Issues in plugins.php (master) - Issues in master - impress-org/give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1282)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/admin/plugins.php (3 issues)

Labels

Unused Code 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Admin Plugins
 *
 * @package     Give
 * @subpackage  Admin/Plugins
 * @copyright   Copyright (c) 2016, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.4
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Plugins row action links
 *
 * @since 1.4
 *
 * @param array $actions An array of plugin action links.
 *
 * @return array An array of updated action links.
 */
function give_plugin_action_links( $actions ) {
	$new_actions = array(
		'settings' => sprintf(
			'<a href="%1$s">%2$s</a>',
			admin_url( 'edit.php?post_type=give_forms&page=give-settings' ),
			__( 'Settings', 'give' )
		),
	);

	return array_merge( $new_actions, $actions );
}

add_filter( 'plugin_action_links_' . GIVE_PLUGIN_BASENAME, 'give_plugin_action_links' );


/**
 * Plugin row meta links
 *
 * @since 1.4
 *
 * @param array $plugin_meta An array of the plugin's metadata.
 * @param string $plugin_file Path to the plugin file, relative to the plugins directory.
 *
 * @return array
 */
function give_plugin_row_meta( $plugin_meta, $plugin_file ) {
	if ( GIVE_PLUGIN_BASENAME !== $plugin_file ) {
		return $plugin_meta;
	}

	$new_meta_links = array(
		sprintf(
			'<a href="%1$s" target="_blank">%2$s</a>',
			esc_url(
				add_query_arg(
					array(
						'utm_source'   => 'plugins-page',
						'utm_medium'   => 'plugin-row',
						'utm_campaign' => 'admin',
					), 'https://givewp.com/documentation/'
				)
			),
			__( 'Documentation', 'give' )
		),
		sprintf(
			'<a href="%1$s" target="_blank">%2$s</a>',
			esc_url(
				add_query_arg(
					array(
						'utm_source'   => 'plugins-page',
						'utm_medium'   => 'plugin-row',
						'utm_campaign' => 'admin',
					), 'https://givewp.com/addons/'
				)
			),
			__( 'Add-ons', 'give' )
		),
	);

	return array_merge( $plugin_meta, $new_meta_links );
}

add_filter( 'plugin_row_meta', 'give_plugin_row_meta', 10, 2 );


/**
 * Get the Parent Page Menu Title in admin section.
 * Based on get_admin_page_title WordPress Function.
 *
 * @since 1.8.17
 *
 * @global array $submenu
 * @global string $plugin_page
 *
 * @return string $title Page title
 */
function give_get_admin_page_menu_title() {
	$title = '';
	global $submenu, $plugin_page;

	foreach ( array_keys( $submenu ) as $parent ) {
		if ( 'edit.php?post_type=give_forms' !== $parent ) {
			continue;
		}

		foreach ( $submenu[ $parent ] as $submenu_array ) {
			if ( $plugin_page !== $submenu_array[2] ) {
				continue;
			}

			$title = isset( $submenu_array[0] ) ?
				$submenu_array[0] :
				$submenu_array[3];
		}
	}

	return $title;
}

/**
 * Store recently activated Give's addons to wp options.
 *
 * @since 2.1.0
 */
function give_recently_activated_addons() {
	// Check if action is set.
	if ( isset( $_REQUEST['action'] ) ) {
		$plugin_action = ( '-1' !== $_REQUEST['action'] ) ? $_REQUEST['action'] : ( isset( $_REQUEST['action2'] ) ? $_REQUEST['action2'] : '' );
		$plugins       = array();

		switch ( $plugin_action ) {
			case 'activate': // Single add-on activation.
				$plugins[] = $_REQUEST['plugin'];
				break;
			case 'activate-selected': // If multiple add-ons activated.
				$plugins = $_REQUEST['checked'];
				break;
		}


		if ( ! empty( $plugins ) ) {

			$give_addons = give_get_recently_activated_addons();

			foreach ( $plugins as $plugin ) {
				// Get plugins which has 'Give-' as prefix.
				if ( stripos( $plugin, 'Give-' ) !== false ) {
					$give_addons[] = $plugin;
				}
			}

			if ( ! empty( $give_addons ) ) {
				// Update the Give's activated add-ons.
				update_option( 'give_recently_activated_addons', $give_addons, false );
			}
		}
	}
}

// Add add-on plugins to wp option table.
add_action( 'activated_plugin', 'give_recently_activated_addons', 10 );

/**
 * Create new menu in plugin section that include all the add-on
 *
 * @since 2.1.0
 *
 * @param $plugin_menu
 *
 * @return mixed
 */
function give_filter_addons_do_filter_addons( $plugin_menu ) {
	global $plugins;

	$give_addons = wp_list_pluck( give_get_plugins( array( 'only_add_on' => true ) ), 'Name' );

	if( ! empty( $give_addons ) ) {
		foreach ( $plugins['all'] as $file => $plugin_data ) {

			if ( in_array( $plugin_data['Name'], $give_addons ) ) {
				$plugins['give'][ $file ]           = $plugins['all'][ $file ];
				$plugins['give'][ $file ]['plugin'] = $file;

				// Replicate the next step.
				if ( current_user_can( 'update_plugins' ) ) {
					$current = get_site_transient( 'update_plugins' );

					if ( isset( $current->response[ $file ] ) ) {
						$plugins['give'][ $file ]['update'] = true;
						$plugins['give'][ $file ] = array_merge( (array) $current->response[ $file ], $plugins['give'][ $file ] );
					} elseif ( isset( $current->no_update[ $file ] ) ){
						$plugins['give'][ $file ] = array_merge( (array) $current->no_update[ $file ], $plugins['give'][ $file ] );
					}
				}
			}
		}
	}

	return $plugin_menu;

}

add_filter( 'show_advanced_plugins', 'give_filter_addons_do_filter_addons' );
add_filter( 'show_network_active_plugins', 'give_filter_addons_do_filter_addons' );

/**
 * Keep activating the same add-on when admin activate or deactivate from Give Menu
 *
 * @since 2.2.0
 *
 * @param $action
 * @param $result
 */
function give_prepare_filter_addons_referer( $action, $result ) {

	if ( ! function_exists( 'get_current_screen' ) ) {
		return;
	}
	$screen = get_current_screen();
	if ( is_object( $screen ) && $screen->base === 'plugins' && ! empty( $_REQUEST['plugin_status'] ) && $_REQUEST['plugin_status'] === 'give' ) {
		global $status;
		$status = 'give';
	}
}

add_action( 'check_admin_referer', 'give_prepare_filter_addons_referer', 10, 2 );

/**
 * Make the Give Menu as an default menu and update the Menu Name
 *
 * @since 2.1.0
 *
 * @param $views
 *
 * @return mixed
 */
function give_filter_addons_filter_addons( $views ) {

	global $status, $plugins;

	if ( ! empty( $plugins['give'] ) ) {
		$class = '';

		if ( 'give' === $status ) {
			$class = 'current';
		}

		$views['give'] = sprintf(
			'<a class="%s" href="plugins.php?plugin_status=give"> %s <span class="count">(%s) </span></a>',
			$class,
			__( 'Give', 'give' ),
			count( $plugins['give'] )
		);
	}

	return $views;
}

add_filter( 'views_plugins', 'give_filter_addons_filter_addons' );
add_filter( 'views_plugins-network', 'give_filter_addons_filter_addons' );

/**
 * Set the Give as the Main menu when admin click on the Give Menu in Plugin section.
 *
 * @since 2.1.0
 *
 * @param $plugins
 *
 * @return mixed
 */
function give_prepare_filter_addons( $plugins ) {
	global $status;

	if ( isset( $_REQUEST['plugin_status'] ) && 'give' === $_REQUEST['plugin_status'] ) {
		$status = 'give';
	}

	return $plugins;
}

add_filter( 'all_plugins', 'give_prepare_filter_addons' );


/**
 * Display the upgrade notice message.
 *
 * @param array $data Array of plugin metadata.
 * @param array $response An array of metadata about the available plugin update.
 *
 * @since 2.1
 */
function give_in_plugin_update_message( $data, $response ) {

	$new_version           = $data['new_version'];
	$current_version_parts = explode( '.', GIVE_VERSION );
	$new_version_parts     = explode( '.', $new_version );

	// If it is a minor upgrade then return.
	if ( version_compare( $current_version_parts[0] . '.' . $current_version_parts[1], $new_version_parts[0] . '.' . $new_version_parts[1], '=' ) ) {

		return;
	}

	// Get the upgrade notice from the trunk.
	$upgrade_notice = give_get_plugin_upgrade_notice( $new_version );

	// Display upgrade notice.
	echo apply_filters( 'give_in_plugin_update_message', $upgrade_notice ? '</p>' . wp_kses_post( $upgrade_notice ) . '<p class="dummy">' : '' );
}

// Display upgrade notice.
add_action( 'in_plugin_update_message-' . GIVE_PLUGIN_BASENAME, 'give_in_plugin_update_message', 10, 2 );


/**
 * Get the upgrade notice from WordPress.org.
 *
 * Note: internal purpose use only
 *
 * @since 2.1
 *
 * @param string $new_version New verison of the plugin.
 *
 * @return string
 */
function give_get_plugin_upgrade_notice( $new_version ) {

	// Cache the upgrade notice.
	$transient_name = "give_upgrade_notice_{$new_version}";
	$upgrade_notice = get_transient( $transient_name );

	if ( false === $upgrade_notice ) {
		$response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/give/trunk/readme.txt' );

		if ( ! is_wp_error( $response ) && ! empty( $response['body'] ) ) {
			$upgrade_notice = give_parse_plugin_update_notice( $response['body'], $new_version );
			set_transient( $transient_name, $upgrade_notice, DAY_IN_SECONDS );
		}
	}

	return $upgrade_notice;
}


/**
 * Parse update notice from readme file.
 *
 * Note: internal purpose use only
 *
 * @since 2.1
 *
 * @param  string $content Content of the readme.txt file.
 * @param  string $new_version The version with current version is compared.
 *
 * @return string
 */
function give_parse_plugin_update_notice( $content, $new_version ) {
	$version_parts     = explode( '.', $new_version );
	$check_for_notices = array(
		$version_parts[0] . '.0',
		$version_parts[0] . '.0.0',
		$version_parts[0] . '.' . $version_parts[1] . '.' . '0',
	);

	// Regex to extract Upgrade notice from the readme.txt file.
	$notice_regexp = '~==\s*Upgrade Notice\s*==\s*=\s*(.*)\s*=(.*)(=\s*' . preg_quote( $new_version ) . '\s*=|$)~Uis';

	$upgrade_notice = '';

	foreach ( $check_for_notices as $check_version ) {
		if ( version_compare( GIVE_VERSION, $check_version, '>' ) ) {
			continue;
		}

		$matches = null;

		if ( preg_match( $notice_regexp, $content, $matches ) ) {
			$notices = (array) preg_split( '~[\r\n]+~', trim( $matches[2] ) );

			if ( version_compare( trim( $matches[1] ), $check_version, '=' ) ) {
				$upgrade_notice .= '<p class="give-plugin-upgrade-notice">';

				foreach ( $notices as $index => $line ) {
					$upgrade_notice .= preg_replace( '~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="${2}">${1}</a>', $line );
				}

				$upgrade_notice .= '</p>';
			}

			if ( ! empty( $upgrade_notice ) ) {
				break;
			}
		}
	}

	return wp_kses_post( $upgrade_notice );
}


/**
 * Add styling to the plugin upgrade notice.
 *
 * @since 2.1
 */
function give_plugin_notice_css() {
	?>
	<style type="text/css">
		#give-update .give-plugin-upgrade-notice {
			font-weight: 400;
			background: #fff8e5 !important;
			border-left: 4px solid #ffb900;
			border-top: 1px solid #ffb900;
			padding: 9px 0 9px 12px !important;
			margin: 0 -12px 0 -16px !important;
		}

		#give-update .give-plugin-upgrade-notice:before {
			content: '\f348';
			display: inline-block;
			font: 400 18px/1 dashicons;
			speak: none;
			margin: 0 8px 0 -2px;
			vertical-align: top;
		}

		#give-update .dummy {
			display: none;
		}
	</style>
	<?php
}

add_action( 'admin_head', 'give_plugin_notice_css' );

/**
 * Get list of add-on last activated.
 *
 * @since 2.1.3
 *
 * @return mixed|array list of recently activated add-on
 */
function give_get_recently_activated_addons() {
	return get_option( 'give_recently_activated_addons', array() );
}

/**
 * Renders the Give Deactivation Survey Form.
 * Note: only for internal use
 *
 * @since 2.2
 */
function give_deactivation_popup() {
	// Bailout.
	if ( ! current_user_can( 'delete_plugins' ) ) {
		give_die();
	}

	$results = array();

	// Start output buffering.
	ob_start();
	?>

	<h2 id="deactivation-survey-title">
		<img src="<?php echo esc_url( GIVE_PLUGIN_URL ) ?>/assets/dist/images/give-icon-full-circle.svg">
		<span><?php esc_html_e( 'Give Deactivation', 'give' ); ?></span>
	</h2>
	<form class="deactivation-survey-form" method="POST">
		<p><?php esc_html_e( 'If you have a moment, please let us know why you are deactivating Give. All submissions are anonymous and we only use this feedback to improve this plugin.', 'give' ); ?></p>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="1">
				<?php esc_html_e( "I'm only deactivating temporarily", 'give' ); ?>
			</label>
		</div>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="2">
				<?php esc_html_e( 'I no longer need the plugin', 'give' ); ?>
			</label>
		</div>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="3" data-has-field="true">
				<?php esc_html_e( 'I found a better plugin', 'give' ); ?>
			</label>

			<div class="give-survey-extra-field">
				<p><?php esc_html_e( 'What is the name of the plugin?', 'give' ); ?></p>
				<input type="text" name="user-reason" class="widefat">
			</div>
		</div>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="4">
				<?php esc_html_e( 'I only needed the plugin for a short period', 'give' ); ?>
			</label>
		</div>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="5" data-has-field="true">
				<?php esc_html_e( 'The plugin broke my site', 'give' ); ?>
			</label>

			<div class="give-survey-extra-field">
				<p><?php
					printf(
						'%1$s %2$s %3$s',
						__( "We're sorry to hear that, check", 'give' ),
						'<a href="https://wordpress.org/support/plugin/give">Give Support</a>.',
						__( 'Can you describe the issue?', 'give' )
					);
					?>
				</p>
				<textarea disabled name="user-reason" class="widefat" rows="6"></textarea disabled>
			</div>
		</div>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="6" data-has-field="true">
				<?php esc_html_e( 'The plugin suddenly stopped working', 'give' ); ?>
			</label>

			<div class="give-survey-extra-field">
				<p><?php
					printf(
						'%1$s %2$s %3$s',
						__( "We're sorry to hear that, check", 'give' ),
						'<a href="https://wordpress.org/support/plugin/give">Give Support</a>.',
						__( 'Can you describe the issue?', 'give' )
					);
					?>
				</p>
				<textarea disabled name="user-reason" class="widefat" rows="6"></textarea disabled>
			</div>
		</div>

		<div>
			<label class="give-field-description">
				<input type="radio" name="give-survey-radios" value="7" data-has-field="true">
				<?php esc_html_e( 'Other', 'give' ); ?>
			</label>

			<div class="give-survey-extra-field">
				<p><?php esc_html_e( "Please describe why you're deactivating Give", 'give' ); ?></p>
				<textarea disabled name="user-reason" class="widefat" rows="6"></textarea disabled>
			</div>
		</div>

		<div id="survey-and-delete-data">
			<p>
				<label>
					<input type="checkbox" name="confirm_reset_store" value="1">
					<?php esc_html_e( 'Would you like to delete all Give data?', 'give' ); ?>
				</label>
				<section class="give-field-description">
					<?php esc_html_e( 'By default the custom roles, Give options, and database entries are not deleted when you deactivate Give. If you are deleting Give completely from your website and want those items removed as well check this option. Note: This will permanently delete all Give data from your database.', 'give' ); ?>
				</section>
			</p>
		</div>
		<?php
		$current_user       = wp_get_current_user();
		$current_user_email = $current_user->user_email;
		?>
		<input type="hidden" name="current-user-email" value="<?php echo $current_user_email; ?>">
		<input type="hidden" name="current-site-url" value="<?php echo esc_url( get_bloginfo( 'url' ) ); ?>">
		<input type="hidden" name="give-export-class" value="Give_Tools_Reset_Stats">
		<?php wp_nonce_field( 'give_ajax_export', 'give_ajax_export' ); ?>
	</form>

	<?php

	// Echo content (deactivation form) from the output buffer.
	$output = ob_get_clean();

	$results['html'] = $output;

	wp_send_json( $results );
}

add_action( 'wp_ajax_give_deactivation_popup', 'give_deactivation_popup' );

/**
 * Ajax callback after the deactivation survey form has been submitted.
 * Note: only for internal use
 *
 * @since 2.2
 */
function give_deactivation_form_submit() {

	if ( ! check_ajax_referer( 'deactivation_survey_nonce', 'nonce', false ) ) {
		wp_send_json_error();
	}

	$form_data = give_clean( wp_parse_args( $_POST['form-data'] ) );

	// Get the selected radio value.
	$radio_value = isset( $form_data['give-survey-radios'] ) ? $form_data['give-survey-radios'] : 0;

	// Get the reason if any radio button has an optional text field.
	$user_reason = isset( $form_data['user-reason'] ) ? $form_data['user-reason'] : '';

	// Get the email of the user who deactivated the plugin.
	$user_email = isset( $form_data['current-user-email'] ) ? $form_data['current-user-email'] : '';

	// Get the URL of the website on which Give plugin is being deactivated.
	$site_url = isset( $form_data['current-site-url'] ) ? $form_data['current-site-url'] : '';

	// Get the value of the checkbox for deleting Give's data.
	$delete_data = isset( $form_data['confirm_reset_store'] ) ? $form_data['confirm_reset_store'] : '';

	/**
	 * Make a POST request to the endpoint to send the survey data.
	 */
	$response = wp_remote_post(
		'http://survey.givewp.com/wp-json/give/v2/survey/',
		array(
			'body' => array(
				'radio_value'        => $radio_value,
				'user_reason'        => $user_reason,
				'current_user_email' => $user_email,
				'site_url'           => $site_url,
			),
		)
	);

	// Check if the data is sent and stored correctly.
	$response = wp_remote_retrieve_body( $response );

	if ( 'true' === $response ) {
		if ( '1' === $delete_data ) {
			wp_send_json_success(
				array(
					'delete_data' => true,
				)
			);
		} else {
			wp_send_json_success(
				array(
					'delete_data' => false,
				)
			);
		}
	} else {
		wp_send_json_error();
	}
}

add_action( 'wp_ajax_deactivation_form_submit', 'give_deactivation_form_submit' );


1			<?php
2			/**
3			* Admin Plugins
4			*
5			* @package Give
6			* @subpackage Admin/Plugins
7			* @copyright Copyright (c) 2016, GiveWP
8			* @license https://opensource.org/licenses/gpl-license GNU Public License
9			* @since 1.4
10			*/
11
12			// Exit if accessed directly.
13			if ( ! defined( 'ABSPATH' ) ) {
14			exit;
15			}
16
17			/**
18			* Plugins row action links
19			*
20			* @since 1.4
21			*
22			* @param array $actions An array of plugin action links.
23			*
24			* @return array An array of updated action links.
25			*/
26			function give_plugin_action_links( $actions ) {
27			$new_actions = array(
28			'settings' => sprintf(
29			'<a href="%1$s">%2$s</a>',
30			admin_url( 'edit.php?post_type=give_forms&page=give-settings' ),
31			__( 'Settings', 'give' )
32			),
33			);
34
35			return array_merge( $new_actions, $actions );
36			}
37
38			add_filter( 'plugin_action_links_' . GIVE_PLUGIN_BASENAME, 'give_plugin_action_links' );
39
40
41			/**
42			* Plugin row meta links
43			*
44			* @since 1.4
45			*
46			* @param array $plugin_meta An array of the plugin's metadata.
47			* @param string $plugin_file Path to the plugin file, relative to the plugins directory.
48			*
49			* @return array
50			*/
51			function give_plugin_row_meta( $plugin_meta, $plugin_file ) {
52			if ( GIVE_PLUGIN_BASENAME !== $plugin_file ) {
53			return $plugin_meta;
54			}
55
56			$new_meta_links = array(
57			sprintf(
58			'<a href="%1$s" target="_blank">%2$s</a>',
59			esc_url(
60			add_query_arg(
61			array(
62			'utm_source' => 'plugins-page',
63			'utm_medium' => 'plugin-row',
64			'utm_campaign' => 'admin',
65			), 'https://givewp.com/documentation/'
66			)
67			),
68			__( 'Documentation', 'give' )
69			),
70			sprintf(
71			'<a href="%1$s" target="_blank">%2$s</a>',
72			esc_url(
73			add_query_arg(
74			array(
75			'utm_source' => 'plugins-page',
76			'utm_medium' => 'plugin-row',
77			'utm_campaign' => 'admin',
78			), 'https://givewp.com/addons/'
79			)
80			),
81			__( 'Add-ons', 'give' )
82			),
83			);
84
85			return array_merge( $plugin_meta, $new_meta_links );
86			}
87
88			add_filter( 'plugin_row_meta', 'give_plugin_row_meta', 10, 2 );
89
90
91			/**
92			* Get the Parent Page Menu Title in admin section.
93			* Based on get_admin_page_title WordPress Function.
94			*
95			* @since 1.8.17
96			*
97			* @global array $submenu
98			* @global string $plugin_page
99			*
100			* @return string $title Page title
101			*/
102			function give_get_admin_page_menu_title() {
103			$title = '';
104			global $submenu, $plugin_page;
105
106			foreach ( array_keys( $submenu ) as $parent ) {
107			if ( 'edit.php?post_type=give_forms' !== $parent ) {
108			continue;
109			}
110
111			foreach ( $submenu[ $parent ] as $submenu_array ) {
112			if ( $plugin_page !== $submenu_array[2] ) {
113			continue;
114			}
115
116			$title = isset( $submenu_array[0] ) ?
117			$submenu_array[0] :
118			$submenu_array[3];
119			}
120			}
121
122			return $title;
123			}
124
125			/**
126			* Store recently activated Give's addons to wp options.
127			*
128			* @since 2.1.0
129			*/
130			function give_recently_activated_addons() {
131			// Check if action is set.
132			if ( isset( $_REQUEST['action'] ) ) {
133			$plugin_action = ( '-1' !== $_REQUEST['action'] ) ? $_REQUEST['action'] : ( isset( $_REQUEST['action2'] ) ? $_REQUEST['action2'] : '' );
134			$plugins = array();
135
136			switch ( $plugin_action ) {
137			case 'activate': // Single add-on activation.
138			$plugins[] = $_REQUEST['plugin'];
139			break;
140			case 'activate-selected': // If multiple add-ons activated.
141			$plugins = $_REQUEST['checked'];
142			break;
143			}
144
145
146			if ( ! empty( $plugins ) ) {
147
148			$give_addons = give_get_recently_activated_addons();
149
150			foreach ( $plugins as $plugin ) {
151			// Get plugins which has 'Give-' as prefix.
152			if ( stripos( $plugin, 'Give-' ) !== false ) {
153			$give_addons[] = $plugin;
154			}
155			}
156
157			if ( ! empty( $give_addons ) ) {
158			// Update the Give's activated add-ons.
159			update_option( 'give_recently_activated_addons', $give_addons, false );
160			}
161			}
162			}
163			}
164
165			// Add add-on plugins to wp option table.
166			add_action( 'activated_plugin', 'give_recently_activated_addons', 10 );
167
168			/**
169			* Create new menu in plugin section that include all the add-on
170			*
171			* @since 2.1.0
172			*
173			* @param $plugin_menu
174			*
175			* @return mixed
176			*/
177			function give_filter_addons_do_filter_addons( $plugin_menu ) {
178			global $plugins;
179
180			$give_addons = wp_list_pluck( give_get_plugins( array( 'only_add_on' => true ) ), 'Name' );
181
182			if( ! empty( $give_addons ) ) {
183			foreach ( $plugins['all'] as $file => $plugin_data ) {
184
185			if ( in_array( $plugin_data['Name'], $give_addons ) ) {
186			$plugins['give'][ $file ] = $plugins['all'][ $file ];
187			$plugins['give'][ $file ]['plugin'] = $file;
188
189			// Replicate the next step.
190			if ( current_user_can( 'update_plugins' ) ) {
191			$current = get_site_transient( 'update_plugins' );
192
193			if ( isset( $current->response[ $file ] ) ) {
194			$plugins['give'][ $file ]['update'] = true;
195			$plugins['give'][ $file ] = array_merge( (array) $current->response[ $file ], $plugins['give'][ $file ] );
196			} elseif ( isset( $current->no_update[ $file ] ) ){
197			$plugins['give'][ $file ] = array_merge( (array) $current->no_update[ $file ], $plugins['give'][ $file ] );
198			}
199			}
200			}
201			}
202			}
203
204			return $plugin_menu;
205
206			}
207
208			add_filter( 'show_advanced_plugins', 'give_filter_addons_do_filter_addons' );
209			add_filter( 'show_network_active_plugins', 'give_filter_addons_do_filter_addons' );
210
211			/**
212			* Keep activating the same add-on when admin activate or deactivate from Give Menu
213			*
214			* @since 2.2.0
215			*
216			* @param $action
217			* @param $result
218			*/
219			function give_prepare_filter_addons_referer( $action, $result ) {
			0 ignored issues – show Unused Code introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$action` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$result` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
220			if ( ! function_exists( 'get_current_screen' ) ) {
221			return;
222			}
223			$screen = get_current_screen();
224			if ( is_object( $screen ) && $screen->base === 'plugins' && ! empty( $_REQUEST['plugin_status'] ) && $_REQUEST['plugin_status'] === 'give' ) {
225			global $status;
226			$status = 'give';
227			}
228			}
229
230			add_action( 'check_admin_referer', 'give_prepare_filter_addons_referer', 10, 2 );
231
232			/**
233			* Make the Give Menu as an default menu and update the Menu Name
234			*
235			* @since 2.1.0
236			*
237			* @param $views
238			*
239			* @return mixed
240			*/
241			function give_filter_addons_filter_addons( $views ) {
242
243			global $status, $plugins;
244
245			if ( ! empty( $plugins['give'] ) ) {
246			$class = '';
247
248			if ( 'give' === $status ) {
249			$class = 'current';
250			}
251
252			$views['give'] = sprintf(
253			'<a class="%s" href="plugins.php?plugin_status=give"> %s <span class="count">(%s) </span></a>',
254			$class,
255			__( 'Give', 'give' ),
256			count( $plugins['give'] )
257			);
258			}
259
260			return $views;
261			}
262
263			add_filter( 'views_plugins', 'give_filter_addons_filter_addons' );
264			add_filter( 'views_plugins-network', 'give_filter_addons_filter_addons' );
265
266			/**
267			* Set the Give as the Main menu when admin click on the Give Menu in Plugin section.
268			*
269			* @since 2.1.0
270			*
271			* @param $plugins
272			*
273			* @return mixed
274			*/
275			function give_prepare_filter_addons( $plugins ) {
276			global $status;
277
278			if ( isset( $_REQUEST['plugin_status'] ) && 'give' === $_REQUEST['plugin_status'] ) {
279			$status = 'give';
280			}
281
282			return $plugins;
283			}
284
285			add_filter( 'all_plugins', 'give_prepare_filter_addons' );
286
287
288			/**
289			* Display the upgrade notice message.
290			*
291			* @param array $data Array of plugin metadata.
292			* @param array $response An array of metadata about the available plugin update.
293			*
294			* @since 2.1
295			*/
296			function give_in_plugin_update_message( $data, $response ) {
			0 ignored issues – show Unused Code introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$response` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
297			$new_version = $data['new_version'];
298			$current_version_parts = explode( '.', GIVE_VERSION );
299			$new_version_parts = explode( '.', $new_version );
300
301			// If it is a minor upgrade then return.
302			if ( version_compare( $current_version_parts[0] . '.' . $current_version_parts[1], $new_version_parts[0] . '.' . $new_version_parts[1], '=' ) ) {
303
304			return;
305			}
306
307			// Get the upgrade notice from the trunk.
308			$upgrade_notice = give_get_plugin_upgrade_notice( $new_version );
309
310			// Display upgrade notice.
311			echo apply_filters( 'give_in_plugin_update_message', $upgrade_notice ? '</p>' . wp_kses_post( $upgrade_notice ) . '<p class="dummy">' : '' );
312			}
313
314			// Display upgrade notice.
315			add_action( 'in_plugin_update_message-' . GIVE_PLUGIN_BASENAME, 'give_in_plugin_update_message', 10, 2 );
316
317
318			/**
319			* Get the upgrade notice from WordPress.org.
320			*
321			* Note: internal purpose use only
322			*
323			* @since 2.1
324			*
325			* @param string $new_version New verison of the plugin.
326			*
327			* @return string
328			*/
329			function give_get_plugin_upgrade_notice( $new_version ) {
330
331			// Cache the upgrade notice.
332			$transient_name = "give_upgrade_notice_{$new_version}";
333			$upgrade_notice = get_transient( $transient_name );
334
335			if ( false === $upgrade_notice ) {
336			$response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/give/trunk/readme.txt' );
337
338			if ( ! is_wp_error( $response ) && ! empty( $response['body'] ) ) {
339			$upgrade_notice = give_parse_plugin_update_notice( $response['body'], $new_version );
340			set_transient( $transient_name, $upgrade_notice, DAY_IN_SECONDS );
341			}
342			}
343
344			return $upgrade_notice;
345			}
346
347
348			/**
349			* Parse update notice from readme file.
350			*
351			* Note: internal purpose use only
352			*
353			* @since 2.1
354			*
355			* @param string $content Content of the readme.txt file.
356			* @param string $new_version The version with current version is compared.
357			*
358			* @return string
359			*/
360			function give_parse_plugin_update_notice( $content, $new_version ) {
361			$version_parts = explode( '.', $new_version );
362			$check_for_notices = array(
363			$version_parts[0] . '.0',
364			$version_parts[0] . '.0.0',
365			$version_parts[0] . '.' . $version_parts[1] . '.' . '0',
366			);
367
368			// Regex to extract Upgrade notice from the readme.txt file.
369			$notice_regexp = '~==\sUpgrade Notice\s==\s=\s(.)\s=(.)(=\s' . preg_quote( $new_version ) . '\s*=\|$)~Uis';
370
371			$upgrade_notice = '';
372
373			foreach ( $check_for_notices as $check_version ) {
374			if ( version_compare( GIVE_VERSION, $check_version, '>' ) ) {
375			continue;
376			}
377
378			$matches = null;
379
380			if ( preg_match( $notice_regexp, $content, $matches ) ) {
381			$notices = (array) preg_split( '~[\r\n]+~', trim( $matches[2] ) );
382
383			if ( version_compare( trim( $matches[1] ), $check_version, '=' ) ) {
384			$upgrade_notice .= '<p class="give-plugin-upgrade-notice">';
385
386			foreach ( $notices as $index => $line ) {
387			$upgrade_notice .= preg_replace( '~\[([^\]])\]\(([^\)])\)~', '<a href="${2}">${1}</a>', $line );
388			}
389
390			$upgrade_notice .= '</p>';
391			}
392
393			if ( ! empty( $upgrade_notice ) ) {
394			break;
395			}
396			}
397			}
398
399			return wp_kses_post( $upgrade_notice );
400			}
401
402
403			/**
404			* Add styling to the plugin upgrade notice.
405			*
406			* @since 2.1
407			*/
408			function give_plugin_notice_css() {
409			?>
410			<style type="text/css">
411			#give-update .give-plugin-upgrade-notice {
412			font-weight: 400;
413			background: #fff8e5 !important;
414			border-left: 4px solid #ffb900;
415			border-top: 1px solid #ffb900;
416			padding: 9px 0 9px 12px !important;
417			margin: 0 -12px 0 -16px !important;
418			}
419
420			#give-update .give-plugin-upgrade-notice:before {
421			content: '\f348';
422			display: inline-block;
423			font: 400 18px/1 dashicons;
424			speak: none;
425			margin: 0 8px 0 -2px;
426			vertical-align: top;
427			}
428
429			#give-update .dummy {
430			display: none;
431			}
432			</style>
433			<?php
434			}
435
436			add_action( 'admin_head', 'give_plugin_notice_css' );
437
438			/**
439			* Get list of add-on last activated.
440			*
441			* @since 2.1.3
442			*
443			* @return mixed\|array list of recently activated add-on
444			*/
445			function give_get_recently_activated_addons() {
446			return get_option( 'give_recently_activated_addons', array() );
447			}
448
449			/**
450			* Renders the Give Deactivation Survey Form.
451			* Note: only for internal use
452			*
453			* @since 2.2
454			*/
455			function give_deactivation_popup() {
456			// Bailout.
457			if ( ! current_user_can( 'delete_plugins' ) ) {
458			give_die();
459			}
460
461			$results = array();
462
463			// Start output buffering.
464			ob_start();
465			?>
466
467			<h2 id="deactivation-survey-title">
468			<img src="<?php echo esc_url( GIVE_PLUGIN_URL ) ?>/assets/dist/images/give-icon-full-circle.svg">
469			<span><?php esc_html_e( 'Give Deactivation', 'give' ); ?></span>
470			</h2>
471			<form class="deactivation-survey-form" method="POST">
472			<p><?php esc_html_e( 'If you have a moment, please let us know why you are deactivating Give. All submissions are anonymous and we only use this feedback to improve this plugin.', 'give' ); ?></p>
473
474			<div>
475			<label class="give-field-description">
476			<input type="radio" name="give-survey-radios" value="1">
477			<?php esc_html_e( "I'm only deactivating temporarily", 'give' ); ?>
478			</label>
479			</div>
480
481			<div>
482			<label class="give-field-description">
483			<input type="radio" name="give-survey-radios" value="2">
484			<?php esc_html_e( 'I no longer need the plugin', 'give' ); ?>
485			</label>
486			</div>
487
488			<div>
489			<label class="give-field-description">
490			<input type="radio" name="give-survey-radios" value="3" data-has-field="true">
491			<?php esc_html_e( 'I found a better plugin', 'give' ); ?>
492			</label>
493
494			<div class="give-survey-extra-field">
495			<p><?php esc_html_e( 'What is the name of the plugin?', 'give' ); ?></p>
496			<input type="text" name="user-reason" class="widefat">
497			</div>
498			</div>
499
500			<div>
501			<label class="give-field-description">
502			<input type="radio" name="give-survey-radios" value="4">
503			<?php esc_html_e( 'I only needed the plugin for a short period', 'give' ); ?>
504			</label>
505			</div>
506
507			<div>
508			<label class="give-field-description">
509			<input type="radio" name="give-survey-radios" value="5" data-has-field="true">
510			<?php esc_html_e( 'The plugin broke my site', 'give' ); ?>
511			</label>
512
513			<div class="give-survey-extra-field">
514			<p><?php
515			printf(
516			'%1$s %2$s %3$s',
517			__( "We're sorry to hear that, check", 'give' ),
518			'<a href="https://wordpress.org/support/plugin/give">Give Support</a>.',
519			__( 'Can you describe the issue?', 'give' )
520			);
521			?>
522			</p>
523			<textarea disabled name="user-reason" class="widefat" rows="6"></textarea disabled>
524			</div>
525			</div>
526
527			<div>
528			<label class="give-field-description">
529			<input type="radio" name="give-survey-radios" value="6" data-has-field="true">
530			<?php esc_html_e( 'The plugin suddenly stopped working', 'give' ); ?>
531			</label>
532
533			<div class="give-survey-extra-field">
534			<p><?php
535			printf(
536			'%1$s %2$s %3$s',
537			__( "We're sorry to hear that, check", 'give' ),
538			'<a href="https://wordpress.org/support/plugin/give">Give Support</a>.',
539			__( 'Can you describe the issue?', 'give' )
540			);
541			?>
542			</p>
543			<textarea disabled name="user-reason" class="widefat" rows="6"></textarea disabled>
544			</div>
545			</div>
546
547			<div>
548			<label class="give-field-description">
549			<input type="radio" name="give-survey-radios" value="7" data-has-field="true">
550			<?php esc_html_e( 'Other', 'give' ); ?>
551			</label>
552
553			<div class="give-survey-extra-field">
554			<p><?php esc_html_e( "Please describe why you're deactivating Give", 'give' ); ?></p>
555			<textarea disabled name="user-reason" class="widefat" rows="6"></textarea disabled>
556			</div>
557			</div>
558
559			<div id="survey-and-delete-data">
560			<p>
561			<label>
562			<input type="checkbox" name="confirm_reset_store" value="1">
563			<?php esc_html_e( 'Would you like to delete all Give data?', 'give' ); ?>
564			</label>
565			<section class="give-field-description">
566			<?php esc_html_e( 'By default the custom roles, Give options, and database entries are not deleted when you deactivate Give. If you are deleting Give completely from your website and want those items removed as well check this option. Note: This will permanently delete all Give data from your database.', 'give' ); ?>
567			</section>
568			</p>
569			</div>
570			<?php
571			$current_user = wp_get_current_user();
572			$current_user_email = $current_user->user_email;
573			?>
574			<input type="hidden" name="current-user-email" value="<?php echo $current_user_email; ?>">
575			<input type="hidden" name="current-site-url" value="<?php echo esc_url( get_bloginfo( 'url' ) ); ?>">
576			<input type="hidden" name="give-export-class" value="Give_Tools_Reset_Stats">
577			<?php wp_nonce_field( 'give_ajax_export', 'give_ajax_export' ); ?>
578			</form>
579
580			<?php
581
582			// Echo content (deactivation form) from the output buffer.
583			$output = ob_get_clean();
584
585			$results['html'] = $output;
586
587			wp_send_json( $results );
588			}
589
590			add_action( 'wp_ajax_give_deactivation_popup', 'give_deactivation_popup' );
591
592			/**
593			* Ajax callback after the deactivation survey form has been submitted.
594			* Note: only for internal use
595			*
596			* @since 2.2
597			*/
598			function give_deactivation_form_submit() {
599
600			if ( ! check_ajax_referer( 'deactivation_survey_nonce', 'nonce', false ) ) {
601			wp_send_json_error();
602			}
603
604			$form_data = give_clean( wp_parse_args( $_POST['form-data'] ) );
605
606			// Get the selected radio value.
607			$radio_value = isset( $form_data['give-survey-radios'] ) ? $form_data['give-survey-radios'] : 0;
608
609			// Get the reason if any radio button has an optional text field.
610			$user_reason = isset( $form_data['user-reason'] ) ? $form_data['user-reason'] : '';
611
612			// Get the email of the user who deactivated the plugin.
613			$user_email = isset( $form_data['current-user-email'] ) ? $form_data['current-user-email'] : '';
614
615			// Get the URL of the website on which Give plugin is being deactivated.
616			$site_url = isset( $form_data['current-site-url'] ) ? $form_data['current-site-url'] : '';
617
618			// Get the value of the checkbox for deleting Give's data.
619			$delete_data = isset( $form_data['confirm_reset_store'] ) ? $form_data['confirm_reset_store'] : '';
620
621			/**
622			* Make a POST request to the endpoint to send the survey data.
623			*/
624			$response = wp_remote_post(
625			'http://survey.givewp.com/wp-json/give/v2/survey/',
626			array(
627			'body' => array(
628			'radio_value' => $radio_value,
629			'user_reason' => $user_reason,
630			'current_user_email' => $user_email,
631			'site_url' => $site_url,
632			),
633			)
634			);
635
636			// Check if the data is sent and stored correctly.
637			$response = wp_remote_retrieve_body( $response );
638
639			if ( 'true' === $response ) {
640			if ( '1' === $delete_data ) {
641			wp_send_json_success(
642			array(
643			'delete_data' => true,
644			)
645			);
646			} else {
647			wp_send_json_success(
648			array(
649			'delete_data' => false,
650			)
651			);
652			}
653			} else {
654			wp_send_json_error();
655			}
656			}
657
658			add_action( 'wp_ajax_deactivation_form_submit', 'give_deactivation_form_submit' );
659

impress-org / give

Issues (1282)

Security Analysis not enabled

includes/admin/plugins.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like