This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | /** |
||||
3 | * Template used to display related post content. |
||||
4 | * |
||||
5 | * @package lsx |
||||
6 | */ |
||||
7 | |||||
8 | ?> |
||||
9 | |||||
10 | <?php lsx_entry_before(); ?> |
||||
11 | |||||
12 | <?php |
||||
13 | $no_thumb_post_types = array( |
||||
14 | 'audio' => 'audio', |
||||
15 | 'gallery' => 'gallery', |
||||
16 | 'image' => 'image', |
||||
17 | 'link' => 'link', |
||||
18 | 'quote' => 'quote', |
||||
19 | 'video' => 'video', |
||||
20 | ); |
||||
21 | $no_thumb_post_formats = apply_filters( 'lsx_no_thumb_post_formats', $no_thumb_post_types ); |
||||
22 | |||||
23 | $has_thumb = has_post_thumbnail() && ! has_post_format( $no_thumb_post_formats ); |
||||
24 | |||||
25 | if ( $has_thumb ) { |
||||
26 | $thumb_class = 'has-thumb'; |
||||
27 | } else { |
||||
28 | $thumb_class = 'no-thumb'; |
||||
29 | } |
||||
30 | |||||
31 | $blog_layout = apply_filters( 'lsx_blog_layout', 'default' ); |
||||
32 | |||||
33 | $image_class = ''; |
||||
34 | |||||
35 | $thumbnail_id = get_post_thumbnail_id( get_the_ID() ); |
||||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||||
36 | $image_arr = wp_get_attachment_image_src( $thumbnail_id, 'lsx-thumbnail-single' ); |
||||
37 | |||||
38 | if ( is_array( $image_arr ) ) { |
||||
39 | $image_src = $image_arr[0]; |
||||
40 | } |
||||
41 | ?> |
||||
42 | |||||
43 | <article id="post-<?php the_ID(); ?>" <?php post_class( array( 'lsx-slot', $thumb_class ) ); ?>> |
||||
44 | <?php lsx_entry_top(); ?> |
||||
45 | |||||
46 | <div class="entry-layout"> |
||||
47 | <div class="entry-layout-content entry-layout-content-<?php echo has_post_thumbnail() ? '67' : '100'; ?>"> |
||||
48 | <header class="entry-header"> |
||||
49 | <?php if ( $has_thumb ) : ?> |
||||
50 | <div class="entry-image <?php echo esc_attr( $image_class ); ?>"> |
||||
51 | <a class="thumbnail" href="<?php the_permalink(); ?>"> |
||||
52 | <?php lsx_thumbnail( 'lsx-thumbnail-single' ); ?> |
||||
53 | </a> |
||||
54 | </div> |
||||
55 | <?php endif; ?> |
||||
56 | |||||
57 | <?php |
||||
58 | $format = get_post_format(); |
||||
59 | |||||
60 | if ( false === $format ) { |
||||
61 | $format = 'standard'; |
||||
62 | $show_on_front = get_option( 'show_on_front', 'posts' ); |
||||
63 | |||||
64 | if ( 'page' === $show_on_front ) { |
||||
65 | $archive_link = get_permalink( get_option( 'page_for_posts' ) ); |
||||
66 | } else { |
||||
67 | $archive_link = home_url(); |
||||
68 | } |
||||
69 | } else { |
||||
70 | $archive_link = get_post_format_link( $format ); |
||||
71 | } |
||||
72 | |||||
73 | $format = lsx_translate_format_to_fontawesome( $format ); |
||||
74 | ?> |
||||
75 | |||||
76 | <h2 class="entry-title"> |
||||
77 | <?php if ( has_post_thumbnail() ) : ?> |
||||
78 | <a href="<?php echo esc_url( $archive_link ); ?>" class="format-link has-thumb fa fa-<?php echo esc_attr( $format ); ?>"></a> |
||||
79 | <?php else : ?> |
||||
80 | <a href="<?php echo esc_url( $archive_link ); ?>" class="format-link fa fa-<?php echo esc_attr( $format ); ?>"></a> |
||||
81 | <?php endif; ?> |
||||
82 | |||||
83 | <?php if ( has_post_format( array( 'link' ) ) ) : ?> |
||||
84 | <a href="<?php echo esc_url( lsx_get_my_url() ); ?>" rel="bookmark"><?php the_title(); ?> <span class="fa fa-external-link"></span></a> |
||||
0 ignored issues
–
show
It seems like
lsx_get_my_url() can also be of type false ; however, parameter $url of esc_url() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
85 | <?php else : ?> |
||||
86 | <a href="<?php the_permalink(); ?>" rel="bookmark"><?php the_title(); ?></a> |
||||
87 | <?php endif; ?> |
||||
88 | |||||
89 | <?php if ( is_sticky() ) : ?> |
||||
90 | <span class="label label-default label-sticky"><?php esc_html_e( 'Featured', 'lsx' ); ?></span> |
||||
91 | <?php endif; ?> |
||||
92 | </h2> |
||||
93 | <div class="entry-meta"> |
||||
94 | <?php lsx_post_meta_list_top(); ?> |
||||
95 | </div><!-- .entry-meta --> |
||||
96 | |||||
97 | <?php lsx_post_meta_category(); ?> |
||||
98 | |||||
99 | </header><!-- .entry-header --> |
||||
100 | |||||
101 | <?php if ( has_post_format( array( 'quote' ) ) || apply_filters( 'lsx_blog_display_text_on_list', true ) ) : ?> |
||||
102 | |||||
103 | <?php if ( lsx_post_format_force_content_on_list() && ! apply_filters( 'lsx_blog_force_content_on_list', false ) ) : ?> |
||||
104 | |||||
105 | <div class="entry-summary"> |
||||
106 | <?php |
||||
107 | if ( ! has_excerpt() ) { |
||||
108 | |||||
109 | $excerpt_more = '<p><a class="moretag" href="' . esc_url( get_permalink() ) . '">' . esc_html__( 'Read More', 'lsx' ) . '</a></p>'; |
||||
110 | $content = wp_trim_words( get_the_content(), 50 ); |
||||
111 | $content = '<p>' . $content . '</p>' . $excerpt_more; |
||||
112 | echo wp_kses_post( $content ); |
||||
113 | } else { |
||||
114 | the_excerpt(); |
||||
115 | } |
||||
116 | ?> |
||||
117 | </div><!-- .entry-summary --> |
||||
118 | |||||
119 | <?php elseif ( has_post_format( array( 'link' ) ) ) : ?> |
||||
120 | |||||
121 | <?php elseif ( apply_filters( 'lsx_blog_force_content_on_list', false ) ) : ?> |
||||
122 | |||||
123 | <div class="entry-content"> |
||||
124 | <?php the_content(); ?> |
||||
125 | </div><!-- .entry-content --> |
||||
126 | |||||
127 | <?php else : ?> |
||||
128 | |||||
129 | <div class="entry-content"> |
||||
130 | <?php |
||||
131 | the_content(); |
||||
132 | |||||
133 | wp_link_pages( array( |
||||
0 ignored issues
–
show
|
|||||
134 | 'before' => '<div class="lsx-postnav-wrapper"><div class="lsx-postnav">', |
||||
135 | 'after' => '</div></div>', |
||||
136 | 'link_before' => '<span>', |
||||
137 | 'link_after' => '</span>', |
||||
138 | ) ); |
||||
0 ignored issues
–
show
For multi-line function calls, the closing parenthesis should be on a new line.
If a function call spawns multiple lines, the coding standard suggests to move the closing parenthesis to a new line: someFunctionCall(
$firstArgument,
$secondArgument,
$thirdArgument
); // Closing parenthesis on a new line.
![]() |
|||||
139 | ?> |
||||
140 | </div><!-- .entry-content --> |
||||
141 | |||||
142 | <?php endif; ?> |
||||
143 | |||||
144 | <?php endif; ?> |
||||
145 | |||||
146 | <div class="clearfix"></div> |
||||
147 | |||||
148 | <?php $comments_number = get_comments_number(); ?> |
||||
149 | |||||
150 | <div class="post-tags-wrapper"> |
||||
151 | |||||
152 | <?php lsx_content_post_tags(); ?> |
||||
153 | |||||
154 | <?php if ( comments_open() && ! empty( $comments_number ) ) : ?> |
||||
155 | <div class="post-comments"> |
||||
156 | <a href="<?php the_permalink(); ?>#comments"> |
||||
157 | <?php |
||||
158 | if ( '1' === $comments_number ) { |
||||
159 | echo esc_html_x( 'One Comment', 'content.php', 'lsx' ); |
||||
160 | } else { |
||||
161 | printf( |
||||
162 | /* Translators: %s: number of comments */ |
||||
163 | esc_html( _nx( |
||||
164 | '%s Comment', |
||||
165 | '%s Comments', |
||||
166 | $comments_number, |
||||
167 | 'content.php', |
||||
168 | 'lsx' |
||||
169 | ) ), |
||||
170 | esc_html( number_format_i18n( $comments_number ) ) |
||||
171 | ); |
||||
172 | } |
||||
173 | ?> |
||||
174 | </a> |
||||
175 | </div> |
||||
176 | <?php endif ?> |
||||
177 | </div> |
||||
178 | </div> |
||||
179 | |||||
180 | <?php if ( has_post_thumbnail() ) : ?> |
||||
181 | |||||
182 | <div class="entry-image hidden-xs"> |
||||
183 | <a class="thumbnail" href="<?php the_permalink(); ?>" style="background-image:url(<?php echo esc_url( $image_src ); ?>);"> |
||||
184 | <?php lsx_thumbnail( 'lsx-thumbnail-single' ); ?> |
||||
185 | </a> |
||||
186 | </div> |
||||
187 | |||||
188 | <?php endif; ?> |
||||
189 | </div> |
||||
190 | |||||
191 | <?php lsx_entry_bottom(); ?> |
||||
192 | |||||
193 | <div class="clearfix"></div> |
||||
194 | |||||
195 | <div class="lsx-breaker"></div> |
||||
196 | </article> |
||||
197 | |||||
198 | <?php |
||||
199 | lsx_entry_after(); |
||||
200 |