Issues in class-wp-site.php (ticket-41057) - Issues in ticket-41057 - ntwb/wordpress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4967)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/wp-includes/class-wp-site.php (1 issue)

Labels

Unused Code 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Site API: WP_Site class
 *
 * @package WordPress
 * @subpackage Multisite
 * @since 4.5.0
 */

/**
 * Core class used for interacting with a multisite site.
 *
 * This class is used during load to populate the `$current_blog` global and
 * setup the current site.
 *
 * @since 4.5.0
 *
 * @property int    $id
 * @property int    $network_id
 * @property string $blogname
 * @property string $siteurl
 * @property int    $post_count
 * @property string $home
 */
final class WP_Site {

	/**
	 * Site ID.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $blog_id;

	/**
	 * Domain of the site.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $domain = '';

	/**
	 * Path of the site.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $path = '';

	/**
	 * The ID of the site's parent network.
	 *
	 * Named "site" vs. "network" for legacy reasons. An individual site's "site" is
	 * its network.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $site_id = '0';

	/**
	 * The date on which the site was created or registered.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string Date in MySQL's datetime format.
	 */
	public $registered = '0000-00-00 00:00:00';

	/**
	 * The date and time on which site settings were last updated.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string Date in MySQL's datetime format.
	 */
	public $last_updated = '0000-00-00 00:00:00';

	/**
	 * Whether the site should be treated as public.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $public = '1';

	/**
	 * Whether the site should be treated as archived.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $archived = '0';

	/**
	 * Whether the site should be treated as mature.
	 *
	 * Handling for this does not exist throughout WordPress core, but custom
	 * implementations exist that require the property to be present.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $mature = '0';

	/**
	 * Whether the site should be treated as spam.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $spam = '0';

	/**
	 * Whether the site should be treated as deleted.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $deleted = '0';

	/**
	 * The language pack associated with this site.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $lang_id = '0';

	/**
	 * Retrieves a site from the database by its ID.
	 *
	 * @static
	 * @since 4.5.0
	 * @access public
	 *
	 * @global wpdb $wpdb WordPress database abstraction object.
	 *
	 * @param int $site_id The ID of the site to retrieve.
	 * @return WP_Site|false The site's object if found. False if not.
	 */
	public static function get_instance( $site_id ) {
		global $wpdb;

		$site_id = (int) $site_id;
		if ( ! $site_id ) {
			return false;
		}

		$_site = wp_cache_get( $site_id, 'sites' );

		if ( ! $_site ) {
			$_site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = %d LIMIT 1", $site_id ) );

			if ( empty( $_site ) || is_wp_error( $_site ) ) {
				return false;
			}

			wp_cache_add( $site_id, $_site, 'sites' );
		}

		return new WP_Site( $_site );
	}

	/**
	 * Creates a new WP_Site object.
	 *
	 * Will populate object properties from the object provided and assign other
	 * default properties based on that information.
	 *
	 * @since 4.5.0
	 * @access public
	 *
	 * @param WP_Site|object $site A site object.
	 */
	public function __construct( $site ) {
		foreach( get_object_vars( $site ) as $key => $value ) {
			$this->$key = $value;
		}
	}

	/**
	 * Converts an object to array.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @return array Object as array.
	 */
	public function to_array() {
		return get_object_vars( $this );
	}

	/**
	 * Getter.
	 *
	 * Allows current multisite naming conventions when getting properties.
	 * Allows access to extended site properties.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @param string $key Property to get.
	 * @return mixed Value of the property. Null if not available.
	 */
	public function __get( $key ) {
		switch ( $key ) {
			case 'id':
				return (int) $this->blog_id;
			case 'network_id':
				return (int) $this->site_id;
			case 'blogname':
			case 'siteurl':
			case 'post_count':
			case 'home':
			default: // Custom properties added by 'site_details' filter.
				if ( ! did_action( 'ms_loaded' ) ) {
					return null;
				}

				$details = $this->get_details();
				if ( isset( $details->$key ) ) {
					return $details->$key;
				}
		}

		return null;
	}

	/**
	 * Isset-er.
	 *
	 * Allows current multisite naming conventions when checking for properties.
	 * Checks for extended site properties.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @param string $key Property to check if set.
	 * @return bool Whether the property is set.
	 */
	public function __isset( $key ) {
		switch ( $key ) {
			case 'id':
			case 'network_id':
				return true;
			case 'blogname':
			case 'siteurl':
			case 'post_count':
			case 'home':
				if ( ! did_action( 'ms_loaded' ) ) {

					return false;
				}
				return true;
			default: // Custom properties added by 'site_details' filter.
				if ( ! did_action( 'ms_loaded' ) ) {
					return false;
				}

				$details = $this->get_details();
				if ( isset( $details->$key ) ) {
					return true;
				}
		}

		return false;
	}

	/**
	 * Setter.
	 *
	 * Allows current multisite naming conventions while setting properties.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @param string $key   Property to set.
	 * @param mixed  $value Value to assign to the property.
	 */
	public function __set( $key, $value ) {
		switch ( $key ) {
			case 'id':
				$this->blog_id = (string) $value;
				break;
			case 'network_id':
				$this->site_id = (string) $value;
				break;
			default:
				$this->$key = $value;
		}
	}

	/**
	 * Retrieves the details for this site.
	 *
	 * This method is used internally to lazy-load the extended properties of a site.
	 *
	 * @since 4.6.0
	 * @access private
	 *
	 * @see WP_Site::__get()
	 *
	 * @return stdClass A raw site object with all details included.
	 */
	private function get_details() {
		$details = wp_cache_get( $this->blog_id, 'site-details' );

		if ( false === $details ) {

			switch_to_blog( $this->blog_id );
			// Create a raw copy of the object for backwards compatibility with the filter below.
			$details = new stdClass();
			foreach ( get_object_vars( $this ) as $key => $value ) {
				$details->$key = $value;
			}
			$details->blogname   = get_option( 'blogname' );
			$details->siteurl    = get_option( 'siteurl' );
			$details->post_count = get_option( 'post_count' );
			$details->home       = get_option( 'home' );
			restore_current_blog();

			wp_cache_set( $this->blog_id, $details, 'site-details' );
		}

		/** This filter is documented in wp-includes/ms-blogs.php */
		$details = apply_filters_deprecated( 'blog_details', array( $details ), '4.7.0', 'site_details' );

		/**
		 * Filters a site's extended properties.
		 *
		 * @since 4.6.0
		 *
		 * @param stdClass $details The site details.
		 */
		$details = apply_filters( 'site_details', $details );

		return $details;
	}
}


1		<?php
2		/**
3		* Site API: WP_Site class
4		*
5		* @package WordPress
6		* @subpackage Multisite
7		* @since 4.5.0
8		*/
9
10		/**
11		* Core class used for interacting with a multisite site.
12		*
13		* This class is used during load to populate the `$current_blog` global and
14		* setup the current site.
15		*
16		* @since 4.5.0
17		*
18		* @property int $id
19		* @property int $network_id
20		* @property string $blogname
21		* @property string $siteurl
22		* @property int $post_count
23		* @property string $home
24		*/
25		final class WP_Site {
26
27		/**
28		* Site ID.
29		*
30		* A numeric string, for compatibility reasons.
31		*
32		* @since 4.5.0
33		* @access public
34		* @var string
35		*/
36		public $blog_id;
37
38		/**
39		* Domain of the site.
40		*
41		* @since 4.5.0
42		* @access public
43		* @var string
44		*/
45		public $domain = '';
46
47		/**
48		* Path of the site.
49		*
50		* @since 4.5.0
51		* @access public
52		* @var string
53		*/
54		public $path = '';
55
56		/**
57		* The ID of the site's parent network.
58		*
59		* Named "site" vs. "network" for legacy reasons. An individual site's "site" is
60		* its network.
61		*
62		* A numeric string, for compatibility reasons.
63		*
64		* @since 4.5.0
65		* @access public
66		* @var string
67		*/
68		public $site_id = '0';
69
70		/**
71		* The date on which the site was created or registered.
72		*
73		* @since 4.5.0
74		* @access public
75		* @var string Date in MySQL's datetime format.
76		*/
77		public $registered = '0000-00-00 00:00:00';
78
79		/**
80		* The date and time on which site settings were last updated.
81		*
82		* @since 4.5.0
83		* @access public
84		* @var string Date in MySQL's datetime format.
85		*/
86		public $last_updated = '0000-00-00 00:00:00';
87
88		/**
89		* Whether the site should be treated as public.
90		*
91		* A numeric string, for compatibility reasons.
92		*
93		* @since 4.5.0
94		* @access public
95		* @var string
96		*/
97		public $public = '1';
98
99		/**
100		* Whether the site should be treated as archived.
101		*
102		* A numeric string, for compatibility reasons.
103		*
104		* @since 4.5.0
105		* @access public
106		* @var string
107		*/
108		public $archived = '0';
109
110		/**
111		* Whether the site should be treated as mature.
112		*
113		* Handling for this does not exist throughout WordPress core, but custom
114		* implementations exist that require the property to be present.
115		*
116		* A numeric string, for compatibility reasons.
117		*
118		* @since 4.5.0
119		* @access public
120		* @var string
121		*/
122		public $mature = '0';
123
124		/**
125		* Whether the site should be treated as spam.
126		*
127		* A numeric string, for compatibility reasons.
128		*
129		* @since 4.5.0
130		* @access public
131		* @var string
132		*/
133		public $spam = '0';
134
135		/**
136		* Whether the site should be treated as deleted.
137		*
138		* A numeric string, for compatibility reasons.
139		*
140		* @since 4.5.0
141		* @access public
142		* @var string
143		*/
144		public $deleted = '0';
145
146		/**
147		* The language pack associated with this site.
148		*
149		* A numeric string, for compatibility reasons.
150		*
151		* @since 4.5.0
152		* @access public
153		* @var string
154		*/
155		public $lang_id = '0';
156
157		/**
158		* Retrieves a site from the database by its ID.
159		*
160		* @static
161		* @since 4.5.0
162		* @access public
163		*
164		* @global wpdb $wpdb WordPress database abstraction object.
165		*
166		* @param int $site_id The ID of the site to retrieve.
167		* @return WP_Site\|false The site's object if found. False if not.
168		*/
169	View Code Duplication	public static function get_instance( $site_id ) {
170		global $wpdb;
171
172		$site_id = (int) $site_id;
173		if ( ! $site_id ) {
174		return false;
175		}
176
177		$_site = wp_cache_get( $site_id, 'sites' );
178
179		if ( ! $_site ) {
180		$_site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = %d LIMIT 1", $site_id ) );
181
182		if ( empty( $_site ) \|\| is_wp_error( $_site ) ) {
183		return false;
184		}
185
186		wp_cache_add( $site_id, $_site, 'sites' );
187		}
188
189		return new WP_Site( $_site );
190		}
191
192		/**
193		* Creates a new WP_Site object.
194		*
195		* Will populate object properties from the object provided and assign other
196		* default properties based on that information.
197		*
198		* @since 4.5.0
199		* @access public
200		*
201		* @param WP_Site\|object $site A site object.
202		*/
203		public function __construct( $site ) {
204		foreach( get_object_vars( $site ) as $key => $value ) {
205		$this->$key = $value;
206		}
207		}
208
209		/**
210		* Converts an object to array.
211		*
212		* @since 4.6.0
213		* @access public
214		*
215		* @return array Object as array.
216		*/
217		public function to_array() {
218		return get_object_vars( $this );
219		}
220
221		/**
222		* Getter.
223		*
224		* Allows current multisite naming conventions when getting properties.
225		* Allows access to extended site properties.
226		*
227		* @since 4.6.0
228		* @access public
229		*
230		* @param string $key Property to get.
231		* @return mixed Value of the property. Null if not available.
232		*/
233		public function __get( $key ) {
234		switch ( $key ) {
235		case 'id':
236		return (int) $this->blog_id;
237		case 'network_id':
238		return (int) $this->site_id;
239		case 'blogname':
240		case 'siteurl':
241		case 'post_count':
242		case 'home':
243	View Code Duplication	default: // Custom properties added by 'site_details' filter.
244		if ( ! did_action( 'ms_loaded' ) ) {
245		return null;
246		}
247
248		$details = $this->get_details();
249		if ( isset( $details->$key ) ) {
250		return $details->$key;
251		}
252		}
253
254		return null;
255		}
256
257		/**
258		* Isset-er.
259		*
260		* Allows current multisite naming conventions when checking for properties.
261		* Checks for extended site properties.
262		*
263		* @since 4.6.0
264		* @access public
265		*
266		* @param string $key Property to check if set.
267		* @return bool Whether the property is set.
268		*/
269		public function __isset( $key ) {
270		switch ( $key ) {
271		case 'id':
272		case 'network_id':
273		return true;
274		case 'blogname':
275		case 'siteurl':
276		case 'post_count':
277		case 'home':
278		if ( ! did_action( 'ms_loaded' ) ) {
		0 ignored issues – show Unused Code introduced 2017-06-24 04:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `if` statement, and the following `return` statement can be replaced with `return (bool) did_action('ms_loaded');`. Loading history...
279		return false;
280		}
281		return true;
282	View Code Duplication	default: // Custom properties added by 'site_details' filter.
283		if ( ! did_action( 'ms_loaded' ) ) {
284		return false;
285		}
286
287		$details = $this->get_details();
288		if ( isset( $details->$key ) ) {
289		return true;
290		}
291		}
292
293		return false;
294		}
295
296		/**
297		* Setter.
298		*
299		* Allows current multisite naming conventions while setting properties.
300		*
301		* @since 4.6.0
302		* @access public
303		*
304		* @param string $key Property to set.
305		* @param mixed $value Value to assign to the property.
306		*/
307	View Code Duplication	public function __set( $key, $value ) {
308		switch ( $key ) {
309		case 'id':
310		$this->blog_id = (string) $value;
311		break;
312		case 'network_id':
313		$this->site_id = (string) $value;
314		break;
315		default:
316		$this->$key = $value;
317		}
318		}
319
320		/**
321		* Retrieves the details for this site.
322		*
323		* This method is used internally to lazy-load the extended properties of a site.
324		*
325		* @since 4.6.0
326		* @access private
327		*
328		* @see WP_Site::__get()
329		*
330		* @return stdClass A raw site object with all details included.
331		*/
332		private function get_details() {
333		$details = wp_cache_get( $this->blog_id, 'site-details' );
334
335		if ( false === $details ) {
336
337		switch_to_blog( $this->blog_id );
338		// Create a raw copy of the object for backwards compatibility with the filter below.
339		$details = new stdClass();
340		foreach ( get_object_vars( $this ) as $key => $value ) {
341		$details->$key = $value;
342		}
343		$details->blogname = get_option( 'blogname' );
344		$details->siteurl = get_option( 'siteurl' );
345		$details->post_count = get_option( 'post_count' );
346		$details->home = get_option( 'home' );
347		restore_current_blog();
348
349		wp_cache_set( $this->blog_id, $details, 'site-details' );
350		}
351
352		/** This filter is documented in wp-includes/ms-blogs.php */
353		$details = apply_filters_deprecated( 'blog_details', array( $details ), '4.7.0', 'site_details' );
354
355		/**
356		* Filters a site's extended properties.
357		*
358		* @since 4.6.0
359		*
360		* @param stdClass $details The site details.
361		*/
362		$details = apply_filters( 'site_details', $details );
363
364		return $details;
365		}
366		}
367

ntwb / wordpress

Issues (4967)

Security Analysis not enabled

src/wp-includes/class-wp-site.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like