Issues in main.php (master) - Issues in master - moonstonemedia/Simple-Calendar - Measure and Improve Code Quality continuously with Scrutinizer

Issues (234)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/main.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Fulvio Notarstefano 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Main Class
 *
 * @package SimpleCalendar
 */
namespace SimpleCalendar;

use SimpleCalendar\Admin\License_Manager;

if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Simple Calendar plugin.
 */
final class Plugin {

	/**
	 * Plugin name.
	 *
	 * @access public
	 * @var string
	 */
	public static $name = 'Simple Calendar';

	/**
	 * Plugin version.
	 *
	 * @access public
	 * @var string
	 */
	public static $version = SIMPLE_CALENDAR_VERSION;

	/**
	 * Plugin homepage.
	 *
	 * @access public
	 * @var string
	 */
	protected static $homepage = 'https://simplecalendar.io';

	/**
	 * Locale.
	 *
	 * @access public
	 * @var string
	 */
	public $locale = 'en_US';

	/**
	 * Objects factory.
	 *
	 * @access public
	 * @var Objects
	 */
	public $objects = null;

	/**
	 * The single instance of this class.
	 *
	 * @access protected
	 * @var Plugin
	 */
	protected static $_instance = null;

	/**
	 * Get the plugin instance.
	 *
	 * @return Plugin
	 */
	public static function get_instance() {
		if ( is_null( self::$_instance ) ) {
			self::$_instance = new self();
		}
		return self::$_instance;
	}

	/**
	 * Cloning is forbidden.
	 */
	public function __clone() {
		_doing_it_wrong( __FUNCTION__, 'Cloning the main instance of this plugin is forbidden.', '1.0.0' );
	}

	/**
	 * Unserializing instances of this class is forbidden.
	 */
	public function __wakeup() {
		_doing_it_wrong( __FUNCTION__, 'Unserializing instances of this plugin is forbidden.', '1.0.0' );
	}

	/**
	 * Plugin constructor.
	 *
	 * @final
	 */
	public function __construct() {

		// Load plugin.
		require_once 'autoload.php';
		$this->locale = apply_filters( 'plugin_locale', get_locale(), 'google-calendar-events' );
		$this->load();

		// Installation hooks.
		register_activation_hook( SIMPLE_CALENDAR_MAIN_FILE, array( 'SimpleCalendar\Installation', 'activate' ) );
		register_deactivation_hook( SIMPLE_CALENDAR_MAIN_FILE, array( 'SimpleCalendar\Installation', 'deactivate' ) );

		// Do update call here.
		add_action( 'admin_init', array( $this, 'update' ), 999 );

		// Init hooks.
		add_action( 'init', array( $this, 'init' ), 5 );
		add_action( 'admin_init', array( $this, 'register_settings' ), 5 );

		// Upon plugin loaded action hook.
		do_action( 'simcal_loaded' );
	}

	/**
	 * Load plugin.
	 *
	 * @since 3.0.0
	 */
	public function load() {

		// Functions shared in both back end and front end.
		include_once 'functions/shared.php';

		// Init custom post types and taxonomies.
		new Post_Types();

		// Load back end.
		if ( is_admin() ) {
			$this->load_admin();
		} else {
			// Load front end scripts and styles.
			new Assets();
		}

		// Front facing ajax callbacks.
		new Ajax();

		// Add Shortcodes.
		new Shortcodes();

		// Add Widgets.
		new Widgets();

		// Deprecated functions for backwards compatibility.
		include_once 'functions/deprecated.php';
	}

	/**
	 * Load plugin admin.
	 *
	 * @since 3.0.0
	 */
	public function load_admin() {

		// Back end only functions.
		include_once 'functions/admin.php';

		// Display admin notices.
		new Admin\Notices();

		// Load back end scripts and styles.
		new Admin\Assets();

		// Custom content handling.
		new Admin\Post_Types();

		// Init menus and settings.
		new Admin\Menus();

		if ( defined( 'DOING_AJAX' ) ) {
			// Admin ajax callbacks.
			new Admin\Ajax();
		}
	}

	/**
	 * Init plugin when WordPress initializes.
	 *
	 * @since 3.0.0
	 */
	public function init() {

		// Before init action hook.
		do_action( 'before_simcal_init' );

		// Set up localization.
		add_action( 'plugins_loaded', array( $this, 'load_plugin_textdomain' ) );

		// Init objects factory.
		$this->objects = new Objects();

		// Upon init action hook.
		do_action( 'simcal_init' );
	}

	/**
	 * Loads the plugin textdomain for translation.
	 *
	 * @since 3.1.3
	 */
	public function load_plugin_textdomain() {

		load_plugin_textdomain( 'google-calendar-events', false, dirname( plugin_basename( SIMPLE_CALENDAR_MAIN_FILE ) ) . '/i18n/' );
	}

	/**
	 * Register plugin settings.
	 *
	 * @since 3.0.0
	 */
	public function register_settings() {
		if ( is_admin() && ! defined( 'DOING_AJAX' ) ) {
			$settings = new Admin\Pages();
			$settings->register_settings( $settings->get_settings() );
		}
	}

	/**
	 * Get Ajax URL.
	 *
	 * @since  3.0.0
	 *
	 * @return string
	 */
	public function ajax_url() {
		return admin_url( 'admin-ajax.php', 'relative' );
	}

	/**
	 * Get URL.
	 *
	 * @since  3.0.0
	 *
	 * @param  string $case Requested url.
	 *
	 * @return string
	 */
	public function get_url( $case ) {
		switch ( $case ) {
			case 'codex' :
			case 'apidocs' :
				return 'http://codex.simplecalendar.io';
			case 'addons' :
				return self::$homepage . '/addons/';
			case 'gcal-pro' :
				return self::$homepage . '/addons/google-calendar-pro/';
			case 'fullcal' :
				return self::$homepage . '/addons/full-calendar/';
			case 'docs' :
				return 'http://docs.simplecalendar.io';
			case 'github' :
				return 'https://github.com/moonstonemedia/Simple-Calendar';
			case 'support' :
				return 'https://wordpress.org/support/plugin/google-calendar-events';
			case 'gdev-console':
				return 'https://console.developers.google.com';
			case 'home' :
			default :
switch ($expr) {
    default : //wrong
        doSomething();
        break;
}

switch ($expr) {
    default: //right
        doSomething();
        break;
}
				return self::$homepage;
		}
	}

	/**
	 * Run upgrade scripts.
	 *
	 * @since 3.0.0
	 */
	public static function update() {
		$update = new Update( SIMPLE_CALENDAR_VERSION );
	}

}

/**
 * Simple Calendar.
 *
 * @return Plugin
 */
function plugin() {
	return Plugin::get_instance();
}

plugin();


1			<?php
2			/**
3			* Main Class
4			*
5			* @package SimpleCalendar
6			*/
7			namespace SimpleCalendar;
8
9			use SimpleCalendar\Admin\License_Manager;
10
11			if ( ! defined( 'ABSPATH' ) ) {
12			exit;
13			}
14
15			/**
16			* Simple Calendar plugin.
17			*/
18			final class Plugin {
19
20			/**
21			* Plugin name.
22			*
23			* @access public
24			* @var string
25			*/
26			public static $name = 'Simple Calendar';
27
28			/**
29			* Plugin version.
30			*
31			* @access public
32			* @var string
33			*/
34			public static $version = SIMPLE_CALENDAR_VERSION;
35
36			/**
37			* Plugin homepage.
38			*
39			* @access public
40			* @var string
41			*/
42			protected static $homepage = 'https://simplecalendar.io';
43
44			/**
45			* Locale.
46			*
47			* @access public
48			* @var string
49			*/
50			public $locale = 'en_US';
51
52			/**
53			* Objects factory.
54			*
55			* @access public
56			* @var Objects
57			*/
58			public $objects = null;
59
60			/**
61			* The single instance of this class.
62			*
63			* @access protected
64			* @var Plugin
65			*/
66			protected static $_instance = null;
67
68			/**
69			* Get the plugin instance.
70			*
71			* @return Plugin
72			*/
73			public static function get_instance() {
74			if ( is_null( self::$_instance ) ) {
75			self::$_instance = new self();
76			}
77			return self::$_instance;
78			}
79
80			/**
81			* Cloning is forbidden.
82			*/
83			public function __clone() {
84			_doing_it_wrong( __FUNCTION__, 'Cloning the main instance of this plugin is forbidden.', '1.0.0' );
85			}
86
87			/**
88			* Unserializing instances of this class is forbidden.
89			*/
90			public function __wakeup() {
91			_doing_it_wrong( __FUNCTION__, 'Unserializing instances of this plugin is forbidden.', '1.0.0' );
92			}
93
94			/**
95			* Plugin constructor.
96			*
97			* @final
98			*/
99			public function __construct() {
100
101			// Load plugin.
102			require_once 'autoload.php';
103			$this->locale = apply_filters( 'plugin_locale', get_locale(), 'google-calendar-events' );
104			$this->load();
105
106			// Installation hooks.
107			register_activation_hook( SIMPLE_CALENDAR_MAIN_FILE, array( 'SimpleCalendar\Installation', 'activate' ) );
108			register_deactivation_hook( SIMPLE_CALENDAR_MAIN_FILE, array( 'SimpleCalendar\Installation', 'deactivate' ) );
109
110			// Do update call here.
111			add_action( 'admin_init', array( $this, 'update' ), 999 );
112
113			// Init hooks.
114			add_action( 'init', array( $this, 'init' ), 5 );
115			add_action( 'admin_init', array( $this, 'register_settings' ), 5 );
116
117			// Upon plugin loaded action hook.
118			do_action( 'simcal_loaded' );
119			}
120
121			/**
122			* Load plugin.
123			*
124			* @since 3.0.0
125			*/
126			public function load() {
127
128			// Functions shared in both back end and front end.
129			include_once 'functions/shared.php';
130
131			// Init custom post types and taxonomies.
132			new Post_Types();
133
134			// Load back end.
135			if ( is_admin() ) {
136			$this->load_admin();
137			} else {
138			// Load front end scripts and styles.
139			new Assets();
140			}
141
142			// Front facing ajax callbacks.
143			new Ajax();
144
145			// Add Shortcodes.
146			new Shortcodes();
147
148			// Add Widgets.
149			new Widgets();
150
151			// Deprecated functions for backwards compatibility.
152			include_once 'functions/deprecated.php';
153			}
154
155			/**
156			* Load plugin admin.
157			*
158			* @since 3.0.0
159			*/
160			public function load_admin() {
161
162			// Back end only functions.
163			include_once 'functions/admin.php';
164
165			// Display admin notices.
166			new Admin\Notices();
167
168			// Load back end scripts and styles.
169			new Admin\Assets();
170
171			// Custom content handling.
172			new Admin\Post_Types();
173
174			// Init menus and settings.
175			new Admin\Menus();
176
177			if ( defined( 'DOING_AJAX' ) ) {
178			// Admin ajax callbacks.
179			new Admin\Ajax();
180			}
181			}
182
183			/**
184			* Init plugin when WordPress initializes.
185			*
186			* @since 3.0.0
187			*/
188			public function init() {
189
190			// Before init action hook.
191			do_action( 'before_simcal_init' );
192
193			// Set up localization.
194			add_action( 'plugins_loaded', array( $this, 'load_plugin_textdomain' ) );
195
196			// Init objects factory.
197			$this->objects = new Objects();
198
199			// Upon init action hook.
200			do_action( 'simcal_init' );
201			}
202
203			/**
204			* Loads the plugin textdomain for translation.
205			*
206			* @since 3.1.3
207			*/
208			public function load_plugin_textdomain() {
209
210			load_plugin_textdomain( 'google-calendar-events', false, dirname( plugin_basename( SIMPLE_CALENDAR_MAIN_FILE ) ) . '/i18n/' );
211			}
212
213			/**
214			* Register plugin settings.
215			*
216			* @since 3.0.0
217			*/
218			public function register_settings() {
219			if ( is_admin() && ! defined( 'DOING_AJAX' ) ) {
220			$settings = new Admin\Pages();
221			$settings->register_settings( $settings->get_settings() );
222			}
223			}
224
225			/**
226			* Get Ajax URL.
227			*
228			* @since 3.0.0
229			*
230			* @return string
231			*/
232			public function ajax_url() {
233			return admin_url( 'admin-ajax.php', 'relative' );
234			}
235
236			/**
237			* Get URL.
238			*
239			* @since 3.0.0
240			*
241			* @param string $case Requested url.
242			*
243			* @return string
244			*/
245			public function get_url( $case ) {
246			switch ( $case ) {
247			case 'codex' :
248			case 'apidocs' :
249			return 'http://codex.simplecalendar.io';
250			case 'addons' :
251			return self::$homepage . '/addons/';
252			case 'gcal-pro' :
253			return self::$homepage . '/addons/google-calendar-pro/';
254			case 'fullcal' :
255			return self::$homepage . '/addons/full-calendar/';
256			case 'docs' :
257			return 'http://docs.simplecalendar.io';
258			case 'github' :
259			return 'https://github.com/moonstonemedia/Simple-Calendar';
260			case 'support' :
261			return 'https://wordpress.org/support/plugin/google-calendar-events';
262			case 'gdev-console':
263			return 'https://console.developers.google.com';
264			case 'home' :
265			default :
			0 ignored issues – show Coding Style introduced 2016-07-13 22:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be no space before the colon in a DEFAULT statement As per the PSR-2 coding standard, there must not be a space in front of the colon in the default statement. switch ($expr) { default : //wrong doSomething(); break; } switch ($expr) { default: //right doSomething(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
266			return self::$homepage;
267			}
268			}
269
270			/**
271			* Run upgrade scripts.
272			*
273			* @since 3.0.0
274			*/
275			public static function update() {
276			$update = new Update( SIMPLE_CALENDAR_VERSION );
277			}
278
279			}
280
281			/**
282			* Simple Calendar.
283			*
284			* @return Plugin
285			*/
286			function plugin() {
287			return Plugin::get_instance();
288			}
289
290			plugin();
291

moonstonemedia / Simple-Calendar

Issues (234)

Security Analysis not enabled

includes/main.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like