Issues in class-give-db.php (master) - Issues in master - impress-org/give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1282)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/database/class-give-db.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Give DB
 *
 * @package     Give
 * @subpackage  Classes/Give_DB
 * @copyright   Copyright (c) 2016, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.0
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Give_DB Class
 *
 * This class is for interacting with the database table.
 *
 * @since 1.0
 */
abstract class Give_DB {

	/**
	 * The name of our database table
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    string
	 */
	public $table_name;

	/**
	 * Set Minimum Index Length
	 *
	 * @since  2.0.1
	 * @access public
	 *
	 * @var int
	 */
	public $min_index_length = 191;

	/**
	 * The version of our database table
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    string
	 */
	public $version;

	/**
	 * The name of the primary column
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @var    string
	 */
	public $primary_key;

	/**
	 * Class Constructor
	 *
	 * Set up the Give DB Class.
	 *
	 * @since  1.0
	 * @access public
	 */
	public function __construct() {
		if( is_multisite() ) {
			add_action( 'switch_blog', array( $this, 'handle_switch_blog' ), 10, 2 );
		}
	}

	/**
	 * Whitelist of columns
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return array  Columns and formats.
	 */
	public function get_columns() {
		return array();
	}

	/**
	 * Default column values
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @return array  Default column values.
	 */
	public function get_column_defaults() {
		return array();
	}

	/**
	 * Retrieve a row by the primary key
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  int $row_id Row ID.
	 *
	 * @return object
	 */
	public function get( $row_id ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// Bailout.
		if ( empty( $row_id ) ) {
			return null;
		}

		return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
	}

	/**
	 * Retrieve a row by a specific column / value
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  int $column Column ID.
	 * @param  int $row_id Row ID.
	 *
	 * @return object
	 */
	public function get_by( $column, $row_id ) {

		/* @var WPDB $wpdb */
		global $wpdb;

		// Bailout.
		if ( empty( $column ) || empty( $row_id ) ) {
			return null;
		}

		$column = esc_sql( $column );

		return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $column = %s LIMIT 1;", $row_id ) );
	}

	/**
	 * Retrieve all rows by a specific column / value
	 * Note: currently support string comparision
	 *
	 * @since  2.2.4
	 * @access public
	 *
	 * @param array $column_args Array contains column key and expected value.
	 *
	 * @return array
	 */
	public function get_results_by( $column_args ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// Bailout.
		if ( empty( $column_args ) ) {
			return null;
		}

		$column_args = wp_parse_args(
			$column_args,
			array(
				'relation' => 'AND'
			)
		);

		$relation = $column_args['relation'];
		unset($column_args['relation']);

		$where = array();
		foreach ( $column_args as $column_name => $column_value ) {
			$where[] = esc_sql( $column_name ) . "='$column_value'";
		}
		$where = implode( " {$relation} ", $where );

		return $wpdb->get_results( "SELECT * FROM {$this->table_name} WHERE {$where};" );
	}

	/**
	 * Retrieve a specific column's value by the primary key
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  int $column Column ID.
	 * @param  int $row_id Row ID.
	 *
	 * @return string      Column value.
	 */
	public function get_column( $column, $row_id ) {

		/* @var WPDB $wpdb */
		global $wpdb;

		// Bailout.
		if ( empty( $column ) || empty( $row_id ) ) {
			return null;
		}

		$column = esc_sql( $column );

		return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
	}

	/**
	 * Retrieve a specific column's value by the the specified column / value
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  int    $column       Column ID.
	 * @param  string $column_where Column name.
	 * @param  string $column_value Column value.
	 *
	 * @return string
	 */
	public function get_column_by( $column, $column_where, $column_value ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// Bailout.
		if ( empty( $column ) || empty( $column_where ) || empty( $column_value ) ) {
			return null;
		}

		$column_where = esc_sql( $column_where );
		$column       = esc_sql( $column );

		return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $column_where = %s LIMIT 1;", $column_value ) );
	}

	/**
	 * Insert a new row
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  array  $data
	 * @param  string $type
	 *
	 * @return int
	 */
	public function insert( $data, $type = '' ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// Set default values.
		$data = wp_parse_args( $data, $this->get_column_defaults() );

		/**
		 * Fires before inserting data to the database.
		 *
		 * @since 1.0
		 *
		 * @param array $data
		 */
		do_action( "give_pre_insert_{$type}", $data );

		// Initialise column format array
		$column_formats = $this->get_columns();

		// Force fields to lower case
		// $data = array_change_key_case( $data );

		// White list columns
		$data = array_intersect_key( $data, $column_formats );

		// Reorder $column_formats to match the order of columns given in $data
		$data_keys      = array_keys( $data );
		$column_formats = array_merge( array_flip( $data_keys ), $column_formats );

		$wpdb->insert( $this->table_name, $data, $column_formats );

		/**
		 * Fires after inserting data to the database.
		 *
		 * @since 1.0
		 *
		 * @param int   $insert_id
		 * @param array $data
		 */
		do_action( "give_post_insert_{$type}", $wpdb->insert_id, $data );

		return $wpdb->insert_id;
	}

	/**
	 * Update a row
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  int    $row_id Column ID
	 * @param  array  $data
	 * @param  string $where  Column value
	 *
	 * @return bool
	 */
	public function update( $row_id, $data = array(), $where = '' ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// Row ID must be positive integer
		$row_id = absint( $row_id );

		if ( empty( $row_id ) ) {
			return false;
		}

		if ( empty( $where ) ) {
			$where = $this->primary_key;
		}

		// Initialise column format array
		$column_formats = $this->get_columns();

		// Force fields to lower case
		$data = array_change_key_case( $data );

		// White list columns
		$data = array_intersect_key( $data, $column_formats );

		// Reorder $column_formats to match the order of columns given in $data
		$data_keys      = array_keys( $data );
		$column_formats = array_merge( array_flip( $data_keys ), $column_formats );

		if ( false === $wpdb->update( $this->table_name, $data, array( $where => $row_id ), $column_formats ) ) {
			return false;
		}

		return true;
	}

	/**
	 * Delete a row identified by the primary key
	 *
	 * @since  1.0
	 * @access public
	 *
	 * @param  int $row_id Column ID.
	 *
	 * @return bool
	 */
	public function delete( $row_id = 0 ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		// Row ID must be positive integer
		$row_id = absint( $row_id );

		if ( empty( $row_id ) ) {
			return false;
		}

		if ( false === $wpdb->query( $wpdb->prepare( "DELETE FROM $this->table_name WHERE $this->primary_key = %d", $row_id ) ) ) {
			return false;
		}

		return true;
	}

	/**
	 * Check if the given table exists
	 *
	 * @since  1.3.2
	 * @access public
	 *
	 * @param  string $table The table name.
	 *
	 * @return bool          If the table name exists.
	 */
	public function table_exists( $table ) {
		/* @var WPDB $wpdb */
		global $wpdb;

		$table = sanitize_text_field( $table );

		return $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE '%s'", $table ) ) === $table;
	}

	/**
	 * Checks whether column exists in a table or not.
	 *
	 * @param string $column_name Name of the Column in Database Table.
	 *
	 * @since 1.8.18
	 *
	 * @see https://gist.github.com/datafeedr/54e89e07f87232fb055121bb766743fe
	 *
	 * @return bool
	 */
	public function does_column_exist( $column_name ) {

		global $wpdb;

		$column = $wpdb->get_results( $wpdb->prepare(
			"SELECT * FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = %s AND TABLE_NAME = %s AND COLUMN_NAME = %s ",
			DB_NAME, $this->table_name, $column_name
		) );

		if ( ! empty( $column ) ) {
			return true;
		}

		return false;
	}

	/**
	 * Check if the table was ever installed
	 *
	 * @since  1.6
	 * @access public
	 *
	 * @return bool Returns if the customers table was installed and upgrade routine run.
	 */
	public function installed() {
		return $this->table_exists( $this->table_name );
	}

	/**
	 * Register tables
	 *
	 * @since  1.8.9
	 * @access public
	 */
	public function register_table() {
		$current_version = get_option( $this->table_name . '_db_version' );
		if ( ! $current_version || version_compare( $current_version, $this->version, '<' ) ) {
			$this->create_table();
		}
	}

	/**
	 * Create table
	 *
	 * @since  1.8.9
	 * @access public
	 */
	public function create_table() {
	}


	/**
	 * Given a ID, make sure it's a positive number, greater than zero before inserting or adding.
	 *
	 * @access private
	 * @since  2.0
	 *
	 * @param  int $id A passed ID.
	 *
	 * @return int|bool                The normalized log ID or false if it's found to not be valid.
	 */
	public function sanitize_id( $id ) {
		if ( ! is_numeric( $id ) ) {
			return false;
		}

		$id = (int) $id;

		// We were given a non positive number.
		if ( absint( $id ) !== $id ) {
			return false;
		}

		if ( empty( $id ) ) {
			return false;
		}

		return absint( $id );

	}

	/**
	 * Handle switch blog on multi-site
	 *
	 * @since  2.0.4
	 *
	 * @access public
	 *
	 * @param $new_blog_id
	 * @param $prev_blog_id
	 */
	public function handle_switch_blog( $new_blog_id, $prev_blog_id ) {
		global $wpdb;

		// Bailout.
		if ( $new_blog_id === $prev_blog_id ) {
			return;
		}


		$this->table_name = str_replace(
			1 != $prev_blog_id ? $wpdb->get_blog_prefix( $prev_blog_id ) : $wpdb->base_prefix,
			1 != $new_blog_id ? $wpdb->get_blog_prefix( $new_blog_id ) : $wpdb->base_prefix,
			$this->table_name
		);

		if ( $this instanceof Give_DB_Meta ) {
			$wpdb->{$this->get_meta_type() . 'meta'} = $this->table_name;
abstract class User
{
    /** @return string */
    abstract public function getPassword();
}

class MyUser extends User
{
    public function getPassword()
    {
        // return something
    }

    public function getDisplayName()
    {
        // return some name.
    }
}

class AuthSystem
{
    public function authenticate(User $user)
    {
        $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
        // do something.
    }
}
		}

	}
}


Issues (1282)

Security Analysis not enabled

includes/database/class-give-db.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2		/**
3		* Give DB
4		*
5		* @package Give
6		* @subpackage Classes/Give_DB
7		* @copyright Copyright (c) 2016, GiveWP
8		* @license https://opensource.org/licenses/gpl-license GNU Public License
9		* @since 1.0
10		*/
11
12		// Exit if accessed directly.
13		if ( ! defined( 'ABSPATH' ) ) {
14		exit;
15		}
16
17		/**
18		* Give_DB Class
19		*
20		* This class is for interacting with the database table.
21		*
22		* @since 1.0
23		*/
24		abstract class Give_DB {
25
26		/**
27		* The name of our database table
28		*
29		* @since 1.0
30		* @access public
31		*
32		* @var string
33		*/
34		public $table_name;
35
36		/**
37		* Set Minimum Index Length
38		*
39		* @since 2.0.1
40		* @access public
41		*
42		* @var int
43		*/
44		public $min_index_length = 191;
45
46		/**
47		* The version of our database table
48		*
49		* @since 1.0
50		* @access public
51		*
52		* @var string
53		*/
54		public $version;
55
56		/**
57		* The name of the primary column
58		*
59		* @since 1.0
60		* @access public
61		*
62		* @var string
63		*/
64		public $primary_key;
65
66		/**
67		* Class Constructor
68		*
69		* Set up the Give DB Class.
70		*
71		* @since 1.0
72		* @access public
73		*/
74		public function __construct() {
75		if( is_multisite() ) {
76		add_action( 'switch_blog', array( $this, 'handle_switch_blog' ), 10, 2 );
77		}
78		}
79
80		/**
81		* Whitelist of columns
82		*
83		* @since 1.0
84		* @access public
85		*
86		* @return array Columns and formats.
87		*/
88		public function get_columns() {
89		return array();
90		}
91
92		/**
93		* Default column values
94		*
95		* @since 1.0
96		* @access public
97		*
98		* @return array Default column values.
99		*/
100		public function get_column_defaults() {
101		return array();
102		}
103
104		/**
105		* Retrieve a row by the primary key
106		*
107		* @since 1.0
108		* @access public
109		*
110		* @param int $row_id Row ID.
111		*
112		* @return object
113		*/
114		public function get( $row_id ) {
115		/* @var WPDB $wpdb */
116		global $wpdb;
117
118		// Bailout.
119		if ( empty( $row_id ) ) {
120		return null;
121		}
122
123		return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
124		}
125
126		/**
127		* Retrieve a row by a specific column / value
128		*
129		* @since 1.0
130		* @access public
131		*
132		* @param int $column Column ID.
133		* @param int $row_id Row ID.
134		*
135		* @return object
136		*/
137	View Code Duplication	public function get_by( $column, $row_id ) {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
138		/* @var WPDB $wpdb */
139		global $wpdb;
140
141		// Bailout.
142		if ( empty( $column ) \|\| empty( $row_id ) ) {
143		return null;
144		}
145
146		$column = esc_sql( $column );
147
148		return $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $this->table_name WHERE $column = %s LIMIT 1;", $row_id ) );
149		}
150
151		/**
152		* Retrieve all rows by a specific column / value
153		* Note: currently support string comparision
154		*
155		* @since 2.2.4
156		* @access public
157		*
158		* @param array $column_args Array contains column key and expected value.
159		*
160		* @return array
161		*/
162		public function get_results_by( $column_args ) {
163		/* @var WPDB $wpdb */
164		global $wpdb;
165
166		// Bailout.
167		if ( empty( $column_args ) ) {
168		return null;
169		}
170
171		$column_args = wp_parse_args(
172		$column_args,
173		array(
174		'relation' => 'AND'
175		)
176		);
177
178		$relation = $column_args['relation'];
179		unset($column_args['relation']);
180
181		$where = array();
182		foreach ( $column_args as $column_name => $column_value ) {
183		$where[] = esc_sql( $column_name ) . "='$column_value'";
184		}
185		$where = implode( " {$relation} ", $where );
186
187		return $wpdb->get_results( "SELECT * FROM {$this->table_name} WHERE {$where};" );
188		}
189
190		/**
191		* Retrieve a specific column's value by the primary key
192		*
193		* @since 1.0
194		* @access public
195		*
196		* @param int $column Column ID.
197		* @param int $row_id Row ID.
198		*
199		* @return string Column value.
200		*/
201	View Code Duplication	public function get_column( $column, $row_id ) {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
202		/* @var WPDB $wpdb */
203		global $wpdb;
204
205		// Bailout.
206		if ( empty( $column ) \|\| empty( $row_id ) ) {
207		return null;
208		}
209
210		$column = esc_sql( $column );
211
212		return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $this->primary_key = %s LIMIT 1;", $row_id ) );
213		}
214
215		/**
216		* Retrieve a specific column's value by the the specified column / value
217		*
218		* @since 1.0
219		* @access public
220		*
221		* @param int $column Column ID.
222		* @param string $column_where Column name.
223		* @param string $column_value Column value.
224		*
225		* @return string
226		*/
227		public function get_column_by( $column, $column_where, $column_value ) {
228		/* @var WPDB $wpdb */
229		global $wpdb;
230
231		// Bailout.
232		if ( empty( $column ) \|\| empty( $column_where ) \|\| empty( $column_value ) ) {
233		return null;
234		}
235
236		$column_where = esc_sql( $column_where );
237		$column = esc_sql( $column );
238
239		return $wpdb->get_var( $wpdb->prepare( "SELECT $column FROM $this->table_name WHERE $column_where = %s LIMIT 1;", $column_value ) );
240		}
241
242		/**
243		* Insert a new row
244		*
245		* @since 1.0
246		* @access public
247		*
248		* @param array $data
249		* @param string $type
250		*
251		* @return int
252		*/
253		public function insert( $data, $type = '' ) {
254		/* @var WPDB $wpdb */
255		global $wpdb;
256
257		// Set default values.
258		$data = wp_parse_args( $data, $this->get_column_defaults() );
259
260		/**
261		* Fires before inserting data to the database.
262		*
263		* @since 1.0
264		*
265		* @param array $data
266		*/
267		do_action( "give_pre_insert_{$type}", $data );
268
269		// Initialise column format array
270		$column_formats = $this->get_columns();
271
272		// Force fields to lower case
273		// $data = array_change_key_case( $data );
274
275		// White list columns
276		$data = array_intersect_key( $data, $column_formats );
277
278		// Reorder $column_formats to match the order of columns given in $data
279		$data_keys = array_keys( $data );
280		$column_formats = array_merge( array_flip( $data_keys ), $column_formats );
281
282		$wpdb->insert( $this->table_name, $data, $column_formats );
283
284		/**
285		* Fires after inserting data to the database.
286		*
287		* @since 1.0
288		*
289		* @param int $insert_id
290		* @param array $data
291		*/
292		do_action( "give_post_insert_{$type}", $wpdb->insert_id, $data );
293
294		return $wpdb->insert_id;
295		}
296
297		/**
298		* Update a row
299		*
300		* @since 1.0
301		* @access public
302		*
303		* @param int $row_id Column ID
304		* @param array $data
305		* @param string $where Column value
306		*
307		* @return bool
308		*/
309		public function update( $row_id, $data = array(), $where = '' ) {
310		/* @var WPDB $wpdb */
311		global $wpdb;
312
313		// Row ID must be positive integer
314		$row_id = absint( $row_id );
315
316		if ( empty( $row_id ) ) {
317		return false;
318		}
319
320		if ( empty( $where ) ) {
321		$where = $this->primary_key;
322		}
323
324		// Initialise column format array
325		$column_formats = $this->get_columns();
326
327		// Force fields to lower case
328		$data = array_change_key_case( $data );
329
330		// White list columns
331		$data = array_intersect_key( $data, $column_formats );
332
333		// Reorder $column_formats to match the order of columns given in $data
334		$data_keys = array_keys( $data );
335		$column_formats = array_merge( array_flip( $data_keys ), $column_formats );
336
337		if ( false === $wpdb->update( $this->table_name, $data, array( $where => $row_id ), $column_formats ) ) {
338		return false;
339		}
340
341		return true;
342		}
343
344		/**
345		* Delete a row identified by the primary key
346		*
347		* @since 1.0
348		* @access public
349		*
350		* @param int $row_id Column ID.
351		*
352		* @return bool
353		*/
354		public function delete( $row_id = 0 ) {
355		/* @var WPDB $wpdb */
356		global $wpdb;
357
358		// Row ID must be positive integer
359		$row_id = absint( $row_id );
360
361		if ( empty( $row_id ) ) {
362		return false;
363		}
364
365		if ( false === $wpdb->query( $wpdb->prepare( "DELETE FROM $this->table_name WHERE $this->primary_key = %d", $row_id ) ) ) {
366		return false;
367		}
368
369		return true;
370		}
371
372		/**
373		* Check if the given table exists
374		*
375		* @since 1.3.2
376		* @access public
377		*
378		* @param string $table The table name.
379		*
380		* @return bool If the table name exists.
381		*/
382		public function table_exists( $table ) {
383		/* @var WPDB $wpdb */
384		global $wpdb;
385
386		$table = sanitize_text_field( $table );
387
388		return $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE '%s'", $table ) ) === $table;
389		}
390
391		/**
392		* Checks whether column exists in a table or not.
393		*
394		* @param string $column_name Name of the Column in Database Table.
395		*
396		* @since 1.8.18
397		*
398		* @see https://gist.github.com/datafeedr/54e89e07f87232fb055121bb766743fe
399		*
400		* @return bool
401		*/
402		public function does_column_exist( $column_name ) {
403
404		global $wpdb;
405
406		$column = $wpdb->get_results( $wpdb->prepare(
407		"SELECT * FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = %s AND TABLE_NAME = %s AND COLUMN_NAME = %s ",
408		DB_NAME, $this->table_name, $column_name
409		) );
410
411		if ( ! empty( $column ) ) {
412		return true;
413		}
414
415		return false;
416		}
417
418		/**
419		* Check if the table was ever installed
420		*
421		* @since 1.6
422		* @access public
423		*
424		* @return bool Returns if the customers table was installed and upgrade routine run.
425		*/
426		public function installed() {
427		return $this->table_exists( $this->table_name );
428		}
429
430		/**
431		* Register tables
432		*
433		* @since 1.8.9
434		* @access public
435		*/
436		public function register_table() {
437		$current_version = get_option( $this->table_name . '_db_version' );
438		if ( ! $current_version \|\| version_compare( $current_version, $this->version, '<' ) ) {
439		$this->create_table();
440		}
441		}
442
443		/**
444		* Create table
445		*
446		* @since 1.8.9
447		* @access public
448		*/
449		public function create_table() {
450		}
451
452
453		/**
454		* Given a ID, make sure it's a positive number, greater than zero before inserting or adding.
455		*
456		* @access private
457		* @since 2.0
458		*
459		* @param int $id A passed ID.
460		*
461		* @return int\|bool The normalized log ID or false if it's found to not be valid.
462		*/
463		public function sanitize_id( $id ) {
464		if ( ! is_numeric( $id ) ) {
465		return false;
466		}
467
468		$id = (int) $id;
469
470		// We were given a non positive number.
471		if ( absint( $id ) !== $id ) {
472		return false;
473		}
474
475		if ( empty( $id ) ) {
476		return false;
477		}
478
479		return absint( $id );
480
481		}
482
483		/**
484		* Handle switch blog on multi-site
485		*
486		* @since 2.0.4
487		*
488		* @access public
489		*
490		* @param $new_blog_id
491		* @param $prev_blog_id
492		*/
493		public function handle_switch_blog( $new_blog_id, $prev_blog_id ) {
494		global $wpdb;
495
496		// Bailout.
497		if ( $new_blog_id === $prev_blog_id ) {
498		return;
499		}
500
501
502		$this->table_name = str_replace(
503		1 != $prev_blog_id ? $wpdb->get_blog_prefix( $prev_blog_id ) : $wpdb->base_prefix,
504		1 != $new_blog_id ? $wpdb->get_blog_prefix( $new_blog_id ) : $wpdb->base_prefix,
505		$this->table_name
506		);
507
508		if ( $this instanceof Give_DB_Meta ) {
509		$wpdb->{$this->get_meta_type() . 'meta'} = $this->table_name;
		0 ignored issues – show Bug introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you code against a specific sub-type and not the parent class `Give_DB` as the method `get_meta_type()` does only exist in the following sub-classes of `Give_DB`: `Give_DB_Comment_Meta`, `Give_DB_Donor_Meta`, `Give_DB_Form_Meta`, `Give_DB_Log_Meta`, `Give_DB_Meta`, `Give_DB_Payment_Meta`. Maybe you want to `instanceof` check for one of these explicitly? Let’s take a look at an example: abstract class User { /** @return string / abstract public function getPassword(); } class MyUser extends User { public function getPassword() { // return something } public function getDisplayName() { // return some name. } } class AuthSystem { public function authenticate(User $user) { $this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName())); // do something. } } In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break. Available Fixes Change the type-hint for the parameter: class AuthSystem { public function authenticate(MyUser $user) { / ... / } } Add an additional type-check: class AuthSystem { public function authenticate(User $user) { if ($user instanceof MyUser) { $this->logger->info(/* ... /); } // or alternatively if ( ! $user instanceof MyUser) { throw new \LogicException( '$user must be an instance of MyUser, ' .'other instances are not supported.' ); } } } Note:* PHP Analyzer uses reverse abstract interpretation to narrow down the types inside the if block in such a case. Add the method to the parent class: abstract class User { /** @return string / abstract public function getPassword(); /* @return string */ abstract public function getDisplayName(); } Loading history...
510		}
511
512		}
513		}
514

impress-org / give

Issues (1282)

Security Analysis not enabled

includes/database/class-give-db.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like