Issues in shortcodely.php (master) - Issues in master - patilswapnilv/shortcodely - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3833)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

shortcodely.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
*    Plugin Name: shortcodely
*    Plugin URI: htps://github.com/patilswapnilv/shortcodely
*    Description: Include any widget in a page/post for any theme.
*    Author: patilswapnilv
*    Version: 1.0.0
*    Author URI: http://swapnilpatil.in
*    Domain Path: /languages/
*
*    Include any widget in page/post for any theme. [do_widget widgetname ] or
*    [do_widget "widget name" ] [do_widget id=widgetnamedashed-n] or
*    include a whole widget area [do_widget_area].
*
*    Please read: <a href="https://github.com/patilswapnilv/shortcodely/installation/">Installation</a>
*    and <a href="https://github.com/patilswapnilv/shortcodely/faq/">FAQ</a>.
*
*    PHP version 5
*
*    LICENCE: GNU GENERAL PUBLIC LICENSE
*            Version 3, 29 June 2007
*    Copyright © 2007 Free Software Foundation, Inc. <http://fsf.org/>
*    Everyone is permitted to copy and distribute verbatim copies
*    of this license document, but changing it is not allowed.
*
*    Main file, contains the plugin metadata and activation processes
*
*    @category Core
*    @package  Shortcodely
*    @author   Swapnil V. Patil <[email protected]>
*    @license  GPL-3.0+ https://www.gnu.org/licenses/gpl-3.0.en.html
*    @version  1.0.0
*    @link     https://github.com/patilswapnilv/shortcodely
*/

add_action( 'in_widget_form', 'shortcodely_spice_get_widget_id' );
function shortcodely_spice_get_widget_id( $widget_instance ) {
	  /*
      * Main function to get widget id
      *
      */
	echo '<p><strong>To use as shortcode with id:</strong> ';
	if ( '__i__' == $widget_instance->number ) {
		echo 'Save the widget first!</p>';
	} else {
		echo '[do_widget id=' . $widget_instance->id . ']</p>';

	}
}

/**
 * @return callable
 */
function shortcodely_remove_widget_class( $params ) {
	/*
    * Remove the widget classes
    */
	if ( ! empty( $params[0]['before_widget'] ) ) {
		$params[0]['before_widget'] =
			str_replace( '"widget ', '"', $params[0]['before_widget'] );
	}

	if ( ! empty( $params[0]['before_title'] ) ) {
		$params[0]['before_title']
			= $params[0]['before_title'] = str_replace( 'widget-title', '', $params[0]['before_title'] );
	}

	return $params;
}

function shortcodely_do_widget_area( $atts ) {
	/*
	* used when a complete widget area is used via shortcode
	*/
	global $wp_registered_widgets, $_wp_sidebars_widgets, $wp_registered_sidebars;

	extract(

		shortcode_atts(

			array(
						'widget_area' => 'widgets_for_shortcodes',
						'class' => 'shortcodely-widget-area', /* the widget class is picked up automatically.	If we want to add an additional class at the wrap level to try to match a theme, use this */
						'widget_area_class' => '', /* option to disassociate from themes widget styling use =none*/
						'widget_classes' => '', /* option to disassociate from themes widget styling */

						), $atts
		)
	);

	if ( ! empty( $atts ) ) {
		if ( ('widgets_for_shortcodes' == $widget_area) and ! empty( $atts[0] ) ) {
			$widget_area = $atts[0];
		}
	}

	if ( empty( $wp_registered_sidebars[ $widget_area ] ) ) {
		echo '<br/>Widget area "' . $widget_area . '" not found. Registered widget areas (sidebars) are: <br/>';

		foreach ( $wp_registered_sidebars as $area => $sidebar ) {
			echo $area . '<br />';

		}
	}
	//if (isset($_REQUEST['do_widget_debug']) and current_user_can('administrator')) var_dump( $wp_registered_sidebars); /**/

	if ( 'none' == $widget_area_class ) {
		$class = '';
	} else {
		if ( ! empty( $widget_area_class ) ) {    //2014 08
			$class .= 'class="' . $class . ' ' . $widget_area_class . '"';
		} else {
			$class = 'class="' . $class . '"';
		}
	}

	if ( ! empty( $widget_classes ) and ('none' == $widget_classes) ) {
		add_filter( 'dynamic_sidebar_params', 'shortcodely_remove_widget_class' );
	}

	ob_start(); /* catch the echo output, so we can control where it appears in the text	*/
	dynamic_sidebar( $widget_area );
	$output = ob_get_clean();
	remove_filter( 'dynamic_sidebar_params', 'shortcodely_remove_widget_class' );

	$output = PHP_EOL . '<div id="' . $widget_area . '" ' . $class . '>'
				. $output
				. '</div>' . PHP_EOL;

	return $output;
}
/*-----------------------------------*/
function shortcodely_do_widget( $atts ) {
	/*
	* Used when a single widget is called using shortcode
	*/
	global $wp_registered_widgets, $_wp_sidebars_widgets, $wp_registered_sidebars;

	/* check if the widget is in	the shortcode x sidebar	if not , just use generic,
    if it is in, then get the instance	data and use that */

	if ( is_admin() ) {
		return '';
	}    // eg in case someone decides to apply content filters when apost is saved, and not all widget stuff is there.

	extract(

		shortcode_atts(

			array(
						'sidebar' => 'Widgets for Shortcodely', //default
						'id' => '',
						'name' => '',
						'title' => '', /* do the default title unless they ask us not to - use string here not boolean */
						'class' => 'shortcodely_widget', /* the widget class is picked up automatically.	If we want to add an additional class at the wrap level to try to match a theme, use this */
						'wrap' => '', /* wrap the whole thing - title plus widget in a div - maybe the themes use a div, maybe not, maybe we want that styling, maybe not */
						'widget_classes' => '', /* option to disassociate from themes widget styling */
						), $atts
		)
	);

	if ( isset( $_wp_sidebars_widgets ) ) {
		shortcodely_show_widget_debug( 'which one', $name, $id, $sidebar ); //check for debug prompt and show widgets in shortcode sidebar if requested and logged in etc
	} else {
		$output = '<br />No widgets defined at all in any sidebar!';

		return $output;
	}

	/* compatibility check - if the name is not entered, then the first parameter is the name */
	if ( empty( $name ) and ! empty( $atts[0] ) ) {
		$name = $atts[0];
	}

	/* the widget need not be specified, [do_widget widgetname] is adequate */
	if ( ! empty( $name ) ) {    // we have a name
		$widget = $name;

		foreach ( $wp_registered_widgets as $i => $w ) {/* get the official internal name or id that the widget was registered with	*/
			if ( strtolower( $widget ) == (strtolower( $w ['name'] )) ) {
				$widget_ids[] = $i;
			}
			//if ($debug) {echo '<br /> Check: '.$w['name'];}
		}

		if ( ! ($sidebarid = shortcodely_get_sidebar_id( $sidebar )) ) {
			$sidebarid = $sidebar; /* get the official sidebar id for this widget area - will take the first one */
		}
	} else { /* check for id if we do not have a name */

		if ( ! empty( $id ) ) {        /* if a specific id has been specified */
			foreach ( $wp_registered_widgets as $i => $w ) { /* get the official internal name or id that the widget was registered with	*/
				if ( $id == $w['id'] ) {
					$widget_ids[] = $id;
				}
			}
			//echo '<h2>We have an id: '.$id.'</h2>'; 	if (!empty($widget_ids)) var_dump($widget_ids);
		} else {
			$output = '<br />No valid widget name or id given in shortcode parameters';

			return $output;
		}
			// if we have id, get the sidebar for it
			$sidebarid = shortcodely_get_widgets_sidebar( $id );
		if ( ! $sidebarid ) {
			$output = '<br />Widget not in any sidebars<br />';

			return $output;
		}
	}

	if ( empty( $widget ) ) {
		$widget = '';
	}
	if ( empty( $id ) ) {
		$id = '';
	}

	if ( empty( $widget_ids ) ) {
		$output = '<br />Error: Your Requested widget "' . $widget . ' ' . $id . '" is not in the widget list.<br />';
		$output .= shortcodely_show_widget_debug( 'empty', $name, $id, $sidebar );

		return $output;
	}

	if ( empty( $widget ) ) {
		$widget = '';
	}

	//$content = '';
	/* if the widget is in our chosen sidebar, then use the options stored for that */

	if ( ( ! isset( $_wp_sidebars_widgets[ $sidebarid ] )) or (empty( $_wp_sidebars_widgets[ $sidebarid ] )) ) { // try upgrade
		shortcodely_upgrade_sidebar();
	}

	//if we have a specific sidebar selected, use that
	if ( (isset( $_wp_sidebars_widgets[ $sidebarid ] )) and ( ! empty( $_wp_sidebars_widgets[ $sidebarid ] )) ) {
		/* get the intersect of the 2 widget setups so we just get the widget we want	*/

		$wid = array_intersect( $_wp_sidebars_widgets[ $sidebarid ], $widget_ids );
	} else { /* the sidebar is not defined or selected - should not happen */
		if ( isset( $debug ) ) {    // only do this in debug mode
			if ( ! isset( $_wp_sidebars_widgets[ $sidebarid ] ) ) {
				$output = '<p>Error: Sidebar "' . $sidebar . '" with sidebarid "' . $sidebarid . '" is not defined.</p>';
			} // shouldnt happen - maybe someone running content filters on save
			else {
				$output = '<p>Error: Sidebar "' . $sidebar . '" with sidebarid "' . $sidebarid . '" is empty (no widgets)</p>';
			}
		}
	}

	$output = '';
	if ( empty( $wid ) or ( ! is_array( $wid )) or (count( $wid ) < 1) ) {
		$output = '<p>Error: Your requested Widget "' . $widget . '" is not in the "' . $sidebar . '" sidebar</p>';
		$output .= shortcodely_show_widget_debug( 'empty', $name, $id, $sidebar );

		unset( $sidebar );
		unset( $sidebarid );
	} else {
		/*	There may only be one but if we have two in our chosen widget then it will do both */
		$output = '';
		foreach ( $wid as $i => $widget_instance ) {
			ob_start(); /* catch the echo output, so we can control where it appears in the text	*/
			shortcodely_shortcode_sidebar( $widget_instance, $sidebar, $title, $class, $wrap, $widget_classes );
			$output .= ob_get_clean();
		}
	}

	return $output;
}
/* -------------------------------------------------------------------------*/
function shortcodely_shortcode_sidebar( $widget_id,
	$name = 'widgets_for_shortcode',
	$title = true,
	$class = '',
	$wrap = '',
	$widget_classes = ''
) {
	/* This is basically the wordpress code, slightly modified	*/
	global $wp_registered_sidebars, $wp_registered_widgets;

	$debug = shortcodely_check_if_widget_debug();

	$sidebarid = shortcodely_get_sidebar_id( $name );

	$sidebars_widgets = wp_get_sidebars_widgets();

	$sidebar = $wp_registered_sidebars[ $sidebarid ]; // has the params etc

	$did_one = false;

	/* lifted from wordpress code, keep as similar as possible for now */

	if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) {
		return;
	} // wp had c o n t i n u e

				$params = array_merge(
					array(
								array_merge(
									$sidebar,
									array(
									'widget_id' => $widget_id,
										'widget_name' => $wp_registered_widgets[ $widget_id ]['name'],
									)
								),
					),
					(array) $wp_registered_widgets[ $widget_id ]['params']
				);

	$validtitletags = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'header', 'strong', 'em' );
	$validwraptags = array( 'div', 'p', 'main', 'aside', 'section' );

	if ( ! empty( $wrap ) ) { /* then folks want to 'wrap' with their own html tag, or wrap = yes	*/
		if ( ( ! in_array( $wrap, $validwraptags )) ) {
			$wrap = '';
		}
		/* To match a variety of themes, allow for a variety of html tags. */
		/* May not need if our sidebar match attempt has worked */
	}

	if ( ! empty( $wrap ) ) {
		$params[0]['before_widget'] = '<' . $wrap . ' id="%1$s" class="%2$s">';
		$params[0]['after_widget'] = '</' . $wrap . '>';
	}

				// wp code to get classname
				$classname_ = '';
				//foreach ( (array) $wp_registered_widgets[$widget_id]['classname'] as $cn ) {
						$cn = $wp_registered_widgets[ $widget_id ]['classname'];
	if ( is_string( $cn ) ) {
		$classname_ .= '_' . $cn;
	} elseif ( is_object( $cn ) ) {
		$classname_ .= '_' . get_class( $cn );
	}
				//}
				$classname_ = ltrim( $classname_, '_' );

				// add MKM and others requested class in to the wp classname string
				// if no class specfied, then class will = shortcodelywidget.	These classes are so can reverse out unwanted widget styling.

				// $classname_ .= ' widget '; // wordpress seems to almost always adds the widget class

				$classname_ .= ' ' . $class;

				// we are picking up the defaults from the	thems sidebar ad they have registered heir sidebar to issue widget classes?

				// Substitute HTML id and class attributes into before_widget
	if ( ! empty( $params[0]['before_widget'] ) ) {
		$params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ );
	} else {
		$params[0]['before_widget'] = '';
	}

	if ( empty( $params[0]['before_widget'] ) ) {
		$params[0]['after_widget'] = '';
	}

	$params = apply_filters( 'dynamic_sidebar_params', $params );
				// allow, any pne usingmust ensure they apply to the correct sidebars

	if ( ! empty( $title ) ) {
		if ( 'false' == $title ) { /* shortcodely switch off the title html, still need to get rid of title separately */
			$params[0]['before_title'] = '<span style="display: none">';
			$params[0]['after_title'] = '</span>';
		} else {
			if ( in_array( $title, $validtitletags ) ) {
				$class = ' class="widget-title" ';

				$params[0]['before_title'] = '<' . $title . ' ' . $class . ' >';
				$params[0]['after_title'] = '</' . $title . '>';
			}
		}
	}

	if ( ! empty( $widget_classes ) and ('none' == $widget_classes) ) {
		$params = shortcodely_remove_widget_class( $params ); // also called in widget area shortcode
	}

	$callback = $wp_registered_widgets[ $widget_id ]['callback'];
	if ( is_callable( $callback ) ) {
		call_user_func_array( $callback, $params );
		$did_one = true;
	}
	//	}
	return $did_one;
}
/* ---------------------------------------------------------------------------*/
function shortcodely_reg_sidebar() {
	// this is fired late, so hopefully any theme sidebars will have been registered already.

	global $wp_registered_widgets, $_wp_sidebars_widgets, $wp_registered_sidebars;

	if ( function_exists( 'register_sidebar' ) ) {    // maybe later, get the first main sidebar and copy it's before/after etc
		$args = array(
		'name' => 'Widgets for Shortcodely',
		'id' => 'widgets_for_shortcodes', // hope to avoid losing widgets
		'description' => __( 'Sidebar to hold widgets and their settings. These widgets will be used in a shortcode.	This sidebars widgets should be saved with your theme settings now.', 'shortcodely-shortcode-any-widget' ),
		'before_widget' => '<aside' . ' id="%1$s" class="%2$s ">', // 201402 to match twentyfourteen theme
		'after_widget' => '</aside>',
		'before_title' => '<h1 class="widget-title" >', // 201402 maybe dont use widget class - we are in content here not in a widget area but others want the widget styling. ?
		'after_title' => '</h1>',
		);

		if ( ! empty( $wp_registered_sidebars ) ) {    // we got some sidebars already.
				$main_sidebar = reset( $wp_registered_sidebars ); // Grab the first sidebar and use that as defaults for the widgets
				$args['before_widget'] = $main_sidebar['before_widget'];
			$args['after_widget'] = $main_sidebar['after_widget'];
			$args['before_title'] = $main_sidebar['before_title'];
			$args['after_title'] = $main_sidebar['after_title'];
		}

		register_sidebar( $args );
	}

	//else {	echo '<h1>CANNOT REGISTER widgets_for_shortcodes SIDEBAR</h1>';}
}
/*-----------------------------------*/
require 'shortcodely-admin-form-html.php';
require 'shortcodely-utilities.php';

if ( is_admin() ) {
	$shortcodely_saw_plugin_admin = new shortcodely_saw_plugin_admin();
}

add_action( 'widgets_init', 'shortcodely_reg_sidebar', 98 ); // register late so it appears last

add_action( 'switch_theme', 'shortcodely_save_shortcodes_sidebar' );
add_action( 'after_switch_theme', 'shortcodely_restore_shortcodes_sidebar' );

add_shortcode( 'do_widget', 'shortcodely_do_widget' );
add_shortcode( 'do_widget_area', 'shortcodely_do_widget_area' ); // just dump the whole widget area - to get same styling

//require_once(ABSPATH . 'wp-includes/widgets.php');	 // *** do we really need this here?
function shortcodely_saw_load_text() {
	// wp (see l10n.php) will check wp-content/languages/plugins if nothing found in plugin dir
	$result = load_plugin_textdomain(
		'shortcodely-shortcode-any-widget', false,
		dirname( plugin_basename( __FILE__ ) ) . '/languages/'
	);
}

add_action( 'plugins_loaded', 'shortcodely_saw_load_text' );

add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'shortcodely_add_action_links' );

function shortcodely_add_action_links( $links ) {
	$mylinks[] =
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
	'<a title="Haven\'t read the instructions? Need your hand held?" href="' . admin_url( 'options-general.php?page=shortcodely_saw' ) . '">Settings</a>';
	$mylinks[] =
	'<a title="Yes I know it is the same link, but some people ...." href="' . admin_url( 'options-general.php?page=shortcodely_saw' ) . '">HELP</a>';

	return array_merge( $links, $mylinks );
}


1			<?php
2			/**
3			* Plugin Name: shortcodely
4			* Plugin URI: htps://github.com/patilswapnilv/shortcodely
5			* Description: Include any widget in a page/post for any theme.
6			* Author: patilswapnilv
7			* Version: 1.0.0
8			* Author URI: http://swapnilpatil.in
9			* Domain Path: /languages/
10			*
11			* Include any widget in page/post for any theme. [do_widget widgetname ] or
12			* [do_widget "widget name" ] [do_widget id=widgetnamedashed-n] or
13			* include a whole widget area [do_widget_area].
14			*
15			* Please read: <a href="https://github.com/patilswapnilv/shortcodely/installation/">Installation</a>
16			* and <a href="https://github.com/patilswapnilv/shortcodely/faq/">FAQ</a>.
17			*
18			* PHP version 5
19			*
20			* LICENCE: GNU GENERAL PUBLIC LICENSE
21			* Version 3, 29 June 2007
22			* Copyright © 2007 Free Software Foundation, Inc. <http://fsf.org/>
23			* Everyone is permitted to copy and distribute verbatim copies
24			* of this license document, but changing it is not allowed.
25			*
26			* Main file, contains the plugin metadata and activation processes
27			*
28			* @category Core
29			* @package Shortcodely
30			* @author Swapnil V. Patil <[email protected]>
31			* @license GPL-3.0+ https://www.gnu.org/licenses/gpl-3.0.en.html
32			* @version 1.0.0
33			* @link https://github.com/patilswapnilv/shortcodely
34			*/
35
36			add_action( 'in_widget_form', 'shortcodely_spice_get_widget_id' );
37			function shortcodely_spice_get_widget_id( $widget_instance ) {
38			/*
39			* Main function to get widget id
40			*
41			*/
42			echo '<p><strong>To use as shortcode with id:</strong> ';
43			if ( '__i__' == $widget_instance->number ) {
44			echo 'Save the widget first!</p>';
45			} else {
46			echo '[do_widget id=' . $widget_instance->id . ']</p>';
			0 ignored issues – show introduced 2016-12-09 14:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected next thing to be a escaping function, not '$widget_instance' Loading history...
47			}
48			}
49
50			/**
51			* @return callable
52			*/
53			function shortcodely_remove_widget_class( $params ) {
54			/*
55			* Remove the widget classes
56			*/
57			if ( ! empty( $params[0]['before_widget'] ) ) {
58			$params[0]['before_widget'] =
59			str_replace( '"widget ', '"', $params[0]['before_widget'] );
60			}
61
62			if ( ! empty( $params[0]['before_title'] ) ) {
63			$params[0]['before_title']
64			= $params[0]['before_title'] = str_replace( 'widget-title', '', $params[0]['before_title'] );
65			}
66
67			return $params;
68			}
69
70			function shortcodely_do_widget_area( $atts ) {
71			/*
72			* used when a complete widget area is used via shortcode
73			*/
74			global $wp_registered_widgets, $_wp_sidebars_widgets, $wp_registered_sidebars;
75
76			extract(
			0 ignored issues – show introduced 2016-12-09 14:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this extract() usage is highly discouraged, due to the complexity and unintended issues it might cause. Loading history...
77			shortcode_atts(
			0 ignored issues – show Bug introduced 2016-11-25 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this `shortcode_atts(array('wi...classes' => ''), $atts)` cannot be passed to `extract()` as the parameter `$var_array` expects a reference. Loading history...
78			array(
79			'widget_area' => 'widgets_for_shortcodes',
80			'class' => 'shortcodely-widget-area', /* the widget class is picked up automatically. If we want to add an additional class at the wrap level to try to match a theme, use this */
81			'widget_area_class' => '', /* option to disassociate from themes widget styling use =none*/
82			'widget_classes' => '', /* option to disassociate from themes widget styling */
83
84			), $atts
85			)
86			);
87
88			if ( ! empty( $atts ) ) {
89			if ( ('widgets_for_shortcodes' == $widget_area) and ! empty( $atts[0] ) ) {
90			$widget_area = $atts[0];
91			}
92			}
93
94			if ( empty( $wp_registered_sidebars[ $widget_area ] ) ) {
95			echo '<br/>Widget area "' . $widget_area . '" not found. Registered widget areas (sidebars) are: <br/>';
			0 ignored issues – show introduced 2016-12-09 14:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected next thing to be a escaping function, not '$widget_area' Loading history...
96			foreach ( $wp_registered_sidebars as $area => $sidebar ) {
97			echo $area . '<br />';
			0 ignored issues – show introduced 2016-12-09 14:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected next thing to be a escaping function, not '$area' Loading history...
98			}
99			}
100			//if (isset($_REQUEST['do_widget_debug']) and current_user_can('administrator')) var_dump( $wp_registered_sidebars); /**/
101
102			if ( 'none' == $widget_area_class ) {
103			$class = '';
104			} else {
105			if ( ! empty( $widget_area_class ) ) { //2014 08
106			$class .= 'class="' . $class . ' ' . $widget_area_class . '"';
107			} else {
108			$class = 'class="' . $class . '"';
109			}
110			}
111
112			if ( ! empty( $widget_classes ) and ('none' == $widget_classes) ) {
113			add_filter( 'dynamic_sidebar_params', 'shortcodely_remove_widget_class' );
114			}
115
116			ob_start(); /* catch the echo output, so we can control where it appears in the text */
117			dynamic_sidebar( $widget_area );
118			$output = ob_get_clean();
119			remove_filter( 'dynamic_sidebar_params', 'shortcodely_remove_widget_class' );
120
121			$output = PHP_EOL . '<div id="' . $widget_area . '" ' . $class . '>'
122			. $output
123			. '</div>' . PHP_EOL;
124
125			return $output;
126			}
127			/-----------------------------------/
128			function shortcodely_do_widget( $atts ) {
129			/*
130			* Used when a single widget is called using shortcode
131			*/
132			global $wp_registered_widgets, $_wp_sidebars_widgets, $wp_registered_sidebars;
133
134			/* check if the widget is in the shortcode x sidebar if not , just use generic,
135			if it is in, then get the instance data and use that */
136
137			if ( is_admin() ) {
138			return '';
139			} // eg in case someone decides to apply content filters when apost is saved, and not all widget stuff is there.
140
141			extract(
			0 ignored issues – show introduced 2016-12-09 14:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this extract() usage is highly discouraged, due to the complexity and unintended issues it might cause. Loading history...
142			shortcode_atts(
			0 ignored issues – show Bug introduced 2016-12-09 14:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this `shortcode_atts(array('si...classes' => ''), $atts)` cannot be passed to `extract()` as the parameter `$var_array` expects a reference. Loading history...
143			array(
144			'sidebar' => 'Widgets for Shortcodely', //default
145			'id' => '',
146			'name' => '',
147			'title' => '', /* do the default title unless they ask us not to - use string here not boolean */
148			'class' => 'shortcodely_widget', /* the widget class is picked up automatically. If we want to add an additional class at the wrap level to try to match a theme, use this */
149			'wrap' => '', /* wrap the whole thing - title plus widget in a div - maybe the themes use a div, maybe not, maybe we want that styling, maybe not */
150			'widget_classes' => '', /* option to disassociate from themes widget styling */
151			), $atts
152			)
153			);
154
155			if ( isset( $_wp_sidebars_widgets ) ) {
156			shortcodely_show_widget_debug( 'which one', $name, $id, $sidebar ); //check for debug prompt and show widgets in shortcode sidebar if requested and logged in etc
157			} else {
158			$output = '<br />No widgets defined at all in any sidebar!';
159
160			return $output;
161			}
162
163			/* compatibility check - if the name is not entered, then the first parameter is the name */
164			if ( empty( $name ) and ! empty( $atts[0] ) ) {
165			$name = $atts[0];
166			}
167
168			/* the widget need not be specified, [do_widget widgetname] is adequate */
169			if ( ! empty( $name ) ) { // we have a name
170			$widget = $name;
171
172			foreach ( $wp_registered_widgets as $i => $w ) {/* get the official internal name or id that the widget was registered with */
173			if ( strtolower( $widget ) == (strtolower( $w ['name'] )) ) {
174			$widget_ids[] = $i;
175			}
176			//if ($debug) {echo '<br /> Check: '.$w['name'];}
177			}
178
179			if ( ! ($sidebarid = shortcodely_get_sidebar_id( $sidebar )) ) {
180			$sidebarid = $sidebar; /* get the official sidebar id for this widget area - will take the first one */
181			}
182			} else { /* check for id if we do not have a name */
183
184			if ( ! empty( $id ) ) { /* if a specific id has been specified */
185			foreach ( $wp_registered_widgets as $i => $w ) { /* get the official internal name or id that the widget was registered with */
186			if ( $id == $w['id'] ) {
187			$widget_ids[] = $id;
188			}
189			}
190			//echo '<h2>We have an id: '.$id.'</h2>'; if (!empty($widget_ids)) var_dump($widget_ids);
191			} else {
192			$output = '<br />No valid widget name or id given in shortcode parameters';
193
194			return $output;
195			}
196			// if we have id, get the sidebar for it
197			$sidebarid = shortcodely_get_widgets_sidebar( $id );
198			if ( ! $sidebarid ) {
199			$output = '<br />Widget not in any sidebars<br />';
200
201			return $output;
202			}
203			}
204
205			if ( empty( $widget ) ) {
206			$widget = '';
207			}
208			if ( empty( $id ) ) {
209			$id = '';
210			}
211
212			if ( empty( $widget_ids ) ) {
213			$output = '<br />Error: Your Requested widget "' . $widget . ' ' . $id . '" is not in the widget list.<br />';
214			$output .= shortcodely_show_widget_debug( 'empty', $name, $id, $sidebar );
215
216			return $output;
217			}
218
219			if ( empty( $widget ) ) {
220			$widget = '';
221			}
222
223			//$content = '';
224			/* if the widget is in our chosen sidebar, then use the options stored for that */
225
226			if ( ( ! isset( $_wp_sidebars_widgets[ $sidebarid ] )) or (empty( $_wp_sidebars_widgets[ $sidebarid ] )) ) { // try upgrade
227			shortcodely_upgrade_sidebar();
228			}
229
230			//if we have a specific sidebar selected, use that
231			if ( (isset( $_wp_sidebars_widgets[ $sidebarid ] )) and ( ! empty( $_wp_sidebars_widgets[ $sidebarid ] )) ) {
232			/* get the intersect of the 2 widget setups so we just get the widget we want */
233
234			$wid = array_intersect( $_wp_sidebars_widgets[ $sidebarid ], $widget_ids );
235			} else { /* the sidebar is not defined or selected - should not happen */
236			if ( isset( $debug ) ) { // only do this in debug mode
237			if ( ! isset( $_wp_sidebars_widgets[ $sidebarid ] ) ) {
238			$output = '<p>Error: Sidebar "' . $sidebar . '" with sidebarid "' . $sidebarid . '" is not defined.</p>';
239			} // shouldnt happen - maybe someone running content filters on save
240			else {
241			$output = '<p>Error: Sidebar "' . $sidebar . '" with sidebarid "' . $sidebarid . '" is empty (no widgets)</p>';
242			}
243			}
244			}
245
246			$output = '';
247			if ( empty( $wid ) or ( ! is_array( $wid )) or (count( $wid ) < 1) ) {
248			$output = '<p>Error: Your requested Widget "' . $widget . '" is not in the "' . $sidebar . '" sidebar</p>';
249			$output .= shortcodely_show_widget_debug( 'empty', $name, $id, $sidebar );
250
251			unset( $sidebar );
252			unset( $sidebarid );
253			} else {
254			/* There may only be one but if we have two in our chosen widget then it will do both */
255			$output = '';
256			foreach ( $wid as $i => $widget_instance ) {
257			ob_start(); /* catch the echo output, so we can control where it appears in the text */
258			shortcodely_shortcode_sidebar( $widget_instance, $sidebar, $title, $class, $wrap, $widget_classes );
259			$output .= ob_get_clean();
260			}
261			}
262
263			return $output;
264			}
265			/* -------------------------------------------------------------------------*/
266			function shortcodely_shortcode_sidebar( $widget_id,
267			$name = 'widgets_for_shortcode',
268			$title = true,
269			$class = '',
270			$wrap = '',
271			$widget_classes = ''
272			) {
273			/* This is basically the wordpress code, slightly modified */
274			global $wp_registered_sidebars, $wp_registered_widgets;
275
276			$debug = shortcodely_check_if_widget_debug();
277
278			$sidebarid = shortcodely_get_sidebar_id( $name );
279
280			$sidebars_widgets = wp_get_sidebars_widgets();
281
282			$sidebar = $wp_registered_sidebars[ $sidebarid ]; // has the params etc
283
284			$did_one = false;
285
286			/* lifted from wordpress code, keep as similar as possible for now */
287
288			if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) {
289			return;
290			} // wp had c o n t i n u e
291
292			$params = array_merge(
293			array(
294			array_merge(
295			$sidebar,
296			array(
297			'widget_id' => $widget_id,
298			'widget_name' => $wp_registered_widgets[ $widget_id ]['name'],
299			)
300			),
301			),
302			(array) $wp_registered_widgets[ $widget_id ]['params']
303			);
304
305			$validtitletags = array( 'h1', 'h2', 'h3', 'h4', 'h5', 'header', 'strong', 'em' );
306			$validwraptags = array( 'div', 'p', 'main', 'aside', 'section' );
307
308			if ( ! empty( $wrap ) ) { /* then folks want to 'wrap' with their own html tag, or wrap = yes */
309			if ( ( ! in_array( $wrap, $validwraptags )) ) {
310			$wrap = '';
311			}
312			/* To match a variety of themes, allow for a variety of html tags. */
313			/* May not need if our sidebar match attempt has worked */
314			}
315
316			if ( ! empty( $wrap ) ) {
317			$params[0]['before_widget'] = '<' . $wrap . ' id="%1$s" class="%2$s">';
318			$params[0]['after_widget'] = '</' . $wrap . '>';
319			}
320
321			// wp code to get classname
322			$classname_ = '';
323			//foreach ( (array) $wp_registered_widgets[$widget_id]['classname'] as $cn ) {
324			$cn = $wp_registered_widgets[ $widget_id ]['classname'];
325			if ( is_string( $cn ) ) {
326			$classname_ .= '_' . $cn;
327			} elseif ( is_object( $cn ) ) {
328			$classname_ .= '_' . get_class( $cn );
329			}
330			//}
331			$classname_ = ltrim( $classname_, '_' );
332
333			// add MKM and others requested class in to the wp classname string
334			// if no class specfied, then class will = shortcodelywidget. These classes are so can reverse out unwanted widget styling.
335
336			// $classname_ .= ' widget '; // wordpress seems to almost always adds the widget class
337
338			$classname_ .= ' ' . $class;
339
340			// we are picking up the defaults from the thems sidebar ad they have registered heir sidebar to issue widget classes?
341
342			// Substitute HTML id and class attributes into before_widget
343			if ( ! empty( $params[0]['before_widget'] ) ) {
344			$params[0]['before_widget'] = sprintf( $params[0]['before_widget'], $widget_id, $classname_ );
345			} else {
346			$params[0]['before_widget'] = '';
347			}
348
349			if ( empty( $params[0]['before_widget'] ) ) {
350			$params[0]['after_widget'] = '';
351			}
352
353			$params = apply_filters( 'dynamic_sidebar_params', $params );
354			// allow, any pne usingmust ensure they apply to the correct sidebars
355
356			if ( ! empty( $title ) ) {
357			if ( 'false' == $title ) { /* shortcodely switch off the title html, still need to get rid of title separately */
358			$params[0]['before_title'] = '<span style="display: none">';
359			$params[0]['after_title'] = '</span>';
360			} else {
361			if ( in_array( $title, $validtitletags ) ) {
362			$class = ' class="widget-title" ';
363
364			$params[0]['before_title'] = '<' . $title . ' ' . $class . ' >';
365			$params[0]['after_title'] = '</' . $title . '>';
366			}
367			}
368			}
369
370			if ( ! empty( $widget_classes ) and ('none' == $widget_classes) ) {
371			$params = shortcodely_remove_widget_class( $params ); // also called in widget area shortcode
372			}
373
374			$callback = $wp_registered_widgets[ $widget_id ]['callback'];
375			if ( is_callable( $callback ) ) {
376			call_user_func_array( $callback, $params );
377			$did_one = true;
378			}
379			// }
380			return $did_one;
381			}
382			/* ---------------------------------------------------------------------------*/
383			function shortcodely_reg_sidebar() {
384			// this is fired late, so hopefully any theme sidebars will have been registered already.
385
386			global $wp_registered_widgets, $_wp_sidebars_widgets, $wp_registered_sidebars;
387
388			if ( function_exists( 'register_sidebar' ) ) { // maybe later, get the first main sidebar and copy it's before/after etc
389			$args = array(
390			'name' => 'Widgets for Shortcodely',
391			'id' => 'widgets_for_shortcodes', // hope to avoid losing widgets
392			'description' => __( 'Sidebar to hold widgets and their settings. These widgets will be used in a shortcode. This sidebars widgets should be saved with your theme settings now.', 'shortcodely-shortcode-any-widget' ),
393			'before_widget' => '<aside' . ' id="%1$s" class="%2$s ">', // 201402 to match twentyfourteen theme
394			'after_widget' => '</aside>',
395			'before_title' => '<h1 class="widget-title" >', // 201402 maybe dont use widget class - we are in content here not in a widget area but others want the widget styling. ?
396			'after_title' => '</h1>',
397			);
398
399			if ( ! empty( $wp_registered_sidebars ) ) { // we got some sidebars already.
400			$main_sidebar = reset( $wp_registered_sidebars ); // Grab the first sidebar and use that as defaults for the widgets
401			$args['before_widget'] = $main_sidebar['before_widget'];
402			$args['after_widget'] = $main_sidebar['after_widget'];
403			$args['before_title'] = $main_sidebar['before_title'];
404			$args['after_title'] = $main_sidebar['after_title'];
405			}
406
407			register_sidebar( $args );
408			}
409
410			//else { echo '<h1>CANNOT REGISTER widgets_for_shortcodes SIDEBAR</h1>';}
411			}
412			/-----------------------------------/
413			require 'shortcodely-admin-form-html.php';
414			require 'shortcodely-utilities.php';
415
416			if ( is_admin() ) {
417			$shortcodely_saw_plugin_admin = new shortcodely_saw_plugin_admin();
418			}
419
420			add_action( 'widgets_init', 'shortcodely_reg_sidebar', 98 ); // register late so it appears last
421
422			add_action( 'switch_theme', 'shortcodely_save_shortcodes_sidebar' );
423			add_action( 'after_switch_theme', 'shortcodely_restore_shortcodes_sidebar' );
424
425			add_shortcode( 'do_widget', 'shortcodely_do_widget' );
426			add_shortcode( 'do_widget_area', 'shortcodely_do_widget_area' ); // just dump the whole widget area - to get same styling
427
428			//require_once(ABSPATH . 'wp-includes/widgets.php'); // *** do we really need this here?
429			function shortcodely_saw_load_text() {
430			// wp (see l10n.php) will check wp-content/languages/plugins if nothing found in plugin dir
431			$result = load_plugin_textdomain(
432			'shortcodely-shortcode-any-widget', false,
433			dirname( plugin_basename( __FILE__ ) ) . '/languages/'
434			);
435			}
436
437			add_action( 'plugins_loaded', 'shortcodely_saw_load_text' );
438
439			add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'shortcodely_add_action_links' );
440
441			function shortcodely_add_action_links( $links ) {
442			$mylinks[] =
			0 ignored issues – show Coding Style Comprehensibility introduced 2016-11-25 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$mylinks` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$mylinks = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
443			'<a title="Haven\'t read the instructions? Need your hand held?" href="' . admin_url( 'options-general.php?page=shortcodely_saw' ) . '">Settings</a>';
444			$mylinks[] =
445			'<a title="Yes I know it is the same link, but some people ...." href="' . admin_url( 'options-general.php?page=shortcodely_saw' ) . '">HELP</a>';
446
447			return array_merge( $links, $mylinks );
448			}
449

patilswapnilv / shortcodely

Issues (3833)

Security Analysis not enabled

shortcodely.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like