Issues (234)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/events/event.php (3 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * Event
4
 *
5
 * @package SimpleCalendar/Events
6
 */
7
namespace SimpleCalendar\Events;
8
9
use Carbon\Carbon;
10
11
if ( ! defined( 'ABSPATH' ) ) {
12
	exit;
13
}
14
15
/**
16
 * The Event.
17
 *
18
 * @since 3.0.0
19
 */
20
class Event {
21
22
	/**
23
	 * Event type.
24
	 *
25
	 * @access public
26
	 * @var string
27
	 */
28
	public $type = '';
29
30
	/**
31
	 * Event source.
32
	 *
33
	 * @access public
34
	 * @var string
35
	 */
36
	public $source = '';
37
38
	/**
39
	 * Event title.
40
	 *
41
	 * @access public
42
	 * @var string
43
	 */
44
	public $title = '';
45
46
	/**
47
	 * Event description.
48
	 *
49
	 * @access public
50
	 * @var string
51
	 */
52
	public $description = '';
53
54
	/**
55
	 * Event visibility.
56
	 *
57
	 * @access public
58
	 * @var string
59
	 */
60
	public $visibility = '';
61
62
	/**
63
	 * Event privacy.
64
	 *
65
	 * @access public
66
	 * @var bool
67
	 */
68
	public $public = false;
69
70
	/**
71
	 * Event link URL.
72
	 *
73
	 * @access public
74
	 * @var
75
	 */
76
	public $link = '';
77
78
	/**
79
	 * Event unique identifier.
80
	 *
81
	 * @access public
82
	 * @var string
83
	 */
84
	public $uid = '';
85
86
	/**
87
	 * Event iCal ID
88
	 */
89
	public $ical_id = '';
90
91
	/**
92
	 * Event parent calendar id.
93
	 *
94
	 * @access public
95
	 * @var int
96
	 */
97
	public $calendar = 0;
98
99
	/**
100
	 * Event parent calendar timezone.
101
	 *
102
	 * @access public
103
	 * @var string
104
	 */
105
	public $timezone = 'UTC';
106
107
	/**
108
	 * Event start time.
109
	 *
110
	 * @access public
111
	 * @var int
112
	 */
113
	public $start = 0;
114
115
	/**
116
	 * Event start time in GMT.
117
	 *
118
	 * @access public
119
	 * @var int
120
	 */
121
	public $start_utc = 0;
122
123
	/**
124
	 * Event start datetime object.
125
	 *
126
	 * @access public
127
	 * @var Carbon
128
	 */
129
	public $start_dt = null;
130
131
	/**
132
	 * Event start time timezone.
133
	 *
134
	 * @access public
135
	 * @var string
136
	 */
137
	public $start_timezone = 'UTC';
138
139
	/**
140
	 * Event location at event start.
141
	 *
142
	 * @access public
143
	 * @var array
144
	 */
145
	public $start_location = false;
146
147
	/**
148
	 * Event end time.
149
	 *
150
	 * @access public
151
	 * @var false|int
152
	 */
153
	public $end = false;
154
155
	/**
156
	 * Event end time in GMT.
157
	 *
158
	 * @access public
159
	 * @var false|int
160
	 */
161
	public $end_utc = false;
162
163
	/**
164
	 * Event end datetime object.
165
	 *
166
	 * @access public
167
	 * @var null|Carbon
168
	 */
169
	public $end_dt = null;
170
171
	/**
172
	 * Event end time timezone.
173
	 *
174
	 * @access public
175
	 * @var string
176
	 */
177
	public $end_timezone = 'UTC';
178
179
	/**
180
	 * Event location at event end.
181
	 *
182
	 * @access public
183
	 * @var array
184
	 */
185
	public $end_location = false;
186
187
	/**
188
	 * Event has location.
189
	 *
190
	 * @access public
191
	 * @var bool
192
	 */
193
	public $venue = false;
194
195
	/**
196
	 * Whole day event.
197
	 *
198
	 * @access public
199
	 * @var bool
200
	 */
201
	public $whole_day = false;
202
203
	/**
204
	 * Multiple days span.
205
	 *
206
	 * @access public
207
	 * @var bool|int
208
	 */
209
	public $multiple_days = false;
210
211
	/**
212
	 * Recurring event.
213
	 *
214
	 * @access public
215
	 * @var false|array
216
	 */
217
	public $recurrence = false;
218
219
	/**
220
	 * Event meta.
221
	 *
222
	 * @access public
223
	 * @var array
224
	 */
225
	public $meta = array();
226
227
	/**
228
	 * Event default template.
229
	 *
230
	 * @access public
231
	 * @var string
232
	 */
233
	public $template = '';
234
235
	/**
236
	 * Event constructor.
237
	 *
238
	 * @since 3.0.0
239
	 *
240
	 * @param array $event
241
	 */
242
	public function __construct( array $event ) {
243
244
		/* ================= *
245
		 * Event Identifiers *
246
		 * ================= */
247
248
		// Event unique id.
249
		if ( ! empty( $event['uid'] ) ) {
250
			$this->uid = esc_attr( $event['uid'] );
251
		}
252
253
		// iCal ID
254
		if ( ! empty( $event['ical_id'] ) ) {
255
			$this->ical_id = esc_attr( $event['ical_id'] );
256
		}
257
258
		// Event source.
259
		if ( ! empty( $event['source'] ) ) {
260
			$this->source = esc_attr( $event['source'] );
261
		}
262
263
		// Event parent calendar id.
264
		if ( ! empty( $event['calendar'] ) ) {
265
			$this->calendar = max( intval( $event['calendar'] ), 0 );
266
		}
267
268
		// Event parent calendar timezone.
269
		if ( ! empty( $event['timezone'] ) ) {
270
			$this->timezone = esc_attr( $event['timezone'] );
271
		}
272
273
		/* ============= *
274
		 * Event Content *
275
		 * ============= */
276
277
		// Event title.
278
		if ( ! empty( $event['title'] ) ) {
279
			$this->title = esc_html( $event['title'] );
280
		}
281
282
		// Event description.
283
		if ( ! empty( $event['description'] ) ) {
284
			$this->description = wp_kses_post( $event['description'] );
285
		}
286
287
		// Event link URL.
288
		if ( ! empty( $event['link'] ) ) {
289
			$this->link = esc_url_raw( $event['link'] );
290
		}
291
292
		// Event visibility.
293
		if ( ! empty( $event['visibility'] ) ) {
294
			$this->visibility = esc_attr( $event['visibility'] );
295
			$this->public = $this->visibility == 'public' ? true : false;
296
		}
297
298
		/* =========== *
299
		 * Event Start *
300
		 * =========== */
301
302
		if ( ! empty( $event['start'] ) ) {
303
			$this->start = is_numeric( $event['start'] ) ? intval( $event['start'] ) : 0;
304 View Code Duplication
			if ( ! empty( $event['start_utc'] ) ) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
305
				$this->start_utc = is_numeric( $event['start_utc'] ) ? intval( $event['start_utc'] ) : 0;
306
			}
307
			if ( ! empty( $event['start_timezone'] ) ) {
308
				$this->start_timezone = esc_attr( $event['start_timezone'] );
309
			}
310
			$this->start_dt = Carbon::createFromTimestamp( $this->start, $this->start_timezone );
311
			$start_location = isset( $event['start_location'] ) ? $event['start_location'] : '';
312
			$this->start_location = $this->esc_location( $start_location );
313
		}
314
315
		/* ========= *
316
		 * Event End *
317
		 * ========= */
318
319
		if ( ! empty( $event['end'] ) ) {
320
			$this->end = is_numeric( $event['end'] ) ? intval( $event['end'] ): false;
321 View Code Duplication
			if ( ! empty( $event['end_utc'] ) ) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
322
				$this->end_utc = is_numeric( $event['end_utc'] ) ? intval( $event['end_utc'] ) : false;
323
			}
324
			if ( ! empty( $event['end_timezone'] ) ) {
325
				$this->end_timezone = esc_attr( $event['end_timezone'] );
326
			}
327
			$this->end_dt = Carbon::createFromTimestamp( $this->end, $this->end_timezone );
0 ignored issues
show
It seems like $this->end can also be of type false; however, Carbon\Carbon::createFromTimestamp() does only seem to accept integer, did you maybe forget to handle an error condition?
Loading history...
328
			$end_location = isset( $event['end_location'] ) ? $event['end_location'] : '';
329
			$this->end_location = $this->esc_location( $end_location );
330
		}
331
332
		/* ================== *
333
		 * Event Distribution *
334
		 * ================== */
335
336
		// Whole day event.
337
		if ( ! empty( $event['whole_day'] ) ) {
338
			$this->whole_day = true === $event['whole_day'] ? true: false;
339
		}
340
341
		// Multi day event.
342
		if ( ! empty( $event['multiple_days'] ) ) {
343
			$this->multiple_days = max( absint( $event['multiple_days'] ), 1 );
344
		}
345
346
		// Event recurrence.
347
		if ( isset( $event['recurrence'] ) ) {
348
			$this->recurrence = ! empty( $event['recurrence'] ) ? $event['recurrence'] : false;
349
		}
350
351
		/* ========== *
352
		 * Event Meta *
353
		 * ========== */
354
355
		// Event has venue(s).
356
		if ( $this->start_location['venue'] || $this->end_location['venue'] ) {
357
			$this->venue = true;
358
		}
359
360
		// Event meta.
361
		if ( ! empty( $event['meta'] ) ) {
362
			$this->meta = is_array( $event['meta'] ) ? $event['meta'] : array();
363
		}
364
365
		// Event template.
366
		if ( ! empty( $event['template'] ) ) {
367
			$this->template = wp_kses_post( $event['template'] );
368
		}
369
370
	}
371
372
	/**
373
	 * Escape location.
374
	 *
375
	 * @since  3.0.0
376
	 * @access private
377
	 *
378
	 * @param  string|array $var
379
	 *
380
	 * @return array
381
	 */
382
	private function esc_location( $var = '' ) {
383
384
		$location = array();
385
386
		if ( is_string( $var ) ) {
387
			$var = array(
388
				'name'    => $var,
389
				'address' => $var,
390
			);
391
		} elseif ( is_bool( $var ) || is_null( $var ) ) {
392
			$var = array();
393
		} else {
394
			$var = (array) $var;
395
		}
396
397
		$location['name']    = isset( $var['name'] )    ? esc_attr( strip_tags( $var['name'] ) ) : '';
398
		$location['address'] = isset( $var['address'] ) ? esc_attr( strip_tags( $var['address'] ) ) : '';
399
		$location['lat']     = isset( $var['lat'] )     ? $this->esc_coordinate( $var['lat'] ) : 0;
400
		$location['lng']     = isset( $var['lng'] )     ? $this->esc_coordinate( $var['lng'] ) : 0;
401
402
		if ( ! empty( $location['name'] ) || ! empty( $location['address'] ) ) {
403
			$location['venue'] = true;
404
		} else {
405
			$location['venue'] = false;
406
		}
407
408
		return $location;
409
	}
410
411
	/**
412
	 * Escape coordinate.
413
	 *
414
	 * @since  3.0.0
415
	 * @access private
416
	 *
417
	 * @param  int|float $latlng
418
	 *
419
	 * @return int|float
420
	 */
421
	private function esc_coordinate( $latlng = 0 ) {
422
		return is_numeric( $latlng ) ? floatval( $latlng ) : 0;
423
	}
424
425
	/**
426
	 * Set timezone.
427
	 *
428
	 * @since  3.0.0
429
	 * @access private
430
	 *
431
	 * @param  string $tz Timezone.
432
	 *
433
	 * @return bool
434
	 */
435
	public function set_timezone( $tz ) {
436
		if ( in_array( $tz, timezone_identifiers_list() ) ) {
437
			$this->timezone = $tz;
438
			return true;
439
		}
440
		return false;
441
	}
442
443
	/**
444
	 * Starts or ends today.
445
	 *
446
	 * @since  3.0.0
447
	 *
448
	 * @return bool
449
	 */
450
	public function is_today() {
451
		return $this->starts_today() || $this->ends_today();
452
	}
453
454
	/**
455
	 * Starts today.
456
	 *
457
	 * @since  3.0.0
458
	 *
459
	 * @return bool
460
	 */
461
	public function starts_today() {
462
		return $this->start_dt->setTimezone( $this->timezone )->isToday();
463
	}
464
465
	/**
466
	 * Ends today.
467
	 *
468
	 * @since  3.0.0
469
	 *
470
	 * @return bool
471
	 */
472
	public function ends_today() {
473
		return ! is_null( $this->end_dt ) ? $this->end_dt->setTimezone( $this->timezone )->isToday() : true;
474
	}
475
476
	/**
477
	 * Starts tomorrow
478
	 *
479
	 * @since  3.0.0
480
	 *
481
	 * @return bool
482
	 */
483
	public function starts_tomorrow() {
484
		return $this->start_dt->setTimezone( $this->timezone )->isTomorrow();
485
	}
486
487
	/**
488
	 * Ends tomorrow.
489
	 *
490
	 * @since  3.0.0
491
	 *
492
	 * @return bool
493
	 */
494
	public function ends_tomorrow() {
495
		return ! is_null( $this->end_dt ) ? $this->end_dt->setTimezone( $this->timezone )->isTomorrow() : false;
496
	}
497
498
	/**
499
	 * Started yesterday.
500
	 *
501
	 * @since  3.0.0
502
	 *
503
	 * @return bool
504
	 */
505
	public function started_yesterday() {
506
		return $this->start_dt->setTimezone( $this->timezone )->isYesterday();
507
	}
508
509
	/**
510
	 * Ended yesterday.
511
	 *
512
	 * @since  3.0.0
513
	 *
514
	 * @return bool
515
	 */
516
	public function ended_yesterday() {
517
		return ! is_null( $this->end_dt ) ? $this->end_dt->setTimezone( $this->timezone )->isYesterday() : false;
518
	}
519
520
	/**
521
	 * Starts in the future.
522
	 *
523
	 * @since  3.0.0
524
	 *
525
	 * @return bool
526
	 */
527
	public function starts_future() {
528
		return $this->start_dt->setTimezone( $this->timezone )->isFuture();
529
	}
530
531
	/**
532
	 * Ends in the future.
533
	 *
534
	 * @since  3.0.0
535
	 *
536
	 * @return bool
537
	 */
538
	public function ends_future() {
539
		return ! is_null( $this->end_dt ) ? $this->end_dt->setTimezone( $this->timezone )->isFuture() : false;
540
	}
541
542
	/**
543
	 * Started in the past.
544
	 *
545
	 * @since  3.0.0
546
	 *
547
	 * @return bool
548
	 */
549
	public function started_past() {
550
		return $this->start_dt->setTimezone( $this->timezone )->isPast();
551
	}
552
553
	/**
554
	 * Ended in the past.
555
	 *
556
	 * @since  3.0.0
557
	 *
558
	 * @return bool
559
	 */
560
	public function ended_past() {
561
		return ! is_null( $this->end_dt ) ? $this->end_dt->setTimezone( $this->timezone )->isPast() : false;
562
	}
563
564
	/**
565
	 * Get color.
566
	 *
567
	 * @since  3.0.0
568
	 *
569
	 * @param  string $default
570
	 *
571
	 * @return string
572
	 */
573
	public function get_color( $default = '' ) {
574
		if ( isset( $this->meta['color'] ) ) {
575
			return ! empty( $this->meta['color'] ) ? esc_attr( $this->meta['color'] ) : $default;
576
		}
577
		return $default;
578
	}
579
580
	/**
581
	 * Get attachments.
582
	 *
583
	 * @since  3.0.0
584
	 *
585
	 * @return array
586
	 */
587
	public function get_attachments() {
588
		return isset( $this->meta['attachments'] ) ? $this->meta['attachments'] : array();
589
	}
590
591
	/**
592
	 * Get attendees.
593
	 *
594
	 * @since  3.0.0
595
	 *
596
	 * @return array
597
	 */
598
	public function get_attendees() {
599
		return isset( $this->meta['attendees'] ) ? $this->meta['attendees'] : array();
600
	}
601
602
	/**
603
	 * Get organizer.
604
	 *
605
	 * @since  3.0.0
606
	 *
607
	 * @return array
608
	 */
609
	public function get_organizer() {
610
		return isset( $this->meta['organizer'] ) ? $this->meta['organizer'] : array();
611
	}
612
613
}
614