Issues in class-foogallery-cache.php (master) - Issues in master - fooplugins/foogallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1881)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/class-foogallery-cache.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Class used to cache gallery HTML output to save requests to the database
 * Date: 20/03/2017
 */
if ( ! class_exists( 'FooGallery_Cache' ) ) {

	class FooGallery_Cache {

		function __construct() {
			if ( is_admin() ) {
				//intercept the gallery save and save the html output to post meta
				add_action( 'foogallery_after_save_gallery', array( $this, 'cache_gallery_html_output_after_save' ), 10, 2 );

				//add some settings to allow the clearing and disabling of the cache
				add_filter( 'foogallery_admin_settings_override', array( $this, 'add_cache_settings' ) );

				//render the clear HTML cache button
				add_action( 'foogallery_admin_settings_custom_type_render_setting', array( $this, 'render_settings' ) );

				// Ajax call for clearing HTML cache
				add_action( 'wp_ajax_foogallery_clear_html_cache', array( $this, 'ajax_clear_all_caches' ) );

				add_action( 'foogallery_admin_new_version_detected', array( $this, 'clear_cache_on_update' ) );

				//clear the gallery caches when settings are updated or reset
				add_action( 'foogallery_settings_updated', array( $this, 'clear_all_gallery_caches' ) );
				add_action( 'foogallery_settings_reset', array( $this, 'clear_all_gallery_caches' ) );
			}

			add_filter( 'foogallery_load_gallery_template', array( $this, 'fetch_gallery_html_from_cache' ), 10, 3 );

			add_filter( 'foogallery_html_cache_disabled', array( $this, 'disable_html_cache' ), 10, 3 );

			add_filter( 'foogallery_render_template_clear_globals' , array( $this, 'render_template_clear_globals' ) );
		}

		/**
		 * Override if the gallery html cache is disabled
		 *
		 * @param $disabled bool
		 * @param $gallery FooGallery
		 * @return bool
		 */
		function disable_html_cache( $disabled, $gallery ) {

			//check if the gallery sorting is random
			if ( 'rand' === $gallery->sorting ) {
				$disabled = true;
			}

			return $disabled;
		}

		/**
		 * Save the HTML output of the gallery after the gallery has been saved
		 *
		 * @param $post_id
		 * @param $form_post
		 */
		function cache_gallery_html_output_after_save( $post_id, $form_post ) {

			$this->cache_gallery_html_output( $post_id );
		}

		/**
		 * Save the HTML output of the gallery to post meta so that it can be used in future requests
		 *
		 * @param $foogallery_id
		 */
		function cache_gallery_html_output( $foogallery_id ) {
			$caching_enabled = $this->is_caching_enabled();

			//check if caching is disabled and quit early
			if ( !$caching_enabled ) {
				return;
			}

			//we need a way to force the gallery to render it's output every time it is saved
			global $foogallery_force_gallery_cache;
			$foogallery_force_gallery_cache = true;

			//capture the html output
			ob_start();
			foogallery_render_gallery( $foogallery_id );
			$gallery_html = ob_get_contents();
			ob_end_clean();

			if ( $caching_enabled ) {
				//save the output to post meta for later use
				update_post_meta( $foogallery_id, FOOGALLERY_META_CACHE, $gallery_html );
			}

			$foogallery_force_gallery_cache = false;
		}

		function is_caching_enabled() {
            global $current_foogallery_arguments;

			//do some checks if we are using arguments
			if ( isset( $current_foogallery_arguments ) ) {

                //never cache if showing a preview
                if ( array_key_exists( 'preview', $current_foogallery_arguments ) &&
                    true === $current_foogallery_arguments['preview'] ) {
                    return false;
                }

                //never cache if we are passing in extra arguments via the shortcode
                $array_keys = array_keys( $current_foogallery_arguments );
			    if ( $array_keys != array( 'id', 'gallery' ) ) {
                    return false;
                }
            }

			//next, check the settings
			if ( 'on' === foogallery_get_setting( 'enable_html_cache' ) ) {
				return true;
			}

			return false;
		}

		/**
		 * Override the template output
		 *
		 * @param $override
		 * @param $gallery
		 * @param $template_location
		 *
		 * @return bool
		 */
		function fetch_gallery_html_from_cache( $override, $gallery, $template_location ) {

			global $foogallery_force_gallery_cache;
			if ( $foogallery_force_gallery_cache ) {
				return false;
			}

			//check if caching is disabled and quit early
			if ( !$this->is_caching_enabled() ) {
				return false;
			}

			//allow extensions of others disable the html cache
			if ( apply_filters( 'foogallery_html_cache_disabled', false, $gallery ) ) {
				return false;
			}

			$gallery_cache = get_post_meta( $gallery->ID, FOOGALLERY_META_CACHE, true );

			if ( !empty( $gallery_cache ) && is_string( $gallery_cache ) ) {
				//output the cached gallery html
				echo $gallery_cache;
				return true; //return that we will override
			} else {
				//we should cache the result for next time
				$this->cache_gallery_html_output( $gallery->ID );
			}

			return false;
		}

		/**
		 * Add some caching settings
		 * @param $settings
		 *
		 * @return array
		 */
		function add_cache_settings( $settings ) {

			$cache_settings[] = array(
				'id'      => 'enable_html_cache',
				'title'   => __( 'Enable HTML Cache', 'foogallery' ),
				'desc'    => __( 'The gallery HTML that is generated can be cached. This can reduce the number of calls to the database when displaying a gallery and can increase site performance.', 'foogallery' ),
				'type'    => 'checkbox',
				'tab'     => 'general',
				'section' => __( 'Cache', 'foogallery' )
			);

			$cache_settings[] = array(
				'id'      => 'clear_html_cache',
				'title'   => __( 'Clear HTML Cache', 'foogallery' ),
				'desc'    => __( 'If you enable the HTML cache, then you can use this button to clear the gallery HTML that has been cached for all galleries.', 'foogallery' ),
				'type'    => 'clear_gallery_cache_button',
				'tab'     => 'general',
				'section' => __( 'Cache', 'foogallery' )
			);

			$new_settings = array_merge( $cache_settings, $settings['settings'] );

			$settings['settings'] = $new_settings;

			return $settings;
		}

		/**
		 * Render any custom setting types to the settings page
		 */
		function render_settings( $args ) {
			if ('clear_gallery_cache_button' === $args['type'] ) { ?>
				<div id="foogallery_clear_html_cache_container">
					<input type="button" data-nonce="<?php echo esc_attr( wp_create_nonce( 'foogallery_clear_html_cache' ) ); ?>" class="button-primary foogallery_clear_html_cache" value="<?php _e( 'Clear Gallery HTML Cache', 'foogallery' ); ?>">
					<span id="foogallery_clear_html_cache_spinner" style="position: absolute" class="spinner"></span>
				</div>
			<?php }
		}

		/**
		 * AJAX endpoint for clearing all gallery caches
		 */
		function ajax_clear_all_caches() {
			if ( check_admin_referer( 'foogallery_clear_html_cache' ) ) {

				$this->clear_all_gallery_caches();

				_e('The cache for all galleries has been cleared!', 'foogallery' );
				die();
			}
		}

		/**
		 * Clears all caches for all galleries
		 */
		function clear_all_gallery_caches() {
			delete_post_meta_by_key( FOOGALLERY_META_CACHE );
		}

		/**
		 * Clear all caches when the plugin has been updated. This is to account for changes in the HTML when a new version is released.
		 */
		function clear_cache_on_update() {
			$this->clear_all_gallery_caches();
		}

		/**
		 * Determine if the globals should be cleared when rendering a gallery
		 *
		 * @param $clear
		 *
		 * @return bool
		 */
		function render_template_clear_globals( $clear ) {
			global $foogallery_force_gallery_cache;
			if ( $foogallery_force_gallery_cache ) {
				return false;
			}

			return $clear;
		}
	}
}

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

includes/class-foogallery-cache.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Class used to cache gallery HTML output to save requests to the database
4			* Date: 20/03/2017
5			*/
6			if ( ! class_exists( 'FooGallery_Cache' ) ) {
7
8			class FooGallery_Cache {
9
10			function __construct() {
11			if ( is_admin() ) {
12			//intercept the gallery save and save the html output to post meta
13			add_action( 'foogallery_after_save_gallery', array( $this, 'cache_gallery_html_output_after_save' ), 10, 2 );
14
15			//add some settings to allow the clearing and disabling of the cache
16			add_filter( 'foogallery_admin_settings_override', array( $this, 'add_cache_settings' ) );
17
18			//render the clear HTML cache button
19			add_action( 'foogallery_admin_settings_custom_type_render_setting', array( $this, 'render_settings' ) );
20
21			// Ajax call for clearing HTML cache
22			add_action( 'wp_ajax_foogallery_clear_html_cache', array( $this, 'ajax_clear_all_caches' ) );
23
24			add_action( 'foogallery_admin_new_version_detected', array( $this, 'clear_cache_on_update' ) );
25
26			//clear the gallery caches when settings are updated or reset
27			add_action( 'foogallery_settings_updated', array( $this, 'clear_all_gallery_caches' ) );
28			add_action( 'foogallery_settings_reset', array( $this, 'clear_all_gallery_caches' ) );
29			}
30
31			add_filter( 'foogallery_load_gallery_template', array( $this, 'fetch_gallery_html_from_cache' ), 10, 3 );
32
33			add_filter( 'foogallery_html_cache_disabled', array( $this, 'disable_html_cache' ), 10, 3 );
34
35			add_filter( 'foogallery_render_template_clear_globals' , array( $this, 'render_template_clear_globals' ) );
36			}
37
38			/**
39			* Override if the gallery html cache is disabled
40			*
41			* @param $disabled bool
42			* @param $gallery FooGallery
43			* @return bool
44			*/
45			function disable_html_cache( $disabled, $gallery ) {
46
47			//check if the gallery sorting is random
48			if ( 'rand' === $gallery->sorting ) {
49			$disabled = true;
50			}
51
52			return $disabled;
53			}
54
55			/**
56			* Save the HTML output of the gallery after the gallery has been saved
57			*
58			* @param $post_id
59			* @param $form_post
60			*/
61			function cache_gallery_html_output_after_save( $post_id, $form_post ) {
			0 ignored issues – show Unused Code introduced 2017-03-21 17:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$form_post` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
62			$this->cache_gallery_html_output( $post_id );
63			}
64
65			/**
66			* Save the HTML output of the gallery to post meta so that it can be used in future requests
67			*
68			* @param $foogallery_id
69			*/
70			function cache_gallery_html_output( $foogallery_id ) {
71			$caching_enabled = $this->is_caching_enabled();
72
73			//check if caching is disabled and quit early
74			if ( !$caching_enabled ) {
75			return;
76			}
77
78			//we need a way to force the gallery to render it's output every time it is saved
79			global $foogallery_force_gallery_cache;
80			$foogallery_force_gallery_cache = true;
81
82			//capture the html output
83			ob_start();
84			foogallery_render_gallery( $foogallery_id );
85			$gallery_html = ob_get_contents();
86			ob_end_clean();
87
88			if ( $caching_enabled ) {
89			//save the output to post meta for later use
90			update_post_meta( $foogallery_id, FOOGALLERY_META_CACHE, $gallery_html );
91			}
92
93			$foogallery_force_gallery_cache = false;
94			}
95
96			function is_caching_enabled() {
97			global $current_foogallery_arguments;
98
99			//do some checks if we are using arguments
100			if ( isset( $current_foogallery_arguments ) ) {
101
102			//never cache if showing a preview
103			if ( array_key_exists( 'preview', $current_foogallery_arguments ) &&
104			true === $current_foogallery_arguments['preview'] ) {
105			return false;
106			}
107
108			//never cache if we are passing in extra arguments via the shortcode
109			$array_keys = array_keys( $current_foogallery_arguments );
110			if ( $array_keys != array( 'id', 'gallery' ) ) {
111			return false;
112			}
113			}
114
115			//next, check the settings
116			if ( 'on' === foogallery_get_setting( 'enable_html_cache' ) ) {
117			return true;
118			}
119
120			return false;
121			}
122
123			/**
124			* Override the template output
125			*
126			* @param $override
127			* @param $gallery
128			* @param $template_location
129			*
130			* @return bool
131			*/
132			function fetch_gallery_html_from_cache( $override, $gallery, $template_location ) {
			0 ignored issues – show Unused Code introduced 2017-03-21 17:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$template_location` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
133			global $foogallery_force_gallery_cache;
134			if ( $foogallery_force_gallery_cache ) {
135			return false;
136			}
137
138			//check if caching is disabled and quit early
139			if ( !$this->is_caching_enabled() ) {
140			return false;
141			}
142
143			//allow extensions of others disable the html cache
144			if ( apply_filters( 'foogallery_html_cache_disabled', false, $gallery ) ) {
145			return false;
146			}
147
148			$gallery_cache = get_post_meta( $gallery->ID, FOOGALLERY_META_CACHE, true );
149
150			if ( !empty( $gallery_cache ) && is_string( $gallery_cache ) ) {
151			//output the cached gallery html
152			echo $gallery_cache;
153			return true; //return that we will override
154			} else {
155			//we should cache the result for next time
156			$this->cache_gallery_html_output( $gallery->ID );
157			}
158
159			return false;
160			}
161
162			/**
163			* Add some caching settings
164			* @param $settings
165			*
166			* @return array
167			*/
168			function add_cache_settings( $settings ) {
169
170			$cache_settings[] = array(
171			'id' => 'enable_html_cache',
172			'title' => __( 'Enable HTML Cache', 'foogallery' ),
173			'desc' => __( 'The gallery HTML that is generated can be cached. This can reduce the number of calls to the database when displaying a gallery and can increase site performance.', 'foogallery' ),
174			'type' => 'checkbox',
175			'tab' => 'general',
176			'section' => __( 'Cache', 'foogallery' )
177			);
178
179			$cache_settings[] = array(
180			'id' => 'clear_html_cache',
181			'title' => __( 'Clear HTML Cache', 'foogallery' ),
182			'desc' => __( 'If you enable the HTML cache, then you can use this button to clear the gallery HTML that has been cached for all galleries.', 'foogallery' ),
183			'type' => 'clear_gallery_cache_button',
184			'tab' => 'general',
185			'section' => __( 'Cache', 'foogallery' )
186			);
187
188			$new_settings = array_merge( $cache_settings, $settings['settings'] );
189
190			$settings['settings'] = $new_settings;
191
192			return $settings;
193			}
194
195			/**
196			* Render any custom setting types to the settings page
197			*/
198			function render_settings( $args ) {
199			if ('clear_gallery_cache_button' === $args['type'] ) { ?>
200			<div id="foogallery_clear_html_cache_container">
201			<input type="button" data-nonce="<?php echo esc_attr( wp_create_nonce( 'foogallery_clear_html_cache' ) ); ?>" class="button-primary foogallery_clear_html_cache" value="<?php _e( 'Clear Gallery HTML Cache', 'foogallery' ); ?>">
202			<span id="foogallery_clear_html_cache_spinner" style="position: absolute" class="spinner"></span>
203			</div>
204			<?php }
205			}
206
207			/**
208			* AJAX endpoint for clearing all gallery caches
209			*/
210			function ajax_clear_all_caches() {
211			if ( check_admin_referer( 'foogallery_clear_html_cache' ) ) {
212
213			$this->clear_all_gallery_caches();
214
215			_e('The cache for all galleries has been cleared!', 'foogallery' );
216			die();
217			}
218			}
219
220			/**
221			* Clears all caches for all galleries
222			*/
223			function clear_all_gallery_caches() {
224			delete_post_meta_by_key( FOOGALLERY_META_CACHE );
225			}
226
227			/**
228			* Clear all caches when the plugin has been updated. This is to account for changes in the HTML when a new version is released.
229			*/
230			function clear_cache_on_update() {
231			$this->clear_all_gallery_caches();
232			}
233
234			/**
235			* Determine if the globals should be cleared when rendering a gallery
236			*
237			* @param $clear
238			*
239			* @return bool
240			*/
241			function render_template_clear_globals( $clear ) {
242			global $foogallery_force_gallery_cache;
243			if ( $foogallery_force_gallery_cache ) {
244			return false;
245			}
246
247			return $clear;
248			}
249			}
250			}

fooplugins / foogallery

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

includes/class-foogallery-cache.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like