Issues in wp-github-sync.php (master) - Issues in master - kennyfraser/wordpress-github-sync - Measure and Improve Code Quality continuously with Scrutinizer

Issues (54)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-github-sync.php (1 issue)

Severity

Unknown 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Plugin Name: WordPress GitHub Sync
 * Plugin URI: https://github.com/mAAdhaTTah/wordpress-github-sync
 * Description: A WordPress plugin to sync content with a GitHub repository (or Jekyll site).
 * Version: 1.6.1
 * Author:  James DiGioia, Ben Balter
 * Author URI: http://jamesdigioia.com
 * License: GPLv2
 * Domain Path: /languages
 * Text Domain: wordpress-github-sync
 */

/*  Copyright 2014  James DiGioia  (email : [email protected])

		This program is free software; you can redistribute it and/or modify
		it under the terms of the GNU General Public License, version 2, as
		published by the Free Software Foundation.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
		GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program; if not, write to the Free Software
		Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/

// If the functions have already been autoloaded, don't reload.
// This fixes function duplication during unit testing.
$path = dirname( __FILE__ ) . '/vendor/autoload_52.php';
if ( ! function_exists( 'get_the_github_view_link' ) && file_exists( $path ) ) {
	require_once $path;
}

add_action( 'plugins_loaded', array( new WordPress_GitHub_Sync, 'boot' ) );

class WordPress_GitHub_Sync {

	/**
	 * Object instance
	 * @var self
	 */
	public static $instance;

	/**
	 * Language text domain
	 * @var string
	 */
	public static $text_domain = 'wordpress-github-sync';

	/**
	 * Current version
	 * @var string
	 */
	public static $version = '1.6.1';

	/**
	 * Controller object
	 * @var WordPress_GitHub_Sync_Controller
	 */
	public $controller;

	/**
	 * Controller object
	 * @var WordPress_GitHub_Sync_Admin
	 */
	public $admin;

	/**
	 * CLI object.
	 *
	 * @var WordPress_GitHub_Sync_CLI
	 */
	protected $cli;

	/**
	 * Request object.
	 *
	 * @var WordPress_GitHub_Sync_Request
	 */
	protected $request;

	/**
	 * Response object.
	 *
	 * @var WordPress_GitHub_Sync_Response
	 */
	protected $response;

	/**
	 * Api object.
	 *
	 * @var WordPress_GitHub_Sync_Api
	 */
	protected $api;

	/**
	 * Import object.
	 *
	 * @var WordPress_GitHub_Sync_Import
	 */
	protected $import;

	/**
	 * Export object.
	 *
	 * @var WordPress_GitHub_Sync_Export
	 */
	protected $export;

	/**
	 * Semaphore object.
	 *
	 * @var WordPress_GitHub_Sync_Semaphore
	 */
	protected $semaphore;

	/**
	 * Database object.
	 *
	 * @var WordPress_GitHub_Sync_Database
	 */
	protected $database;

	/**
	 * Cache object.
	 *
	 * @var WordPress_GitHub_Sync_Cache
	 */
	protected $cache;

	/**
	 * Called at load time, hooks into WP core
	 */
	public function __construct() {
		self::$instance = $this;

		if ( is_admin() ) {
			$this->admin = new WordPress_GitHub_Sync_Admin;
		}

		$this->controller = new WordPress_GitHub_Sync_Controller( $this );

		if ( defined( 'WP_CLI' ) && WP_CLI ) {
			WP_CLI::add_command( 'wpghs', $this->cli() );
		}
	}

	/**
	 * Attaches the plugin's hooks into WordPress.
	 */
	public function boot() {
		register_activation_hook( __FILE__, array( $this, 'activate' ) );
		add_action( 'admin_notices', array( $this, 'activation_notice' ) );

		add_action( 'init', array( $this, 'l10n' ) );

		// Controller actions.
		add_action( 'save_post', array( $this->controller, 'export_post' ) );
		add_action( 'delete_post', array( $this->controller, 'delete_post' ) );
		add_action( 'wp_ajax_nopriv_wpghs_sync_request', array( $this->controller, 'pull_posts' ) );
		add_action( 'wpghs_export', array( $this->controller, 'export_all' ) );
		add_action( 'wpghs_import', array( $this->controller, 'import_master' ) );

		do_action( 'wpghs_boot', $this );
	}

	/**
	 * Init i18n files
	 */
	public function l10n() {
		load_plugin_textdomain( self::$text_domain, false, plugin_basename( dirname( __FILE__ ) ) . '/languages/' );
	}

	/**
	 * Sets and kicks off the export cronjob
	 */
	public function start_export() {
		$this->export()->set_user( get_current_user_id() );
		$this->start_cron( 'export' );
	}

	/**
	 * Sets and kicks off the import cronjob
	 */
	public function start_import() {
		$this->start_cron( 'import' );
	}

	/**
	 * Enables the admin notice on initial activation
	 */
	public function activate() {
		if ( 'yes' !== get_option( '_wpghs_fully_exported' ) ) {
			set_transient( '_wpghs_activated', 'yes' );
		}
	}

	/**
	 * Displays the activation admin notice
	 */
	public function activation_notice() {
		if ( ! get_transient( '_wpghs_activated' ) ) {
			return;
		}

		delete_transient( '_wpghs_activated' );

		?><div class="updated">
			<p>
				<?php
					printf(
						__( 'To set up your site to sync with GitHub, update your <a href="%s">settings</a> and click "Export to GitHub."', 'wordpress-github-sync' ),
						admin_url( 'options-general.php?page=wordpress-github-sync' )
					);
				?>
			</p>
		</div><?php
	}

	/**
	 * Get the Controller object.
	 *
	 * @return WordPress_GitHub_Sync_Controller
	 */
	public function controller() {
		return $this->controller;
	}

	/**
	 * Lazy-load the CLI object.
	 *
	 * @return WordPress_GitHub_Sync_CLI
	 */
	public function cli() {
		if ( ! $this->cli ) {
			$this->cli = new WordPress_GitHub_Sync_CLI;
		}

		return $this->cli;
	}

	/**
	 * Lazy-load the Request object.
	 *
	 * @return WordPress_GitHub_Sync_Request
	 */
	public function request() {
		if ( ! $this->request ) {
			$this->request = new WordPress_GitHub_Sync_Request( $this );
		}

		return $this->request;
	}

	/**
	 * Lazy-load the Response object.
	 *
	 * @return WordPress_GitHub_Sync_Response
	 */
	public function response() {
		if ( ! $this->response ) {
			$this->response = new WordPress_GitHub_Sync_Response( $this );
		}

		return $this->response;
	}

	/**
	 * Lazy-load the Api object.
	 *
	 * @return WordPress_GitHub_Sync_Api
	 */
	public function api() {
		if ( ! $this->api ) {
			$this->api = new WordPress_GitHub_Sync_Api( $this );
		}

		return $this->api;
	}

	/**
	 * Lazy-load the Import object.
	 *
	 * @return WordPress_GitHub_Sync_Import
	 */
	public function import() {
		if ( ! $this->import ) {
			$this->import = new WordPress_GitHub_Sync_Import( $this );
		}

		return $this->import;
	}

	/**
	 * Lazy-load the Export object.
	 *
	 * @return WordPress_GitHub_Sync_Export
	 */
	public function export() {
		if ( ! $this->export ) {
			$this->export = new WordPress_GitHub_Sync_Export( $this );
		}

		return $this->export;
	}

	/**
	 * Lazy-load the Semaphore object.
	 *
	 * @return WordPress_GitHub_Sync_Semaphore
	 */
	public function semaphore() {
		if ( ! $this->semaphore ) {
			$this->semaphore = new WordPress_GitHub_Sync_Semaphore;
		}

		return $this->semaphore;
	}

	/**
	 * Lazy-load the Database object.
	 *
	 * @return WordPress_GitHub_Sync_Database
	 */
	public function database() {
		if ( ! $this->database ) {
			$this->database = new WordPress_GitHub_Sync_Database( $this );
		}

		return $this->database;
	}

	/**
	 * Lazy-load the Cache object.
	 *
	 * @return WordPress_GitHub_Sync_Cache
	 */
	public function cache() {
		if ( ! $this->cache ) {
			$this->cache = new WordPress_GitHub_Sync_Cache;
		}

		return $this->cache;
	}

	/**
	 * Print to WP_CLI if in CLI environment or
	 * write to debug.log if WP_DEBUG is enabled
	 * @source http://www.stumiller.me/sending-output-to-the-wordpress-debug-log/
	 *
	 * @param mixed $msg
	 * @param string $write
	 */
	public static function write_log( $msg, $write = 'line' ) {
		if ( defined( 'WP_CLI' ) && WP_CLI ) {
			if ( is_array( $msg ) || is_object( $msg ) ) {
				WP_CLI::print_value( $msg );
			} else {
				WP_CLI::$write( $msg );
			}
		} elseif ( true === WP_DEBUG ) {
			if ( is_array( $msg ) || is_object( $msg ) ) {
				error_log( print_r( $msg, true ) );

			} else {
				error_log( $msg );
			}
		}
	}

	/**
	 * Kicks of an import or export cronjob.
	 *
	 * @param $type
	 */
	protected function start_cron( $type ) {
		update_option( '_wpghs_' . $type . '_started', 'yes' );
		wp_schedule_single_event( time(), 'wpghs_' . $type . '' );
		spawn_cron();
	}
}


1		<?php
2		/**
3		* Plugin Name: WordPress GitHub Sync
4		* Plugin URI: https://github.com/mAAdhaTTah/wordpress-github-sync
5		* Description: A WordPress plugin to sync content with a GitHub repository (or Jekyll site).
6		* Version: 1.6.1
7		* Author: James DiGioia, Ben Balter
8		* Author URI: http://jamesdigioia.com
9		* License: GPLv2
10		* Domain Path: /languages
11		* Text Domain: wordpress-github-sync
12		*/
13
14		/* Copyright 2014 James DiGioia (email : [email protected])
15
16		This program is free software; you can redistribute it and/or modify
17		it under the terms of the GNU General Public License, version 2, as
18		published by the Free Software Foundation.
19
20		This program is distributed in the hope that it will be useful,
21		but WITHOUT ANY WARRANTY; without even the implied warranty of
22		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23		GNU General Public License for more details.
24
25		You should have received a copy of the GNU General Public License
26		along with this program; if not, write to the Free Software
27		Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
28		*/
29
30		// If the functions have already been autoloaded, don't reload.
31		// This fixes function duplication during unit testing.
32		$path = dirname( __FILE__ ) . '/vendor/autoload_52.php';
33		if ( ! function_exists( 'get_the_github_view_link' ) && file_exists( $path ) ) {
34		require_once $path;
35		}
36
37		add_action( 'plugins_loaded', array( new WordPress_GitHub_Sync, 'boot' ) );
38
39		class WordPress_GitHub_Sync {
40
41		/**
42		* Object instance
43		* @var self
44		*/
45		public static $instance;
46
47		/**
48		* Language text domain
49		* @var string
50		*/
51		public static $text_domain = 'wordpress-github-sync';
52
53		/**
54		* Current version
55		* @var string
56		*/
57		public static $version = '1.6.1';
58
59		/**
60		* Controller object
61		* @var WordPress_GitHub_Sync_Controller
62		*/
63		public $controller;
64
65		/**
66		* Controller object
67		* @var WordPress_GitHub_Sync_Admin
68		*/
69		public $admin;
70
71		/**
72		* CLI object.
73		*
74		* @var WordPress_GitHub_Sync_CLI
75		*/
76		protected $cli;
77
78		/**
79		* Request object.
80		*
81		* @var WordPress_GitHub_Sync_Request
82		*/
83		protected $request;
84
85		/**
86		* Response object.
87		*
88		* @var WordPress_GitHub_Sync_Response
89		*/
90		protected $response;
91
92		/**
93		* Api object.
94		*
95		* @var WordPress_GitHub_Sync_Api
96		*/
97		protected $api;
98
99		/**
100		* Import object.
101		*
102		* @var WordPress_GitHub_Sync_Import
103		*/
104		protected $import;
105
106		/**
107		* Export object.
108		*
109		* @var WordPress_GitHub_Sync_Export
110		*/
111		protected $export;
112
113		/**
114		* Semaphore object.
115		*
116		* @var WordPress_GitHub_Sync_Semaphore
117		*/
118		protected $semaphore;
119
120		/**
121		* Database object.
122		*
123		* @var WordPress_GitHub_Sync_Database
124		*/
125		protected $database;
126
127		/**
128		* Cache object.
129		*
130		* @var WordPress_GitHub_Sync_Cache
131		*/
132		protected $cache;
133
134		/**
135		* Called at load time, hooks into WP core
136		*/
137		public function __construct() {
138		self::$instance = $this;
139
140		if ( is_admin() ) {
141		$this->admin = new WordPress_GitHub_Sync_Admin;
142		}
143
144		$this->controller = new WordPress_GitHub_Sync_Controller( $this );
145
146		if ( defined( 'WP_CLI' ) && WP_CLI ) {
147		WP_CLI::add_command( 'wpghs', $this->cli() );
148		}
149		}
150
151		/**
152		* Attaches the plugin's hooks into WordPress.
153		*/
154		public function boot() {
155		register_activation_hook( __FILE__, array( $this, 'activate' ) );
156		add_action( 'admin_notices', array( $this, 'activation_notice' ) );
157
158		add_action( 'init', array( $this, 'l10n' ) );
159
160		// Controller actions.
161		add_action( 'save_post', array( $this->controller, 'export_post' ) );
162		add_action( 'delete_post', array( $this->controller, 'delete_post' ) );
163		add_action( 'wp_ajax_nopriv_wpghs_sync_request', array( $this->controller, 'pull_posts' ) );
164		add_action( 'wpghs_export', array( $this->controller, 'export_all' ) );
165		add_action( 'wpghs_import', array( $this->controller, 'import_master' ) );
166
167		do_action( 'wpghs_boot', $this );
168		}
169
170		/**
171		* Init i18n files
172		*/
173		public function l10n() {
174		load_plugin_textdomain( self::$text_domain, false, plugin_basename( dirname( __FILE__ ) ) . '/languages/' );
175		}
176
177		/**
178		* Sets and kicks off the export cronjob
179		*/
180		public function start_export() {
181		$this->export()->set_user( get_current_user_id() );
182		$this->start_cron( 'export' );
183		}
184
185		/**
186		* Sets and kicks off the import cronjob
187		*/
188		public function start_import() {
189		$this->start_cron( 'import' );
190		}
191
192		/**
193		* Enables the admin notice on initial activation
194		*/
195		public function activate() {
196		if ( 'yes' !== get_option( '_wpghs_fully_exported' ) ) {
197		set_transient( '_wpghs_activated', 'yes' );
198		}
199		}
200
201		/**
202		* Displays the activation admin notice
203		*/
204		public function activation_notice() {
205		if ( ! get_transient( '_wpghs_activated' ) ) {
206		return;
207		}
208
209		delete_transient( '_wpghs_activated' );
210
211		?><div class="updated">
212		<p>
213		<?php
214		printf(
215		__( 'To set up your site to sync with GitHub, update your <a href="%s">settings</a> and click "Export to GitHub."', 'wordpress-github-sync' ),
216		admin_url( 'options-general.php?page=wordpress-github-sync' )
217		);
218		?>
219		</p>
220		</div><?php
221		}
222
223		/**
224		* Get the Controller object.
225		*
226		* @return WordPress_GitHub_Sync_Controller
227		*/
228		public function controller() {
229		return $this->controller;
230		}
231
232		/**
233		* Lazy-load the CLI object.
234		*
235		* @return WordPress_GitHub_Sync_CLI
236		*/
237		public function cli() {
238		if ( ! $this->cli ) {
239		$this->cli = new WordPress_GitHub_Sync_CLI;
240		}
241
242		return $this->cli;
243		}
244
245		/**
246		* Lazy-load the Request object.
247		*
248		* @return WordPress_GitHub_Sync_Request
249		*/
250		public function request() {
251		if ( ! $this->request ) {
252		$this->request = new WordPress_GitHub_Sync_Request( $this );
253		}
254
255		return $this->request;
256		}
257
258		/**
259		* Lazy-load the Response object.
260		*
261		* @return WordPress_GitHub_Sync_Response
262		*/
263		public function response() {
264		if ( ! $this->response ) {
265		$this->response = new WordPress_GitHub_Sync_Response( $this );
266		}
267
268		return $this->response;
269		}
270
271		/**
272		* Lazy-load the Api object.
273		*
274		* @return WordPress_GitHub_Sync_Api
275		*/
276		public function api() {
277		if ( ! $this->api ) {
278		$this->api = new WordPress_GitHub_Sync_Api( $this );
279		}
280
281		return $this->api;
282		}
283
284		/**
285		* Lazy-load the Import object.
286		*
287		* @return WordPress_GitHub_Sync_Import
288		*/
289		public function import() {
290		if ( ! $this->import ) {
291		$this->import = new WordPress_GitHub_Sync_Import( $this );
292		}
293
294		return $this->import;
295		}
296
297		/**
298		* Lazy-load the Export object.
299		*
300		* @return WordPress_GitHub_Sync_Export
301		*/
302		public function export() {
303		if ( ! $this->export ) {
304		$this->export = new WordPress_GitHub_Sync_Export( $this );
305		}
306
307		return $this->export;
308		}
309
310		/**
311		* Lazy-load the Semaphore object.
312		*
313		* @return WordPress_GitHub_Sync_Semaphore
314		*/
315		public function semaphore() {
316		if ( ! $this->semaphore ) {
317		$this->semaphore = new WordPress_GitHub_Sync_Semaphore;
318		}
319
320		return $this->semaphore;
321		}
322
323		/**
324		* Lazy-load the Database object.
325		*
326		* @return WordPress_GitHub_Sync_Database
327		*/
328		public function database() {
329		if ( ! $this->database ) {
330		$this->database = new WordPress_GitHub_Sync_Database( $this );
331		}
332
333		return $this->database;
334		}
335
336		/**
337		* Lazy-load the Cache object.
338		*
339		* @return WordPress_GitHub_Sync_Cache
340		*/
341		public function cache() {
342		if ( ! $this->cache ) {
343		$this->cache = new WordPress_GitHub_Sync_Cache;
344		}
345
346		return $this->cache;
347		}
348
349		/**
350		* Print to WP_CLI if in CLI environment or
351		* write to debug.log if WP_DEBUG is enabled
352		* @source http://www.stumiller.me/sending-output-to-the-wordpress-debug-log/
353		*
354		* @param mixed $msg
355		* @param string $write
356		*/
357	2	public static function write_log( $msg, $write = 'line' ) {
358	2	if ( defined( 'WP_CLI' ) && WP_CLI ) {
359		if ( is_array( $msg ) \|\| is_object( $msg ) ) {
360		WP_CLI::print_value( $msg );
361		} else {
362		WP_CLI::$write( $msg );
363		}
364	2	} elseif ( true === WP_DEBUG ) {
365	2	if ( is_array( $msg ) \|\| is_object( $msg ) ) {
366		error_log( print_r( $msg, true ) );
		0 ignored issues – show introduced 2015-11-21 17:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The use of function print_r() is discouraged Loading history...
367		} else {
368	2	error_log( $msg );
369		}
370	2	}
371	2	}
372
373		/**
374		* Kicks of an import or export cronjob.
375		*
376		* @param $type
377		*/
378		protected function start_cron( $type ) {
379		update_option( '_wpghs_' . $type . '_started', 'yes' );
380		wp_schedule_single_event( time(), 'wpghs_' . $type . '' );
381		spawn_cron();
382		}
383		}
384

kennyfraser / wordpress-github-sync

Issues (54)

Security Analysis not enabled

wp-github-sync.php (1 issue)

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like