Issues in timber-menu-item.php (master) - Issues in master - jarednova/timber - Measure and Improve Code Quality continuously with Scrutinizer

Issues (311)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/timber-menu-item.php (3 issues)

Labels

Documentation 3

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class TimberMenuItem extends TimberCore implements TimberCoreInterface {

	public $children;
	public $has_child_class = false;
	public $classes = array();
	public $class = '';
	public $level = 0;
	public $post_name;
	public $type;
	public $url;

	public $PostClass = 'TimberPost';

	protected $_name;
	protected $_menu_item_object_id;
	protected $_menu_item_url;
	protected $menu_object;
	protected $master_object;

	/**
	 *
	 *
	 * @param array|object $data
	 */
	public function __construct( $data ) {
		$data = (object) $data;
		$this->import( $data );
		$this->import_classes( $data );
		if ( isset( $this->name ) ) {
			$this->_name = $this->name;
		}
		$this->name = $this->name();
		$this->add_class( 'menu-item-' . $this->ID );
		$this->menu_object = $data;
	}

	/**
	 * @return string the label for the menu item
	 */
	public function __toString() {
		return $this->name();
	}

	/**
	 * add a class the menu item should have
	 * @param string  $class_name to be added
	 */
	public function add_class( $class_name ) {
		$this->classes[] = $class_name;
		$this->class .= ' ' . $class_name;
	}

	/**
	 * The label for the menu item
	 * @api
	 * @return string
	 */
	public function name() {
		if ( $title = $this->title() ) {
			return $title;
		}
		if ( isset( $this->_name ) ) {
			return $this->_name;
		}
		return '';
	}

	/**
	 * The slug for the menu item
	 * @api
	 * @example
	 * ```twig
	 * <ul>
	 *     {% for item in menu.items %}
	 *         <li class="{{item.slug}}">
	 *             <a href="{{item.link}}">{{item.name}}</a>
	 *          </li>
	 *     {% endfor %}
	 * </ul>
	 * @return string the slug of the menu item kinda-like-this
	 */
	public function slug() {
		if ( !isset( $this->master_object ) ) {
			$this->master_object = $this->get_master_object();
		}
		if ( isset( $this->master_object->post_name ) && $this->master_object->post_name ) {
			return $this->master_object->post_name;
		}
		return $this->post_name;
	}

	/**
	 * @internal
	 * @return mixed whatever object (Post, Term, etc.) the menu item represents
	 */
	protected function get_master_object() {
		if ( isset( $this->_menu_item_object_id ) ) {
			return new $this->PostClass( $this->_menu_item_object_id );
		}
	}

	/**
	 * @internal
	 * @see TimberMenuItem::link
	 * @return string an absolute URL http://example.org/my-page
	 */
	function get_link() {
		if ( !isset( $this->url ) || !$this->url ) {
			if ( isset( $this->_menu_item_type ) && $this->_menu_item_type == 'custom' ) {
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
				$this->url = $this->_menu_item_url;
			} else if ( isset( $this->menu_object ) && method_exists( $this->menu_object, 'get_link' ) ) {
					$this->url = $this->menu_object->get_link();
				}
		}
		return $this->url;
	}

	/**
	 * @internal
	 * @see TimberMenuItem::path()
	 * @return string a relative url /my-page
	 */
	function get_path() {
		return TimberURLHelper::get_rel_url( $this->get_link() );
	}

	/**
	 *
	 *
	 * @param TimberMenuItem $item
	 */
	function add_child( $item ) {
		if ( !$this->has_child_class ) {
			$this->add_class( 'menu-item-has-children' );
			$this->has_child_class = true;
		}
		if ( !isset( $this->children ) ) {
			$this->children = array();
		}
		$this->children[] = $item;
		$item->level = $this->level + 1;
		if ($item->children) {
			$this->update_child_levels();
		}
	}

	/**
	 *
	 * @internal
	 * @return bool 

	 */
	function update_child_levels() {
		if (is_array($this->children)) {
			foreach( $this->children as $child ) {
				$child->level = $this->level + 1;
				$child->update_child_levels();
			}
			return true;
		}
	}

	/**
	 * Imports the classes to be used in CSS
	 * @internal
	 * @param array|object  $data
	 */
	function import_classes( $data ) {
		if ( is_array($data) ) {
			$data = (object) $data;
		}
		$this->classes = array_merge( $this->classes, $data->classes );
		$this->classes = array_unique( $this->classes );
		$this->classes = apply_filters( 'nav_menu_css_class', $this->classes, $this );
		$this->class = trim( implode( ' ', $this->classes ) );
	}

	/**
	 *
	 * @internal
	 * @return array|bool
	 */
	function get_children() {
		if ( isset( $this->children ) ) {
			return $this->children;
		}
		return false;
	}

	/**
	 * Checks to see if the menu item is an external link so if my site is `example.org`, `google.com/whatever` is an external link. Helpful when creating rules for the target of a link
	 * @api
	 * @example
	 * ```twig
	 * <a href="{{ item.link }}" target="{{ item.is_external ? '_blank' : '_self' }}">
	 * ```
	 * @return bool
	 */
	function is_external() {
		if ( $this->type != 'custom' ) {
			return false;
		}
		return TimberURLHelper::is_external( $this->url );
	}

	/**
	 * @param string $key lookup key
	 * @return mixed whatever value is storied in the database
	 */
	public function meta( $key ) {
		if ( is_object( $this->menu_object ) && method_exists( $this->menu_object, 'meta' ) ) {
			return $this->menu_object->meta( $key );
		}
		if ( isset( $this->$key ) ) {
			return $this->$key;
		}
	}

	/* Aliases */

	/**
	 * Get the child [TimberMenuItems](#TimberMenuItem)s of a [TimberMenuItem](#TimberMenuItem)
	 * @api
	 * @return array|bool
	 */
	public function children() {
		return $this->get_children();
	}

	/**
	 * Checks to see if a link is external, helpful when creating rules for the target of a link
	 * @see TimberMenuItem::is_external
	 * @return bool
	 */
	public function external() {
		return $this->is_external();
	}

	/**
	 * Get the full link to a Menu Item
	 * @api
	 * @example
	 * ```twig
	 * {% for item in menu.items %}
	 *     <li><a href="{{ item.link }}">{{ item.title }}</a></li>
	 * {% endfor %}
	 * ```
	 * @return string a full URL like http://mysite.com/thing/
	 */
	public function link() {
		return $this->get_link();
	}

	/**
	 * Return the relative path of a Menu Item's link
	 * @example
	 * ```twig
	 * {% for item in menu.items %}
	 *     <li><a href="{{ item.path }}">{{ item.title }}</a></li>
	 * {% endfor %}
	 * ```
	 * @see get_path()
	 * @return string the path of a URL like /foo
	 */
	public function path() {
		return $this->get_path();
	}

	/**
	 * Gets the link a menu item points at
	 * @internal
	 * @deprecated since 0.21.7 use link instead
	 * @see link()
	 * @return string a full URL like http://mysite.com/thing/
	 */
	public function permalink() {
		return $this->get_link();
	}

	/**
	 * @internal
	 * @deprecated since 0.21.7, use link instead
	 * @see link()
	 * @return string a full URL like http://mysite.com/thing/
	 */
	public function get_permalink() {
		return $this->get_link();
	}

	/**
	 * Gets the public label for the menu item
	 * @example
	 * ```twig
	 * {% for item in menu.items %}
	 *     <li><a href="{{ item.link }}">{{ item.title }}</a></li>
	 * {% endfor %}
	 * ```
	 * @return string the public label like Foo
	 */
	public function title() {
		if ( isset( $this->__title ) ) {
			return $this->__title;
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
		}
	}

}


1			<?php
2
3			class TimberMenuItem extends TimberCore implements TimberCoreInterface {
4
5			public $children;
6			public $has_child_class = false;
7			public $classes = array();
8			public $class = '';
9			public $level = 0;
10			public $post_name;
11			public $type;
12			public $url;
13
14			public $PostClass = 'TimberPost';
15
16			protected $_name;
17			protected $_menu_item_object_id;
18			protected $_menu_item_url;
19			protected $menu_object;
20			protected $master_object;
21
22			/**
23			*
24			*
25			* @param array\|object $data
26			*/
27			public function __construct( $data ) {
28			$data = (object) $data;
29			$this->import( $data );
30			$this->import_classes( $data );
31			if ( isset( $this->name ) ) {
32			$this->_name = $this->name;
33			}
34			$this->name = $this->name();
35			$this->add_class( 'menu-item-' . $this->ID );
36			$this->menu_object = $data;
37			}
38
39			/**
40			* @return string the label for the menu item
41			*/
42			public function __toString() {
43			return $this->name();
44			}
45
46			/**
47			* add a class the menu item should have
48			* @param string $class_name to be added
49			*/
50			public function add_class( $class_name ) {
51			$this->classes[] = $class_name;
52			$this->class .= ' ' . $class_name;
53			}
54
55			/**
56			* The label for the menu item
57			* @api
58			* @return string
59			*/
60			public function name() {
61			if ( $title = $this->title() ) {
62			return $title;
63			}
64			if ( isset( $this->_name ) ) {
65			return $this->_name;
66			}
67			return '';
68			}
69
70			/**
71			* The slug for the menu item
72			* @api
73			* @example
74			* ```twig
75			* <ul>
76			* {% for item in menu.items %}
77			* <li class="{{item.slug}}">
78			* <a href="{{item.link}}">{{item.name}}</a>
79			* </li>
80			* {% endfor %}
81			* </ul>
82			* @return string the slug of the menu item kinda-like-this
83			*/
84			public function slug() {
85			if ( !isset( $this->master_object ) ) {
86			$this->master_object = $this->get_master_object();
87			}
88			if ( isset( $this->master_object->post_name ) && $this->master_object->post_name ) {
89			return $this->master_object->post_name;
90			}
91			return $this->post_name;
92			}
93
94			/**
95			* @internal
96			* @return mixed whatever object (Post, Term, etc.) the menu item represents
97			*/
98			protected function get_master_object() {
99			if ( isset( $this->_menu_item_object_id ) ) {
100			return new $this->PostClass( $this->_menu_item_object_id );
101			}
102			}
103
104			/**
105			* @internal
106			* @see TimberMenuItem::link
107			* @return string an absolute URL http://example.org/my-page
108			*/
109			function get_link() {
110			if ( !isset( $this->url ) \|\| !$this->url ) {
111			if ( isset( $this->_menu_item_type ) && $this->_menu_item_type == 'custom' ) {
			0 ignored issues – show Documentation introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `_menu_item_type` does not exist on `object<TimberMenuItem>`. Since you implemented `__get`, maybe consider adding a @property annotation. Since your code implements the magic getter `_get`, this function will be called for any read access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
112			$this->url = $this->_menu_item_url;
113			} else if ( isset( $this->menu_object ) && method_exists( $this->menu_object, 'get_link' ) ) {
114			$this->url = $this->menu_object->get_link();
115			}
116			}
117			return $this->url;
118			}
119
120			/**
121			* @internal
122			* @see TimberMenuItem::path()
123			* @return string a relative url /my-page
124			*/
125			function get_path() {
126			return TimberURLHelper::get_rel_url( $this->get_link() );
127			}
128
129			/**
130			*
131			*
132			* @param TimberMenuItem $item
133			*/
134			function add_child( $item ) {
135			if ( !$this->has_child_class ) {
136			$this->add_class( 'menu-item-has-children' );
137			$this->has_child_class = true;
138			}
139			if ( !isset( $this->children ) ) {
140			$this->children = array();
141			}
142			$this->children[] = $item;
143			$item->level = $this->level + 1;
144			if ($item->children) {
145			$this->update_child_levels();
146			}
147			}
148
149			/**
150			*
151			* @internal
152			* @return bool
			0 ignored issues – show Documentation introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `boolean\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
153			*/
154			function update_child_levels() {
155			if (is_array($this->children)) {
156			foreach( $this->children as $child ) {
157			$child->level = $this->level + 1;
158			$child->update_child_levels();
159			}
160			return true;
161			}
162			}
163
164			/**
165			* Imports the classes to be used in CSS
166			* @internal
167			* @param array\|object $data
168			*/
169			function import_classes( $data ) {
170			if ( is_array($data) ) {
171			$data = (object) $data;
172			}
173			$this->classes = array_merge( $this->classes, $data->classes );
174			$this->classes = array_unique( $this->classes );
175			$this->classes = apply_filters( 'nav_menu_css_class', $this->classes, $this );
176			$this->class = trim( implode( ' ', $this->classes ) );
177			}
178
179			/**
180			*
181			* @internal
182			* @return array\|bool
183			*/
184			function get_children() {
185			if ( isset( $this->children ) ) {
186			return $this->children;
187			}
188			return false;
189			}
190
191			/**
192			* Checks to see if the menu item is an external link so if my site is `example.org`, `google.com/whatever` is an external link. Helpful when creating rules for the target of a link
193			* @api
194			* @example
195			* ```twig
196			* <a href="{{ item.link }}" target="{{ item.is_external ? '_blank' : '_self' }}">
197			* ```
198			* @return bool
199			*/
200			function is_external() {
201			if ( $this->type != 'custom' ) {
202			return false;
203			}
204			return TimberURLHelper::is_external( $this->url );
205			}
206
207			/**
208			* @param string $key lookup key
209			* @return mixed whatever value is storied in the database
210			*/
211			public function meta( $key ) {
212			if ( is_object( $this->menu_object ) && method_exists( $this->menu_object, 'meta' ) ) {
213			return $this->menu_object->meta( $key );
214			}
215			if ( isset( $this->$key ) ) {
216			return $this->$key;
217			}
218			}
219
220			/* Aliases */
221
222			/**
223			* Get the child [TimberMenuItems](#TimberMenuItem)s of a [TimberMenuItem](#TimberMenuItem)
224			* @api
225			* @return array\|bool
226			*/
227			public function children() {
228			return $this->get_children();
229			}
230
231			/**
232			* Checks to see if a link is external, helpful when creating rules for the target of a link
233			* @see TimberMenuItem::is_external
234			* @return bool
235			*/
236			public function external() {
237			return $this->is_external();
238			}
239
240			/**
241			* Get the full link to a Menu Item
242			* @api
243			* @example
244			* ```twig
245			* {% for item in menu.items %}
246			* <li><a href="{{ item.link }}">{{ item.title }}</a></li>
247			* {% endfor %}
248			* ```
249			* @return string a full URL like http://mysite.com/thing/
250			*/
251			public function link() {
252			return $this->get_link();
253			}
254
255			/**
256			* Return the relative path of a Menu Item's link
257			* @example
258			* ```twig
259			* {% for item in menu.items %}
260			* <li><a href="{{ item.path }}">{{ item.title }}</a></li>
261			* {% endfor %}
262			* ```
263			* @see get_path()
264			* @return string the path of a URL like /foo
265			*/
266			public function path() {
267			return $this->get_path();
268			}
269
270			/**
271			* Gets the link a menu item points at
272			* @internal
273			* @deprecated since 0.21.7 use link instead
274			* @see link()
275			* @return string a full URL like http://mysite.com/thing/
276			*/
277			public function permalink() {
278			return $this->get_link();
279			}
280
281			/**
282			* @internal
283			* @deprecated since 0.21.7, use link instead
284			* @see link()
285			* @return string a full URL like http://mysite.com/thing/
286			*/
287			public function get_permalink() {
288			return $this->get_link();
289			}
290
291			/**
292			* Gets the public label for the menu item
293			* @example
294			* ```twig
295			* {% for item in menu.items %}
296			* <li><a href="{{ item.link }}">{{ item.title }}</a></li>
297			* {% endfor %}
298			* ```
299			* @return string the public label like Foo
300			*/
301			public function title() {
302			if ( isset( $this->__title ) ) {
303			return $this->__title;
			0 ignored issues – show Documentation introduced 2015-11-23 18:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `__title` does not exist on `object<TimberMenuItem>`. Since you implemented `__get`, maybe consider adding a @property annotation. Since your code implements the magic getter `_get`, this function will be called for any read access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
304			}
305			}
306
307			}
308

jarednova / timber

Issues (311)

Security Analysis not enabled

lib/timber-menu-item.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like