Issues in pluggable-deprecated.php (ticket-41057) - Issues in ticket-41057 - ntwb/wordpress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4967)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/wp-includes/pluggable-deprecated.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Deprecated pluggable functions from past WordPress versions. You shouldn't use these
 * functions and look for the alternatives instead. The functions will be removed in a
 * later version.
 *
 * Deprecated warnings are also thrown if one of these functions is being defined by a plugin.
 *
 * @package WordPress
 * @subpackage Deprecated
 * @see pluggable.php
 */

/*
 * Deprecated functions come here to die.
 */

if ( !function_exists('set_current_user') ) :
/**
 * Changes the current user by ID or name.
 *
 * Set $id to null and specify a name if you do not know a user's ID.
 *
 * @since 2.0.1
 * @deprecated 3.0.0 Use wp_set_current_user()
 * @see wp_set_current_user()
 *
 * @param int|null $id User ID.
 * @param string $name Optional. The user's username
 * @return WP_User returns wp_set_current_user()
 */
function set_current_user($id, $name = '') {
	_deprecated_function( __FUNCTION__, '3.0.0', 'wp_set_current_user()' );
	return wp_set_current_user($id, $name);
}
endif;

if ( !function_exists('get_currentuserinfo') ) :
/**
 * Populate global variables with information about the currently logged in user.
 *
 * @since 0.71
 * @deprecated 4.5.0 Use wp_get_current_user()
 * @see wp_get_current_user()
 *
 * @return bool|WP_User False on XMLRPC Request and invalid auth cookie, WP_User instance otherwise.
 */
function get_currentuserinfo() {
	_deprecated_function( __FUNCTION__, '4.5.0', 'wp_get_current_user()' );

	return _wp_get_current_user();
}
endif;

if ( !function_exists('get_userdatabylogin') ) :
/**
 * Retrieve user info by login name.
 *
 * @since 0.71
 * @deprecated 3.3.0 Use get_user_by()
 * @see get_user_by()
 *
 * @param string $user_login User's username
 * @return bool|object False on failure, User DB row object

 */
function get_userdatabylogin($user_login) {
	_deprecated_function( __FUNCTION__, '3.3.0', "get_user_by('login')" );
	return get_user_by('login', $user_login);
}
endif;

if ( !function_exists('get_user_by_email') ) :
/**
 * Retrieve user info by email.
 *
 * @since 2.5.0
 * @deprecated 3.3.0 Use get_user_by()
 * @see get_user_by()
 *
 * @param string $email User's email address
 * @return bool|object False on failure, User DB row object

 */
function get_user_by_email($email) {
	_deprecated_function( __FUNCTION__, '3.3.0', "get_user_by('email')" );
	return get_user_by('email', $email);
}
endif;

if ( !function_exists('wp_setcookie') ) :
/**
 * Sets a cookie for a user who just logged in. This function is deprecated.
 *
 * @since 1.5.0
 * @deprecated 2.5.0 Use wp_set_auth_cookie()
 * @see wp_set_auth_cookie()
 *
 * @param string $username The user's username
 * @param string $password Optional. The user's password
 * @param bool $already_md5 Optional. Whether the password has already been through MD5
 * @param string $home Optional. Will be used instead of COOKIEPATH if set
 * @param string $siteurl Optional. Will be used instead of SITECOOKIEPATH if set
 * @param bool $remember Optional. Remember that the user is logged in
 */
function wp_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) {

	_deprecated_function( __FUNCTION__, '2.5.0', 'wp_set_auth_cookie()' );
	$user = get_user_by('login', $username);
	wp_set_auth_cookie($user->ID, $remember);
}
else :
	_deprecated_function( 'wp_setcookie', '2.5.0', 'wp_set_auth_cookie()' );
endif;

if ( !function_exists('wp_clearcookie') ) :
/**
 * Clears the authentication cookie, logging the user out. This function is deprecated.
 *
 * @since 1.5.0
 * @deprecated 2.5.0 Use wp_clear_auth_cookie()
 * @see wp_clear_auth_cookie()
 */
function wp_clearcookie() {
	_deprecated_function( __FUNCTION__, '2.5.0', 'wp_clear_auth_cookie()' );
	wp_clear_auth_cookie();
}
else :
	_deprecated_function( 'wp_clearcookie', '2.5.0', 'wp_clear_auth_cookie()' );
endif;

if ( !function_exists('wp_get_cookie_login') ):
/**
 * Gets the user cookie login. This function is deprecated.
 *
 * This function is deprecated and should no longer be extended as it won't be
 * used anywhere in WordPress. Also, plugins shouldn't use it either.
 *
 * @since 2.0.3
 * @deprecated 2.5.0
 *
 * @return bool Always returns false
 */
function wp_get_cookie_login() {
	_deprecated_function( __FUNCTION__, '2.5.0' );
	return false;
}
else :
	_deprecated_function( 'wp_get_cookie_login', '2.5.0' );
endif;

if ( !function_exists('wp_login') ) :
/**
 * Checks a users login information and logs them in if it checks out. This function is deprecated.
 *
 * Use the global $error to get the reason why the login failed. If the username
 * is blank, no error will be set, so assume blank username on that case.
 *
 * Plugins extending this function should also provide the global $error and set
 * what the error is, so that those checking the global for why there was a
 * failure can utilize it later.
 *
 * @since 1.2.2
 * @deprecated 2.5.0 Use wp_signon()
 * @see wp_signon()
 *
 * @global string $error Error when false is returned
 *
 * @param string $username   User's username
 * @param string $password   User's password
 * @param string $deprecated Not used
 * @return bool False on login failure, true on successful check
 */
function wp_login($username, $password, $deprecated = '') {

	_deprecated_function( __FUNCTION__, '2.5.0', 'wp_signon()' );
	global $error;

	$user = wp_authenticate($username, $password);

	if ( ! is_wp_error($user) )
		return true;

	$error = $user->get_error_message();
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
	return false;
}
else :
	_deprecated_function( 'wp_login', '2.5.0', 'wp_signon()' );
endif;

/**
 * WordPress AtomPub API implementation.
 *
 * Originally stored in wp-app.php, and later wp-includes/class-wp-atom-server.php.
 * It is kept here in case a plugin directly referred to the class.
 *
 * @since 2.2.0
 * @deprecated 3.5.0
 *
 * @link https://wordpress.org/plugins/atom-publishing-protocol/
 */
if ( ! class_exists( 'wp_atom_server', false ) ) {
	class wp_atom_server {
		public function __call( $name, $arguments ) {
			_deprecated_function( __CLASS__ . '::' . $name, '3.5.0', 'the Atom Publishing Protocol plugin' );
		}

		public static function __callStatic( $name, $arguments ) {
			_deprecated_function( __CLASS__ . '::' . $name, '3.5.0', 'the Atom Publishing Protocol plugin' );
		}
	}
}


Issues (4967)

Security Analysis not enabled

src/wp-includes/pluggable-deprecated.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1			<?php
2			/**
3			* Deprecated pluggable functions from past WordPress versions. You shouldn't use these
4			* functions and look for the alternatives instead. The functions will be removed in a
5			* later version.
6			*
7			* Deprecated warnings are also thrown if one of these functions is being defined by a plugin.
8			*
9			* @package WordPress
10			* @subpackage Deprecated
11			* @see pluggable.php
12			*/
13
14			/*
15			* Deprecated functions come here to die.
16			*/
17
18			if ( !function_exists('set_current_user') ) :
19			/**
20			* Changes the current user by ID or name.
21			*
22			* Set $id to null and specify a name if you do not know a user's ID.
23			*
24			* @since 2.0.1
25			* @deprecated 3.0.0 Use wp_set_current_user()
26			* @see wp_set_current_user()
27			*
28			* @param int\|null $id User ID.
29			* @param string $name Optional. The user's username
30			* @return WP_User returns wp_set_current_user()
31			*/
32			function set_current_user($id, $name = '') {
33			_deprecated_function( __FUNCTION__, '3.0.0', 'wp_set_current_user()' );
34			return wp_set_current_user($id, $name);
35			}
36			endif;
37
38			if ( !function_exists('get_currentuserinfo') ) :
39			/**
40			* Populate global variables with information about the currently logged in user.
41			*
42			* @since 0.71
43			* @deprecated 4.5.0 Use wp_get_current_user()
44			* @see wp_get_current_user()
45			*
46			* @return bool\|WP_User False on XMLRPC Request and invalid auth cookie, WP_User instance otherwise.
47			*/
48			function get_currentuserinfo() {
49			_deprecated_function( __FUNCTION__, '4.5.0', 'wp_get_current_user()' );
50
51			return _wp_get_current_user();
52			}
53			endif;
54
55			if ( !function_exists('get_userdatabylogin') ) :
56			/**
57			* Retrieve user info by login name.
58			*
59			* @since 0.71
60			* @deprecated 3.3.0 Use get_user_by()
61			* @see get_user_by()
62			*
63			* @param string $user_login User's username
64			* @return bool\|object False on failure, User DB row object
			0 ignored issues – show Documentation introduced 2017-06-24 04:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `false\|WP_User`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
65			*/
66			function get_userdatabylogin($user_login) {
67			_deprecated_function( __FUNCTION__, '3.3.0', "get_user_by('login')" );
68			return get_user_by('login', $user_login);
69			}
70			endif;
71
72			if ( !function_exists('get_user_by_email') ) :
73			/**
74			* Retrieve user info by email.
75			*
76			* @since 2.5.0
77			* @deprecated 3.3.0 Use get_user_by()
78			* @see get_user_by()
79			*
80			* @param string $email User's email address
81			* @return bool\|object False on failure, User DB row object
			0 ignored issues – show Documentation introduced 2017-06-24 04:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `false\|WP_User`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
82			*/
83			function get_user_by_email($email) {
84			_deprecated_function( __FUNCTION__, '3.3.0', "get_user_by('email')" );
85			return get_user_by('email', $email);
86			}
87			endif;
88
89			if ( !function_exists('wp_setcookie') ) :
90			/**
91			* Sets a cookie for a user who just logged in. This function is deprecated.
92			*
93			* @since 1.5.0
94			* @deprecated 2.5.0 Use wp_set_auth_cookie()
95			* @see wp_set_auth_cookie()
96			*
97			* @param string $username The user's username
98			* @param string $password Optional. The user's password
99			* @param bool $already_md5 Optional. Whether the password has already been through MD5
100			* @param string $home Optional. Will be used instead of COOKIEPATH if set
101			* @param string $siteurl Optional. Will be used instead of SITECOOKIEPATH if set
102			* @param bool $remember Optional. Remember that the user is logged in
103			*/
104			function wp_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
			0 ignored issues – show Unused Code introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$password` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$already_md5` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$home` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$siteurl` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
105			_deprecated_function( __FUNCTION__, '2.5.0', 'wp_set_auth_cookie()' );
106			$user = get_user_by('login', $username);
107			wp_set_auth_cookie($user->ID, $remember);
108			}
109			else :
110			_deprecated_function( 'wp_setcookie', '2.5.0', 'wp_set_auth_cookie()' );
111			endif;
112
113			if ( !function_exists('wp_clearcookie') ) :
114			/**
115			* Clears the authentication cookie, logging the user out. This function is deprecated.
116			*
117			* @since 1.5.0
118			* @deprecated 2.5.0 Use wp_clear_auth_cookie()
119			* @see wp_clear_auth_cookie()
120			*/
121			function wp_clearcookie() {
122			_deprecated_function( __FUNCTION__, '2.5.0', 'wp_clear_auth_cookie()' );
123			wp_clear_auth_cookie();
124			}
125			else :
126			_deprecated_function( 'wp_clearcookie', '2.5.0', 'wp_clear_auth_cookie()' );
127			endif;
128
129			if ( !function_exists('wp_get_cookie_login') ):
130			/**
131			* Gets the user cookie login. This function is deprecated.
132			*
133			* This function is deprecated and should no longer be extended as it won't be
134			* used anywhere in WordPress. Also, plugins shouldn't use it either.
135			*
136			* @since 2.0.3
137			* @deprecated 2.5.0
138			*
139			* @return bool Always returns false
140			*/
141			function wp_get_cookie_login() {
142			_deprecated_function( __FUNCTION__, '2.5.0' );
143			return false;
144			}
145			else :
146			_deprecated_function( 'wp_get_cookie_login', '2.5.0' );
147			endif;
148
149			if ( !function_exists('wp_login') ) :
150			/**
151			* Checks a users login information and logs them in if it checks out. This function is deprecated.
152			*
153			* Use the global $error to get the reason why the login failed. If the username
154			* is blank, no error will be set, so assume blank username on that case.
155			*
156			* Plugins extending this function should also provide the global $error and set
157			* what the error is, so that those checking the global for why there was a
158			* failure can utilize it later.
159			*
160			* @since 1.2.2
161			* @deprecated 2.5.0 Use wp_signon()
162			* @see wp_signon()
163			*
164			* @global string $error Error when false is returned
165			*
166			* @param string $username User's username
167			* @param string $password User's password
168			* @param string $deprecated Not used
169			* @return bool False on login failure, true on successful check
170			*/
171			function wp_login($username, $password, $deprecated = '') {
			0 ignored issues – show Unused Code introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$deprecated` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
172			_deprecated_function( __FUNCTION__, '2.5.0', 'wp_signon()' );
173			global $error;
174
175			$user = wp_authenticate($username, $password);
176
177			if ( ! is_wp_error($user) )
178			return true;
179
180			$error = $user->get_error_message();
			0 ignored issues – show Bug introduced 2015-12-17 04:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `get_error_message` does only exist in `WP_Error`, but not in `WP_User`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
181			return false;
182			}
183			else :
184			_deprecated_function( 'wp_login', '2.5.0', 'wp_signon()' );
185			endif;
186
187			/**
188			* WordPress AtomPub API implementation.
189			*
190			* Originally stored in wp-app.php, and later wp-includes/class-wp-atom-server.php.
191			* It is kept here in case a plugin directly referred to the class.
192			*
193			* @since 2.2.0
194			* @deprecated 3.5.0
195			*
196			* @link https://wordpress.org/plugins/atom-publishing-protocol/
197			*/
198			if ( ! class_exists( 'wp_atom_server', false ) ) {
199			class wp_atom_server {
200			public function __call( $name, $arguments ) {
201			_deprecated_function( __CLASS__ . '::' . $name, '3.5.0', 'the Atom Publishing Protocol plugin' );
202			}
203
204			public static function __callStatic( $name, $arguments ) {
205			_deprecated_function( __CLASS__ . '::' . $name, '3.5.0', 'the Atom Publishing Protocol plugin' );
206			}
207			}
208			}
209

ntwb / wordpress

Issues (4967)

Security Analysis not enabled

src/wp-includes/pluggable-deprecated.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like