Issues in class-freemius-abstract.php (master) - Issues in master - fooplugins/foogallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1881)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

freemius/includes/class-freemius-abstract.php (47 issues)

Labels

Severity

Minor 47

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

	/**
	 * @package     Freemius
	 * @copyright   Copyright (c) 2015, Freemius, Inc.
	 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
	 * @since       1.0.7
	 */

	if ( ! defined( 'ABSPATH' ) ) {
		exit;
	}


	/**
	 * - Each instance of Freemius class represents a single plugin
	 * install by a single user (the installer of the plugin).
	 *
	 * - Each website can only have one install of the same plugin.
	 *
	 * - Install entity is only created after a user connects his account with Freemius.
	 *
	 * Class Freemius_Abstract
	 */
	abstract class Freemius_Abstract {
namespace YourVendor;

class YourClass { }

		#----------------------------------------------------------------------------------
		#region Identity
		#----------------------------------------------------------------------------------

		/**
		 * Check if user has connected his account (opted-in).
		 *
		 * Note:
		 *      If the user opted-in and opted-out on a later stage,
		 *      this will still return true. If you want to check if the
		 *      user is currently opted-in, use:
		 *          `$fs->is_registered() && $fs->is_tracking_allowed()`
		 *
		 * @since 1.0.1
		 * @return bool
		 */
		abstract function is_registered();


		/**
		 * Check if the user skipped connecting the account with Freemius.
		 *
		 * @since 1.0.7
		 *
		 * @return bool
		 */
		abstract function is_anonymous();


		/**
		 * Check if the user currently in activation mode.
		 *
		 * @since 1.0.7
		 *
		 * @return bool
		 */
		abstract function is_activation_mode();


		#endregion

		#----------------------------------------------------------------------------------
		#region Usage Tracking
		#----------------------------------------------------------------------------------

		/**
		 * Returns TRUE if the user opted-in and didn't disconnect (opt-out).
		 *
		 * @author Leo Fajardo (@leorw)
		 * @since 1.2.1.5
		 *
		 * @return bool
		 */
		abstract function is_tracking_allowed();


		/**
		 * Returns TRUE if the user never opted-in or manually opted-out.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since 1.2.1.5
		 *
		 * @return bool
		 */
		function is_tracking_prohibited() {

			return ! $this->is_registered() || ! $this->is_tracking_allowed();
		}

		/**
		 * Opt-out from usage tracking.
		 *
		 * Note: This will not delete the account information but will stop all tracking.
		 *
		 * Returns:
		 *  1. FALSE  - If the user never opted-in.
		 *  2. TRUE   - If successfully opted-out.
		 *  3. object - API Result on failure.
		 *
		 * @author Leo Fajardo (@leorw)
		 * @since  1.2.1.5
		 *
		 * @return bool|object
		 */
		abstract function stop_tracking();


		/**
		 * Opt-in back into usage tracking.
		 *
		 * Note: This will only work if the user opted-in previously.
		 *
		 * Returns:
		 *  1. FALSE  - If the user never opted-in.
		 *  2. TRUE   - If successfully opted-in back to usage tracking.
		 *  3. object - API result on failure.
		 *
		 * @author Leo Fajardo (@leorw)
		 * @since  1.2.1.5
		 *
		 * @return bool|object
		 */
		abstract function allow_tracking();


		#endregion

		#----------------------------------------------------------------------------------
		#region Module Type
		#----------------------------------------------------------------------------------

		/**
		 * Checks if the plugin's type is "plugin". The other type is "theme".
		 *
		 * @author Leo Fajardo (@leorw)
		 * @since  1.2.2
		 *
		 * @return bool
		 */
		abstract function is_plugin();


		/**
		 * Checks if the module type is "theme". The other type is "plugin".
		 *
		 * @author Leo Fajardo (@leorw)
		 * @since  1.2.2
		 *
		 * @return bool
		 */
		function is_theme() {

			return ( ! $this->is_plugin() );
		}

		#endregion

		#----------------------------------------------------------------------------------
		#region Permissions
		#----------------------------------------------------------------------------------

		/**
		 * Check if plugin must be WordPress.org compliant.
		 *
		 * @since 1.0.7
		 *
		 * @return bool
		 */
		abstract function is_org_repo_compliant();


		/**
		 * Check if plugin is allowed to install executable files.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.5
		 *
		 * @return bool
		 */
		function is_allowed_to_install() {

			return ( $this->is_premium() || ! $this->is_org_repo_compliant() );
		}

		#endregion

		/**
		 * Check if user in trial or in free plan (not paying).
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.4
		 *
		 * @return bool
		 */
		function is_not_paying() {

			return ( $this->is_trial() || $this->is_free_plan() );
		}

		/**
		 * Check if the user has an activated and valid paid license on current plugin's install.
		 *
		 * @since 1.0.9
		 *
		 * @return bool
		 */
		abstract function is_paying();


		/**
		 * Check if the user is paying or in trial.
		 *
		 * @since 1.0.9
		 *
		 * @return bool
		 */
		function is_paying_or_trial() {

			return ( $this->is_paying() || $this->is_trial() );
		}

		/**
		 * Check if user in a trial or have feature enabled license.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.1.7
		 *
		 * @return bool
		 */
		abstract function can_use_premium_code();


		#----------------------------------------------------------------------------------
		#region Premium Only
		#----------------------------------------------------------------------------------

		/**
		 * All logic wrapped in methods with "__premium_only()" suffix will be only
		 * included in the premium code.
		 *
		 * Example:
		 *      if ( freemius()->is__premium_only() ) {
		 *          ...
		 *      }
		 */

		/**
		 * Returns true when running premium plugin code.
		 *
		 * @since 1.0.9
		 *
		 * @return bool
		 */
		function is__premium_only() {

			return $this->is_premium();
		}

		/**
		 * Check if the user has an activated and valid paid license on current plugin's install.
		 *
		 * @since 1.0.9
		 *
		 * @return bool
		 *
		 */
		function is_paying__premium_only() {

			return ( $this->is__premium_only() && $this->is_paying() );
		}

		/**
		 * All code wrapped in this statement will be only included in the premium code.
		 *
		 * @since  1.0.9
		 *
		 * @param string $plan  Plan name.
		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
		 *
		 * @return bool
		 */
		function is_plan__premium_only( $plan, $exact = false ) {

			return ( $this->is_premium() && $this->is_plan( $plan, $exact ) );
		}

		/**
		 * Check if plan matches active license' plan or active trial license' plan.
		 *
		 * All code wrapped in this statement will be only included in the premium code.
		 *
		 * @since  1.0.9
		 *
		 * @param string $plan  Plan name.
		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
		 *
		 * @return bool
		 */
		function is_plan_or_trial__premium_only( $plan, $exact = false ) {

			return ( $this->is_premium() && $this->is_plan_or_trial( $plan, $exact ) );
		}

		/**
		 * Check if the user is paying or in trial.
		 *
		 * All code wrapped in this statement will be only included in the premium code.
		 *
		 * @since 1.0.9
		 *
		 * @return bool
		 */
		function is_paying_or_trial__premium_only() {

			return $this->is_premium() && $this->is_paying_or_trial();
		}

		/**
		 * Check if the user has an activated and valid paid license on current plugin's install.
		 *
		 * @since      1.0.4
		 *
		 * @return bool
		 *
		 * @deprecated Method name is confusing since it's not clear from the name the code will be removed.
		 * @using      Alias to is_paying__premium_only()
		 */
		function is_paying__fs__() {

			return $this->is_paying__premium_only();
		}

		/**
		 * Check if user in a trial or have feature enabled license.
		 *
		 * All code wrapped in this statement will be only included in the premium code.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.1.9
		 *
		 * @return bool
		 */
		function can_use_premium_code__premium_only() {

			return $this->is_premium() && $this->can_use_premium_code();
		}

		#endregion

		#----------------------------------------------------------------------------------
		#region Trial
		#----------------------------------------------------------------------------------

		/**
		 * Check if the user in a trial.
		 *
		 * @since 1.0.3
		 *
		 * @return bool
		 */
		abstract function is_trial();


		/**
		 * Check if trial already utilized.
		 *
		 * @since 1.0.9
		 *
		 * @return bool
		 */
		abstract function is_trial_utilized();


		#endregion

		#----------------------------------------------------------------------------------
		#region Plans
		#----------------------------------------------------------------------------------

		/**
		 * Check if the user is on the free plan of the product.
		 *
		 * @since 1.0.4
		 *
		 * @return bool
		 */
		abstract function is_free_plan();


		/**
		 * @since  1.0.2
		 *
		 * @param string $plan  Plan name.
		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
		 *
		 * @return bool
		 */
		abstract function is_plan( $plan, $exact = false );


		/**
		 * Check if plan based on trial. If not in trial mode, should return false.
		 *
		 * @since  1.0.9
		 *
		 * @param string $plan  Plan name.
		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
		 *
		 * @return bool
		 */
		abstract function is_trial_plan( $plan, $exact = false );


		/**
		 * Check if plan matches active license' plan or active trial license' plan.
		 *
		 * @since  1.0.9
		 *
		 * @param string $plan  Plan name.
		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
		 *
		 * @return bool
		 */
		function is_plan_or_trial( $plan, $exact = false ) {

			return $this->is_plan( $plan, $exact ) ||
			       $this->is_trial_plan( $plan, $exact );
		}

		/**
		 * Check if plugin has any paid plans.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.7
		 *
		 * @return bool
		 */
		abstract function has_paid_plan();


		/**
		 * Check if plugin has any free plan, or is it premium only.
		 *
		 * Note: If no plans configured, assume plugin is free.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.7
		 *
		 * @return bool
		 */
		abstract function has_free_plan();


		/**
		 * Check if plugin is premium only (no free plans).
		 *
		 * NOTE: is__premium_only() is very different method, don't get confused.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.1.9
		 *
		 * @return bool
		 */
		abstract function is_only_premium();


		/**
		 * Check if module has a premium code version.
		 *
		 * Serviceware module might be freemium without any
		 * premium code version, where the paid features
		 * are all part of the service.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.2.1.6
		 *
		 * @return bool
		 */
		abstract function has_premium_version();


		/**
		 * Check if module has any release on Freemius,
		 * or all plugin's code is on WordPress.org (Serviceware).
		 *
		 * @return bool
		 */
		function has_release_on_freemius() {

			return ! $this->is_org_repo_compliant() ||
			       $this->has_premium_version();
		}

		/**
		 * Checks if it's a freemium plugin.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.1.9
		 *
		 * @return bool
		 */
		function is_freemium() {

			return $this->has_paid_plan() &&
			       $this->has_free_plan();
		}

		/**
		 * Check if module has only one plan.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.2.1.7
		 *
		 * @return bool
		 */
		abstract function is_single_plan();


		#endregion

		/**
		 * Check if running payments in sandbox mode.
		 *
		 * @since 1.0.4
		 *
		 * @return bool
		 */
		abstract function is_payments_sandbox();


		/**
		 * Check if running test vs. live plugin.
		 *
		 * @since 1.0.5
		 *
		 * @return bool
		 */
		abstract function is_live();


		/**
		 * Check if running premium plugin code.
		 *
		 * @since 1.0.5
		 *
		 * @return bool
		 */
		abstract function is_premium();


		/**
		 * Get upgrade URL.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.2
		 *
		 * @param string $period Billing cycle.
		 *
		 * @return string
		 */
		abstract function get_upgrade_url( $period = WP_FS__PERIOD_ANNUALLY );


		/**
		 * Check if Freemius was first added in a plugin update.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.1.5
		 *
		 * @return bool
		 */
		function is_plugin_update() {

			return ! $this->is_plugin_new_install();
		}

		/**
		 * Check if Freemius was part of the plugin when the user installed it first.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.1.5
		 *
		 * @return bool
		 */
		abstract function is_plugin_new_install();


		#----------------------------------------------------------------------------------
		#region Marketing
		#----------------------------------------------------------------------------------

		/**
		 * Check if current user purchased any other plugins before.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.9
		 *
		 * @return bool
		 */
		abstract function has_purchased_before();


		/**
		 * Check if current user classified as an agency.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.9
		 *
		 * @return bool
		 */
		abstract function is_agency();


		/**
		 * Check if current user classified as a developer.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.9
		 *
		 * @return bool
		 */
		abstract function is_developer();


		/**
		 * Check if current user classified as a business.
		 *
		 * @author Vova Feldman (@svovaf)
		 * @since  1.0.9
		 *
		 * @return bool
		 */
		abstract function is_business();


		#endregion
	}

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

freemius/includes/class-freemius-abstract.php (47 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
			0 ignored issues – show Coding Style Compatibility introduced 2017-06-04 19:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 24 and the first side effect is on line 10. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			/**
3			* @package Freemius
4			* @copyright Copyright (c) 2015, Freemius, Inc.
5			* @license https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
6			* @since 1.0.7
7			*/
8
9			if ( ! defined( 'ABSPATH' ) ) {
10			exit;
11			}
12
13
14			/**
15			* - Each instance of Freemius class represents a single plugin
16			* install by a single user (the installer of the plugin).
17			*
18			* - Each website can only have one install of the same plugin.
19			*
20			* - Install entity is only created after a user connects his account with Freemius.
21			*
22			* Class Freemius_Abstract
23			*/
24			abstract class Freemius_Abstract {
			0 ignored issues – show Coding Style Compatibility introduced 2017-06-04 19:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
25
26			#----------------------------------------------------------------------------------
27			#region Identity
28			#----------------------------------------------------------------------------------
29
30			/**
31			* Check if user has connected his account (opted-in).
32			*
33			* Note:
34			* If the user opted-in and opted-out on a later stage,
35			* this will still return true. If you want to check if the
36			* user is currently opted-in, use:
37			* `$fs->is_registered() && $fs->is_tracking_allowed()`
38			*

fooplugins / foogallery

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

freemius/includes/class-freemius-abstract.php (47 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like