Issues in class-foogallery-attachment.php (master) - Issues in master - fooplugins/foogallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1881)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/class-foogallery-attachment.php (1 issue)

Labels

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Class FooGalleryAttachment
 *
 * An easy to use wrapper class for a FooGallery Attachment
 */
if ( ! class_exists( 'FooGalleryAttachment' ) ) {

	class FooGalleryAttachment extends stdClass {
		/**
		 * public constructor
		 *
		 * @param null $post
		 */
		public function __construct( $post = null ) {
			$this->set_defaults();

			if ( $post !== null ) {
				$this->load( $post );
			}
		}

		/**
		 *  Sets the default when a new gallery is instantiated
		 */
		private function set_defaults() {
			$this->_post = null;
			$this->ID = 0;
			$this->title = '';
			$this->caption = '';
			$this->description = '';
			$this->alt = '';
			$this->url = '';
			$this->width = 0;
			$this->height = 0;
			$this->custom_url = '';
			$this->custom_target = '';
		}

		/**
		 * private attachment load function
		 * @param $post
		 */
		private function load( $post ) {
			$this->_post = $post;
			$this->ID = $post->ID;
			$this->title = trim( $post->post_title );
			$this->caption = foogallery_get_caption_title_for_attachment( $post );
			$this->description = foogallery_get_caption_desc_for_attachment( $post );
			$this->alt = trim( get_post_meta( $this->ID, '_wp_attachment_image_alt', true ) );
			$this->custom_url = get_post_meta( $this->ID, '_foogallery_custom_url', true );
			$this->custom_target = get_post_meta( $this->ID, '_foogallery_custom_target', true );
			$image_attributes = wp_get_attachment_image_src( $this->ID, 'full' );
			if ( $image_attributes ) {
				$this->url = $image_attributes[0];
				$this->width = $image_attributes[1];
				$this->height = $image_attributes[2];
			}

			do_action( 'foogallery_attachment_instance_after_load', $this, $post );
		}

		/**
		 * Static function to load a FooGalleryAttachment instance by passing in a post object
		 * @static
		 *
		 * @param $post
		 *
		 * @return FooGalleryAttachment
		 */
		public static function get( $post ) {
			return new self( $post );
		}

		/**
		 * Static function to load a FooGalleryAttachment instance by passing in an attachment_id
		 * @static
		 *
		 * @param $attachment_id
		 *
		 * @return FooGalleryAttachment
		 */
		public static function get_by_id( $attachment_id ) {
			$post = get_post( $attachment_id );
			return new self( $post );
		}

		/**
		 * Returns the image source only
		 *
		 * @param array $args
		 * @return string
		 */
		public function html_img_src( $args = array() ) {
			return apply_filters( 'foogallery_attachment_resize_thumbnail', $this->url, $args, $this );
		}

		/**
		 * Returns the HTML img tag for the attachment
		 * @param array $args
		 *
		 * @return string
		 */
		public function html_img( $args = array() ) {
			$attr['src'] = $this->html_img_src( $args );
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}

			if ( ! empty( $this->alt ) ) {
				$attr['alt'] = $this->alt;
			}

			//pull any custom attributes out the args
			if ( isset( $args['image_attributes'] ) && is_array( $args['image_attributes'] ) ) {
				$attr = array_merge( $attr, $args['image_attributes'] );
			}

			//check for width and height args and add those to the image
			if ( isset( $args['width'] ) && intval( $args['width'] ) > 0 ) {
				$attr['width'] = $args['width'];
			}
			if ( isset( $args['height'] ) && intval( $args['height'] ) > 0 ) {
				$attr['height'] = $args['height'];
			}

			$attr = apply_filters( 'foogallery_attachment_html_image_attributes', $attr, $args, $this );
			$attr = array_map( 'esc_attr', $attr );
			$html = '<img ';
			foreach ( $attr as $name => $value ) {
				$html .= " $name=" . '"' . $value . '"';
			}
			$html .= ' />';

			return apply_filters( 'foogallery_attachment_html_image', $html, $args, $this );
		}

		/**
		 * Returns HTML for the attachment
		 * @param array $args
		 * @param bool $output_image
		 * @param bool $output_closing_tag
		 *
		 * @return string
		 */
		public function html( $args = array(), $output_image = true, $output_closing_tag = true ) {
			if ( empty ( $this->url ) )  {
				return '';
			}

			$arg_defaults = array(
				'link' => 'image',
				'custom_link' => $this->custom_url
			);

			$args = wp_parse_args( $args, $arg_defaults );

			$link = $args['link'];

			$img = $this->html_img( $args );

			/* 12 Apr 2016 - PLEASE NOTE
			We no longer just return the image html when "no link" option is chosen.
			It was decided that it is better to return an anchor link with no href or target attributes.
			This results in more standardized HTML output for better CSS and JS code
			*/

			if ( 'page' === $link ) {
				//get the URL to the attachment page
				$url = get_attachment_link( $this->ID );
			} else if ( 'custom' === $link ) {
				$url = $args['custom_link'];
			} else {
				$url = $this->url;
			}

			//fallback for images that might not have a custom url
			if ( empty( $url ) ) {
				$url = $this->url;
			}

			$attr = array();

			//only add href and target attributes to the anchor if the link is NOT set to 'none'
			if ( $link !== 'none' ){
				$attr['href'] = $url;
				if ( ! empty( $this->custom_target ) && 'default' !== $this->custom_target ) {
					$attr['target'] = $this->custom_target;
				}
			}

			if ( ! empty( $this->caption ) ) {
				$attr['data-caption-title'] = $this->caption;
			}

			if ( !empty( $this->description ) ) {
				$attr['data-caption-desc'] = $this->description;
			}

			$attr['data-attachment-id'] = $this->ID;

			//pull any custom attributes out the args
			if ( isset( $args['link_attributes'] ) && is_array( $args['link_attributes'] ) ) {
				$attr = array_merge( $attr, $args['link_attributes'] );
			}

			$attr = apply_filters( 'foogallery_attachment_html_link_attributes', $attr, $args, $this );
			$attr = array_map( 'esc_attr', $attr );
			$html = '<a ';
			foreach ( $attr as $name => $value ) {
				$html .= " $name=" . '"' . $value . '"';
			}
			$html .= '>';
			if ( $output_image ) {
				$html .= $img;
			}
			if ( $output_closing_tag ) {
				$html .= '</a>';
			};

			return apply_filters( 'foogallery_attachment_html_link', $html, $args, $this );
		}

		/**
		 * Returns generic html for captions
		 *
		 * @param $caption_content string Include title, desc, or both
		 *
		 * @return string
		 */
		public function html_caption( $caption_content ) {
			$html = '';
			$caption_html = array();
			if ( $this->caption && ( 'title' === $caption_content || 'both' === $caption_content ) ) {
				$caption_html[] = '<div class="foogallery-caption-title">' . $this->caption . '</div>';
			}
			if ( $this->description && ( 'desc' === $caption_content || 'both' === $caption_content ) ) {
				$caption_html[] = '<div class="foogallery-caption-desc">' . $this->description . '</div>';
			}

			if ( count($caption_html) > 0 ) {
				$html = '<div class="foogallery-caption"><div class="foogallery-caption-inner">';
				$html .= implode( $caption_html );
				$html .= '</div></div>';
			}

			return apply_filters( 'foogallery_attachment_html_caption', $html, $caption_content, $this );
		}
	}
}


GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

includes/class-foogallery-attachment.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Class FooGalleryAttachment
4			*
5			* An easy to use wrapper class for a FooGallery Attachment
6			*/
7			if ( ! class_exists( 'FooGalleryAttachment' ) ) {
8
9			class FooGalleryAttachment extends stdClass {
10			/**
11			* public constructor
12			*
13			* @param null $post
14			*/
15			public function __construct( $post = null ) {
16			$this->set_defaults();
17
18			if ( $post !== null ) {
19			$this->load( $post );
20			}
21			}
22
23			/**
24			* Sets the default when a new gallery is instantiated
25			*/
26			private function set_defaults() {
27			$this->_post = null;
28			$this->ID = 0;
29			$this->title = '';
30			$this->caption = '';
31			$this->description = '';
32			$this->alt = '';
33			$this->url = '';
34			$this->width = 0;
35			$this->height = 0;
36			$this->custom_url = '';
37			$this->custom_target = '';
38			}
39
40			/**
41			* private attachment load function
42			* @param $post
43			*/
44			private function load( $post ) {
45			$this->_post = $post;
46			$this->ID = $post->ID;
47			$this->title = trim( $post->post_title );
48			$this->caption = foogallery_get_caption_title_for_attachment( $post );
49			$this->description = foogallery_get_caption_desc_for_attachment( $post );
50			$this->alt = trim( get_post_meta( $this->ID, '_wp_attachment_image_alt', true ) );
51			$this->custom_url = get_post_meta( $this->ID, '_foogallery_custom_url', true );
52			$this->custom_target = get_post_meta( $this->ID, '_foogallery_custom_target', true );
53			$image_attributes = wp_get_attachment_image_src( $this->ID, 'full' );
54			if ( $image_attributes ) {
55			$this->url = $image_attributes[0];
56			$this->width = $image_attributes[1];
57			$this->height = $image_attributes[2];
58			}
59
60			do_action( 'foogallery_attachment_instance_after_load', $this, $post );
61			}
62
63			/**
64			* Static function to load a FooGalleryAttachment instance by passing in a post object
65			* @static
66			*
67			* @param $post
68			*
69			* @return FooGalleryAttachment
70			*/
71			public static function get( $post ) {
72			return new self( $post );
73			}
74
75			/**
76			* Static function to load a FooGalleryAttachment instance by passing in an attachment_id
77			* @static
78			*
79			* @param $attachment_id
80			*
81			* @return FooGalleryAttachment
82			*/
83			public static function get_by_id( $attachment_id ) {
84			$post = get_post( $attachment_id );
85			return new self( $post );
86			}
87
88			/**
89			* Returns the image source only
90			*
91			* @param array $args
92			* @return string
93			*/
94			public function html_img_src( $args = array() ) {
95			return apply_filters( 'foogallery_attachment_resize_thumbnail', $this->url, $args, $this );
96			}
97
98			/**
99			* Returns the HTML img tag for the attachment
100			* @param array $args
101			*
102			* @return string
103			*/
104			public function html_img( $args = array() ) {
105			$attr['src'] = $this->html_img_src( $args );
			0 ignored issues – show Coding Style Comprehensibility introduced 2016-10-29 11:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$attr` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$attr = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
106
107			if ( ! empty( $this->alt ) ) {
108			$attr['alt'] = $this->alt;
109			}
110
111			//pull any custom attributes out the args
112			if ( isset( $args['image_attributes'] ) && is_array( $args['image_attributes'] ) ) {
113			$attr = array_merge( $attr, $args['image_attributes'] );
114			}
115
116			//check for width and height args and add those to the image
117			if ( isset( $args['width'] ) && intval( $args['width'] ) > 0 ) {
118			$attr['width'] = $args['width'];
119			}
120			if ( isset( $args['height'] ) && intval( $args['height'] ) > 0 ) {
121			$attr['height'] = $args['height'];
122			}
123
124			$attr = apply_filters( 'foogallery_attachment_html_image_attributes', $attr, $args, $this );
125			$attr = array_map( 'esc_attr', $attr );
126			$html = '<img ';
127			foreach ( $attr as $name => $value ) {
128			$html .= " $name=" . '"' . $value . '"';
129			}
130			$html .= ' />';
131
132			return apply_filters( 'foogallery_attachment_html_image', $html, $args, $this );
133			}
134
135			/**
136			* Returns HTML for the attachment
137			* @param array $args
138			* @param bool $output_image
139			* @param bool $output_closing_tag
140			*
141			* @return string
142			*/
143			public function html( $args = array(), $output_image = true, $output_closing_tag = true ) {
144			if ( empty ( $this->url ) ) {
145			return '';
146			}
147
148			$arg_defaults = array(
149			'link' => 'image',
150			'custom_link' => $this->custom_url
151			);
152
153			$args = wp_parse_args( $args, $arg_defaults );
154
155			$link = $args['link'];
156
157			$img = $this->html_img( $args );
158
159			/* 12 Apr 2016 - PLEASE NOTE
160			We no longer just return the image html when "no link" option is chosen.
161			It was decided that it is better to return an anchor link with no href or target attributes.
162			This results in more standardized HTML output for better CSS and JS code
163			*/
164
165			if ( 'page' === $link ) {
166			//get the URL to the attachment page
167			$url = get_attachment_link( $this->ID );
168			} else if ( 'custom' === $link ) {
169			$url = $args['custom_link'];
170			} else {
171			$url = $this->url;
172			}
173
174			//fallback for images that might not have a custom url
175			if ( empty( $url ) ) {
176			$url = $this->url;
177			}
178
179			$attr = array();
180
181			//only add href and target attributes to the anchor if the link is NOT set to 'none'
182			if ( $link !== 'none' ){
183			$attr['href'] = $url;
184			if ( ! empty( $this->custom_target ) && 'default' !== $this->custom_target ) {
185			$attr['target'] = $this->custom_target;
186			}
187			}
188
189			if ( ! empty( $this->caption ) ) {
190			$attr['data-caption-title'] = $this->caption;
191			}
192
193			if ( !empty( $this->description ) ) {
194			$attr['data-caption-desc'] = $this->description;
195			}
196
197			$attr['data-attachment-id'] = $this->ID;
198
199			//pull any custom attributes out the args
200			if ( isset( $args['link_attributes'] ) && is_array( $args['link_attributes'] ) ) {
201			$attr = array_merge( $attr, $args['link_attributes'] );
202			}
203
204			$attr = apply_filters( 'foogallery_attachment_html_link_attributes', $attr, $args, $this );
205			$attr = array_map( 'esc_attr', $attr );
206			$html = '<a ';
207			foreach ( $attr as $name => $value ) {
208			$html .= " $name=" . '"' . $value . '"';
209			}
210			$html .= '>';
211			if ( $output_image ) {
212			$html .= $img;
213			}
214			if ( $output_closing_tag ) {
215			$html .= '</a>';
216			};
217
218			return apply_filters( 'foogallery_attachment_html_link', $html, $args, $this );
219			}
220
221			/**
222			* Returns generic html for captions
223			*
224			* @param $caption_content string Include title, desc, or both
225			*
226			* @return string
227			*/
228			public function html_caption( $caption_content ) {
229			$html = '';
230			$caption_html = array();
231			if ( $this->caption && ( 'title' === $caption_content \|\| 'both' === $caption_content ) ) {
232			$caption_html[] = '<div class="foogallery-caption-title">' . $this->caption . '</div>';
233			}
234			if ( $this->description && ( 'desc' === $caption_content \|\| 'both' === $caption_content ) ) {
235			$caption_html[] = '<div class="foogallery-caption-desc">' . $this->description . '</div>';
236			}
237
238			if ( count($caption_html) > 0 ) {
239			$html = '<div class="foogallery-caption"><div class="foogallery-caption-inner">';
240			$html .= implode( $caption_html );
241			$html .= '</div></div>';
242			}
243
244			return apply_filters( 'foogallery_attachment_html_caption', $html, $caption_content, $this );
245			}
246			}
247			}
248

fooplugins / foogallery

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

includes/class-foogallery-attachment.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like