @return void
44			*/
45			public abstract function run( WP $WP );
46
47
48
49			/**
50			* process_shortcode
51			* this method is the callback function for the actual shortcode, and is what runs when WP encounters the shortcode within the_content
52			*
53			* @access public
54			* @param array $attributes
55			* @return mixed
56			*/
57			public abstract function process_shortcode( $attributes = array() );
58
59
60
61			/**
62			* instance - returns instance of child class object
63			*
64			* @access public
65			* @param string $shortcode_class
66			* @return \EES_Shortcode
67			*/
68			final public static function instance( $shortcode_class = null ) {
69			$shortcode_class = ! empty( $shortcode_class ) ? $shortcode_class : get_called_class();
70			if ( $shortcode_class === 'EES_Shortcode' \|\| empty( $shortcode_class )) {
71			return null;
72			}
73			$shortcode = str_replace( 'EES_', '', strtoupper( $shortcode_class ));
74			$shortcode_obj = isset( EE_Registry::instance()->shortcodes->{$shortcode} )
75			? EE_Registry::instance()->shortcodes->{$shortcode}
76			: null;
77			return $shortcode_obj instanceof $shortcode_class \|\| $shortcode_class === 'self'
78			? $shortcode_obj
79			: new $shortcode_class();
80			}
81
82
83
84
85			/**
86			* fallback_shortcode_processor - create instance and call process_shortcode
87			* NOTE: shortcode may not function perfectly dues to missing assets, but it's better than not having things work at all
88			*
89			* @access public
90			* @param $attributes
91			* @return mixed
92			*/
93			final public static function fallback_shortcode_processor( $attributes ) {
94			if ( EE_Maintenance_Mode::disable_frontend_for_maintenance() ) {
95			return null;
96			}
97			// what shortcode was actually parsed ?
98			$shortcode_class = get_called_class();
99			// notify rest of system that fallback processor was triggered
100			add_filter( 'FHEE__fallback_shortcode_processor__' . $shortcode_class, '__return_true' );
101			// get instance of actual shortcode
102			$shortcode_obj = self::instance( $shortcode_class );
103			// verify class
104			if ( $shortcode_obj instanceof EES_Shortcode ) {
105			global $wp;
106			$shortcode_obj->run( $wp );
107			// set attributes and run the shortcode
108			$shortcode_obj->_attributes = (array)$attributes;
109			return $shortcode_obj->process_shortcode( $shortcode_obj->_attributes );
110			} else {
111			return null;
112			}
113			}
114
115
116
117
118			/**
119			* invalid_shortcode_processor - used in cases where we know the shortcode is invalid, most likely due to a deactivated addon, and simply returns an empty string
120			*
121			* @access public
122			* @param $attributes
123			* @return string
124			*/
125			final public static function invalid_shortcode_processor( $attributes ) {
			0 ignored issues – show Unused Code introduced 2015-11-23 01:20 UTC by Report Bug Copy Issue Report The parameter `$attributes` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
126			return '';
127			}
128
129
130
131			/**
132			* class constructor - should ONLY be instantiated by EE_Front_Controller
133			*/
134			final public function __construct() {
135			// get classname, remove EES_prefix, and convert to UPPERCASE
136			$shortcode = strtoupper( str_replace( 'EES_', '', get_class( $this )));
137			// assign shortcode to the preferred callback, which overwrites the "fallback shortcode processor" assigned earlier
138			add_shortcode( $shortcode, array( $this, 'process_shortcode' ));
139			// make sure system knows this is an EE page
140			EE_Registry::instance()->REQ->set_espresso_page( TRUE );
141			}
142
143
144
145			/**
146			* @param array $attributes
147			* @param array $custom_sanitization
148			* @return array
149			*/
150			public static function sanitize_attributes(array $attributes, $custom_sanitization = array())
151			{
152			foreach ($attributes as $key => $value) {
153			// is a custom sanitization callback specified ?
154			if ( isset($custom_sanitization[$key])) {
155			$callback = $custom_sanitization[$key];
156			if ($callback === 'skip_sanitization') {
157			$attributes[$key] = $value;
158			continue;
159			} else if (function_exists($callback)){
160			$attributes[$key] = $callback($value);
161			continue;
162			}
163			}
164			switch (true) {
165			case $value === null :
166			case is_int($value) :
167			case is_float($value) :
168			// typical booleans
169			case in_array($value, array(true, 'true', '1', 'on', 'yes', false, 'false', '0', 'off', 'no'), true) :
170			$attributes[$key] = $value;
171			break;
172			case is_string($value) :
173			$attributes[$key] = sanitize_text_field($value);
174			break;
175			case is_array($value) :
176			$attributes[$key] = \EES_Shortcode::sanitize_attributes($value);
177			break;
178			default :
179			// only remaining data types are Object and Resource
180			// which are not allowed as shortcode attributes
181			$attributes[$key] = null;
182			break;
183			}
184			}
185			return $attributes;
186			}
187
188
189			}
190			// End of file EES_Shortcode.shortcode.php
191			// Location: /shortcodes/EES_Shortcode.shortcode.php

eventespresso / event-espresso-core

Branch — BUG-10458-sql-injection-via-sh... (c8fb1e)

EES_Shortcode::sanitize_attributes() C

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like