Issues in class-foogallery-pro-video-legacy.php (master) - Issues in master - fooplugins/foogallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1881)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

video/class-foogallery-pro-video-legacy.php (29 issues)

Labels

Severity

Minor 29

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * All Legacy FooVideo Code lives in this class
  */
if ( ! class_exists( 'FooGallery_Pro_Video_Legacy' ) ) {

	define( 'FOOGALLERY_FOOVIDEO_MIGRATION_REQUIRED', 'foogallery-foovideo-migration-required' );
	define( 'FOOGALLERY_FOOVIDEO_MIGRATED', 'foogallery-foovideo-migrated' );

	class FooGallery_Pro_Video_Legacy {
namespace YourVendor;

class YourClass { }

		function __construct() {

			add_filter( 'foogallery_is_attachment_video', array( $this, 'foogallery_is_attachment_video_legacy' ), 10, 2 );

			add_filter( 'foogallery_clean_video_url', array( $this, 'foogallery_clean_video_url_legacy_filter' ) );
			add_filter( 'foogallery_youtubekey', array( $this, 'foogallery_youtubekey_legacy_filter' ) );

			//make sure that all plugins are loaded first before we do checks for FooVideo
			add_action( 'plugins_loaded', array( $this, 'load_legacy_overrides' ) );

			// Ajax calls for migrating
			add_action( 'wp_ajax_foogallery_video_migration', array( $this, 'ajax_foogallery_video_migration' ) );
			add_action( 'wp_ajax_foogallery_video_migration_reset', array( $this, 'ajax_foogallery_video_migration_reset' ) );
		}

		/**
		 * Run legacy override hooks and filters
		 */
		function load_legacy_overrides() {

			if ( is_admin() ) {

				//check if the old FooVideo was/is installed
				if ( $this->migration_required() ) {
					add_action( 'admin_notices', array( $this, 'display_foovideo_notice') );
					add_action( 'admin_menu',  array( $this, 'add_migration_menu' ) );

					add_filter( 'foogallery_render_gallery_settings_metabox', array( $this, 'migrate_settings' ) );

					add_action( 'foogallery_after_save_gallery', array( $this, 'migrate_gallery' ), 99, 2 );
				}

				//check if the old FooVideo is still activated
				if ( class_exists( 'Foo_Video' ) ) {
					//rename the Video Slider template
					add_filter( 'foogallery_gallery_templates', array( $this, 'rename_videoslider_template' ), 99 );

					//remove legacy fields added by FooVideo
					add_filter( 'foogallery_override_gallery_template_fields', array( $this, 'remove_legacy_template_fields' ), 99 );

					//short-circuit saving the post meta for video count on the gallery
					add_filter( 'update_post_metadata', array( $this, 'short_circuit_legacy_video_count' ), 10, 5 );
				}

				add_filter( 'foogallery_foovideo_discount_offer_notice_title', array( $this, 'override_discount_offer_notice_title' ) );
				add_filter( 'foogallery_foovideo_discount_offer_notice_message', array( $this, 'override_discount_offer_notice_message' ) );
				add_filter( 'foogallery_foovideo_discount_offer_menu', array( $this, 'override_discount_offer_menu' ) );
				add_filter( 'foogallery_foovideo_discount_offer_show_upgrade', '__return_false' );
				add_filter( 'foogallery_foovideo_discount_offer_message', array( $this, 'override_discount_offer_message' ) );
				add_filter( 'foogallery_foovideo_pricing_menu_text', array( $this, 'override_pricing_menu_text' ) );
			}

			if ( !is_admin() && class_exists( 'Foo_Video' ) ) {
				add_filter( 'foogallery_build_class_attribute', array( $this, 'foogallery_build_class_attribute' ), 20 );
			}
		}

		/**
		 * Determines if a migration is needed
		 *
		 * @return bool
		 */
		function migration_required() {

			//first try to get the saved option
 			$migration_required = get_option( FOOGALLERY_FOOVIDEO_MIGRATION_REQUIRED, 0 );

			//we require migration - get out early
			if ( "1" === $migration_required ) {
				return true;
			}

			if ( class_exists('Foo_Video') ) {
				//the legacy plugin is installed, so set the option for future use
				$migration_required = true;

				update_option( FOOGALLERY_FOOVIDEO_MIGRATION_REQUIRED, $migration_required );
			}

			//we have no option saved and no legacy plugin, so no migration required
			if ( 0 === $migration_required ) {
				$migration_required = false;
			}

			return $migration_required;
		}

		/**
		 * Migrate the gallery settings
		 *
		 * @param $foogallery
		 *
		 * @return FooGallery
		 */
		function migrate_settings( $foogallery ) {

			$helper = new FooGallery_Pro_Video_Migration_Helper();
			$foogallery = $helper->migrate_gallery( $foogallery, false );
			return $foogallery;
		}

		/**
		 * Short-circuit the post meta updates for the legacy FooVideo while both plugins are activated
		 *
		 * @param $check
		 * @param $object_id
		 * @param $meta_key
		 * @param $meta_value
		 * @param $prev_value
		 *
		 * @return bool
		 */
		function short_circuit_legacy_video_count( $check, $object_id, $meta_key, $meta_value, $prev_value ) {

			if ( '_foovideo_video_count' === $meta_key ) {
				$check = true;
			}
			return $check;
		}

		/**
		 * Migrate video for the gallery that is saved
		 *
		 * @param $post_id
		 * @param $post
		 */
		function migrate_gallery($post_id, $post) {

			if ( $this->migration_required() ) {

				$helper = new FooGallery_Pro_Video_Migration_Helper();

				if ( $helper->check_gallery_needs_migration( $post_id ) ) {

					//migrate all the video attachments
					$gallery = FooGallery::get_by_id( $post_id );
					foreach ( $gallery->attachments() as $attachment ) {
						$helper->migrate_attachment( $attachment->ID );
					}

					$helper->migrate_video_counts( $post_id );
				}
			}
		}

		/**
		 * Remove the legacy template fields added by FooVideo
		 *
		 * @param $fields
		 *
		 * @return array
		 */
		function remove_legacy_template_fields( $fields ) {

			$new_fields = array();

			foreach ( $fields as $field ) {

				if ( $field['id'] !== 'foovideo_video_overlay' &&
					$field['id'] !== 'foovideo_sticky_icon' &&
					$field['id'] !== 'foovideo_video_size' &&
					$field['id'] !== 'foovideo_autoplay' ) {

					$new_fields[] = $field;
				}
			}

			return $new_fields;
		}

		/**
		 * Rename the Video Slider template to include the text 'Deprecated'
		 * @param $templates
		 *
		 * @return mixed
		 */
		function rename_videoslider_template( $templates ) {

			foreach( $templates as &$template ) {
				if ( 'videoslider' === $template['slug'] ) {
					$template['name'] = __( 'Video Slider (Deprecated!)', 'foogallery' );
				}
			}

			return $templates;
		}

		/**
		 * Legacy way of knowing if an attachment is a video
		 *
		 * @param $is_video
		 * @param $foogallery_attachment
		 *
		 * @return bool
		 */
		function foogallery_is_attachment_video_legacy( $is_video, $foogallery_attachment ) {

			$video_info = get_post_meta( $foogallery_attachment->ID, FOOGALLERY_VIDEO_POST_META, true );

			return isset( $video_info ) && isset( $video_info['id'] );
		}

		/**
		 * Applies the legacy filter for backwards compatibility
		 * @param $url
		 *
		 * @return string
		 */
		function foogallery_clean_video_url_legacy_filter( $url ) {

			return apply_filters( 'foogallery_foovideo_clean_video_url', $url );
		}

		public function foogallery_build_class_attribute( $classes ) {
			//remove any legacy classes
			if ( ( $key = array_search( 'video-icon-1', $classes ) ) !== false ) {
				unset( $classes[$key] );
			}
			if ( ( $key = array_search( 'video-icon-2', $classes ) ) !== false ) {
				unset( $classes[$key] );
			}
			if ( ( $key = array_search( 'video-icon-3', $classes ) ) !== false ) {
				unset( $classes[$key] );
			}
			if ( ( $key = array_search( 'video-icon-default', $classes ) ) !== false ) {
				unset( $classes[$key] );
			}

			return $classes;
		}

		/**
		 * Display a message if the FooVideo extension is also installed
		 */
		function display_foovideo_notice() {

			if ( 'foogallery' !== foo_current_screen_post_type() ) return;

			$url = admin_url( add_query_arg( array( 'page' => 'foogallery-video-migration' ), foogallery_admin_menu_parent_slug() ) );
			?>
			<div class="notice error">
				<p>
					<strong><?php _e('FooGallery Video Migration Required!', 'foogallery'); ?></strong><br/>
					<?php if ( class_exists( 'Foo_Video' ) ) { ?>
						<?php _e('You have both FooGallery PRO and the legacy FooVideo extension activated. FooGallery PRO now includes all the video features that FooVideo had, plus more! Which means the FooVideo extension is now redundant.', 'foogallery'); ?>
						<br/>
						<?php _e('Your video galleries will continue to work, but we recommend you migrate them across to use the video features in FooGallery PRO as soon as possible.', 'foogallery'); ?>
					<?php } else { ?>
						<?php _e('At some point you had the FooVideo extension installed. FooGallery PRO now includes all the video features that FooVideo had, plus more! Which means the FooVideo extension is now redundant.', 'foogallery'); ?>
						<br/>
						<?php _e('You will need to migrate your video galleries across to use the new video features in FooGallery PRO as soon as possible.', 'foogallery'); ?>
					<?php } ?>
					<br/>
					<br/>
					<a href="<?php echo $url; ?>" class="button button-primary button-large"><?php _e('Migrate Video Galleries', 'foogallery'); ?></a>
					<br/>
				</p>
			</div>
			<?php
		}

		/**
		 * Outputs the video migration view
		 */
		function render_video_migration_view() {

			require_once 'view-video-migration.php';
		}

		/**
		 * Add a new menu item for running the migration
		 */
		function add_migration_menu() {

			foogallery_add_submenu_page( __( 'Video Migration', 'foogallery' ), 'manage_options', 'foogallery-video-migration', array( $this, 'render_video_migration_view', ) );
		}

		/**
		 * Handle the Video Migration Step from an AJAX call
		 */
		function ajax_foogallery_video_migration() {

			if ( check_admin_referer( 'foogallery_video_migration' ) ) {
				$helper = new FooGallery_Pro_Video_Migration_Helper();
				$state = $helper->run_next_migration_step();
				header( 'Content-type: application/json' );
				echo json_encode( $state );
			}
			die();
		}

		/**
		 * Handle the Video Migration Reset from an AJAX call
		 */
		function ajax_foogallery_video_migration_reset() {

			if ( check_admin_referer( 'foogallery_video_migration' ) ) {
				$helper = new FooGallery_Pro_Video_Migration_Helper();
				$state = $helper->reset_state();
				header( 'Content-type: application/json' );
				echo json_encode( $state );
			}
			die();
		}

		/**
		 * Override the Discount Offer admin notice title
		 * @param $title
		 *
		 * @return string
		 */
		function override_discount_offer_notice_title( $title ) {

			$title = __( 'FooGallery Renewal Offer Available!', 'foogallery' );
			return $title;
		}

		/**
		 * Override the Discount Offer admin notice message
		 * @param $message
		 *
		 * @return string
		 */
		function override_discount_offer_notice_message( $message ) {

			$message = __( 'We noticed that you own licenses for FooVideo and FooGallery PRO. FooGallery PRO now has all the awesome features of FooVideo, plus more! And because you already own both, you are eligible for a free renewal on your existing FooGallery PRO license.', 'foogallery' );
			return $message;
		}

		/**
		 * Override the Discount Offer menu
		 * @param $menu
		 *
		 * @return string
		 */
		function override_discount_offer_menu( $menu ) {

			$menu = __( 'Renewal Offer', 'foogallery' );
			return $menu;
		}

		/**
		 * Override the Discount Offer page message
		 * @param $message
		 *
		 * @return string
		 */
		function override_discount_offer_message( $message ) {

			$message = __( 'Thank you for your support - you are awesome! FooGallery PRO now has all the awesome features of FooVideo, plus more! And because you already own both, you are eligible for a free renewal on your existing FooGallery PRO license.', 'foogallery' );
			return $message;
		}

		/**
		 * Override the pricing page menu text
		 * @param $text
		 *
		 * @return string
		 */
		function override_pricing_menu_text( $text ) {

			$text = __('FooGallery -> Pricing', 'foogallery');
			return $text;
		}
	}
}

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

video/class-foogallery-pro-video-legacy.php (29 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* All Legacy FooVideo Code lives in this class
4			*/
5			if ( ! class_exists( 'FooGallery_Pro_Video_Legacy' ) ) {
6
7			define( 'FOOGALLERY_FOOVIDEO_MIGRATION_REQUIRED', 'foogallery-foovideo-migration-required' );
8			define( 'FOOGALLERY_FOOVIDEO_MIGRATED', 'foogallery-foovideo-migrated' );
9
10			class FooGallery_Pro_Video_Legacy {
			0 ignored issues – show Coding Style Compatibility introduced 2018-06-22 11:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
11
12			function __construct() {
			0 ignored issues – show Best Practice introduced 2018-06-22 11:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
13			add_filter( 'foogallery_is_attachment_video', array( $this, 'foogallery_is_attachment_video_legacy' ), 10, 2 );
14
15			add_filter( 'foogallery_clean_video_url', array( $this, 'foogallery_clean_video_url_legacy_filter' ) );
16			add_filter( 'foogallery_youtubekey', array( $this, 'foogallery_youtubekey_legacy_filter' ) );
17
18			//make sure that all plugins are loaded first before we do checks for FooVideo
19			add_action( 'plugins_loaded', array( $this, 'load_legacy_overrides' ) );
20
21			// Ajax calls for migrating
22			add_action( 'wp_ajax_foogallery_video_migration', array( $this, 'ajax_foogallery_video_migration' ) );
23			add_action( 'wp_ajax_foogallery_video_migration_reset', array( $this, 'ajax_foogallery_video_migration_reset' ) );
24			}
25
26			/**
27			* Run legacy override hooks and filters
28			*/
29			function load_legacy_overrides() {
			0 ignored issues – show Best Practice introduced 2018-10-01 17:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
30			if ( is_admin() ) {
31
32			//check if the old FooVideo was/is installed
33			if ( $this->migration_required() ) {
34			add_action( 'admin_notices', array( $this, 'display_foovideo_notice') );
35			add_action( 'admin_menu', array( $this, 'add_migration_menu' ) );
36
37			add_filter( 'foogallery_render_gallery_settings_metabox', array( $this, 'migrate_settings' ) );

fooplugins / foogallery

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

video/class-foogallery-pro-video-legacy.php (29 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like