Issues in timber-comment.php (master) - Issues in master - jarednova/timber - Measure and Improve Code Quality continuously with Scrutinizer

Issues (311)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/timber-comment.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * The TimberComment class is used to view the output of comments. 99% of the time this will be in the context of the comments on a post. However you can also fetch a comment directly using its comment ID.
 * @example
 * ```php
 * $comment = new TimberComment($comment_id);
 * $context['comment_of_the_day'] = $comment;
 * Timber::render('index.twig', $context);
 * ```
 *
 * ```twig
 * <p class="comment">{{comment_of_the_day.content}}</p>
 * <p class="comment-attribution">- {{comment.author.name}}</p>
 * ```
 *
 * ```html
 * <p class="comment">But, O Sarah! If the dead can come back to this earth and flit unseen around those they loved, I shall always be near you; in the garish day and in the darkest night -- amidst your happiest scenes and gloomiest hours - always, always; and if there be a soft breeze upon your cheek, it shall be my breath; or the cool air fans your throbbing temple, it shall be my spirit passing by.</p>
 * <p class="comment-attribution">- Sullivan Ballou</p>
 * ```
 */
class TimberComment extends TimberCore implements TimberCoreInterface {

	public $PostClass = 'TimberPost';
	public $object_type = 'comment';

	public static $representation = 'comment';

	public $ID;
	public $id;
	public $comment_author_email;
	public $comment_content;
	public $comment_date;
	public $comment_ID;
	public $user_id;
	public $comment_author;

	public $children = array();

	/**
	 * @param int $cid
	 */
	function __construct($cid) {

		$this->init($cid);
	}

	function __toString() {

		return $this->content();
	}

	/**
	 * @internal
	 * @param integer $cid
	 */
	function init($cid) {

		$comment_data = $cid;
		if (is_integer($cid)) {
			$comment_data = get_comment($cid);
		}
		$this->import($comment_data);
		$this->ID = $this->comment_ID;
		$this->id = $this->comment_ID;
		$comment_meta_data = $this->get_meta_fields($this->ID);
		$this->import($comment_meta_data);
	}

	/**
	 * @api
	 * @example
	 * ```twig
	 * <h3>Comments by...</h3>
	 * <ol>
	 * {% for comment in post.comments %}
	 * 	<li>{{comment.author.name}}, who is a {{comment.author.role}}</li>
	 * {% endfor %}
	 * </ol>
	 * ```
	 * ```html
	 * <h3>Comments by...</h3>
	 * <ol>
	 * 	<li>Jared Novack, who is a contributor</li>
	 * 	<li>Katie Ricci, who is a subscriber</li>
	 * 	<li>Rebecca Pearl, who is a author</li>
	 * </ol>
	 * ```
	 * @return TimberUser
	 */
	public function author() {
		if ($this->user_id) {
			return new TimberUser($this->user_id);
		} else {
			$author = new TimberUser(0);
			if (isset($this->comment_author) && $this->comment_author) {
				$author->name = $this->comment_author;
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
			} else {
				$author->name = 'Anonymous';
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
			}
		}
		return $author;
	}

	/**
	 * Fetches the Gravatar
	 * @api
	 * @example
	 * ```twig
	 * <img src="{{comment.avatar(36,template_uri~"/img/dude.jpg")}}" alt="Image of {{comment.author.name}}" />
	 * ```
	 * ```html
	 * <img src="http://gravatar.com/i/sfsfsdfasdfsfa.jpg" alt="Image of Katherine Rich" />
	 * ```
	 * @param int $size
	 * @param string $default
	 * @return bool|mixed|string
	 */
	public function avatar($size = 92, $default = '') {
		if (!get_option('show_avatars')) {
			return false;
		}
		if (!is_numeric($size)) {
			$size = '92';
		}

		$email = $this->avatar_email();
		$email_hash = '';
		if (!empty($email)) {
			$email_hash = md5(strtolower(trim($email)));
		}
		$host = $this->avatar_host($email_hash);
		$default = $this->avatar_default($default, $email, $size, $host);
		if (!empty($email)) {
			$avatar = $this->avatar_out($default, $host, $email_hash, $size);
		} else {
			$avatar = $default;
		}
		return $avatar;
	}

	/**
	 * @api
	 * @return string
	 */
	public function content() {
		return apply_filters('get_comment_text ', $this->comment_content);
	}

	/**
	 * @api
	 * @example
	 * ```twig
	 * {% if comment.approved %}
	 * 	Your comment is good
	 * {% else %}
	 * 	Do you kiss your mother with that mouth?
	 * {% endif %}
	 * ```
	 * @return boolean
	 */
	public function approved() {
		return $this->comment_approved;
	}

	/**
	 * @api
	 * @example
	 * ```twig
	 * {% for comment in post.comments %}
	 * <article class="comment">
	 *   <p class="date">Posted on {{ comment.date }}:</p>
	 *   <p class="comment">{{ comment.content }}</p>
	 * </article>
	 * {% endfor %}
	 * ```
	 * ```html
	 * <article class="comment">
	 *   <p class="date">Posted on September 28, 2015:</p>
	 *   <p class="comment">Happy Birthday!</p>
	 * </article>
	 * ```
	 * @return string
	 */
	public function date( $date_format = '' ) {
		$df = $date_format ? $date_format : get_option('date_format');
		$the_date = (string)mysql2date($df, $this->comment_date);
		return apply_filters('get_comment_date ', $the_date, $df);
	}

	/**
	 * @api
	 * @example
	 * ```twig
	 * {% for comment in post.comments %}
	 * <article class="comment">
	 *   <p class="date">Posted on {{ comment.date }} at {{comment.time}}:</p>
	 *   <p class="comment">{{ comment.content }}</p>
	 * </article>
	 * {% endfor %}
	 * ```
	 * ```html
	 * <article class="comment">
	 *   <p class="date">Posted on September 28, 2015 at 12:45 am:</p>
	 *   <p class="comment">Happy Birthday!</p>
	 * </article>
	 * ```
	 * @return string
	 */
	public function time( $time_format = '' ) {
		$tf = $time_format ? $time_format : get_option('time_format');
		$the_time = (string)mysql2date($tf, $this->comment_date);
		return apply_filters('get_comment_time', $the_time, $tf);
	}

	/**
	 * @param string $field_name
	 * @return mixed
	 */
	public function meta($field_name) {
		return $this->get_meta_field($field_name);
	}

	/**
	 * @api
	 * @return bool
	 */
	public function is_child() {
		return $this->comment_parent > 0;
	}

	/**
	 * @internal
	 * @param int $comment_id
	 * @return mixed
	 */
	protected function get_meta_fields($comment_id = null) {
		if ($comment_id === null) {
			$comment_id = $this->ID;
		}
		//Could not find a WP function to fetch all comment meta data, so I made one.
		apply_filters('timber_comment_get_meta_pre', array(), $comment_id);
		$comment_metas = get_comment_meta($comment_id);
		foreach ($comment_metas as &$cm) {
			if (is_array($cm) && count($cm) == 1) {
				$cm = $cm[0];
			}
		}
		$comment_metas = apply_filters('timber_comment_get_meta', $comment_metas, $comment_id);
		return $comment_metas;
	}

	/**
	 * @internal
	 * @param string $field_name
	 * @return mixed
	 */
	protected function get_meta_field($field_name) {
		$value = apply_filters('timber_comment_get_meta_field_pre', null, $this->ID, $field_name, $this);
		if ($value === null) {
			$value = get_comment_meta($this->ID, $field_name, true);
		}
		$value = apply_filters('timber_comment_get_meta_field', $value, $this->ID, $field_name, $this);
		return $value;
	}

	/**
	 * Enqueue the WP threaded comments javascript,
	 * and fetch the reply link for various comments.
	 * @api
	 * @return string
	 */
	public function reply_link( $reply_text = 'Reply' ) {
		if ( is_singular() && comments_open() && get_option('thread_comments') ) {
			wp_enqueue_script( 'comment-reply' );
		}

		// Get the comments depth option from the admin panel
		$max_depth = get_option('thread_comments_depth');

		// Default args
		$args = array(
			'add_below' => 'comment',
			'respond_id' => 'respond',
			'reply_text' => $reply_text,
			'depth' => 1,
			'max_depth' => $max_depth,
		);

		return get_comment_reply_link( $args, $this->ID, $this->post_id );
	}

	/* AVATAR Stuff
	======================= */

	/**
	 * @internal
	 * @return string
	 */
	protected function avatar_email() {
		$id = (int)$this->user_id;
		$user = get_userdata($id);
		if ($user) {
			$email = $user->user_email;
		} else {
			$email = $this->comment_author_email;
		}
		return $email;
	}

	/**
	 * @internal
	 * @param string $email_hash
	 * @return string
	 */
	protected function avatar_host($email_hash) {
		if (is_ssl()) {
			$host = 'https://secure.gravatar.com';
		} else {
			if (!empty($email_hash)) {
				$host = sprintf("http://%d.gravatar.com", (hexdec($email_hash[0]) % 2));
			} else {
				$host = 'http://0.gravatar.com';
			}
		}
		return $host;
	}

	/**
	 * @internal
	 * @todo  what if it's relative?
	 * @param string $default
	 * @param string $email
	 * @param string $size
	 * @param string $host
	 * @return string
	 */
	protected function avatar_default($default, $email, $size, $host) {
		if (substr($default, 0, 1) == '/') {
			$default = home_url() . $default;
		}

		if (empty($default)) {
			$avatar_default = get_option('avatar_default');
			if (empty($avatar_default)) {
				$default = 'mystery';
			} else {
				$default = $avatar_default;
			}
		}
		if ('mystery' == $default) {
			$default = $host . '/avatar/ad516503a11cd5ca435acc9bb6523536?s=' . $size;
			// ad516503a11cd5ca435acc9bb6523536 == md5('[email protected]')
		} else if ('blank' == $default) {
			$default = $email ? 'blank' : includes_url('images/blank.gif');
		} else if (!empty($email) && 'gravatar_default' == $default) {
			$default = '';
		} else if ('gravatar_default' == $default) {
			$default = $host . '/avatar/?s=' . $size;
		} else if (empty($email) && !strstr($default, 'http://')) {
			$default = $host . '/avatar/?d=' . $default . '&amp;s=' . $size;
		}
		return $default;
	}

	/**
	 * @internal
	 * @param string $default
	 * @param string $host
	 * @param string $email_hash
	 * @param string $size
	 * @return mixed
	 */
	protected function avatar_out($default, $host, $email_hash, $size) {
		$out = $host . '/avatar/' . $email_hash . '?s=' . $size . '&amp;d=' . urlencode($default);
		$rating = get_option('avatar_rating');
		if (!empty($rating)) {
			$out .= '&amp;r=' . $rating;
		}
		return str_replace('&#038;', '&amp;', esc_url($out));
	}

}


1		<?php
2
3		/**
4		* The TimberComment class is used to view the output of comments. 99% of the time this will be in the context of the comments on a post. However you can also fetch a comment directly using its comment ID.
5		* @example
6		* ```php
7		* $comment = new TimberComment($comment_id);
8		* $context['comment_of_the_day'] = $comment;
9		* Timber::render('index.twig', $context);
10		* ```
11		*
12		* ```twig
13		* <p class="comment">{{comment_of_the_day.content}}</p>
14		* <p class="comment-attribution">- {{comment.author.name}}</p>
15		* ```
16		*
17		* ```html
18		* <p class="comment">But, O Sarah! If the dead can come back to this earth and flit unseen around those they loved, I shall always be near you; in the garish day and in the darkest night -- amidst your happiest scenes and gloomiest hours - always, always; and if there be a soft breeze upon your cheek, it shall be my breath; or the cool air fans your throbbing temple, it shall be my spirit passing by.</p>
19		* <p class="comment-attribution">- Sullivan Ballou</p>
20		* ```
21		*/
22		class TimberComment extends TimberCore implements TimberCoreInterface {
23
24		public $PostClass = 'TimberPost';
25		public $object_type = 'comment';
26
27		public static $representation = 'comment';
28
29		public $ID;
30		public $id;
31		public $comment_author_email;
32		public $comment_content;
33		public $comment_date;
34		public $comment_ID;
35		public $user_id;
36		public $comment_author;
37
38		public $children = array();
39
40		/**
41		* @param int $cid
42		*/
43		function __construct($cid) {
		0 ignored issues – show Best Practice introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
44		$this->init($cid);
45		}
46
47		function __toString() {
		0 ignored issues – show Best Practice introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
48		return $this->content();
49		}
50
51		/**
52		* @internal
53		* @param integer $cid
54		*/
55		function init($cid) {
		0 ignored issues – show Best Practice introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
56		$comment_data = $cid;
57		if (is_integer($cid)) {
58		$comment_data = get_comment($cid);
59		}
60		$this->import($comment_data);
61		$this->ID = $this->comment_ID;
62		$this->id = $this->comment_ID;
63		$comment_meta_data = $this->get_meta_fields($this->ID);
64		$this->import($comment_meta_data);
65		}
66
67		/**
68		* @api
69		* @example
70		* ```twig
71		* <h3>Comments by...</h3>
72		* <ol>
73		* {% for comment in post.comments %}
74		* <li>{{comment.author.name}}, who is a {{comment.author.role}}</li>
75		* {% endfor %}
76		* </ol>
77		* ```
78		* ```html
79		* <h3>Comments by...</h3>
80		* <ol>
81		* <li>Jared Novack, who is a contributor</li>
82		* <li>Katie Ricci, who is a subscriber</li>
83		* <li>Rebecca Pearl, who is a author</li>
84		* </ol>
85		* ```
86		* @return TimberUser
87		*/
88		public function author() {
89		if ($this->user_id) {
90		return new TimberUser($this->user_id);
91		} else {
92		$author = new TimberUser(0);
93		if (isset($this->comment_author) && $this->comment_author) {
94		$author->name = $this->comment_author;
		0 ignored issues – show Documentation introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `name` does not exist on `object<TimberUser>`. Since you implemented `__set`, maybe consider adding a @property annotation. Since your code implements the magic setter `_set`, this function will be called for any write access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
95		} else {
96		$author->name = 'Anonymous';
		0 ignored issues – show Documentation introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `name` does not exist on `object<TimberUser>`. Since you implemented `__set`, maybe consider adding a @property annotation. Since your code implements the magic setter `_set`, this function will be called for any write access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
97		}
98		}
99		return $author;
100		}
101
102		/**
103		* Fetches the Gravatar
104		* @api
105		* @example
106		* ```twig
107		* <img src="{{comment.avatar(36,template_uri~"/img/dude.jpg")}}" alt="Image of {{comment.author.name}}" />
108		* ```
109		* ```html
110		* <img src="http://gravatar.com/i/sfsfsdfasdfsfa.jpg" alt="Image of Katherine Rich" />
111		* ```
112		* @param int $size
113		* @param string $default
114		* @return bool\|mixed\|string
115		*/
116		public function avatar($size = 92, $default = '') {
117		if (!get_option('show_avatars')) {
118		return false;
119		}
120		if (!is_numeric($size)) {
121		$size = '92';
122		}
123
124		$email = $this->avatar_email();
125		$email_hash = '';
126		if (!empty($email)) {
127		$email_hash = md5(strtolower(trim($email)));
128		}
129		$host = $this->avatar_host($email_hash);
130		$default = $this->avatar_default($default, $email, $size, $host);
131		if (!empty($email)) {
132		$avatar = $this->avatar_out($default, $host, $email_hash, $size);
133		} else {
134		$avatar = $default;
135		}
136		return $avatar;
137		}
138
139		/**
140		* @api
141		* @return string
142		*/
143		public function content() {
144		return apply_filters('get_comment_text ', $this->comment_content);
145		}
146
147		/**
148		* @api
149		* @example
150		* ```twig
151		* {% if comment.approved %}
152		* Your comment is good
153		* {% else %}
154		* Do you kiss your mother with that mouth?
155		* {% endif %}
156		* ```
157		* @return boolean
158		*/
159		public function approved() {
160		return $this->comment_approved;
161		}
162
163		/**
164		* @api
165		* @example
166		* ```twig
167		* {% for comment in post.comments %}
168		* <article class="comment">
169		* <p class="date">Posted on {{ comment.date }}:</p>
170		* <p class="comment">{{ comment.content }}</p>
171		* </article>
172		* {% endfor %}
173		* ```
174		* ```html
175		* <article class="comment">
176		* <p class="date">Posted on September 28, 2015:</p>
177		* <p class="comment">Happy Birthday!</p>
178		* </article>
179		* ```
180		* @return string
181		*/
182		public function date( $date_format = '' ) {
183		$df = $date_format ? $date_format : get_option('date_format');
184		$the_date = (string)mysql2date($df, $this->comment_date);
185		return apply_filters('get_comment_date ', $the_date, $df);
186		}
187
188		/**
189		* @api
190		* @example
191		* ```twig
192		* {% for comment in post.comments %}
193		* <article class="comment">
194		* <p class="date">Posted on {{ comment.date }} at {{comment.time}}:</p>
195		* <p class="comment">{{ comment.content }}</p>
196		* </article>
197		* {% endfor %}
198		* ```
199		* ```html
200		* <article class="comment">
201		* <p class="date">Posted on September 28, 2015 at 12:45 am:</p>
202		* <p class="comment">Happy Birthday!</p>
203		* </article>
204		* ```
205		* @return string
206		*/
207		public function time( $time_format = '' ) {
208		$tf = $time_format ? $time_format : get_option('time_format');
209		$the_time = (string)mysql2date($tf, $this->comment_date);
210		return apply_filters('get_comment_time', $the_time, $tf);
211		}
212
213		/**
214		* @param string $field_name
215		* @return mixed
216		*/
217		public function meta($field_name) {
218		return $this->get_meta_field($field_name);
219		}
220
221		/**
222		* @api
223		* @return bool
224		*/
225		public function is_child() {
226		return $this->comment_parent > 0;
227		}
228
229		/**
230		* @internal
231		* @param int $comment_id
232		* @return mixed
233		*/
234		protected function get_meta_fields($comment_id = null) {
235		if ($comment_id === null) {
236		$comment_id = $this->ID;
237		}
238		//Could not find a WP function to fetch all comment meta data, so I made one.
239		apply_filters('timber_comment_get_meta_pre', array(), $comment_id);
240		$comment_metas = get_comment_meta($comment_id);
241		foreach ($comment_metas as &$cm) {
242		if (is_array($cm) && count($cm) == 1) {
243		$cm = $cm[0];
244		}
245		}
246		$comment_metas = apply_filters('timber_comment_get_meta', $comment_metas, $comment_id);
247		return $comment_metas;
248		}
249
250		/**
251		* @internal
252		* @param string $field_name
253		* @return mixed
254		*/
255	View Code Duplication	protected function get_meta_field($field_name) {
256		$value = apply_filters('timber_comment_get_meta_field_pre', null, $this->ID, $field_name, $this);
257		if ($value === null) {
258		$value = get_comment_meta($this->ID, $field_name, true);
259		}
260		$value = apply_filters('timber_comment_get_meta_field', $value, $this->ID, $field_name, $this);
261		return $value;
262		}
263
264		/**
265		* Enqueue the WP threaded comments javascript,
266		* and fetch the reply link for various comments.
267		* @api
268		* @return string
269		*/
270		public function reply_link( $reply_text = 'Reply' ) {
271		if ( is_singular() && comments_open() && get_option('thread_comments') ) {
272		wp_enqueue_script( 'comment-reply' );
273		}
274
275		// Get the comments depth option from the admin panel
276		$max_depth = get_option('thread_comments_depth');
277
278		// Default args
279		$args = array(
280		'add_below' => 'comment',
281		'respond_id' => 'respond',
282		'reply_text' => $reply_text,
283		'depth' => 1,
284		'max_depth' => $max_depth,
285		);
286
287		return get_comment_reply_link( $args, $this->ID, $this->post_id );
288		}
289
290		/* AVATAR Stuff
291		======================= */
292
293		/**
294		* @internal
295		* @return string
296		*/
297		protected function avatar_email() {
298		$id = (int)$this->user_id;
299		$user = get_userdata($id);
300		if ($user) {
301		$email = $user->user_email;
302		} else {
303		$email = $this->comment_author_email;
304		}
305		return $email;
306		}
307
308		/**
309		* @internal
310		* @param string $email_hash
311		* @return string
312		*/
313		protected function avatar_host($email_hash) {
314		if (is_ssl()) {
315		$host = 'https://secure.gravatar.com';
316		} else {
317		if (!empty($email_hash)) {
318		$host = sprintf("http://%d.gravatar.com", (hexdec($email_hash[0]) % 2));
319		} else {
320		$host = 'http://0.gravatar.com';
321		}
322		}
323		return $host;
324		}
325
326		/**
327		* @internal
328		* @todo what if it's relative?
329		* @param string $default
330		* @param string $email
331		* @param string $size
332		* @param string $host
333		* @return string
334		*/
335		protected function avatar_default($default, $email, $size, $host) {
336		if (substr($default, 0, 1) == '/') {
337		$default = home_url() . $default;
338		}
339
340		if (empty($default)) {
341		$avatar_default = get_option('avatar_default');
342		if (empty($avatar_default)) {
343		$default = 'mystery';
344		} else {
345		$default = $avatar_default;
346		}
347		}
348		if ('mystery' == $default) {
349		$default = $host . '/avatar/ad516503a11cd5ca435acc9bb6523536?s=' . $size;
350		// ad516503a11cd5ca435acc9bb6523536 == md5('[email protected]')
351		} else if ('blank' == $default) {
352		$default = $email ? 'blank' : includes_url('images/blank.gif');
353		} else if (!empty($email) && 'gravatar_default' == $default) {
354		$default = '';
355		} else if ('gravatar_default' == $default) {
356		$default = $host . '/avatar/?s=' . $size;
357		} else if (empty($email) && !strstr($default, 'http://')) {
358		$default = $host . '/avatar/?d=' . $default . '&s=' . $size;
359		}
360		return $default;
361		}
362
363		/**
364		* @internal
365		* @param string $default
366		* @param string $host
367		* @param string $email_hash
368		* @param string $size
369		* @return mixed
370		*/
371		protected function avatar_out($default, $host, $email_hash, $size) {
372		$out = $host . '/avatar/' . $email_hash . '?s=' . $size . '&d=' . urlencode($default);
373		$rating = get_option('avatar_rating');
374		if (!empty($rating)) {
375		$out .= '&r=' . $rating;
376		}
377		return str_replace('&', '&', esc_url($out));
378		}
379
380		}
381

jarednova / timber

Issues (311)

Security Analysis not enabled

lib/timber-comment.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like