Issues in upload.php (ticket-41057) - Issues in ticket-41057 - ntwb/wordpress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4967)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/wp-admin/upload.php (2 issues)

Labels

Bug 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Media Library administration panel.
 *
 * @package WordPress
 * @subpackage Administration
 */

/** WordPress Administration Bootstrap */
require_once( dirname( __FILE__ ) . '/admin.php' );

if ( !current_user_can('upload_files') )
	wp_die( __( 'Sorry, you are not allowed to upload files.' ) );

$mode = get_user_option( 'media_library_mode', get_current_user_id() ) ? get_user_option( 'media_library_mode', get_current_user_id() ) : 'grid';
$modes = array( 'grid', 'list' );

if ( isset( $_GET['mode'] ) && in_array( $_GET['mode'], $modes ) ) {
	$mode = $_GET['mode'];
	update_user_option( get_current_user_id(), 'media_library_mode', $mode );
}

if ( 'grid' === $mode ) {
	wp_enqueue_media();
	wp_enqueue_script( 'media-grid' );
	wp_enqueue_script( 'media' );

	remove_action( 'admin_head', 'wp_admin_canonical_url' );

	$q = $_GET;
	// let JS handle this
	unset( $q['s'] );
	$vars = wp_edit_attachments_query_vars( $q );
	$ignore = array( 'mode', 'post_type', 'post_status', 'posts_per_page' );
	foreach ( $vars as $key => $value ) {
		if ( ! $value || in_array( $key, $ignore ) ) {
			unset( $vars[ $key ] );
		}
	}

	wp_localize_script( 'media-grid', '_wpMediaGridSettings', array(
		'adminUrl' => parse_url( self_admin_url(), PHP_URL_PATH ),
		'queryVars' => (object) $vars
	) );

	get_current_screen()->add_help_tab( array(
		'id'		=> 'overview',
		'title'		=> __( 'Overview' ),
		'content'	=>
			'<p>' . __( 'All the files you&#8217;ve uploaded are listed in the Media Library, with the most recent uploads listed first.' ) . '</p>' .
			'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>' .
			'<p>' . __( 'To delete media items, click the Bulk Select button at the top of the screen. Select any items you wish to delete, then click the Delete Selected button. Clicking the Cancel Selection button takes you back to viewing your media.' ) . '</p>'
	) );

	get_current_screen()->add_help_tab( array(
		'id'		=> 'attachment-details',
		'title'		=> __( 'Attachment Details' ),
		'content'	=>
			'<p>' . __( 'Clicking an item will display an Attachment Details dialog, which allows you to preview media and make quick edits. Any changes you make to the attachment details will be automatically saved.' ) . '</p>' .
			'<p>' . __( 'Use the arrow buttons at the top of the dialog, or the left and right arrow keys on your keyboard, to navigate between media items quickly.' ) . '</p>' .
			'<p>' . __( 'You can also delete individual items and access the extended edit screen from the details dialog.' ) . '</p>'
	) );

	get_current_screen()->set_help_sidebar(
		'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
		'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen">Documentation on Media Library</a>' ) . '</p>' .
		'<p>' . __( '<a href="https://wordpress.org/support/">Support Forums</a>' ) . '</p>'
	);

	$title = __('Media Library');
	$parent_file = 'upload.php';

	require_once( ABSPATH . 'wp-admin/admin-header.php' );
	?>
	<div class="wrap" id="wp-media-grid" data-search="<?php _admin_search_query() ?>">
		<h1 class="wp-heading-inline"><?php echo esc_html( $title ); ?></h1>

		<?php
		if ( current_user_can( 'upload_files' ) ) { ?>
			<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a><?php
		}
		?>

		<hr class="wp-header-end">

		<div class="error hide-if-js">
			<p><?php printf(
				/* translators: %s: list view URL */
				__( 'The grid view for the Media Library requires JavaScript. <a href="%s">Switch to the list view</a>.' ),
				'upload.php?mode=list'
			); ?></p>
		</div>
	</div>
	<?php
	include( ABSPATH . 'wp-admin/admin-footer.php' );
	exit;
}

$wp_list_table = _get_list_table('WP_Media_List_Table');
$pagenum = $wp_list_table->get_pagenum();

// Handle bulk actions
$doaction = $wp_list_table->current_action();

if ( $doaction ) {
	check_admin_referer('bulk-media');

	if ( 'delete_all' == $doaction ) {
		$post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" );
		$doaction = 'delete';
	} elseif ( isset( $_REQUEST['media'] ) ) {
		$post_ids = $_REQUEST['media'];
	} elseif ( isset( $_REQUEST['ids'] ) ) {
		$post_ids = explode( ',', $_REQUEST['ids'] );
	}

	$location = 'upload.php';
	if ( $referer = wp_get_referer() ) {
		if ( false !== strpos( $referer, 'upload.php' ) )
			$location = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'message', 'ids', 'posted' ), $referer );
	}

	switch ( $doaction ) {
		case 'detach':
			wp_media_attach_action( $_REQUEST['parent_post_id'], 'detach' );
			break;

		case 'attach':
			wp_media_attach_action( $_REQUEST['found_post_id'] );
			break;

		case 'trash':
			if ( !isset( $post_ids ) )
				break;
			foreach ( (array) $post_ids as $post_id ) {
				if ( !current_user_can( 'delete_post', $post_id ) )
					wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );

				if ( !wp_trash_post( $post_id ) )
					wp_die( __( 'Error in moving to Trash.' ) );
			}
			$location = add_query_arg( array( 'trashed' => count( $post_ids ), 'ids' => join( ',', $post_ids ) ), $location );
			break;
		case 'untrash':
			if ( !isset( $post_ids ) )
				break;
			foreach ( (array) $post_ids as $post_id ) {
				if ( !current_user_can( 'delete_post', $post_id ) )
					wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );

				if ( !wp_untrash_post( $post_id ) )
					wp_die( __( 'Error in restoring from Trash.' ) );
			}
			$location = add_query_arg( 'untrashed', count( $post_ids ), $location );
			break;
		case 'delete':
			if ( !isset( $post_ids ) )
				break;
			foreach ( (array) $post_ids as $post_id_del ) {
				if ( !current_user_can( 'delete_post', $post_id_del ) )
					wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );

				if ( !wp_delete_attachment( $post_id_del ) )
					wp_die( __( 'Error in deleting.' ) );
			}
			$location = add_query_arg( 'deleted', count( $post_ids ), $location );
			break;
		default:
			/** This action is documented in wp-admin/edit-comments.php */
			$location = apply_filters( 'handle_bulk_actions-' . get_current_screen()->id, $location, $doaction, $post_ids );
	}

	wp_redirect( $location );
	exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );

	 exit;
}

$wp_list_table->prepare_items();

$title = __('Media Library');
$parent_file = 'upload.php';

wp_enqueue_script( 'media' );

add_screen_option( 'per_page' );

get_current_screen()->add_help_tab( array(
'id'		=> 'overview',
'title'		=> __('Overview'),
'content'	=>
	'<p>' . __( 'All the files you&#8217;ve uploaded are listed in the Media Library, with the most recent uploads listed first. You can use the Screen Options tab to customize the display of this screen.' ) . '</p>' .
	'<p>' . __( 'You can narrow the list by file type/status or by date using the dropdown menus above the media table.' ) . '</p>' .
	'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>'
) );
get_current_screen()->add_help_tab( array(
'id'		=> 'actions-links',
'title'		=> __('Available Actions'),
'content'	=>
	'<p>' . __( 'Hovering over a row reveals action links: Edit, Delete Permanently, and View. Clicking Edit or on the media file&#8217;s name displays a simple screen to edit that individual file&#8217;s metadata. Clicking Delete Permanently will delete the file from the media library (as well as from any posts to which it is currently attached). View will take you to the display page for that file.' ) . '</p>'
) );
get_current_screen()->add_help_tab( array(
'id'		=> 'attaching-files',
'title'		=> __('Attaching Files'),
'content'	=>
	'<p>' . __( 'If a media file has not been attached to any content, you will see that in the Uploaded To column, and can click on Attach to launch a small popup that will allow you to search for existing content and attach the file.' ) . '</p>'
) );

get_current_screen()->set_help_sidebar(
	'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
	'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen">Documentation on Media Library</a>' ) . '</p>' .
	'<p>' . __( '<a href="https://wordpress.org/support/">Support Forums</a>' ) . '</p>'
);

get_current_screen()->set_screen_reader_content( array(
	'heading_views'      => __( 'Filter media items list' ),
	'heading_pagination' => __( 'Media items list navigation' ),
	'heading_list'       => __( 'Media items list' ),
) );

require_once( ABSPATH . 'wp-admin/admin-header.php' );
?>

<div class="wrap">
<h1 class="wp-heading-inline"><?php echo esc_html( $title ); ?></h1>

<?php
if ( current_user_can( 'upload_files' ) ) { ?>
	<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a><?php
}

if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) {
	/* translators: %s: search keywords */
	printf( '<span class="subtitle">' . __( 'Search results for &#8220;%s&#8221;' ) . '</span>', get_search_query() );
}
?>

<hr class="wp-header-end">

<?php
$message = '';
if ( ! empty( $_GET['posted'] ) ) {
	$message = __( 'Media file updated.' );
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('posted'), $_SERVER['REQUEST_URI']);
}

if ( ! empty( $_GET['attached'] ) && $attached = absint( $_GET['attached'] ) ) {
	if ( 1 == $attached ) {
		$message = __( 'Media file attached.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file attached.', '%s media files attached.', $attached );
	}
	$message = sprintf( $message, number_format_i18n( $attached ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
}

if ( ! empty( $_GET['detach'] ) && $detached = absint( $_GET['detach'] ) ) {
	if ( 1 == $detached ) {
		$message = __( 'Media file detached.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file detached.', '%s media files detached.', $detached );
	}
	$message = sprintf( $message, number_format_i18n( $detached ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
}

if ( ! empty( $_GET['deleted'] ) && $deleted = absint( $_GET['deleted'] ) ) {
	if ( 1 == $deleted ) {
		$message = __( 'Media file permanently deleted.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file permanently deleted.', '%s media files permanently deleted.', $deleted );
	}
	$message = sprintf( $message, number_format_i18n( $deleted ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('deleted'), $_SERVER['REQUEST_URI']);
}

if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) {
	if ( 1 == $trashed ) {
		$message = __( 'Media file moved to the trash.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file moved to the trash.', '%s media files moved to the trash.', $trashed );
	}
	$message = sprintf( $message, number_format_i18n( $trashed ) );
	$message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
}

if ( ! empty( $_GET['untrashed'] ) && $untrashed = absint( $_GET['untrashed'] ) ) {
	if ( 1 == $untrashed ) {
		$message = __( 'Media file restored from the trash.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file restored from the trash.', '%s media files restored from the trash.', $untrashed );
	}
	$message = sprintf( $message, number_format_i18n( $untrashed ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('untrashed'), $_SERVER['REQUEST_URI']);
}

$messages[1] = __( 'Media file updated.' );
$messages[2] = __( 'Media file permanently deleted.' );
$messages[3] = __( 'Error saving media file.' );
$messages[4] = __( 'Media file moved to the trash.' ) . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __( 'Undo' ) . '</a>';
$messages[5] = __( 'Media file restored from the trash.' );

if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) {
	$message = $messages[ $_GET['message'] ];
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
}

if ( !empty($message) ) { ?>
<div id="message" class="updated notice is-dismissible"><p><?php echo $message; ?></p></div>
<?php } ?>

<form id="posts-filter" method="get">

<?php $wp_list_table->views(); ?>

<?php $wp_list_table->display(); ?>

<div id="ajax-response"></div>
<?php find_posts_div(); ?>
</form>
</div>

<?php
include( ABSPATH . 'wp-admin/admin-footer.php' );


1		<?php
2		/**
3		* Media Library administration panel.
4		*
5		* @package WordPress
6		* @subpackage Administration
7		*/
8
9		/** WordPress Administration Bootstrap */
10		require_once( dirname( __FILE__ ) . '/admin.php' );
11
12		if ( !current_user_can('upload_files') )
13		wp_die( __( 'Sorry, you are not allowed to upload files.' ) );
14
15		$mode = get_user_option( 'media_library_mode', get_current_user_id() ) ? get_user_option( 'media_library_mode', get_current_user_id() ) : 'grid';
16		$modes = array( 'grid', 'list' );
17
18		if ( isset( $_GET['mode'] ) && in_array( $_GET['mode'], $modes ) ) {
19		$mode = $_GET['mode'];
20		update_user_option( get_current_user_id(), 'media_library_mode', $mode );
21		}
22
23		if ( 'grid' === $mode ) {
24		wp_enqueue_media();
25		wp_enqueue_script( 'media-grid' );
26		wp_enqueue_script( 'media' );
27
28		remove_action( 'admin_head', 'wp_admin_canonical_url' );
29
30		$q = $_GET;
31		// let JS handle this
32		unset( $q['s'] );
33		$vars = wp_edit_attachments_query_vars( $q );
34		$ignore = array( 'mode', 'post_type', 'post_status', 'posts_per_page' );
35		foreach ( $vars as $key => $value ) {
36		if ( ! $value \|\| in_array( $key, $ignore ) ) {
37		unset( $vars[ $key ] );
38		}
39		}
40
41		wp_localize_script( 'media-grid', '_wpMediaGridSettings', array(
42		'adminUrl' => parse_url( self_admin_url(), PHP_URL_PATH ),
43		'queryVars' => (object) $vars
44		) );
45
46		get_current_screen()->add_help_tab( array(
47		'id' => 'overview',
48		'title' => __( 'Overview' ),
49		'content' =>
50		'<p>' . __( 'All the files you’ve uploaded are listed in the Media Library, with the most recent uploads listed first.' ) . '</p>' .
51		'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>' .
52		'<p>' . __( 'To delete media items, click the Bulk Select button at the top of the screen. Select any items you wish to delete, then click the Delete Selected button. Clicking the Cancel Selection button takes you back to viewing your media.' ) . '</p>'
53		) );
54
55		get_current_screen()->add_help_tab( array(
56		'id' => 'attachment-details',
57		'title' => __( 'Attachment Details' ),
58		'content' =>
59		'<p>' . __( 'Clicking an item will display an Attachment Details dialog, which allows you to preview media and make quick edits. Any changes you make to the attachment details will be automatically saved.' ) . '</p>' .
60		'<p>' . __( 'Use the arrow buttons at the top of the dialog, or the left and right arrow keys on your keyboard, to navigate between media items quickly.' ) . '</p>' .
61		'<p>' . __( 'You can also delete individual items and access the extended edit screen from the details dialog.' ) . '</p>'
62		) );
63
64		get_current_screen()->set_help_sidebar(
65		'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
66		'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen">Documentation on Media Library</a>' ) . '</p>' .
67		'<p>' . __( '<a href="https://wordpress.org/support/">Support Forums</a>' ) . '</p>'
68		);
69
70		$title = __('Media Library');
71		$parent_file = 'upload.php';
72
73		require_once( ABSPATH . 'wp-admin/admin-header.php' );
74		?>
75		<div class="wrap" id="wp-media-grid" data-search="<?php _admin_search_query() ?>">
76		<h1 class="wp-heading-inline"><?php echo esc_html( $title ); ?></h1>
77
78		<?php
79	View Code Duplication	if ( current_user_can( 'upload_files' ) ) { ?>
80		<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action aria-button-if-js"><?php echo esc_html_x( 'Add New', 'file' ); ?></a><?php
81		}
82		?>
83
84		<hr class="wp-header-end">
85
86		<div class="error hide-if-js">
87		<p><?php printf(
88		/* translators: %s: list view URL */
89		__( 'The grid view for the Media Library requires JavaScript. <a href="%s">Switch to the list view</a>.' ),
90		'upload.php?mode=list'
91		); ?></p>
92		</div>
93		</div>
94		<?php
95		include( ABSPATH . 'wp-admin/admin-footer.php' );
96		exit;
97		}
98
99		$wp_list_table = _get_list_table('WP_Media_List_Table');
100		$pagenum = $wp_list_table->get_pagenum();
101
102		// Handle bulk actions
103		$doaction = $wp_list_table->current_action();
104
105		if ( $doaction ) {
106		check_admin_referer('bulk-media');
107
108		if ( 'delete_all' == $doaction ) {
109		$post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" );
110		$doaction = 'delete';
111		} elseif ( isset( $_REQUEST['media'] ) ) {
112		$post_ids = $_REQUEST['media'];
113		} elseif ( isset( $_REQUEST['ids'] ) ) {
114		$post_ids = explode( ',', $_REQUEST['ids'] );
115		}
116
117		$location = 'upload.php';
118		if ( $referer = wp_get_referer() ) {
119		if ( false !== strpos( $referer, 'upload.php' ) )
120		$location = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'message', 'ids', 'posted' ), $referer );
121		}
122
123		switch ( $doaction ) {
124		case 'detach':
125		wp_media_attach_action( $_REQUEST['parent_post_id'], 'detach' );
126		break;
127
128		case 'attach':
129		wp_media_attach_action( $_REQUEST['found_post_id'] );
130		break;
131
132		case 'trash':
133		if ( !isset( $post_ids ) )
134		break;
135		foreach ( (array) $post_ids as $post_id ) {
136		if ( !current_user_can( 'delete_post', $post_id ) )
137		wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );
138
139		if ( !wp_trash_post( $post_id ) )
140		wp_die( __( 'Error in moving to Trash.' ) );
141		}
142		$location = add_query_arg( array( 'trashed' => count( $post_ids ), 'ids' => join( ',', $post_ids ) ), $location );
143		break;
144	View Code Duplication	case 'untrash':
145		if ( !isset( $post_ids ) )
146		break;
147		foreach ( (array) $post_ids as $post_id ) {
148		if ( !current_user_can( 'delete_post', $post_id ) )
149		wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );
150
151		if ( !wp_untrash_post( $post_id ) )
152		wp_die( __( 'Error in restoring from Trash.' ) );
153		}
154		$location = add_query_arg( 'untrashed', count( $post_ids ), $location );
155		break;
156	View Code Duplication	case 'delete':
157		if ( !isset( $post_ids ) )
158		break;
159		foreach ( (array) $post_ids as $post_id_del ) {
160		if ( !current_user_can( 'delete_post', $post_id_del ) )
161		wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );
162
163		if ( !wp_delete_attachment( $post_id_del ) )
164		wp_die( __( 'Error in deleting.' ) );
165		}
166		$location = add_query_arg( 'deleted', count( $post_ids ), $location );
167		break;
168		default:
169		/** This action is documented in wp-admin/edit-comments.php */
170		$location = apply_filters( 'handle_bulk_actions-' . get_current_screen()->id, $location, $doaction, $post_ids );
171		}
172
173		wp_redirect( $location );
174		exit;
175	View Code Duplication	} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
176		wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
		0 ignored issues – show Bug introduced 2016-03-16 22:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `wp_unslash($_SERVER['REQUEST_URI'])` targeting `wp_unslash()` can also be of type `array`; however, `remove_query_arg()` does only seem to accept `boolean\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history... Bug introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `remove_query_arg(array('...SERVER['REQUEST_URI']))` targeting `remove_query_arg()` can also be of type `boolean`; however, `wp_redirect()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
177		exit;
178		}
179
180		$wp_list_table->prepare_items();
181
182		$title = __('Media Library');
183		$parent_file = 'upload.php';
184
185		wp_enqueue_script( 'media' );
186
187		add_screen_option( 'per_page' );
188
189		get_current_screen()->add_help_tab( array(
190		'id' => 'overview',
191		'title' => __('Overview'),
192		'content' =>
193		'<p>' . __( 'All the files you’ve uploaded are listed in the Media Library, with the most recent uploads listed first. You can use the Screen Options tab to customize the display of this screen.' ) . '</p>' .
194		'<p>' . __( 'You can narrow the list by file type/status or by date using the dropdown menus above the media table.' ) . '</p>' .
195		'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>'
196		) );
197		get_current_screen()->add_help_tab( array(
198		'id' => 'actions-links',
199		'title' => __('Available Actions'),
200		'content' =>
201		'<p>' . __( 'Hovering over a row reveals action links: Edit, Delete Permanently, and View. Clicking Edit or on the media file’s name displays a simple screen to edit that individual file’s metadata. Clicking Delete Permanently will delete the file from the media library (as well as from any posts to which it is currently attached). View will take you to the display page for that file.' ) . '</p>'
202		) );
203		get_current_screen()->add_help_tab( array(
204		'id' => 'attaching-files',
205		'title' => __('Attaching Files'),
206		'content' =>
207		'<p>' . __( 'If a media file has not been attached to any content, you will see that in the Uploaded To column, and can click on Attach to launch a small popup that will allow you to search for existing content and attach the file.' ) . '</p>'
208		) );
209
210		get_current_screen()->set_help_sidebar(
211		'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
212		'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen">Documentation on Media Library</a>' ) . '</p>' .
213		'<p>' . __( '<a href="https://wordpress.org/support/">Support Forums</a>' ) . '</p>'
214		);
215
216		get_current_screen()->set_screen_reader_content( array(
217		'heading_views' => __( 'Filter media items list' ),
218		'heading_pagination' => __( 'Media items list navigation' ),
219		'heading_list' => __( 'Media items list' ),
220		) );
221
222		require_once( ABSPATH . 'wp-admin/admin-header.php' );
223		?>
224
225		<div class="wrap">
226		<h1 class="wp-heading-inline"><?php echo esc_html( $title ); ?></h1>
227
228		<?php
229	View Code Duplication	if ( current_user_can( 'upload_files' ) ) { ?>
230		<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a><?php
231		}
232
233	View Code Duplication	if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) {
234		/* translators: %s: search keywords */
235		printf( '<span class="subtitle">' . __( 'Search results for “%s”' ) . '</span>', get_search_query() );
236		}
237		?>
238
239		<hr class="wp-header-end">
240
241		<?php
242		$message = '';
243		if ( ! empty( $_GET['posted'] ) ) {
244		$message = __( 'Media file updated.' );
245		$_SERVER['REQUEST_URI'] = remove_query_arg(array('posted'), $_SERVER['REQUEST_URI']);
246		}
247
248	View Code Duplication	if ( ! empty( $_GET['attached'] ) && $attached = absint( $_GET['attached'] ) ) {
249		if ( 1 == $attached ) {
250		$message = __( 'Media file attached.' );
251		} else {
252		/* translators: %s: number of media files */
253		$message = _n( '%s media file attached.', '%s media files attached.', $attached );
254		}
255		$message = sprintf( $message, number_format_i18n( $attached ) );
256		$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
257		}
258
259	View Code Duplication	if ( ! empty( $_GET['detach'] ) && $detached = absint( $_GET['detach'] ) ) {
260		if ( 1 == $detached ) {
261		$message = __( 'Media file detached.' );
262		} else {
263		/* translators: %s: number of media files */
264		$message = _n( '%s media file detached.', '%s media files detached.', $detached );
265		}
266		$message = sprintf( $message, number_format_i18n( $detached ) );
267		$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
268		}
269
270	View Code Duplication	if ( ! empty( $_GET['deleted'] ) && $deleted = absint( $_GET['deleted'] ) ) {
271		if ( 1 == $deleted ) {
272		$message = __( 'Media file permanently deleted.' );
273		} else {
274		/* translators: %s: number of media files */
275		$message = _n( '%s media file permanently deleted.', '%s media files permanently deleted.', $deleted );
276		}
277		$message = sprintf( $message, number_format_i18n( $deleted ) );
278		$_SERVER['REQUEST_URI'] = remove_query_arg(array('deleted'), $_SERVER['REQUEST_URI']);
279		}
280
281		if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) {
282		if ( 1 == $trashed ) {
283		$message = __( 'Media file moved to the trash.' );
284		} else {
285		/* translators: %s: number of media files */
286		$message = _n( '%s media file moved to the trash.', '%s media files moved to the trash.', $trashed );
287		}
288		$message = sprintf( $message, number_format_i18n( $trashed ) );
289		$message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
290		$_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
291		}
292
293	View Code Duplication	if ( ! empty( $_GET['untrashed'] ) && $untrashed = absint( $_GET['untrashed'] ) ) {
294		if ( 1 == $untrashed ) {
295		$message = __( 'Media file restored from the trash.' );
296		} else {
297		/* translators: %s: number of media files */
298		$message = _n( '%s media file restored from the trash.', '%s media files restored from the trash.', $untrashed );
299		}
300		$message = sprintf( $message, number_format_i18n( $untrashed ) );
301		$_SERVER['REQUEST_URI'] = remove_query_arg(array('untrashed'), $_SERVER['REQUEST_URI']);
302		}
303
304		$messages[1] = __( 'Media file updated.' );
305		$messages[2] = __( 'Media file permanently deleted.' );
306		$messages[3] = __( 'Error saving media file.' );
307		$messages[4] = __( 'Media file moved to the trash.' ) . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __( 'Undo' ) . '</a>';
308		$messages[5] = __( 'Media file restored from the trash.' );
309
310		if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) {
311		$message = $messages[ $_GET['message'] ];
312		$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
313		}
314
315		if ( !empty($message) ) { ?>
316		<div id="message" class="updated notice is-dismissible"><p><?php echo $message; ?></p></div>
317		<?php } ?>
318
319		<form id="posts-filter" method="get">
320
321		<?php $wp_list_table->views(); ?>
322
323		<?php $wp_list_table->display(); ?>
324
325		<div id="ajax-response"></div>
326		<?php find_posts_div(); ?>
327		</form>
328		</div>
329
330		<?php
331		include( ABSPATH . 'wp-admin/admin-footer.php' );
332

ntwb / wordpress

Issues (4967)

Security Analysis not enabled

src/wp-admin/upload.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like