Issues in functions.php (master) - Issues in master - impress-org/give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1282)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/gateways/functions.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Gateway Functions
 *
 * @package     Give
 * @subpackage  Gateways
 * @copyright   Copyright (c) 2016, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       1.0
 */

// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Returns a list of all available gateways.
 *
 * @since 1.0
 * @return array $gateways All the available gateways
 */
function give_get_payment_gateways() {
	// Default, built-in gateways
	$gateways = Give_Cache_Setting::get_option( 'gateways', array() );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

	return apply_filters( 'give_payment_gateways', $gateways );

}

/**
 * Returns a list of all enabled gateways.
 *
 * @since  1.0
 *
 * @param  int $form_id Form ID
 *
 * @return array $gateway_list All the available gateways
 */
function give_get_enabled_payment_gateways( $form_id = 0 ) {

	$gateways = give_get_payment_gateways();

	$enabled = isset( $_POST['gateways'] ) ? $_POST['gateways'] : give_get_option( 'gateways' );

	$gateway_list = array();

	foreach ( $gateways as $key => $gateway ) {
		if ( isset( $enabled[ $key ] ) && $enabled[ $key ] == 1 ) {
			$gateway_list[ $key ] = $gateway;
		}
	}

	// Set order of payment gateway in list.
	$gateway_list = give_get_ordered_payment_gateways( $gateway_list );

	return apply_filters( 'give_enabled_payment_gateways', $gateway_list, $form_id );
}

/**
 * Checks whether a specified gateway is activated.
 *
 * @since 1.0
 *
 * @param string $gateway Name of the gateway to check for
 *
 * @return boolean true if enabled, false otherwise
 */
function give_is_gateway_active( $gateway ) {
	$gateways = give_get_enabled_payment_gateways();

	$ret = array_key_exists( $gateway, $gateways );

	return apply_filters( 'give_is_gateway_active', $ret, $gateway, $gateways );
}

/**
 * Gets the default payment gateway selected from the Give Settings
 *
 * @since 1.0
 *
 * @param  $form_id      int ID of the Give Form
 *
 * @return string Gateway ID
 */
function give_get_default_gateway( $form_id ) {

	$enabled_gateways = array_keys( give_get_enabled_payment_gateways() );
	$default_gateway  = give_get_option('default_gateway');
	$default          = ! empty( $default_gateway ) && give_is_gateway_active( $default_gateway ) ? $default_gateway : $enabled_gateways[0];
	$form_default     = give_get_meta( $form_id, '_give_default_gateway', true );

	// Single Form settings varies compared to the Global default settings.
	if (
		! empty( $form_default ) &&
		$form_id !== null &&
		$default !== $form_default &&
		'global' !== $form_default &&
		give_is_gateway_active( $form_default )
	) {
		$default = $form_default;
	}

	return apply_filters( 'give_default_gateway', $default );
}

/**
 * Returns the admin label for the specified gateway
 *
 * @since 1.0
 *
 * @param string $gateway Name of the gateway to retrieve a label for
 *
 * @return string Gateway admin label
 */
function give_get_gateway_admin_label( $gateway ) {

	$gateways = give_get_payment_gateways();
	$label    = isset( $gateways[ $gateway ] ) ? $gateways[ $gateway ]['admin_label'] : $gateway;

	if ( $gateway == 'manual' ) {
		$label = __( 'Test Donation', 'give' );
	}

	return apply_filters( 'give_gateway_admin_label', $label, $gateway );
}

/**
 * Returns the checkout label for the specified gateway
 *
 * @since 1.0
 *
 * @param string $gateway Name of the gateway to retrieve a label for
 *
 * @return string Checkout label for the gateway
 */
function give_get_gateway_checkout_label( $gateway ) {

	$gateways = give_get_payment_gateways();
	$label    = isset( $gateways[ $gateway ] ) ? $gateways[ $gateway ]['checkout_label'] : $gateway;

	if ( $gateway == 'manual' ) {
		$label = __( 'Test Donation', 'give' );
	}

	return apply_filters( 'give_gateway_checkout_label', $label, $gateway );
}

/**
 * Returns the options a gateway supports
 *
 * @since 1.8
 *
 * @param string $gateway ID of the gateway to retrieve a label for
 *
 * @return array Options the gateway supports
 */
function give_get_gateway_supports( $gateway ) {
	$gateways = give_get_enabled_payment_gateways();
	$supports = isset( $gateways[ $gateway ]['supports'] ) ? $gateways[ $gateway ]['supports'] : array();

	return apply_filters( 'give_gateway_supports', $supports, $gateway );
}

/**
 * Sends all the payment data to the specified gateway
 *
 * @since 1.0
 *
 * @param string $gateway      Name of the gateway
 * @param array  $payment_data All the payment data to be sent to the gateway
 *
 * @return void
 */
function give_send_to_gateway( $gateway, $payment_data ) {

	$payment_data['gateway_nonce'] = wp_create_nonce( 'give-gateway' );

	/**
	 * Fires while loading payment gateway via AJAX.
	 *
	 * The dynamic portion of the hook name '$gateway' must match the ID used when registering the gateway.
	 *
	 * @since 1.0
	 *
	 * @param array $payment_data All the payment data to be sent to the gateway.
	 */
	do_action( "give_gateway_{$gateway}", $payment_data );
}


/**
 * Determines the currently selected donation payment gateway.
 *
 * @access public
 * @since  1.0
 *
 * @param  int $form_id The ID of the Form
 *
 * @return string $enabled_gateway The slug of the gateway
 */
function give_get_chosen_gateway( $form_id ) {

	$request_form_id = isset( $_REQUEST['give_form_id'] ) ? $_REQUEST['give_form_id'] : 0;

	// Back to check if 'form-id' is present.
	if ( empty( $request_form_id ) ) {
		$request_form_id = isset( $_REQUEST['form-id'] ) ? $_REQUEST['form-id'] : 0;
	}

	$request_payment_mode = isset( $_REQUEST['payment-mode'] ) ? $_REQUEST['payment-mode'] : '';
	$chosen               = false;

	// If both 'payment-mode' and 'form-id' then set for only this form.
	if ( ! empty( $request_form_id ) && $form_id == $request_form_id ) {
		$chosen = $request_payment_mode;
	} elseif ( empty( $request_form_id ) && $request_payment_mode ) {
		// If no 'form-id' but there is 'payment-mode'.
		$chosen = $request_payment_mode;
	}

	// Get the enable gateway based of chosen var.
	if ( $chosen && give_is_gateway_active( $chosen ) ) {
		$enabled_gateway = urldecode( $chosen );
	} else {
		$enabled_gateway = give_get_default_gateway( $form_id );
	}

	return apply_filters( 'give_chosen_gateway', $enabled_gateway );

}

/**
 * Record a log entry
 *
 * A wrapper function for the Give_Logging class add() method.
 *
 * @since  1.0
 * @since  2.0 Use global logs object
 *
 * @param  string $title   Log title. Default is empty.
 * @param  string $message Log message. Default is empty.
 * @param  int    $parent  Parent log. Default is 0.
 * @param  string $type    Log type. Default is null.
 *
 * @return int             ID of the new log entry.
 */
function give_record_log( $title = '', $message = '', $parent = 0, $type = null ) {
	return Give()->logs->add( $title, $message, $parent, $type );
}

/**
 * Record a gateway error.
 *
 * A simple wrapper function for give_record_log().
 *
 * @access public
 * @since  1.0
 *
 * @param string $title   Title of the log entry (default: empty)
 * @param string $message Message to store in the log entry (default: empty)
 * @param int    $parent  Parent log entry (default: 0)
 *
 * @return int ID of the new log entry
 */
function give_record_gateway_error( $title = '', $message = '', $parent = 0 ) {
	$title = empty( $title ) ? esc_html__( 'Payment Error', 'give' ) : $title;

	return give_record_log( $title, $message, $parent, 'gateway_error' );
}

/**
 * Counts the number of donations made with a gateway.
 *
 * @since 1.0
 *
 * @param string $gateway_id
 * @param array|string $status
 *
 * @return int
 */
function give_count_sales_by_gateway( $gateway_id = 'paypal', $status = 'publish' ) {

	$ret  = 0;
	$args = array(
		'meta_key'    => '_give_payment_gateway',
		'meta_value'  => $gateway_id,
		'nopaging'    => true,
		'post_type'   => 'give_payment',
		'post_status' => $status,
		'fields'      => 'ids',
	);

	$payments = new WP_Query( $args );

	if ( $payments ) {
		$ret = $payments->post_count;
	}

	return $ret;
}


/**
 * Returns a ordered list of all available gateways.
 *
 * @since 1.4.5
 *
 * @param array $gateways List of payment gateways
 *
 * @return array $gateways All the available gateways
 */
function give_get_ordered_payment_gateways( $gateways ) {

	// Get gateways setting.
	$gateways_setting = isset( $_POST['gateways'] ) ? $_POST['gateways'] : give_get_option( 'gateways' );

	// Return from here if we do not have gateways setting.
	if ( empty( $gateways_setting ) ) {
		return $gateways;
	}

	// Reverse array to order payment gateways.
	$gateways_setting = array_reverse( $gateways_setting );

	// Reorder gateways array
	foreach ( $gateways_setting as $gateway_key => $value ) {

		$new_gateway_value = isset( $gateways[ $gateway_key ] ) ? $gateways[ $gateway_key ] : '';
		unset( $gateways[ $gateway_key ] );

		if ( ! empty( $new_gateway_value ) ) {
			$gateways = array_merge( array( $gateway_key => $new_gateway_value ), $gateways );
		}
	}

	/**
	 * Filter payment gateways order.
	 *
	 * @since 1.7
	 *
	 * @param array $gateways All the available gateways
	 */
	return apply_filters( 'give_payment_gateways_order', $gateways );
}


1		<?php
2		/**
3		* Gateway Functions
4		*
5		* @package Give
6		* @subpackage Gateways
7		* @copyright Copyright (c) 2016, GiveWP
8		* @license https://opensource.org/licenses/gpl-license GNU Public License
9		* @since 1.0
10		*/
11
12		// Exit if accessed directly.
13		if ( ! defined( 'ABSPATH' ) ) {
14		exit;
15		}
16
17		/**
18		* Returns a list of all available gateways.
19		*
20		* @since 1.0
21		* @return array $gateways All the available gateways
22		*/
23		function give_get_payment_gateways() {
24		// Default, built-in gateways
25		$gateways = Give_Cache_Setting::get_option( 'gateways', array() );
		0 ignored issues – show Documentation introduced 2019-07-11 04:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this `array()` is of type `array`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
26
27		return apply_filters( 'give_payment_gateways', $gateways );
28
29		}
30
31		/**
32		* Returns a list of all enabled gateways.
33		*
34		* @since 1.0
35		*
36		* @param int $form_id Form ID
37		*
38		* @return array $gateway_list All the available gateways
39		*/
40		function give_get_enabled_payment_gateways( $form_id = 0 ) {
41
42		$gateways = give_get_payment_gateways();
43
44		$enabled = isset( $_POST['gateways'] ) ? $_POST['gateways'] : give_get_option( 'gateways' );
45
46		$gateway_list = array();
47
48		foreach ( $gateways as $key => $gateway ) {
49		if ( isset( $enabled[ $key ] ) && $enabled[ $key ] == 1 ) {
50		$gateway_list[ $key ] = $gateway;
51		}
52		}
53
54		// Set order of payment gateway in list.
55		$gateway_list = give_get_ordered_payment_gateways( $gateway_list );
56
57		return apply_filters( 'give_enabled_payment_gateways', $gateway_list, $form_id );
58		}
59
60		/**
61		* Checks whether a specified gateway is activated.
62		*
63		* @since 1.0
64		*
65		* @param string $gateway Name of the gateway to check for
66		*
67		* @return boolean true if enabled, false otherwise
68		*/
69		function give_is_gateway_active( $gateway ) {
70		$gateways = give_get_enabled_payment_gateways();
71
72		$ret = array_key_exists( $gateway, $gateways );
73
74		return apply_filters( 'give_is_gateway_active', $ret, $gateway, $gateways );
75		}
76
77		/**
78		* Gets the default payment gateway selected from the Give Settings
79		*
80		* @since 1.0
81		*
82		* @param $form_id int ID of the Give Form
83		*
84		* @return string Gateway ID
85		*/
86		function give_get_default_gateway( $form_id ) {
87
88		$enabled_gateways = array_keys( give_get_enabled_payment_gateways() );
89		$default_gateway = give_get_option('default_gateway');
90		$default = ! empty( $default_gateway ) && give_is_gateway_active( $default_gateway ) ? $default_gateway : $enabled_gateways[0];
91		$form_default = give_get_meta( $form_id, '_give_default_gateway', true );
92
93		// Single Form settings varies compared to the Global default settings.
94		if (
95		! empty( $form_default ) &&
96		$form_id !== null &&
97		$default !== $form_default &&
98		'global' !== $form_default &&
99		give_is_gateway_active( $form_default )
100		) {
101		$default = $form_default;
102		}
103
104		return apply_filters( 'give_default_gateway', $default );
105		}
106
107		/**
108		* Returns the admin label for the specified gateway
109		*
110		* @since 1.0
111		*
112		* @param string $gateway Name of the gateway to retrieve a label for
113		*
114		* @return string Gateway admin label
115		*/
116	View Code Duplication	function give_get_gateway_admin_label( $gateway ) {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
117		$gateways = give_get_payment_gateways();
118		$label = isset( $gateways[ $gateway ] ) ? $gateways[ $gateway ]['admin_label'] : $gateway;
119
120		if ( $gateway == 'manual' ) {
121		$label = __( 'Test Donation', 'give' );
122		}
123
124		return apply_filters( 'give_gateway_admin_label', $label, $gateway );
125		}
126
127		/**
128		* Returns the checkout label for the specified gateway
129		*
130		* @since 1.0
131		*
132		* @param string $gateway Name of the gateway to retrieve a label for
133		*
134		* @return string Checkout label for the gateway
135		*/
136	View Code Duplication	function give_get_gateway_checkout_label( $gateway ) {
		0 ignored issues – show Duplication introduced 2018-10-24 21:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
137		$gateways = give_get_payment_gateways();
138		$label = isset( $gateways[ $gateway ] ) ? $gateways[ $gateway ]['checkout_label'] : $gateway;
139
140		if ( $gateway == 'manual' ) {
141		$label = __( 'Test Donation', 'give' );
142		}
143
144		return apply_filters( 'give_gateway_checkout_label', $label, $gateway );
145		}
146
147		/**
148		* Returns the options a gateway supports
149		*
150		* @since 1.8
151		*
152		* @param string $gateway ID of the gateway to retrieve a label for
153		*
154		* @return array Options the gateway supports
155		*/
156		function give_get_gateway_supports( $gateway ) {
157		$gateways = give_get_enabled_payment_gateways();
158		$supports = isset( $gateways[ $gateway ]['supports'] ) ? $gateways[ $gateway ]['supports'] : array();
159
160		return apply_filters( 'give_gateway_supports', $supports, $gateway );
161		}
162
163		/**
164		* Sends all the payment data to the specified gateway
165		*
166		* @since 1.0
167		*
168		* @param string $gateway Name of the gateway
169		* @param array $payment_data All the payment data to be sent to the gateway
170		*
171		* @return void
172		*/
173		function give_send_to_gateway( $gateway, $payment_data ) {
174
175		$payment_data['gateway_nonce'] = wp_create_nonce( 'give-gateway' );
176
177		/**
178		* Fires while loading payment gateway via AJAX.
179		*
180		* The dynamic portion of the hook name '$gateway' must match the ID used when registering the gateway.
181		*
182		* @since 1.0
183		*
184		* @param array $payment_data All the payment data to be sent to the gateway.
185		*/
186		do_action( "give_gateway_{$gateway}", $payment_data );
187		}
188
189
190		/**
191		* Determines the currently selected donation payment gateway.
192		*
193		* @access public
194		* @since 1.0
195		*
196		* @param int $form_id The ID of the Form
197		*
198		* @return string $enabled_gateway The slug of the gateway
199		*/
200		function give_get_chosen_gateway( $form_id ) {
201
202		$request_form_id = isset( $_REQUEST['give_form_id'] ) ? $_REQUEST['give_form_id'] : 0;
203
204		// Back to check if 'form-id' is present.
205		if ( empty( $request_form_id ) ) {
206		$request_form_id = isset( $_REQUEST['form-id'] ) ? $_REQUEST['form-id'] : 0;
207		}
208
209		$request_payment_mode = isset( $_REQUEST['payment-mode'] ) ? $_REQUEST['payment-mode'] : '';
210		$chosen = false;
211
212		// If both 'payment-mode' and 'form-id' then set for only this form.
213		if ( ! empty( $request_form_id ) && $form_id == $request_form_id ) {
214		$chosen = $request_payment_mode;
215		} elseif ( empty( $request_form_id ) && $request_payment_mode ) {
216		// If no 'form-id' but there is 'payment-mode'.
217		$chosen = $request_payment_mode;
218		}
219
220		// Get the enable gateway based of chosen var.
221		if ( $chosen && give_is_gateway_active( $chosen ) ) {
222		$enabled_gateway = urldecode( $chosen );
223		} else {
224		$enabled_gateway = give_get_default_gateway( $form_id );
225		}
226
227		return apply_filters( 'give_chosen_gateway', $enabled_gateway );
228
229		}
230
231		/**
232		* Record a log entry
233		*
234		* A wrapper function for the Give_Logging class add() method.
235		*
236		* @since 1.0
237		* @since 2.0 Use global logs object
238		*
239		* @param string $title Log title. Default is empty.
240		* @param string $message Log message. Default is empty.
241		* @param int $parent Parent log. Default is 0.
242		* @param string $type Log type. Default is null.
243		*
244		* @return int ID of the new log entry.
245		*/
246		function give_record_log( $title = '', $message = '', $parent = 0, $type = null ) {
247		return Give()->logs->add( $title, $message, $parent, $type );
248		}
249
250		/**
251		* Record a gateway error.
252		*
253		* A simple wrapper function for give_record_log().
254		*
255		* @access public
256		* @since 1.0
257		*
258		* @param string $title Title of the log entry (default: empty)
259		* @param string $message Message to store in the log entry (default: empty)
260		* @param int $parent Parent log entry (default: 0)
261		*
262		* @return int ID of the new log entry
263		*/
264		function give_record_gateway_error( $title = '', $message = '', $parent = 0 ) {
265		$title = empty( $title ) ? esc_html__( 'Payment Error', 'give' ) : $title;
266
267		return give_record_log( $title, $message, $parent, 'gateway_error' );
268		}
269
270		/**
271		* Counts the number of donations made with a gateway.
272		*
273		* @since 1.0
274		*
275		* @param string $gateway_id
276		* @param array\|string $status
277		*
278		* @return int
279		*/
280		function give_count_sales_by_gateway( $gateway_id = 'paypal', $status = 'publish' ) {
281
282		$ret = 0;
283		$args = array(
284		'meta_key' => '_give_payment_gateway',
285		'meta_value' => $gateway_id,
286		'nopaging' => true,
287		'post_type' => 'give_payment',
288		'post_status' => $status,
289		'fields' => 'ids',
290		);
291
292		$payments = new WP_Query( $args );
293
294		if ( $payments ) {
295		$ret = $payments->post_count;
296		}
297
298		return $ret;
299		}
300
301
302		/**
303		* Returns a ordered list of all available gateways.
304		*
305		* @since 1.4.5
306		*
307		* @param array $gateways List of payment gateways
308		*
309		* @return array $gateways All the available gateways
310		*/
311		function give_get_ordered_payment_gateways( $gateways ) {
312
313		// Get gateways setting.
314		$gateways_setting = isset( $_POST['gateways'] ) ? $_POST['gateways'] : give_get_option( 'gateways' );
315
316		// Return from here if we do not have gateways setting.
317		if ( empty( $gateways_setting ) ) {
318		return $gateways;
319		}
320
321		// Reverse array to order payment gateways.
322		$gateways_setting = array_reverse( $gateways_setting );
323
324		// Reorder gateways array
325		foreach ( $gateways_setting as $gateway_key => $value ) {
326
327		$new_gateway_value = isset( $gateways[ $gateway_key ] ) ? $gateways[ $gateway_key ] : '';
328		unset( $gateways[ $gateway_key ] );
329
330		if ( ! empty( $new_gateway_value ) ) {
331		$gateways = array_merge( array( $gateway_key => $new_gateway_value ), $gateways );
332		}
333		}
334
335		/**
336		* Filter payment gateways order.
337		*
338		* @since 1.7
339		*
340		* @param array $gateways All the available gateways
341		*/
342		return apply_filters( 'give_payment_gateways_order', $gateways );
343		}
344

impress-org / give

Issues (1282)

Security Analysis not enabled

includes/gateways/functions.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like