Issues in post.php (ticket-41057) - Issues in ticket-41057 - ntwb/wordpress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4967)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/wp-admin/post.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Edit post administration panel.
 *
 * Manage Post actions: post, edit, delete, etc.
 *
 * @package WordPress
 * @subpackage Administration
 */

/** WordPress Administration Bootstrap */
require_once( dirname( __FILE__ ) . '/admin.php' );

$parent_file = 'edit.php';
$submenu_file = 'edit.php';

wp_reset_vars( array( 'action' ) );

if ( isset( $_GET['post'] ) )
 	$post_id = $post_ID = (int) $_GET['post'];
elseif ( isset( $_POST['post_ID'] ) )
 	$post_id = $post_ID = (int) $_POST['post_ID'];
else
 	$post_id = $post_ID = 0;

/**
 * @global string  $post_type
 * @global object  $post_type_object
 * @global WP_Post $post
 */
global $post_type, $post_type_object, $post;

if ( $post_id )
	$post = get_post( $post_id );

if ( $post ) {
	$post_type = $post->post_type;
	$post_type_object = get_post_type_object( $post_type );
}

if ( isset( $_POST['deletepost'] ) )
	$action = 'delete';
elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )
	$action = 'preview';

$sendback = wp_get_referer();
if ( ! $sendback ||
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
     strpos( $sendback, 'post.php' ) !== false ||
     strpos( $sendback, 'post-new.php' ) !== false ) {
	if ( 'attachment' == $post_type ) {
		$sendback = admin_url( 'upload.php' );
	} else {
		$sendback = admin_url( 'edit.php' );
		if ( ! empty( $post_type ) ) {
			$sendback = add_query_arg( 'post_type', $post_type, $sendback );
		}
	}
} else {
	$sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), $sendback );
}

switch($action) {
case 'post-quickdraft-save':
	// Check nonce and capabilities
	$nonce = $_REQUEST['_wpnonce'];
	$error_msg = false;

	// For output of the quickdraft dashboard widget
	require_once ABSPATH . 'wp-admin/includes/dashboard.php';

	if ( ! wp_verify_nonce( $nonce, 'add-post' ) )
		$error_msg = __( 'Unable to submit this form, please refresh and try again.' );

	if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) {
		exit;
	}

	if ( $error_msg )
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		return wp_dashboard_quick_press( $error_msg );

	$post = get_post( $_REQUEST['post_ID'] );
	check_admin_referer( 'add-' . $post->post_type );

	$_POST['comment_status'] = get_default_comment_status( $post->post_type );
	$_POST['ping_status']    = get_default_comment_status( $post->post_type, 'pingback' );

	edit_post();
	wp_dashboard_quick_press();
	exit;

case 'postajaxpost':
case 'post':
	check_admin_referer( 'add-' . $post_type );
	$post_id = 'postajaxpost' == $action ? edit_post() : write_post();
	redirect_post( $post_id );
	exit();

case 'edit':
	$editing = true;

	if ( empty( $post_id ) ) {
		wp_redirect( admin_url('post.php') );
		exit();
	}

	if ( ! $post )
		wp_die( __( 'You attempted to edit an item that doesn&#8217;t exist. Perhaps it was deleted?' ) );

	if ( ! $post_type_object )
		wp_die( __( 'Invalid post type.' ) );

	if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
		wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
	}

	if ( ! current_user_can( 'edit_post', $post_id ) )
		wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );

	if ( 'trash' == $post->post_status )
		wp_die( __( 'You can&#8217;t edit this item because it is in the Trash. Please restore it and try again.' ) );

	if ( ! empty( $_GET['get-post-lock'] ) ) {
		check_admin_referer( 'lock-post_' . $post_id );
		wp_set_post_lock( $post_id );
		wp_redirect( get_edit_post_link( $post_id, 'url' ) );
		exit();
	}

	$post_type = $post->post_type;
	if ( 'post' == $post_type ) {
		$parent_file = "edit.php";
		$submenu_file = "edit.php";
		$post_new_file = "post-new.php";
	} elseif ( 'attachment' == $post_type ) {
		$parent_file = 'upload.php';
		$submenu_file = 'upload.php';
		$post_new_file = 'media-new.php';
	} else {
		if ( isset( $post_type_object ) && $post_type_object->show_in_menu && $post_type_object->show_in_menu !== true )
			$parent_file = $post_type_object->show_in_menu;
		else
			$parent_file = "edit.php?post_type=$post_type";
		$submenu_file = "edit.php?post_type=$post_type";
		$post_new_file = "post-new.php?post_type=$post_type";
	}

	if ( ! wp_check_post_lock( $post->ID ) ) {
		$active_post_lock = wp_set_post_lock( $post->ID );

		if ( 'attachment' !== $post_type )
			wp_enqueue_script('autosave');
	}

	if ( is_multisite() ) {
		add_action( 'admin_footer', '_admin_notice_post_locked' );
	} else {
		$check_users = get_users( array( 'fields' => 'ID', 'number' => 2 ) );

		if ( count( $check_users ) > 1 )
			add_action( 'admin_footer', '_admin_notice_post_locked' );

		unset( $check_users );
	}

	$title = $post_type_object->labels->edit_item;
	$post = get_post($post_id, OBJECT, 'edit');

	if ( post_type_supports($post_type, 'comments') ) {
		wp_enqueue_script('admin-comments');
		enqueue_comment_hotkeys_js();
	}

	include( ABSPATH . 'wp-admin/edit-form-advanced.php' );

	break;

case 'editattachment':
	check_admin_referer('update-post_' . $post_id);

	// Don't let these be changed
	unset($_POST['guid']);
	$_POST['post_type'] = 'attachment';

	// Update the thumbnail filename
	$newmeta = wp_get_attachment_metadata( $post_id, true );
	$newmeta['thumb'] = $_POST['thumb'];

	wp_update_attachment_metadata( $post_id, $newmeta );

case 'editpost':
	check_admin_referer('update-post_' . $post_id);

	$post_id = edit_post();

	// Session cookie flag that the post was saved
	if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
		setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
	}

	redirect_post($post_id); // Send user on their way while we keep working

	exit();

case 'trash':
	check_admin_referer('trash-post_' . $post_id);

	if ( ! $post )
		wp_die( __( 'The item you are trying to move to the Trash no longer exists.' ) );

	if ( ! $post_type_object )
		wp_die( __( 'Invalid post type.' ) );

	if ( ! current_user_can( 'delete_post', $post_id ) )
		wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );

	if ( $user_id = wp_check_post_lock( $post_id ) ) {
		$user = get_userdata( $user_id );
		wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) );
	}

	if ( ! wp_trash_post( $post_id ) )
		wp_die( __( 'Error in moving to Trash.' ) );

	wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) );
	exit();

case 'untrash':
	check_admin_referer('untrash-post_' . $post_id);

	if ( ! $post )
		wp_die( __( 'The item you are trying to restore from the Trash no longer exists.' ) );

	if ( ! $post_type_object )
		wp_die( __( 'Invalid post type.' ) );

	if ( ! current_user_can( 'delete_post', $post_id ) )
		wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );

	if ( ! wp_untrash_post( $post_id ) )
		wp_die( __( 'Error in restoring from Trash.' ) );

	wp_redirect( add_query_arg('untrashed', 1, $sendback) );
	exit();

case 'delete':
	check_admin_referer('delete-post_' . $post_id);

	if ( ! $post )
		wp_die( __( 'This item has already been deleted.' ) );

	if ( ! $post_type_object )
		wp_die( __( 'Invalid post type.' ) );

	if ( ! current_user_can( 'delete_post', $post_id ) )
		wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );

	if ( $post->post_type == 'attachment' ) {
		$force = ( ! MEDIA_TRASH );
		if ( ! wp_delete_attachment( $post_id, $force ) )
			wp_die( __( 'Error in deleting.' ) );
	} else {
		if ( ! wp_delete_post( $post_id, true ) )
			wp_die( __( 'Error in deleting.' ) );
	}

	wp_redirect( add_query_arg('deleted', 1, $sendback) );
	exit();

case 'preview':
	check_admin_referer( 'update-post_' . $post_id );

	$url = post_preview();

	wp_redirect($url);
	exit();

default:
	/**
	 * Fires for a given custom post action request.
	 *
	 * The dynamic portion of the hook name, `$action`, refers to the custom post action.
	 *
	 * @since 4.6.0
	 *
	 * @param int $post_id Post ID sent with the request.
	 */
	do_action( "post_action_{$action}", $post_id );

	wp_redirect( admin_url('edit.php') );
	exit();
} // end switch
include( ABSPATH . 'wp-admin/admin-footer.php' );


1		<?php
2		/**
3		* Edit post administration panel.
4		*
5		* Manage Post actions: post, edit, delete, etc.
6		*
7		* @package WordPress
8		* @subpackage Administration
9		*/
10
11		/** WordPress Administration Bootstrap */
12		require_once( dirname( __FILE__ ) . '/admin.php' );
13
14		$parent_file = 'edit.php';
15		$submenu_file = 'edit.php';
16
17		wp_reset_vars( array( 'action' ) );
18
19		if ( isset( $_GET['post'] ) )
20		$post_id = $post_ID = (int) $_GET['post'];
21		elseif ( isset( $_POST['post_ID'] ) )
22		$post_id = $post_ID = (int) $_POST['post_ID'];
23		else
24		$post_id = $post_ID = 0;
25
26		/**
27		* @global string $post_type
28		* @global object $post_type_object
29		* @global WP_Post $post
30		*/
31		global $post_type, $post_type_object, $post;
32
33		if ( $post_id )
34		$post = get_post( $post_id );
35
36		if ( $post ) {
37		$post_type = $post->post_type;
38		$post_type_object = get_post_type_object( $post_type );
39		}
40
41		if ( isset( $_POST['deletepost'] ) )
42		$action = 'delete';
43		elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )
44		$action = 'preview';
45
46		$sendback = wp_get_referer();
47		if ( ! $sendback \|\|
		0 ignored issues – show Bug Best Practice introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$sendback` of type `false\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
48		strpos( $sendback, 'post.php' ) !== false \|\|
49		strpos( $sendback, 'post-new.php' ) !== false ) {
50		if ( 'attachment' == $post_type ) {
51		$sendback = admin_url( 'upload.php' );
52		} else {
53		$sendback = admin_url( 'edit.php' );
54		if ( ! empty( $post_type ) ) {
55		$sendback = add_query_arg( 'post_type', $post_type, $sendback );
56		}
57		}
58		} else {
59		$sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), $sendback );
60		}
61
62		switch($action) {
63		case 'post-quickdraft-save':
64		// Check nonce and capabilities
65		$nonce = $_REQUEST['_wpnonce'];
66		$error_msg = false;
67
68		// For output of the quickdraft dashboard widget
69		require_once ABSPATH . 'wp-admin/includes/dashboard.php';
70
71		if ( ! wp_verify_nonce( $nonce, 'add-post' ) )
72		$error_msg = __( 'Unable to submit this form, please refresh and try again.' );
73
74		if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) {
75		exit;
76		}
77
78		if ( $error_msg )
		0 ignored issues – show Bug Best Practice introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$error_msg` of type `string\|false` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
79		return wp_dashboard_quick_press( $error_msg );
80
81		$post = get_post( $_REQUEST['post_ID'] );
82		check_admin_referer( 'add-' . $post->post_type );
83
84		$_POST['comment_status'] = get_default_comment_status( $post->post_type );
85		$_POST['ping_status'] = get_default_comment_status( $post->post_type, 'pingback' );
86
87		edit_post();
88		wp_dashboard_quick_press();
89		exit;
90
91		case 'postajaxpost':
92		case 'post':
93		check_admin_referer( 'add-' . $post_type );
94		$post_id = 'postajaxpost' == $action ? edit_post() : write_post();
95		redirect_post( $post_id );
96		exit();
97
98		case 'edit':
99		$editing = true;
100
101		if ( empty( $post_id ) ) {
102		wp_redirect( admin_url('post.php') );
103		exit();
104		}
105
106		if ( ! $post )
107		wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) );
108
109		if ( ! $post_type_object )
110		wp_die( __( 'Invalid post type.' ) );
111
112	View Code Duplication	if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) {
113		wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
114		}
115
116		if ( ! current_user_can( 'edit_post', $post_id ) )
117		wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
118
119		if ( 'trash' == $post->post_status )
120		wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) );
121
122		if ( ! empty( $_GET['get-post-lock'] ) ) {
123		check_admin_referer( 'lock-post_' . $post_id );
124		wp_set_post_lock( $post_id );
125		wp_redirect( get_edit_post_link( $post_id, 'url' ) );
126		exit();
127		}
128
129		$post_type = $post->post_type;
130		if ( 'post' == $post_type ) {
131		$parent_file = "edit.php";
132		$submenu_file = "edit.php";
133		$post_new_file = "post-new.php";
134		} elseif ( 'attachment' == $post_type ) {
135		$parent_file = 'upload.php';
136		$submenu_file = 'upload.php';
137		$post_new_file = 'media-new.php';
138		} else {
139		if ( isset( $post_type_object ) && $post_type_object->show_in_menu && $post_type_object->show_in_menu !== true )
140		$parent_file = $post_type_object->show_in_menu;
141		else
142		$parent_file = "edit.php?post_type=$post_type";
143		$submenu_file = "edit.php?post_type=$post_type";
144		$post_new_file = "post-new.php?post_type=$post_type";
145		}
146
147		if ( ! wp_check_post_lock( $post->ID ) ) {
148		$active_post_lock = wp_set_post_lock( $post->ID );
149
150		if ( 'attachment' !== $post_type )
151		wp_enqueue_script('autosave');
152		}
153
154	View Code Duplication	if ( is_multisite() ) {
155		add_action( 'admin_footer', '_admin_notice_post_locked' );
156		} else {
157		$check_users = get_users( array( 'fields' => 'ID', 'number' => 2 ) );
158
159		if ( count( $check_users ) > 1 )
160		add_action( 'admin_footer', '_admin_notice_post_locked' );
161
162		unset( $check_users );
163		}
164
165		$title = $post_type_object->labels->edit_item;
166		$post = get_post($post_id, OBJECT, 'edit');
167
168		if ( post_type_supports($post_type, 'comments') ) {
169		wp_enqueue_script('admin-comments');
170		enqueue_comment_hotkeys_js();
171		}
172
173		include( ABSPATH . 'wp-admin/edit-form-advanced.php' );
174
175		break;
176
177		case 'editattachment':
178		check_admin_referer('update-post_' . $post_id);
179
180		// Don't let these be changed
181		unset($_POST['guid']);
182		$_POST['post_type'] = 'attachment';
183
184		// Update the thumbnail filename
185		$newmeta = wp_get_attachment_metadata( $post_id, true );
186		$newmeta['thumb'] = $_POST['thumb'];
187
188		wp_update_attachment_metadata( $post_id, $newmeta );
189
190		case 'editpost':
191		check_admin_referer('update-post_' . $post_id);
192
193		$post_id = edit_post();
194
195		// Session cookie flag that the post was saved
196		if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
197		setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
198		}
199
200		redirect_post($post_id); // Send user on their way while we keep working
201
202		exit();
203
204		case 'trash':
205		check_admin_referer('trash-post_' . $post_id);
206
207		if ( ! $post )
208		wp_die( __( 'The item you are trying to move to the Trash no longer exists.' ) );
209
210		if ( ! $post_type_object )
211		wp_die( __( 'Invalid post type.' ) );
212
213		if ( ! current_user_can( 'delete_post', $post_id ) )
214		wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );
215
216		if ( $user_id = wp_check_post_lock( $post_id ) ) {
217		$user = get_userdata( $user_id );
218		wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) );
219		}
220
221		if ( ! wp_trash_post( $post_id ) )
222		wp_die( __( 'Error in moving to Trash.' ) );
223
224		wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) );
225		exit();
226
227		case 'untrash':
228		check_admin_referer('untrash-post_' . $post_id);
229
230		if ( ! $post )
231		wp_die( __( 'The item you are trying to restore from the Trash no longer exists.' ) );
232
233		if ( ! $post_type_object )
234		wp_die( __( 'Invalid post type.' ) );
235
236		if ( ! current_user_can( 'delete_post', $post_id ) )
237		wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );
238
239		if ( ! wp_untrash_post( $post_id ) )
240		wp_die( __( 'Error in restoring from Trash.' ) );
241
242		wp_redirect( add_query_arg('untrashed', 1, $sendback) );
243		exit();
244
245		case 'delete':
246		check_admin_referer('delete-post_' . $post_id);
247
248		if ( ! $post )
249		wp_die( __( 'This item has already been deleted.' ) );
250
251		if ( ! $post_type_object )
252		wp_die( __( 'Invalid post type.' ) );
253
254		if ( ! current_user_can( 'delete_post', $post_id ) )
255		wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );
256
257		if ( $post->post_type == 'attachment' ) {
258		$force = ( ! MEDIA_TRASH );
259		if ( ! wp_delete_attachment( $post_id, $force ) )
260		wp_die( __( 'Error in deleting.' ) );
261		} else {
262		if ( ! wp_delete_post( $post_id, true ) )
263		wp_die( __( 'Error in deleting.' ) );
264		}
265
266		wp_redirect( add_query_arg('deleted', 1, $sendback) );
267		exit();
268
269		case 'preview':
270		check_admin_referer( 'update-post_' . $post_id );
271
272		$url = post_preview();
273
274		wp_redirect($url);
275		exit();
276
277		default:
278		/**
279		* Fires for a given custom post action request.
280		*
281		* The dynamic portion of the hook name, `$action`, refers to the custom post action.
282		*
283		* @since 4.6.0
284		*
285		* @param int $post_id Post ID sent with the request.
286		*/
287		do_action( "post_action_{$action}", $post_id );
288
289		wp_redirect( admin_url('edit.php') );
290		exit();
291		} // end switch
292		include( ABSPATH . 'wp-admin/admin-footer.php' );
293

ntwb / wordpress

Issues (4967)

Security Analysis not enabled

src/wp-admin/post.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like