Issues in wp-github-sync.php (master) - Issues in master - mAAdhaTTah/wordpress-github-sync - Measure and Improve Code Quality continuously with Scrutinizer

Issues (64)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-github-sync.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Plugin Name: WordPress GitHub Sync
 * Plugin URI: https://github.com/mAAdhaTTah/wordpress-github-sync
 * Description: A WordPress plugin to sync content with a GitHub repository (or Jekyll site).
 * Version: 2.0.1
 * Author:  James DiGioia, Ben Balter
 * Author URI: http://jamesdigioia.com
 * License: GPLv2
 * Domain Path: /languages
 * Text Domain: wp-github-sync
 *
 * @package wp-github-sync
 */

/**
		Copyright 2014  James DiGioia  (email : [email protected])

		This program is free software; you can redistribute it and/or modify
		it under the terms of the GNU General Public License, version 2, as
		published by the Free Software Foundation.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
		GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program; if not, write to the Free Software
		Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

// If the functions have already been autoloaded, don't reload.
// This fixes function duplication during unit testing.
$path = dirname( __FILE__ ) . '/vendor/autoload_52.php';
if ( ! function_exists( 'get_the_github_view_link' ) && file_exists( $path ) ) {
	require_once $path;
}

add_action( 'plugins_loaded', array( new WordPress_GitHub_Sync, 'boot' ) );

/**
 * Class WordPress_GitHub_Sync
 *
 * Main application class for the plugin. Responsible for bootstrapping
 * any hooks and instantiating all service classes.
 */
class WordPress_GitHub_Sync {

	/**
	 * Object instance.
	 *
	 * @var self
	 */
	public static $instance;

	/**
	 * Language text domain.
	 *
	 * @var string
	 */
	public static $text_domain = 'wp-github-sync';

	/**
	 * Current version.
	 *
	 * @var string
	 */
	public static $version = '2.0.1';

	/**
	 * Controller object.
	 *
	 * @var WordPress_GitHub_Sync_Controller
	 */
	public $controller;

	/**
	 * Admin object.
	 *
	 * @var WordPress_GitHub_Sync_Admin
	 */
	public $admin;

	/**
	 * CLI object.
	 *
	 * @var WordPress_GitHub_Sync_CLI
	 */
	protected $cli;

	/**
	 * Request object.
	 *
	 * @var WordPress_GitHub_Sync_Request
	 */
	protected $request;

	/**
	 * Response object.
	 *
	 * @var WordPress_GitHub_Sync_Response
	 */
	protected $response;

	/**
	 * Api object.
	 *
	 * @var WordPress_GitHub_Sync_Api
	 */
	protected $api;

	/**
	 * Import object.
	 *
	 * @var WordPress_GitHub_Sync_Import
	 */
	protected $import;

	/**
	 * Export object.
	 *
	 * @var WordPress_GitHub_Sync_Export
	 */
	protected $export;

	/**
	 * Semaphore object.
	 *
	 * @var WordPress_GitHub_Sync_Semaphore
	 */
	protected $semaphore;

	/**
	 * Database object.
	 *
	 * @var WordPress_GitHub_Sync_Database
	 */
	protected $database;

	/**
	 * Cache object.
	 *
	 * @var WordPress_GitHub_Sync_Cache
	 */
	protected $cache;

	/**
	 * Called at load time, hooks into WP core
	 */
	public function __construct() {
		self::$instance = $this;

		if ( is_admin() ) {
			$this->admin = new WordPress_GitHub_Sync_Admin;
		}

		$this->controller = new WordPress_GitHub_Sync_Controller( $this );

		if ( defined( 'WP_CLI' ) && WP_CLI ) {
			WP_CLI::add_command( 'wpghs', $this->cli() );
		}
	}

	/**
	 * Attaches the plugin's hooks into WordPress.
	 */
	public function boot() {
		register_activation_hook( __FILE__, array( $this, 'activate' ) );
		add_action( 'admin_notices', array( $this, 'activation_notice' ) );

		add_action( 'init', array( $this, 'l10n' ) );

		// Controller actions.
		add_action( 'save_post', array( $this->controller, 'export_post' ) );
		add_action( 'delete_post', array( $this->controller, 'delete_post' ) );
		add_action( 'wp_ajax_nopriv_wpghs_sync_request', array( $this->controller, 'pull_posts' ) );
		add_action( 'wpghs_export', array( $this->controller, 'export_all' ) );
		add_action( 'wpghs_import', array( $this->controller, 'import_master' ) );

		add_shortcode( 'wpghs', 'write_wpghs_link' );

		do_action( 'wpghs_boot', $this );
	}

	/**
	 * Init i18n files
	 */
	public function l10n() {
		load_plugin_textdomain( self::$text_domain, false, plugin_basename( dirname( __FILE__ ) ) . '/languages/' );
	}

	/**
	 * Sets and kicks off the export cronjob
	 */
	public function start_export() {
		$this->export()->set_user( get_current_user_id() );
		$this->start_cron( 'export' );
	}

	/**
	 * Sets and kicks off the import cronjob
	 */
	public function start_import() {
		$this->start_cron( 'import' );
	}

	/**
	 * Enables the admin notice on initial activation
	 */
	public function activate() {
		if ( 'yes' !== get_option( '_wpghs_fully_exported' ) ) {
			set_transient( '_wpghs_activated', 'yes' );
		}
	}

	/**
	 * Displays the activation admin notice
	 */
	public function activation_notice() {
		if ( ! get_transient( '_wpghs_activated' ) ) {
			return;
		}

		delete_transient( '_wpghs_activated' );

		?><div class="updated">
			<p>
				<?php
					printf(
						__( 'To set up your site to sync with GitHub, update your <a href="%s">settings</a> and click "Export to GitHub."', 'wp-github-sync' ),
						admin_url( 'options-general.php?page=' . static::$text_domain)

					);
				?>
			</p>
		</div><?php
	}

	/**
	 * Get the Controller object.
	 *
	 * @return WordPress_GitHub_Sync_Controller
	 */
	public function controller() {
		return $this->controller;
	}

	/**
	 * Lazy-load the CLI object.
	 *
	 * @return WordPress_GitHub_Sync_CLI
	 */
	public function cli() {
		if ( ! $this->cli ) {
			$this->cli = new WordPress_GitHub_Sync_CLI;
		}

		return $this->cli;
	}

	/**
	 * Lazy-load the Request object.
	 *
	 * @return WordPress_GitHub_Sync_Request
	 */
	public function request() {
		if ( ! $this->request ) {
			$this->request = new WordPress_GitHub_Sync_Request( $this );
		}

		return $this->request;
	}

	/**
	 * Lazy-load the Response object.
	 *
	 * @return WordPress_GitHub_Sync_Response
	 */
	public function response() {
		if ( ! $this->response ) {
			$this->response = new WordPress_GitHub_Sync_Response( $this );
		}

		return $this->response;
	}

	/**
	 * Lazy-load the Api object.
	 *
	 * @return WordPress_GitHub_Sync_Api
	 */
	public function api() {
		if ( ! $this->api ) {
			$this->api = new WordPress_GitHub_Sync_Api( $this );
		}

		return $this->api;
	}

	/**
	 * Lazy-load the Import object.
	 *
	 * @return WordPress_GitHub_Sync_Import
	 */
	public function import() {
		if ( ! $this->import ) {
			$this->import = new WordPress_GitHub_Sync_Import( $this );
		}

		return $this->import;
	}

	/**
	 * Lazy-load the Export object.
	 *
	 * @return WordPress_GitHub_Sync_Export
	 */
	public function export() {
		if ( ! $this->export ) {
			$this->export = new WordPress_GitHub_Sync_Export( $this );
		}

		return $this->export;
	}

	/**
	 * Lazy-load the Semaphore object.
	 *
	 * @return WordPress_GitHub_Sync_Semaphore
	 */
	public function semaphore() {
		if ( ! $this->semaphore ) {
			$this->semaphore = new WordPress_GitHub_Sync_Semaphore;
		}

		return $this->semaphore;
	}

	/**
	 * Lazy-load the Database object.
	 *
	 * @return WordPress_GitHub_Sync_Database
	 */
	public function database() {
		if ( ! $this->database ) {
			$this->database = new WordPress_GitHub_Sync_Database( $this );
		}

		return $this->database;
	}

	/**
	 * Lazy-load the Cache object.
	 *
	 * @return WordPress_GitHub_Sync_Cache
	 */
	public function cache() {
		if ( ! $this->cache ) {
			$this->cache = new WordPress_GitHub_Sync_Cache;
		}

		return $this->cache;
	}

	/**
	 * Print to WP_CLI if in CLI environment or
	 * write to debug.log if WP_DEBUG is enabled
	 *
	 * @source http://www.stumiller.me/sending-output-to-the-wordpress-debug-log/
	 *
	 * @param mixed  $msg   Message text.
	 * @param string $write How to write the message, if CLI.
	 */
	public static function write_log( $msg, $write = 'line' ) {
		if ( defined( 'WP_CLI' ) && WP_CLI ) {
			if ( is_array( $msg ) || is_object( $msg ) ) {
				WP_CLI::print_value( $msg );
			} else {
				WP_CLI::$write( $msg );
			}
		} elseif ( true === WP_DEBUG ) {
			if ( is_array( $msg ) || is_object( $msg ) ) {
				error_log( print_r( $msg, true ) );
			} else {
				error_log( $msg );
			}
		}
	}

	/**
	 * Kicks of an import or export cronjob.
	 *
	 * @param string $type Cron to kick off.
	 */
	protected function start_cron( $type ) {
		update_option( '_wpghs_' . $type . '_started', 'yes' );
		wp_schedule_single_event( time(), 'wpghs_' . $type . '' );
		spawn_cron();
	}
}


1		<?php
2		/**
3		* Plugin Name: WordPress GitHub Sync
4		* Plugin URI: https://github.com/mAAdhaTTah/wordpress-github-sync
5		* Description: A WordPress plugin to sync content with a GitHub repository (or Jekyll site).
6		* Version: 2.0.1
7		* Author: James DiGioia, Ben Balter
8		* Author URI: http://jamesdigioia.com
9		* License: GPLv2
10		* Domain Path: /languages
11		* Text Domain: wp-github-sync
12		*
13		* @package wp-github-sync
14		*/
15
16		/**
17		Copyright 2014 James DiGioia (email : [email protected])
18
19		This program is free software; you can redistribute it and/or modify
20		it under the terms of the GNU General Public License, version 2, as
21		published by the Free Software Foundation.
22
23		This program is distributed in the hope that it will be useful,
24		but WITHOUT ANY WARRANTY; without even the implied warranty of
25		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26		GNU General Public License for more details.
27
28		You should have received a copy of the GNU General Public License
29		along with this program; if not, write to the Free Software
30		Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
31		*/
32
33		// If the functions have already been autoloaded, don't reload.
34		// This fixes function duplication during unit testing.
35		$path = dirname( __FILE__ ) . '/vendor/autoload_52.php';
36		if ( ! function_exists( 'get_the_github_view_link' ) && file_exists( $path ) ) {
37		require_once $path;
38		}
39
40		add_action( 'plugins_loaded', array( new WordPress_GitHub_Sync, 'boot' ) );
41
42		/**
43		* Class WordPress_GitHub_Sync
44		*
45		* Main application class for the plugin. Responsible for bootstrapping
46		* any hooks and instantiating all service classes.
47		*/
48		class WordPress_GitHub_Sync {
49
50		/**
51		* Object instance.
52		*
53		* @var self
54		*/
55		public static $instance;
56
57		/**
58		* Language text domain.
59		*
60		* @var string
61		*/
62		public static $text_domain = 'wp-github-sync';
63
64		/**
65		* Current version.
66		*
67		* @var string
68		*/
69		public static $version = '2.0.1';
70
71		/**
72		* Controller object.
73		*
74		* @var WordPress_GitHub_Sync_Controller
75		*/
76		public $controller;
77
78		/**
79		* Admin object.
80		*
81		* @var WordPress_GitHub_Sync_Admin
82		*/
83		public $admin;
84
85		/**
86		* CLI object.
87		*
88		* @var WordPress_GitHub_Sync_CLI
89		*/
90		protected $cli;
91
92		/**
93		* Request object.
94		*
95		* @var WordPress_GitHub_Sync_Request
96		*/
97		protected $request;
98
99		/**
100		* Response object.
101		*
102		* @var WordPress_GitHub_Sync_Response
103		*/
104		protected $response;
105
106		/**
107		* Api object.
108		*
109		* @var WordPress_GitHub_Sync_Api
110		*/
111		protected $api;
112
113		/**
114		* Import object.
115		*
116		* @var WordPress_GitHub_Sync_Import
117		*/
118		protected $import;
119
120		/**
121		* Export object.
122		*
123		* @var WordPress_GitHub_Sync_Export
124		*/
125		protected $export;
126
127		/**
128		* Semaphore object.
129		*
130		* @var WordPress_GitHub_Sync_Semaphore
131		*/
132		protected $semaphore;
133
134		/**
135		* Database object.
136		*
137		* @var WordPress_GitHub_Sync_Database
138		*/
139		protected $database;
140
141		/**
142		* Cache object.
143		*
144		* @var WordPress_GitHub_Sync_Cache
145		*/
146		protected $cache;
147
148		/**
149		* Called at load time, hooks into WP core
150		*/
151		public function __construct() {
152		self::$instance = $this;
153
154		if ( is_admin() ) {
155		$this->admin = new WordPress_GitHub_Sync_Admin;
156		}
157
158		$this->controller = new WordPress_GitHub_Sync_Controller( $this );
159
160		if ( defined( 'WP_CLI' ) && WP_CLI ) {
161		WP_CLI::add_command( 'wpghs', $this->cli() );
162		}
163		}
164
165		/**
166		* Attaches the plugin's hooks into WordPress.
167		*/
168		public function boot() {
169		register_activation_hook( __FILE__, array( $this, 'activate' ) );
170		add_action( 'admin_notices', array( $this, 'activation_notice' ) );
171
172		add_action( 'init', array( $this, 'l10n' ) );
173
174		// Controller actions.
175		add_action( 'save_post', array( $this->controller, 'export_post' ) );
176		add_action( 'delete_post', array( $this->controller, 'delete_post' ) );
177		add_action( 'wp_ajax_nopriv_wpghs_sync_request', array( $this->controller, 'pull_posts' ) );
178		add_action( 'wpghs_export', array( $this->controller, 'export_all' ) );
179		add_action( 'wpghs_import', array( $this->controller, 'import_master' ) );
180
181		add_shortcode( 'wpghs', 'write_wpghs_link' );
182
183		do_action( 'wpghs_boot', $this );
184		}
185
186		/**
187		* Init i18n files
188		*/
189		public function l10n() {
190		load_plugin_textdomain( self::$text_domain, false, plugin_basename( dirname( __FILE__ ) ) . '/languages/' );
191		}
192
193		/**
194		* Sets and kicks off the export cronjob
195		*/
196		public function start_export() {
197		$this->export()->set_user( get_current_user_id() );
198		$this->start_cron( 'export' );
199		}
200
201		/**
202		* Sets and kicks off the import cronjob
203		*/
204		public function start_import() {
205		$this->start_cron( 'import' );
206		}
207
208		/**
209		* Enables the admin notice on initial activation
210		*/
211		public function activate() {
212		if ( 'yes' !== get_option( '_wpghs_fully_exported' ) ) {
213		set_transient( '_wpghs_activated', 'yes' );
214		}
215		}
216
217		/**
218		* Displays the activation admin notice
219		*/
220		public function activation_notice() {
221		if ( ! get_transient( '_wpghs_activated' ) ) {
222		return;
223		}
224
225		delete_transient( '_wpghs_activated' );
226
227		?><div class="updated">
228		<p>
229		<?php
230		printf(
231		__( 'To set up your site to sync with GitHub, update your <a href="%s">settings</a> and click "Export to GitHub."', 'wp-github-sync' ),
232		admin_url( 'options-general.php?page=' . static::$text_domain)
		0 ignored issues – show Coding Style introduced 2016-12-10 20:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 spaces before closing bracket; 0 found Loading history...
233		);
234		?>
235		</p>
236		</div><?php
237		}
238
239		/**
240		* Get the Controller object.
241		*
242		* @return WordPress_GitHub_Sync_Controller
243		*/
244		public function controller() {
245		return $this->controller;
246		}
247
248		/**
249		* Lazy-load the CLI object.
250		*
251		* @return WordPress_GitHub_Sync_CLI
252		*/
253		public function cli() {
254		if ( ! $this->cli ) {
255		$this->cli = new WordPress_GitHub_Sync_CLI;
256		}
257
258		return $this->cli;
259		}
260
261		/**
262		* Lazy-load the Request object.
263		*
264		* @return WordPress_GitHub_Sync_Request
265		*/
266		public function request() {
267		if ( ! $this->request ) {
268		$this->request = new WordPress_GitHub_Sync_Request( $this );
269		}
270
271		return $this->request;
272		}
273
274		/**
275		* Lazy-load the Response object.
276		*
277		* @return WordPress_GitHub_Sync_Response
278		*/
279		public function response() {
280		if ( ! $this->response ) {
281		$this->response = new WordPress_GitHub_Sync_Response( $this );
282		}
283
284		return $this->response;
285		}
286
287		/**
288		* Lazy-load the Api object.
289		*
290		* @return WordPress_GitHub_Sync_Api
291		*/
292		public function api() {
293		if ( ! $this->api ) {
294		$this->api = new WordPress_GitHub_Sync_Api( $this );
295		}
296
297		return $this->api;
298		}
299
300		/**
301		* Lazy-load the Import object.
302		*
303		* @return WordPress_GitHub_Sync_Import
304		*/
305		public function import() {
306		if ( ! $this->import ) {
307		$this->import = new WordPress_GitHub_Sync_Import( $this );
308		}
309
310		return $this->import;
311		}
312
313		/**
314		* Lazy-load the Export object.
315		*
316		* @return WordPress_GitHub_Sync_Export
317		*/
318		public function export() {
319		if ( ! $this->export ) {
320		$this->export = new WordPress_GitHub_Sync_Export( $this );
321		}
322
323		return $this->export;
324		}
325
326		/**
327		* Lazy-load the Semaphore object.
328		*
329		* @return WordPress_GitHub_Sync_Semaphore
330		*/
331		public function semaphore() {
332		if ( ! $this->semaphore ) {
333		$this->semaphore = new WordPress_GitHub_Sync_Semaphore;
334		}
335
336		return $this->semaphore;
337		}
338
339		/**
340		* Lazy-load the Database object.
341		*
342		* @return WordPress_GitHub_Sync_Database
343		*/
344		public function database() {
345		if ( ! $this->database ) {
346		$this->database = new WordPress_GitHub_Sync_Database( $this );
347		}
348
349		return $this->database;
350		}
351
352		/**
353		* Lazy-load the Cache object.
354		*
355		* @return WordPress_GitHub_Sync_Cache
356		*/
357		public function cache() {
358		if ( ! $this->cache ) {
359	2	$this->cache = new WordPress_GitHub_Sync_Cache;
360	2	}
361
362		return $this->cache;
363		}
364
365		/**
366	2	* Print to WP_CLI if in CLI environment or
367	2	* write to debug.log if WP_DEBUG is enabled
368		*
369		* @source http://www.stumiller.me/sending-output-to-the-wordpress-debug-log/
370	2	*
371		* @param mixed $msg Message text.
372	2	* @param string $write How to write the message, if CLI.
373	2	*/
374		public static function write_log( $msg, $write = 'line' ) {
375		if ( defined( 'WP_CLI' ) && WP_CLI ) {
376		if ( is_array( $msg ) \|\| is_object( $msg ) ) {
377		WP_CLI::print_value( $msg );
378		} else {
379		WP_CLI::$write( $msg );
380		}
381		} elseif ( true === WP_DEBUG ) {
382		if ( is_array( $msg ) \|\| is_object( $msg ) ) {
383		error_log( print_r( $msg, true ) );
384		} else {
385		error_log( $msg );
386		}
387		}
388		}
389
390		/**
391		* Kicks of an import or export cronjob.
392		*
393		* @param string $type Cron to kick off.
394		*/
395		protected function start_cron( $type ) {
396		update_option( '_wpghs_' . $type . '_started', 'yes' );
397		wp_schedule_single_event( time(), 'wpghs_' . $type . '' );
398		spawn_cron();
399		}
400		}
401

mAAdhaTTah / wordpress-github-sync

Issues (64)

Security Analysis not enabled

wp-github-sync.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like