This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | /** |
||||
3 | * Template used to display post content. |
||||
4 | * |
||||
5 | * @package lsx |
||||
6 | */ |
||||
7 | |||||
8 | ?> |
||||
9 | |||||
10 | <?php lsx_entry_before(); ?> |
||||
11 | |||||
12 | <?php |
||||
13 | $no_thumb_post_types = array( |
||||
14 | 'audio' => 'audio', |
||||
15 | 'gallery' => 'gallery', |
||||
16 | 'image' => 'image', |
||||
17 | 'link' => 'link', |
||||
18 | 'quote' => 'quote', |
||||
19 | 'video' => 'video', |
||||
20 | ); |
||||
21 | $no_thumb_post_formats = apply_filters( 'lsx_no_thumb_post_formats', $no_thumb_post_types ); |
||||
22 | |||||
23 | $has_thumb = has_post_thumbnail() && ! has_post_format( $no_thumb_post_formats ); |
||||
24 | |||||
25 | if ( $has_thumb ) { |
||||
26 | $thumb_class = 'has-thumb'; |
||||
27 | } else { |
||||
28 | $thumb_class = 'no-thumb'; |
||||
29 | } |
||||
30 | |||||
31 | $blog_layout = apply_filters( 'lsx_blog_layout', 'default' ); |
||||
32 | |||||
33 | $image_class = ''; |
||||
34 | |||||
35 | $thumbnail_id = get_post_thumbnail_id( get_the_ID() ); |
||||
0 ignored issues
–
show
Bug
introduced
by
![]() |
|||||
36 | if ( empty( $thumbnail_id ) ) { |
||||
37 | $thumbnail_id = apply_filters( 'lsx_get_thumbnail_post_placeholder_id', $thumbnail_id, get_the_ID() ); |
||||
38 | } |
||||
39 | $image_arr = wp_get_attachment_image_src( $thumbnail_id, 'lsx-thumbnail-single' ); |
||||
40 | $image_src = ''; |
||||
41 | |||||
42 | if ( is_array( $image_arr ) ) { |
||||
43 | $image_src = $image_arr[0]; |
||||
44 | } |
||||
45 | ?> |
||||
46 | |||||
47 | <article id="post-<?php the_ID(); ?>" <?php post_class( array( 'lsx-slot', $thumb_class ) ); ?>> |
||||
48 | <?php lsx_entry_top(); ?> |
||||
49 | |||||
50 | <div class="entry-layout"> |
||||
51 | <div class="entry-layout-content entry-layout-content-<?php echo has_post_thumbnail() ? '67' : '100'; ?>"> |
||||
52 | <header class="entry-header"> |
||||
53 | <?php if ( $has_thumb ) : ?> |
||||
54 | <div class="entry-image <?php echo esc_attr( $image_class ); ?>"> |
||||
55 | <a class="thumbnail" href="<?php the_permalink(); ?>"> |
||||
56 | <?php lsx_thumbnail( 'lsx-thumbnail-single' ); ?> |
||||
57 | </a> |
||||
58 | </div> |
||||
59 | <?php endif; ?> |
||||
60 | |||||
61 | <?php |
||||
62 | $format = get_post_format(); |
||||
63 | |||||
64 | if ( false === $format ) { |
||||
65 | $format = 'standard'; |
||||
66 | $show_on_front = get_option( 'show_on_front', 'posts' ); |
||||
67 | |||||
68 | if ( 'page' === $show_on_front ) { |
||||
69 | $archive_link = get_permalink( get_option( 'page_for_posts' ) ); |
||||
0 ignored issues
–
show
It seems like
get_option('page_for_posts') can also be of type false ; however, parameter $post of get_permalink() does only seem to accept WP_Post|integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
70 | } else { |
||||
71 | $archive_link = home_url(); |
||||
72 | } |
||||
73 | } else { |
||||
74 | $archive_link = get_post_format_link( $format ); |
||||
75 | } |
||||
76 | |||||
77 | $format = lsx_translate_format_to_fontawesome( $format ); |
||||
78 | ?> |
||||
79 | |||||
80 | <h1 class="entry-title"> |
||||
81 | <?php if ( has_post_thumbnail() ) : ?> |
||||
82 | <a href="<?php echo esc_url( $archive_link ); ?>" class="format-link has-thumb fa fa-<?php echo esc_attr( $format ); ?>"></a> |
||||
83 | <?php else : ?> |
||||
84 | <a href="<?php echo esc_url( $archive_link ); ?>" class="format-link fa fa-<?php echo esc_attr( $format ); ?>"></a> |
||||
85 | <?php endif; ?> |
||||
86 | |||||
87 | <?php if ( has_post_format( array( 'link' ) ) ) : ?> |
||||
88 | <a href="<?php echo esc_url( lsx_get_my_url() ); ?>" rel="bookmark"><?php the_title(); ?> <span class="fa fa-external-link"></span></a> |
||||
0 ignored issues
–
show
It seems like
lsx_get_my_url() can also be of type false ; however, parameter $url of esc_url() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
89 | <?php else : ?> |
||||
90 | <a href="<?php the_permalink(); ?>" rel="bookmark"><?php the_title(); ?></a> |
||||
91 | <?php endif; ?> |
||||
92 | |||||
93 | <?php if ( is_sticky() ) : ?> |
||||
94 | <span class="label label-default label-sticky"><?php esc_html_e( 'Featured', 'lsx' ); ?></span> |
||||
95 | <?php endif; ?> |
||||
96 | </h1> |
||||
97 | |||||
98 | <div class="entry-meta"> |
||||
99 | <?php lsx_post_meta_list_top(); ?> |
||||
100 | </div><!-- .entry-meta --> |
||||
101 | |||||
102 | <?php lsx_post_meta_category(); ?> |
||||
103 | |||||
104 | </header><!-- .entry-header --> |
||||
105 | |||||
106 | <?php if ( has_post_format( array( 'quote' ) ) || apply_filters( 'lsx_blog_display_text_on_list', true ) ) : ?> |
||||
107 | |||||
108 | <?php if ( lsx_post_format_force_content_on_list() && ! apply_filters( 'lsx_blog_force_content_on_list', false ) ) : ?> |
||||
109 | |||||
110 | <div class="entry-summary"> |
||||
111 | <?php |
||||
112 | if ( false === apply_filters( 'lsx_disable_content_excerpt', false ) ) { |
||||
113 | if ( ! has_excerpt() ) { |
||||
114 | $excerpt_more = '<p><a class="moretag" href="' . esc_url( get_permalink() ) . '">' . esc_html__( 'Read More', 'lsx' ) . '</a></p>'; |
||||
115 | $content = wp_trim_words( strip_shortcodes( get_the_content() ), 30 ); |
||||
116 | $content = '<p>' . $content . '</p>' . $excerpt_more; |
||||
117 | echo wp_kses_post( $content ); |
||||
118 | } else { |
||||
119 | the_excerpt(); |
||||
120 | } |
||||
121 | } else { |
||||
122 | $excerpt_more = '<p><a class="moretag" href="' . esc_url( get_permalink() ) . '">' . esc_html__( 'Read More', 'lsx' ) . '</a></p>'; |
||||
123 | echo wp_kses_post( $excerpt_more ); |
||||
124 | } |
||||
125 | ?> |
||||
126 | |||||
127 | </div><!-- .entry-summary --> |
||||
128 | |||||
129 | <?php elseif ( has_post_format( array( 'link' ) ) ) : ?> |
||||
130 | |||||
131 | <?php elseif ( apply_filters( 'lsx_blog_force_content_on_list', false ) ) : ?> |
||||
132 | |||||
133 | <div class="entry-content"> |
||||
134 | <?php the_content(); ?> |
||||
135 | </div><!-- .entry-content --> |
||||
136 | |||||
137 | <?php else : ?> |
||||
138 | |||||
139 | <div class="entry-content"> |
||||
140 | <?php |
||||
141 | the_content(); |
||||
142 | |||||
143 | wp_link_pages( array( |
||||
0 ignored issues
–
show
|
|||||
144 | 'before' => '<div class="lsx-postnav-wrapper"><div class="lsx-postnav">', |
||||
145 | 'after' => '</div></div>', |
||||
146 | 'link_before' => '<span>', |
||||
147 | 'link_after' => '</span>', |
||||
148 | ) ); |
||||
0 ignored issues
–
show
For multi-line function calls, the closing parenthesis should be on a new line.
If a function call spawns multiple lines, the coding standard suggests to move the closing parenthesis to a new line: someFunctionCall(
$firstArgument,
$secondArgument,
$thirdArgument
); // Closing parenthesis on a new line.
![]() |
|||||
149 | ?> |
||||
150 | </div><!-- .entry-content --> |
||||
151 | |||||
152 | <?php endif; ?> |
||||
153 | |||||
154 | <?php endif; ?> |
||||
155 | |||||
156 | <div class="clearfix"></div> |
||||
157 | |||||
158 | <?php $comments_number = get_comments_number(); ?> |
||||
159 | |||||
160 | <?php if ( has_tag() || ! empty( $comments_number ) ) { ?> |
||||
161 | <div class="post-tags-wrapper"> |
||||
162 | |||||
163 | <?php lsx_content_post_tags(); ?> |
||||
164 | |||||
165 | <?php if ( comments_open() && ! empty( $comments_number ) ) : ?> |
||||
166 | <div class="post-comments"> |
||||
167 | <a href="<?php the_permalink(); ?>#comments"> |
||||
168 | <?php |
||||
169 | if ( '1' === $comments_number ) { |
||||
170 | echo esc_html_x( 'One Comment', 'content.php', 'lsx' ); |
||||
171 | } else { |
||||
172 | printf( |
||||
173 | /* Translators: %s: number of comments */ |
||||
174 | esc_html( _nx( |
||||
0 ignored issues
–
show
|
|||||
175 | '%s Comment', |
||||
176 | '%s Comments', |
||||
177 | $comments_number, |
||||
0 ignored issues
–
show
It seems like
$comments_number can also be of type string ; however, parameter $number of _nx() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
178 | 'content.php', |
||||
179 | 'lsx' |
||||
180 | ) ), |
||||
0 ignored issues
–
show
For multi-line function calls, the closing parenthesis should be on a new line.
If a function call spawns multiple lines, the coding standard suggests to move the closing parenthesis to a new line: someFunctionCall(
$firstArgument,
$secondArgument,
$thirdArgument
); // Closing parenthesis on a new line.
![]() |
|||||
181 | esc_html( number_format_i18n( $comments_number ) ) |
||||
0 ignored issues
–
show
It seems like
$comments_number can also be of type string ; however, parameter $number of number_format_i18n() does only seem to accept double , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
![]() |
|||||
182 | ); |
||||
183 | } |
||||
184 | ?> |
||||
185 | </a> |
||||
186 | </div> |
||||
187 | <?php endif ?> |
||||
188 | </div> |
||||
189 | <?php } ?> |
||||
190 | </div> |
||||
191 | |||||
192 | <?php if ( has_post_thumbnail() ) : ?> |
||||
193 | |||||
194 | <div class="entry-image hidden-xs"> |
||||
195 | <a class="thumbnail" href="<?php the_permalink(); ?>" style="background-image:url(<?php echo esc_url( $image_src ); ?>);"> |
||||
196 | <?php lsx_thumbnail( 'lsx-thumbnail-single' ); ?> |
||||
197 | </a> |
||||
198 | </div> |
||||
199 | |||||
200 | <?php endif; ?> |
||||
201 | </div> |
||||
202 | |||||
203 | <?php lsx_entry_bottom(); ?> |
||||
204 | |||||
205 | <div class="clearfix"></div> |
||||
206 | |||||
207 | <div class="lsx-breaker"></div> |
||||
208 | </article> |
||||
209 | |||||
210 | <?php |
||||
211 | lsx_entry_after(); |
||||
212 |