Issues in class-give-comment.php (master) - Issues in master - impress-org/give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1282)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/class-give-comment.php (6 issues)

Labels

Severity

Informational 6

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Class for managing comments
 *
 * @package     Give
 * @subpackage  Classes/Give_Cache
 * @copyright   Copyright (c) 2018, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       2.2.0
 */
class Give_Comment {

	/**
	 * Instance.
	 *
	 * @since  2.2.0
	 * @access private
	 * @var
	 */
	static private $instance;

	/**
	 * Comment Types.
	 *
	 * @since  2.2.0
	 * @access private
	 * @var array
	 */
	private $comment_types;

	/**
	 * Comment Table.
	 *
	 * @since  2.3.0
	 * @access public
	 * @var Give_DB_Comments
	 */
	public $db;

	/**
	 * Comment Meta Table.
	 *
	 * @since  2.3.0
	 * @access public
	 * @var Give_DB_Comment_Meta
	 */
	public $db_meta;

	/**
	 * Singleton pattern.
	 *
	 * @since  2.2.0
	 * @access private
	 */
	private function __construct() {
	}


	/**
	 * Get instance.
	 *
	 * @since  2.2.0
	 * @access pu
	 * @return Give_Comment
	 */
	public static function get_instance() {

		if ( null === static::$instance ) {
			self::$instance = new static();
			self::$instance->init();
		}

		return self::$instance;
	}

	/**
	 * Initialize
	 *
	 * @since  2.2.0
	 * @access private
	 */
	private function init() {
		$this->db      = new Give_DB_Comments();
		$this->db_meta = new Give_DB_Comment_Meta();

		/**
		 * Filter the comment type
		 *
		 * @since 2.2.0
		 */
		$this->comment_types = apply_filters(
			'give_comment_type',
			self::get_comment_types( array( 'payment', 'donor' ) )
		);

		// Backward compatibility.
		if ( ! give_has_upgrade_completed( 'v230_move_donation_note' ) ) {
			add_action( 'pre_get_comments', array( $this, 'hide_comments' ), 10 );
			add_filter( 'comments_clauses', array( $this, 'hide_comments_pre_wp_41' ), 10, 1 );
			add_filter( 'comment_feed_where', array( $this, 'hide_comments_from_feeds' ), 10, 1 );
			add_filter( 'wp_count_comments', array( $this, 'remove_comments_from_comment_counts' ), 10, 2 );
			add_filter( 'get_comment_author', array( $this, '__get_comment_author' ), 10, 3 );
		}
	}

	/**
	 * Insert/Update comment
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param array $comment_args Comment arguments.
	 *
	 * @return int|WP_Error
	 */
	public static function add( $comment_args = array() ) {
		// Backward compatibility.
		$func_args = func_get_args();
		$comment_id = self::_bc_add( $func_args );
		if ( ! is_null( $comment_id ) ) {
			return $comment_id;
		}

		// Backward compatibility.
		if( is_numeric( $comment_args ) ) {

			$comment_args = array(
				'comment_parent' => $func_args[0],
				'comment_content' => $func_args[1],
				'comment_type'   => 'payment' === $func_args[2] ? 'donation' : $func_args[1],
			);
		}

		$comment_args = wp_parse_args(
			$comment_args,
			array(
				'comment_ID'     => 0,
				'comment_parent' => 0,
				'comment_type'   => 'general',
			)
		);

		$is_existing_comment = array_key_exists( 'comment_ID', $comment_args ) && ! empty( $comment_args['comment_ID'] );
		$action_type         = $is_existing_comment ? 'update' : 'insert';

		/**
		 * Fires before inserting/updating payment|donor comment.
		 *
		 * @param int    $id   Payment|Donor ID.
		 * @param string $note Comment text.
		 *
		 * @since 1.0
		 */
		do_action(
			"give_pre_{$action_type}_{$comment_args['comment_type']}_note",
			$comment_args['comment_parent'],
			$comment_args['comment_content'],
			$comment_args
		);

		$comment_id = Give()->comment->db->add(
			array(
				'comment_ID'      => absint( $comment_args['comment_ID'] ),
				'comment_content' => $comment_args['comment_content'],
				'comment_parent'  => $comment_args['comment_parent'],
				'comment_type'    => $comment_args['comment_type'],
			)
		);

		/**
		 * Fires after payment|donor comment inserted/updated.
		 *
		 * @param int    $comment_id Comment ID.
		 * @param int    $id         Payment|Donor ID.
		 * @param string $note       Comment text.
		 *
		 * @since 1.0
		 */
		do_action(
			"give_{$action_type}_{$comment_args['comment_type']}_note",
			$comment_args['comment_ID'],
			$comment_args['comment_parent'],
			$comment_args['comment_content'],
			$comment_args
		);

		return $comment_id;
	}


	/**
	 * Delete comment
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param int $comment_id The comment ID to delete.
	 *
	 * @since  1.0
	 *
	 * @return bool True on success, false otherwise.
	 */
	public static function delete( $comment_id ) {
		// Backward compatibility.
		$func_args = func_get_args();
		$ret       = self::_bc_delete( $func_args );
		if ( ! is_null( $ret ) ) {
			return $ret;
		}

		$ret = false;

		// Bailout
		if ( empty( $comment_id ) ) {
			return $ret;
		}

		/* @var stdClass $comment */
		$comment = Give()->comment->db->get_by( 'comment_ID', $comment_id );

		if ( ! is_object( $comment ) ) {
			return $ret;
		}

		$comment_type   = $comment->comment_type;
		$comment_parent = $comment->comment_parent;

		/**
		 * Fires before deleting donation note.
		 *
		 * @param int $comment_id Comment ID.
		 * @param int $id         Payment|Donor ID.
		 *
		 * @since 1.0
		 */
		do_action( "give_pre_delete_{$comment_type}_note", $comment_id, $comment_parent );

		$ret = Give()->comment->db->delete( $comment_id );

		// Delete comment meta.
		Give()->comment->db_meta->delete_all_meta( $comment_id );

		/**
		 * Fires after donation note deleted.
		 *
		 * @param int  $comment_id Note ID.
		 * @param int  $id         Payment|Donor ID.
		 * @param bool $ret        Flag to check if comment deleted or not.
		 *
		 * @since 1.0
		 */
		do_action( "give_post_delete_{$comment_type}_note", $comment_id, $comment_parent, $ret );

		return $ret;
	}


	/**
	 * Get comments
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param array $comment_args
	 *
	 * @return array
	 */
	public static function get( $comment_args ) {
		global $wpdb;

		// Backward compatibility.
		$func_args = func_get_args();
		$comments = self::_bc_get( $func_args );
		if ( ! is_null( $comments ) ) {
			return $comments;
		}

		// Backward compatibility.
		if( is_numeric( $comment_args ) ) {

			$comment_args = array(
				'comment_parent' => $func_args[0],
				'comment_type'   => 'payment' === $func_args[1] ? 'donation' : $func_args[1],
			);
		}

		$comments = $wpdb->get_results( Give()->comment->db->get_sql( $comment_args ) );

		return $comments;
	}

	/**
	 * Exclude comments from showing in Recent
	 * Comments widgets
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param object $query WordPress Comment Query Object.
	 *
	 * @return void
	 */
	public function hide_comments( $query ) {
		if ( version_compare( floatval( get_bloginfo( 'version' ) ), '4.1', '>=' ) ) {
			$types = isset( $query->query_vars['type__not_in'] ) ? $query->query_vars['type__not_in'] : array();
			if ( ! is_array( $types ) ) {
				$types = array( $types );
			}

			$types = array_filter( array_merge( $types, $this->comment_types ) );

			$query->query_vars['type__not_in'] = $types;
		}
	}

	/**
	 * Exclude notes (comments) from showing in Recent Comments widgets
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param array $clauses Comment clauses for comment query.
	 *
	 * @return array $clauses Updated comment clauses.
	 */
	public function hide_comments_pre_wp_41( $clauses ) {
		if ( version_compare( floatval( get_bloginfo( 'version' ) ), '4.1', '<' ) ) {
			foreach ( $this->comment_types as $comment_type ) {
				$clauses['where'] .= " AND comment_type != \"{$comment_type}\"";
			}
		}

		return $clauses;
	}

	/**
	 * Exclude notes (comments) from showing in comment feeds
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param string $where
	 *
	 * @return string $where
	 */
	public function hide_comments_from_feeds( $where ) {
		global $wpdb;

		foreach ( $this->comment_types as $comment_type ) {
			$where .= $wpdb->prepare( ' AND comment_type!=%s', $comment_type );
		}

		return $where;
	}

	/**
	 * Remove Give Comments from the wp_count_comments function
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param array $stats   (empty from core filter).
	 * @param int   $post_id Post ID.
	 *
	 * @return array|object Array of comment counts.
	 */
	public function remove_comments_from_comment_counts( $stats, $post_id ) {
		global $wpdb;

		$post_id = (int) $post_id;

		if ( apply_filters( 'give_count_payment_notes_in_comments', false ) ) {
			return $stats;
		}

		$stats = Give_Cache::get_group( "comments-{$post_id}", 'counts' );

		// Return result from cache.
		if ( ! is_null( $stats ) ) {
			return $stats;
		}

		$where = 'WHERE';

		foreach ( $this->comment_types as $index => $comment_type ) {
			$where .= ( $index ? ' AND ' : ' ' ) . "comment_type != \"{$comment_type}\"";
		}

		if ( $post_id > 0 ) {
			$where .= $wpdb->prepare( ' AND comment_post_ID = %d', $post_id );
		}

		$count = $wpdb->get_results(
			"
				  SELECT comment_approved, COUNT( * ) AS num_comments
				  FROM {$wpdb->comments} {$where}
				  GROUP BY comment_approved
				  ",
			ARRAY_A
		);

		$total    = 0;
		$approved = array(
			'0'            => 'moderated',
			'1'            => 'approved',
			'spam'         => 'spam',
			'trash'        => 'trash',
			'post-trashed' => 'post-trashed',
		);

		foreach ( (array) $count as $row ) {
			// Don't count post-trashed toward totals.
			if ( 'post-trashed' != $row['comment_approved'] && 'trash' != $row['comment_approved'] ) {
				$total += $row['num_comments'];
			}
			if ( isset( $approved[ $row['comment_approved'] ] ) ) {
				$stats[ $approved[ $row['comment_approved'] ] ] = $row['num_comments'];
			}
		}

		$stats['total_comments'] = $stats['all'] = $total;
		foreach ( $approved as $key ) {
			if ( empty( $stats[ $key ] ) ) {
				$stats[ $key ] = 0;
			}
		}

		$stats = (object) $stats;

		Give_Cache::set_group( "comments-{$post_id}", $stats, 'counts' );

		return $stats;
	}

	/**
	 * Get donor name
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param string     $author
	 * @param int        $comment_id
	 * @param WP_Comment $comment
	 *
	 * @return mixed
	 */
	public function __get_comment_author( $author, $comment_id, $comment ) {
		if ( in_array( $comment->comment_type, $this->comment_types ) ) {
			switch ( $comment->comment_type ) {
				case 'give_payment_note':
					if ( get_comment_meta( $comment_id, '_give_donor_id', true ) ) {
						$author = give_get_donor_name_by( $comment->comment_post_ID );
					}
			}
		}

		return $author;
	}


	/**
	 * Get comment types
	 *
	 * @since  2.2.0
	 * @access public
	 *
	 * @param array @comment_types
	 *
	 * @return array
	 */
	public static function get_comment_types( $comment_types ) {
		$_comment_types = array();
		foreach ( $comment_types as $comment_type ) {
			$_comment_types[] = "give_{$comment_type}_note";
		}

		return $_comment_types;
	}

	/**
	 * Get comments
	 * Note: This function add backward compatibility for get function
	 *
	 * @since  2.3.0
	 * @access public
	 *
	 * @param array $comment_args
	 *
	 * @return array|null
	 */
	private static function _bc_get( $comment_args ) {
		$comments = null;

		if ( ! give_has_upgrade_completed( 'v230_move_donor_note' ) ) {
			$id           = $comment_args[0];
			$comment_type = $comment_args[1];
			$comment_args = isset( $comment_args[2] ) ? $comment_args[2] : array();
			$search       = isset( $comment_args[3] ) ? $comment_args[3] : '';

			// Set default meta_query value.
			if ( ! isset( $comment_args['meta_query'] ) ) {
				$comment_args['meta_query'] = array();
			}

			// Bailout
			if ( empty( $id ) || empty( $comment_type ) ) {
				return $comments;
			}

			remove_action( 'pre_get_comments', array( self::$instance, 'hide_comments' ), 10 );
			remove_filter( 'comments_clauses', array( self::$instance, 'hide_comments_pre_wp_41' ), 10 );

			switch ( $comment_type ) {
				case 'payment':

					$comment_args['meta_query'] = ! empty( $comment_args['meta_query'] )
						? $comment_args['meta_query']
						: array(
							array(
								'key'     => '_give_donor_id',
								'compare' => 'NOT EXISTS',
							),
						);

					$comments = get_comments( wp_parse_args(
						$comment_args,
						array(
							'post_id' => $id,
							'order'   => 'ASC',
							'search'  => $search,
							'type'    => 'give_payment_note',
						)
					) );
					break;

				case 'donor':

					$comment_args['meta_query'] = ! empty( $comment_args['meta_query'] )
						? $comment_args['meta_query']
						: array(
							array(
								'key'   => "_give_{$comment_type}_id",
								'value' => $id,
							),
						);

					$comments = get_comments( wp_parse_args(
						$comment_args,
						array(
							'order'  => 'ASC',
							'search' => $search,
							'type'   => 'give_donor_note',
						)
					) );
					break;
			}

			add_action( 'pre_get_comments', array( self::$instance, 'hide_comments' ), 10, 1 );
			add_filter( 'comments_clauses', array( self::$instance, 'hide_comments_pre_wp_41' ), 10, 1 );
		}

		return $comments;
	}


	/**
	 * Insert/Update comment
	 * Note: This function add backward compatibility for add function
	 *
	 * @since  2.3.0
	 * @access public
	 *
	 * @param array $comment_args Comment arguments.
	 *
	 * @return int|null|WP_Error
	 */
	private static function _bc_add( $comment_args = array() ) {
		$comment_id = null;

		if ( ! give_has_upgrade_completed( 'v230_move_donor_note' ) ) {
			$id           = $comment_args[0];
			$note         = $comment_args[1];
			$comment_type = $comment_args[2];
			$comment_args = isset( $comment_args[3] ) ? $comment_args[3] : array();


			// Bailout
			if ( empty( $id ) || empty( $note ) || empty( $comment_type ) ) {
				return new WP_Error( 'give_invalid_required_param', __( 'This comment has invalid ID or comment text or comment type', 'give' ) );
			}

			$is_existing_comment = array_key_exists( 'comment_ID', $comment_args ) && ! empty( $comment_args['comment_ID'] );
			$action_type         = $is_existing_comment ? 'update' : 'insert';

			/**
			 * Fires before inserting/updating payment|donor comment.
			 *
			 * @param int    $id   Payment|Donor ID.
			 * @param string $note Comment text.
			 *
			 * @since 1.0
			 */
			do_action( "give_pre_{$action_type}_{$comment_type}_note", $id, $note );

			$comment_args = wp_parse_args(
				$comment_args,
				array(
					'comment_post_ID'      => $id,
					'comment_content'      => $note,
					'user_id'              => is_admin() ? get_current_user_id() : 0,
					'comment_date'         => current_time( 'mysql' ),
					'comment_date_gmt'     => current_time( 'mysql', 1 ),
					'comment_approved'     => 1,
					'comment_parent'       => 0,
					'comment_author'       => '',
					'comment_author_IP'    => '',
					'comment_author_url'   => '',
					'comment_author_email' => '',
					'comment_type'         => "give_{$comment_type}_note",

				)
			);


			// Check comment max length.
			$error = wp_check_comment_data_max_lengths( $comment_args );
			if ( is_wp_error( $error ) ) {
				return $error;
			}

			// Remove moderation emails when comment posted.
			remove_action( 'comment_post', 'wp_new_comment_notify_moderator' );
			remove_action( 'comment_post', 'wp_new_comment_notify_postauthor' );

			// Remove comment flood check.
			remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );

			$comment_id = $is_existing_comment
				? wp_update_comment( $comment_args )
				: wp_new_comment( $comment_args, true );

			// Add moderation emails when comment posted.
			add_action( 'comment_post', 'wp_new_comment_notify_moderator' );
			add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );

			// Add comment flood check.
			add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );

			update_comment_meta( $comment_id, "_give_{$comment_type}_id", $id );

			/**
			 * Fires after payment|donor comment inserted/updated.
			 *
			 * @param int    $comment_id Comment ID.
			 * @param int    $id         Payment|Donor ID.
			 * @param string $note       Comment text.
			 *
			 * @since 1.0
			 */
			do_action( "give_{$action_type}_{$comment_type}_note", $comment_id, $id, $note );
		}

		return $comment_id;
	}

	/**
	 * Delete comment
	 * Note: This function add backward compatibility for delete function
	 * @since  2.3.0
	 * @access public
	 *
	 * @param array $comment_args Comment arguments.
	 *
	 * @since  1.0
	 *
	 * @return bool True on success, false otherwise.
	 */
	private static function _bc_delete( $comment_args ) {
		$ret = null;

		if ( ! give_has_upgrade_completed( 'v230_move_donor_note' ) ) {
			$comment_id   = $comment_args[0];
			$id           = $comment_args[1];
			$comment_type = $comment_args[2];

			$ret = false;

			// Bailout
			if ( empty( $id ) || empty( $comment_id ) || empty( $comment_type ) ) {
				return $ret;
			}
			/**
			 * Fires before deleting donation note.
			 *
			 * @param int $comment_id Comment ID.
			 * @param int $id         Payment|Donor ID.
			 *
			 * @since 1.0
			 */
			do_action( "give_pre_delete_{$comment_type}_note", $comment_id, $id );

			$ret = wp_delete_comment( $comment_id, true );


			/**
			 * Fires after donation note deleted.
			 *
			 * @param int  $comment_id Note ID.
			 * @param int  $id         Payment|Donor ID.
			 * @param bool $ret        Flag to check if comment deleted or not.
			 *
			 * @since 1.0
			 */
			do_action( "give_post_delete_{$comment_type}_note", $comment_id, $id, $ret );
		}

		return $ret;
	}
}


1		<?php
2
3		/**
4		* Class for managing comments
5		*
6		* @package Give
7		* @subpackage Classes/Give_Cache
8		* @copyright Copyright (c) 2018, GiveWP
9		* @license https://opensource.org/licenses/gpl-license GNU Public License
10		* @since 2.2.0
11		*/
12		class Give_Comment {
		0 ignored issues – show Coding Style introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this Since you have declared the constructor as private, maybe you should also declare the class as final. Loading history...
13		/**
14		* Instance.
15		*
16		* @since 2.2.0
17		* @access private
18		* @var
19		*/
20		static private $instance;
21
22		/**
23		* Comment Types.
24		*
25		* @since 2.2.0
26		* @access private
27		* @var array
28		*/
29		private $comment_types;
30
31		/**
32		* Comment Table.
33		*
34		* @since 2.3.0
35		* @access public
36		* @var Give_DB_Comments
37		*/
38		public $db;
39
40		/**
41		* Comment Meta Table.
42		*
43		* @since 2.3.0
44		* @access public
45		* @var Give_DB_Comment_Meta
46		*/
47		public $db_meta;
48
49		/**
50		* Singleton pattern.
51		*
52		* @since 2.2.0
53		* @access private
54		*/
55		private function __construct() {
56		}
57
58
59		/**
60		* Get instance.
61		*
62		* @since 2.2.0
63		* @access pu
64		* @return Give_Comment
65		*/
66	View Code Duplication	public static function get_instance() {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
67		if ( null === static::$instance ) {
68		self::$instance = new static();
69		self::$instance->init();
70		}
71
72		return self::$instance;
73		}
74
75		/**
76		* Initialize
77		*
78		* @since 2.2.0
79		* @access private
80		*/
81		private function init() {
82		$this->db = new Give_DB_Comments();
83		$this->db_meta = new Give_DB_Comment_Meta();
84
85		/**
86		* Filter the comment type
87		*
88		* @since 2.2.0
89		*/
90		$this->comment_types = apply_filters(
91		'give_comment_type',
92		self::get_comment_types( array( 'payment', 'donor' ) )
93		);
94
95		// Backward compatibility.
96		if ( ! give_has_upgrade_completed( 'v230_move_donation_note' ) ) {
97		add_action( 'pre_get_comments', array( $this, 'hide_comments' ), 10 );
98		add_filter( 'comments_clauses', array( $this, 'hide_comments_pre_wp_41' ), 10, 1 );
99		add_filter( 'comment_feed_where', array( $this, 'hide_comments_from_feeds' ), 10, 1 );
100		add_filter( 'wp_count_comments', array( $this, 'remove_comments_from_comment_counts' ), 10, 2 );
101		add_filter( 'get_comment_author', array( $this, '__get_comment_author' ), 10, 3 );
102		}
103		}
104
105		/**
106		* Insert/Update comment
107		*
108		* @since 2.2.0
109		* @access public
110		*
111		* @param array $comment_args Comment arguments.
112		*
113		* @return int\|WP_Error
114		*/
115		public static function add( $comment_args = array() ) {
116		// Backward compatibility.
117		$func_args = func_get_args();
118		$comment_id = self::_bc_add( $func_args );
119		if ( ! is_null( $comment_id ) ) {
120		return $comment_id;
121		}
122
123		// Backward compatibility.
124	View Code Duplication	if( is_numeric( $comment_args ) ) {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
125		$comment_args = array(
126		'comment_parent' => $func_args[0],
127		'comment_content' => $func_args[1],
128		'comment_type' => 'payment' === $func_args[2] ? 'donation' : $func_args[1],
129		);
130		}
131
132		$comment_args = wp_parse_args(
133		$comment_args,
134		array(
135		'comment_ID' => 0,
136		'comment_parent' => 0,
137		'comment_type' => 'general',
138		)
139		);
140
141		$is_existing_comment = array_key_exists( 'comment_ID', $comment_args ) && ! empty( $comment_args['comment_ID'] );
142		$action_type = $is_existing_comment ? 'update' : 'insert';
143
144		/**
145		* Fires before inserting/updating payment\|donor comment.
146		*
147		* @param int $id Payment\|Donor ID.
148		* @param string $note Comment text.
149		*
150		* @since 1.0
151		*/
152		do_action(
153		"give_pre_{$action_type}_{$comment_args['comment_type']}_note",
154		$comment_args['comment_parent'],
155		$comment_args['comment_content'],
156		$comment_args
157		);
158
159		$comment_id = Give()->comment->db->add(
160		array(
161		'comment_ID' => absint( $comment_args['comment_ID'] ),
162		'comment_content' => $comment_args['comment_content'],
163		'comment_parent' => $comment_args['comment_parent'],
164		'comment_type' => $comment_args['comment_type'],
165		)
166		);
167
168		/**
169		* Fires after payment\|donor comment inserted/updated.
170		*
171		* @param int $comment_id Comment ID.
172		* @param int $id Payment\|Donor ID.
173		* @param string $note Comment text.
174		*
175		* @since 1.0
176		*/
177		do_action(
178		"give_{$action_type}_{$comment_args['comment_type']}_note",
179		$comment_args['comment_ID'],
180		$comment_args['comment_parent'],
181		$comment_args['comment_content'],
182		$comment_args
183		);
184
185		return $comment_id;
186		}
187
188
189		/**
190		* Delete comment
191		*
192		* @since 2.2.0
193		* @access public
194		*
195		* @param int $comment_id The comment ID to delete.
196		*
197		* @since 1.0
198		*
199		* @return bool True on success, false otherwise.
200		*/
201		public static function delete( $comment_id ) {
202		// Backward compatibility.
203		$func_args = func_get_args();
204		$ret = self::_bc_delete( $func_args );
205		if ( ! is_null( $ret ) ) {
206		return $ret;
207		}
208
209		$ret = false;
210
211		// Bailout
212		if ( empty( $comment_id ) ) {
213		return $ret;
214		}
215
216		/* @var stdClass $comment */
217		$comment = Give()->comment->db->get_by( 'comment_ID', $comment_id );
218
219		if ( ! is_object( $comment ) ) {
220		return $ret;
221		}
222
223		$comment_type = $comment->comment_type;
224		$comment_parent = $comment->comment_parent;
225
226		/**
227		* Fires before deleting donation note.
228		*
229		* @param int $comment_id Comment ID.
230		* @param int $id Payment\|Donor ID.
231		*
232		* @since 1.0
233		*/
234		do_action( "give_pre_delete_{$comment_type}_note", $comment_id, $comment_parent );
235
236		$ret = Give()->comment->db->delete( $comment_id );
237
238		// Delete comment meta.
239		Give()->comment->db_meta->delete_all_meta( $comment_id );
240
241		/**
242		* Fires after donation note deleted.
243		*
244		* @param int $comment_id Note ID.
245		* @param int $id Payment\|Donor ID.
246		* @param bool $ret Flag to check if comment deleted or not.
247		*
248		* @since 1.0
249		*/
250		do_action( "give_post_delete_{$comment_type}_note", $comment_id, $comment_parent, $ret );
251
252		return $ret;
253		}
254
255
256		/**
257		* Get comments
258		*
259		* @since 2.2.0
260		* @access public
261		*
262		* @param array $comment_args
263		*
264		* @return array
265		*/
266		public static function get( $comment_args ) {
267		global $wpdb;
268
269		// Backward compatibility.
270		$func_args = func_get_args();
271		$comments = self::_bc_get( $func_args );
272		if ( ! is_null( $comments ) ) {
273		return $comments;
274		}
275
276		// Backward compatibility.
277	View Code Duplication	if( is_numeric( $comment_args ) ) {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
278		$comment_args = array(
279		'comment_parent' => $func_args[0],
280		'comment_type' => 'payment' === $func_args[1] ? 'donation' : $func_args[1],
281		);
282		}
283
284		$comments = $wpdb->get_results( Give()->comment->db->get_sql( $comment_args ) );
285
286		return $comments;
287		}
288
289		/**
290		* Exclude comments from showing in Recent
291		* Comments widgets
292		*
293		* @since 2.2.0
294		* @access public
295		*
296		* @param object $query WordPress Comment Query Object.
297		*
298		* @return void
299		*/
300		public function hide_comments( $query ) {
301		if ( version_compare( floatval( get_bloginfo( 'version' ) ), '4.1', '>=' ) ) {
302		$types = isset( $query->query_vars['type__not_in'] ) ? $query->query_vars['type__not_in'] : array();
303		if ( ! is_array( $types ) ) {
304		$types = array( $types );
305		}
306
307		$types = array_filter( array_merge( $types, $this->comment_types ) );
308
309		$query->query_vars['type__not_in'] = $types;
310		}
311		}
312
313		/**
314		* Exclude notes (comments) from showing in Recent Comments widgets
315		*
316		* @since 2.2.0
317		* @access public
318		*
319		* @param array $clauses Comment clauses for comment query.
320		*
321		* @return array $clauses Updated comment clauses.
322		*/
323		public function hide_comments_pre_wp_41( $clauses ) {
324		if ( version_compare( floatval( get_bloginfo( 'version' ) ), '4.1', '<' ) ) {
325		foreach ( $this->comment_types as $comment_type ) {
326		$clauses['where'] .= " AND comment_type != \"{$comment_type}\"";
327		}
328		}
329
330		return $clauses;
331		}
332
333		/**
334		* Exclude notes (comments) from showing in comment feeds
335		*
336		* @since 2.2.0
337		* @access public
338		*
339		* @param string $where
340		*
341		* @return string $where
342		*/
343		public function hide_comments_from_feeds( $where ) {
344		global $wpdb;
345
346		foreach ( $this->comment_types as $comment_type ) {
347		$where .= $wpdb->prepare( ' AND comment_type!=%s', $comment_type );
348		}
349
350		return $where;
351		}
352
353		/**
354		* Remove Give Comments from the wp_count_comments function
355		*
356		* @since 2.2.0
357		* @access public
358		*
359		* @param array $stats (empty from core filter).
360		* @param int $post_id Post ID.
361		*
362		* @return array\|object Array of comment counts.
363		*/
364		public function remove_comments_from_comment_counts( $stats, $post_id ) {
365		global $wpdb;
366
367		$post_id = (int) $post_id;
368
369		if ( apply_filters( 'give_count_payment_notes_in_comments', false ) ) {
370		return $stats;
371		}
372
373		$stats = Give_Cache::get_group( "comments-{$post_id}", 'counts' );
374
375		// Return result from cache.
376		if ( ! is_null( $stats ) ) {
377		return $stats;
378		}
379
380		$where = 'WHERE';
381
382		foreach ( $this->comment_types as $index => $comment_type ) {
383		$where .= ( $index ? ' AND ' : ' ' ) . "comment_type != \"{$comment_type}\"";
384		}
385
386		if ( $post_id > 0 ) {
387		$where .= $wpdb->prepare( ' AND comment_post_ID = %d', $post_id );
388		}
389
390		$count = $wpdb->get_results(
391		"
392		SELECT comment_approved, COUNT( * ) AS num_comments
393		FROM {$wpdb->comments} {$where}
394		GROUP BY comment_approved
395		",
396		ARRAY_A
397		);
398
399		$total = 0;
400		$approved = array(
401		'0' => 'moderated',
402		'1' => 'approved',
403		'spam' => 'spam',
404		'trash' => 'trash',
405		'post-trashed' => 'post-trashed',
406		);
407
408		foreach ( (array) $count as $row ) {
409		// Don't count post-trashed toward totals.
410		if ( 'post-trashed' != $row['comment_approved'] && 'trash' != $row['comment_approved'] ) {
411		$total += $row['num_comments'];
412		}
413		if ( isset( $approved[ $row['comment_approved'] ] ) ) {
414		$stats[ $approved[ $row['comment_approved'] ] ] = $row['num_comments'];
415		}
416		}
417
418		$stats['total_comments'] = $stats['all'] = $total;
419		foreach ( $approved as $key ) {
420		if ( empty( $stats[ $key ] ) ) {
421		$stats[ $key ] = 0;
422		}
423		}
424
425		$stats = (object) $stats;
426
427		Give_Cache::set_group( "comments-{$post_id}", $stats, 'counts' );
428
429		return $stats;
430		}
431
432		/**
433		* Get donor name
434		*
435		* @since 2.2.0
436		* @access public
437		*
438		* @param string $author
439		* @param int $comment_id
440		* @param WP_Comment $comment
441		*
442		* @return mixed
443		*/
444		public function __get_comment_author( $author, $comment_id, $comment ) {
445		if ( in_array( $comment->comment_type, $this->comment_types ) ) {
446		switch ( $comment->comment_type ) {
447		case 'give_payment_note':
448		if ( get_comment_meta( $comment_id, '_give_donor_id', true ) ) {
449		$author = give_get_donor_name_by( $comment->comment_post_ID );
450		}
451		}
452		}
453
454		return $author;
455		}
456
457
458		/**
459		* Get comment types
460		*
461		* @since 2.2.0
462		* @access public
463		*
464		* @param array @comment_types
465		*
466		* @return array
467		*/
468		public static function get_comment_types( $comment_types ) {
469		$_comment_types = array();
470		foreach ( $comment_types as $comment_type ) {
471		$_comment_types[] = "give_{$comment_type}_note";
472		}
473
474		return $_comment_types;
475		}
476
477		/**
478		* Get comments
479		* Note: This function add backward compatibility for get function
480		*
481		* @since 2.3.0
482		* @access public
483		*
484		* @param array $comment_args
485		*
486		* @return array\|null
487		*/
488		private static function _bc_get( $comment_args ) {
489		$comments = null;
490
491		if ( ! give_has_upgrade_completed( 'v230_move_donor_note' ) ) {
492		$id = $comment_args[0];
493		$comment_type = $comment_args[1];
494		$comment_args = isset( $comment_args[2] ) ? $comment_args[2] : array();
495		$search = isset( $comment_args[3] ) ? $comment_args[3] : '';
496
497		// Set default meta_query value.
498		if ( ! isset( $comment_args['meta_query'] ) ) {
499		$comment_args['meta_query'] = array();
500		}
501
502		// Bailout
503		if ( empty( $id ) \|\| empty( $comment_type ) ) {
504		return $comments;
505		}
506
507		remove_action( 'pre_get_comments', array( self::$instance, 'hide_comments' ), 10 );
508		remove_filter( 'comments_clauses', array( self::$instance, 'hide_comments_pre_wp_41' ), 10 );
509
510		switch ( $comment_type ) {
511	View Code Duplication	case 'payment':
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
512		$comment_args['meta_query'] = ! empty( $comment_args['meta_query'] )
513		? $comment_args['meta_query']
514		: array(
515		array(
516		'key' => '_give_donor_id',
517		'compare' => 'NOT EXISTS',
518		),
519		);
520
521		$comments = get_comments( wp_parse_args(
522		$comment_args,
523		array(
524		'post_id' => $id,
525		'order' => 'ASC',
526		'search' => $search,
527		'type' => 'give_payment_note',
528		)
529		) );
530		break;
531
532	View Code Duplication	case 'donor':
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
533		$comment_args['meta_query'] = ! empty( $comment_args['meta_query'] )
534		? $comment_args['meta_query']
535		: array(
536		array(
537		'key' => "_give_{$comment_type}_id",
538		'value' => $id,
539		),
540		);
541
542		$comments = get_comments( wp_parse_args(
543		$comment_args,
544		array(
545		'order' => 'ASC',
546		'search' => $search,
547		'type' => 'give_donor_note',
548		)
549		) );
550		break;
551		}
552
553		add_action( 'pre_get_comments', array( self::$instance, 'hide_comments' ), 10, 1 );
554		add_filter( 'comments_clauses', array( self::$instance, 'hide_comments_pre_wp_41' ), 10, 1 );
555		}
556
557		return $comments;
558		}
559
560
561		/**
562		* Insert/Update comment
563		* Note: This function add backward compatibility for add function
564		*
565		* @since 2.3.0
566		* @access public
567		*
568		* @param array $comment_args Comment arguments.
569		*
570		* @return int\|null\|WP_Error
571		*/
572		private static function _bc_add( $comment_args = array() ) {
573		$comment_id = null;
574
575		if ( ! give_has_upgrade_completed( 'v230_move_donor_note' ) ) {
576		$id = $comment_args[0];
577		$note = $comment_args[1];
578		$comment_type = $comment_args[2];
579		$comment_args = isset( $comment_args[3] ) ? $comment_args[3] : array();
580
581
582		// Bailout
583		if ( empty( $id ) \|\| empty( $note ) \|\| empty( $comment_type ) ) {
584		return new WP_Error( 'give_invalid_required_param', __( 'This comment has invalid ID or comment text or comment type', 'give' ) );
585		}
586
587		$is_existing_comment = array_key_exists( 'comment_ID', $comment_args ) && ! empty( $comment_args['comment_ID'] );
588		$action_type = $is_existing_comment ? 'update' : 'insert';
589
590		/**
591		* Fires before inserting/updating payment\|donor comment.
592		*
593		* @param int $id Payment\|Donor ID.
594		* @param string $note Comment text.
595		*
596		* @since 1.0
597		*/
598		do_action( "give_pre_{$action_type}_{$comment_type}_note", $id, $note );
599
600		$comment_args = wp_parse_args(
601		$comment_args,
602		array(
603		'comment_post_ID' => $id,
604		'comment_content' => $note,
605		'user_id' => is_admin() ? get_current_user_id() : 0,
606		'comment_date' => current_time( 'mysql' ),
607		'comment_date_gmt' => current_time( 'mysql', 1 ),
608		'comment_approved' => 1,
609		'comment_parent' => 0,
610		'comment_author' => '',
611		'comment_author_IP' => '',
612		'comment_author_url' => '',
613		'comment_author_email' => '',
614		'comment_type' => "give_{$comment_type}_note",
615
616		)
617		);
618
619
620		// Check comment max length.
621		$error = wp_check_comment_data_max_lengths( $comment_args );
622		if ( is_wp_error( $error ) ) {
623		return $error;
624		}
625
626		// Remove moderation emails when comment posted.
627		remove_action( 'comment_post', 'wp_new_comment_notify_moderator' );
628		remove_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
629
630		// Remove comment flood check.
631		remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
632
633		$comment_id = $is_existing_comment
634		? wp_update_comment( $comment_args )
635		: wp_new_comment( $comment_args, true );
636
637		// Add moderation emails when comment posted.
638		add_action( 'comment_post', 'wp_new_comment_notify_moderator' );
639		add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
640
641		// Add comment flood check.
642		add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
643
644		update_comment_meta( $comment_id, "_give_{$comment_type}_id", $id );
645
646		/**
647		* Fires after payment\|donor comment inserted/updated.
648		*
649		* @param int $comment_id Comment ID.
650		* @param int $id Payment\|Donor ID.
651		* @param string $note Comment text.
652		*
653		* @since 1.0
654		*/
655		do_action( "give_{$action_type}_{$comment_type}_note", $comment_id, $id, $note );
656		}
657
658		return $comment_id;
659		}
660
661		/**
662		* Delete comment
663		* Note: This function add backward compatibility for delete function
664		* @since 2.3.0
665		* @access public
666		*
667		* @param array $comment_args Comment arguments.
668		*
669		* @since 1.0
670		*
671		* @return bool True on success, false otherwise.
672		*/
673		private static function _bc_delete( $comment_args ) {
674		$ret = null;
675
676		if ( ! give_has_upgrade_completed( 'v230_move_donor_note' ) ) {
677		$comment_id = $comment_args[0];
678		$id = $comment_args[1];
679		$comment_type = $comment_args[2];
680
681		$ret = false;
682
683		// Bailout
684		if ( empty( $id ) \|\| empty( $comment_id ) \|\| empty( $comment_type ) ) {
685		return $ret;
686		}
687		/**
688		* Fires before deleting donation note.
689		*
690		* @param int $comment_id Comment ID.
691		* @param int $id Payment\|Donor ID.
692		*
693		* @since 1.0
694		*/
695		do_action( "give_pre_delete_{$comment_type}_note", $comment_id, $id );
696
697		$ret = wp_delete_comment( $comment_id, true );
698
699
700		/**
701		* Fires after donation note deleted.
702		*
703		* @param int $comment_id Note ID.
704		* @param int $id Payment\|Donor ID.
705		* @param bool $ret Flag to check if comment deleted or not.
706		*
707		* @since 1.0
708		*/
709		do_action( "give_post_delete_{$comment_type}_note", $comment_id, $id, $ret );
710		}
711
712		return $ret;
713		}
714		}
715

impress-org / give

Issues (1282)

Security Analysis not enabled

includes/class-give-comment.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like