Issues in media.php (2.x) - Issues in 2.x - pods-framework/pods - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/media.php (7 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @package Pods\Global\Functions\Media
 */
/**
 * Get the Attachment ID for a specific image field
 *
 * @param array|int|string $image The image field array, ID, or guid
 *
 * @return int Attachment ID
 *
 * @since 2.0.5
 */
function pods_image_id_from_field( $image ) {

	$id = 0;

	if ( ! empty( $image ) ) {
		if ( is_array( $image ) ) {
			if ( isset( $image[0] ) ) {
				$id = pods_image_id_from_field( $image[0] );
			} elseif ( isset( $image['ID'] ) ) {
				$id = $image['ID'];
			} elseif ( isset( $image['guid'] ) ) {
				$id = pods_image_id_from_field( $image['guid'] );
			} elseif ( isset( $image['id'] ) ) {
				$id = $image['id'];
			} else {
				$id = pods_image_id_from_field( current( $image ) );
			}
		} else {
			if ( false === strpos( $image, '.' ) && is_numeric( $image ) ) {
				$id = $image;

				$the_post_type = get_post_type( $id );

				if ( false === $the_post_type ) {
					$id = 0;
				} elseif ( 'attachment' !== $the_post_type ) {
					$id = get_post_thumbnail_id( $id );
				}
			} else {
				$guid = pods_query( "SELECT `ID` FROM @wp_posts WHERE `post_type` = 'attachment' AND `guid` = %s", array( $image ) );

				if ( ! empty( $guid ) ) {
					$id = $guid[0]->ID;
				}
			}
		}//end if
	}//end if

	$id = (int) $id;

	return $id;
}

/**
 * Get the <img> HTML for a specific image field
 *
 * @param array|int|string $image      The image field array, ID, or guid
 * @param string|array     $size       Image size to use
 * @param int              $default    Default image to show if image not found, can be field array, ID, or guid
 * @param string|array     $attributes <img> Attributes array or string (passed to wp_get_attachment_image
 * @param boolean          $force      Force generation of image (if custom size array provided)
 *
 * @return string <img> HTML or empty if image not found
 *
 * @since 2.0.5
 */
function pods_image( $image, $size = 'thumbnail', $default = 0, $attributes = '', $force = false ) {

	$html = '';

	$id = pods_image_id_from_field( $image );

	if ( 0 == $default ) {
		/**
		 * Filter for default value
		 *
		 * Use to set a fallback image to be used when the image passed to pods_image can not be found. Will only take effect if $default is not set.
		 *
		 * @since 2.3.19
		 *
		 * @param array|int|string $default Default image to show if image not found, can be field array, ID, or guid
		 */
		$default = apply_filters( 'pods_image_default', $default );
	}

	$default = pods_image_id_from_field( $default );

	if ( 0 < $id ) {
		if ( $force ) {
			$full = wp_get_attachment_image_src( $id, 'full' );
			$src  = wp_get_attachment_image_src( $id, $size );

			if ( 'full' !== $size && $full[0] == $src[0] ) {
				pods_image_resize( $id, $size );
			}
		}

		$html = wp_get_attachment_image( $id, $size, true, $attributes );
	}

	if ( empty( $html ) && 0 < $default ) {
		if ( $force ) {
			$full = wp_get_attachment_image_src( $default, 'full' );
			$src  = wp_get_attachment_image_src( $default, $size );

			if ( 'full' !== $size && $full[0] == $src[0] ) {
				pods_image_resize( $default, $size );
			}
		}

		$html = wp_get_attachment_image( $default, $size, true, $attributes );
	}

	return $html;
}

/**
 * Get the Image URL for a specific image field
 *
 * @param array|int|string $image   The image field array, ID, or guid
 * @param string|array     $size    Image size to use
 * @param int              $default Default image to show if image not found, can be field array, ID, or guid
 * @param boolean          $force   Force generation of image (if custom size array provided)
 *
 * @return string Image URL or empty if image not found
 *
 * @since 2.0.5
 */
function pods_image_url( $image, $size = 'thumbnail', $default = 0, $force = false ) {

	$url = '';

	$id      = pods_image_id_from_field( $image );
	$default = pods_image_id_from_field( $default );

	if ( 0 < $id ) {
		if ( $force ) {
			$full = wp_get_attachment_image_src( $id, 'full' );
			$src  = wp_get_attachment_image_src( $id, $size );

			if ( 'full' !== $size && $full[0] == $src[0] ) {
				pods_image_resize( $id, $size );
			}
		}

		$src = wp_get_attachment_image_src( $id, $size );

		if ( ! empty( $src ) ) {
			$url = $src[0];
		} else {
			// Handle non-images
			$attachment = get_post( $id );

			if ( ! preg_match( '!^image/!', get_post_mime_type( $attachment ) ) ) {
				$url = wp_get_attachment_url( $id );
			}
		}
	}//end if

	if ( empty( $url ) && 0 < $default ) {
		if ( $force ) {
			$full = wp_get_attachment_image_src( $default, 'full' );
			$src  = wp_get_attachment_image_src( $default, $size );

			if ( 'full' !== $size && $full[0] == $src[0] ) {
				pods_image_resize( $default, $size );
			}
		}

		$src = wp_get_attachment_image_src( $default, $size );

		if ( ! empty( $src ) ) {
			$url = $src[0];
		} else {
			// Handle non-images
			$attachment = get_post( $default );

			if ( ! preg_match( '!^image/!', get_post_mime_type( $attachment ) ) ) {
				$url = wp_get_attachment_url( $default );
			}
		}
	}//end if

	return $url;
}

/**
 * Import media from a specific URL, saving as an attachment
 *
 * @param string  $url         URL to media for import
 * @param int     $post_parent ID of post parent, default none

 * @param boolean $featured    Whether to set it as the featured (post thumbnail) of the post parent
 *
 * @return int Attachment ID
 *
 * @since 2.3
 */
function pods_attachment_import( $url, $post_parent = null, $featured = false ) {

	$filename = explode( '?', $url );
	$filename = $filename[0];

	$filename = explode( '#', $filename );
	$filename = $filename[0];

	$filename = substr( $filename, ( strrpos( $filename, '/' ) ) + 1 );

	$title = substr( $filename, 0, ( strrpos( $filename, '.' ) ) );

	if ( ! ( ( $uploads = wp_upload_dir( current_time( 'mysql' ) ) ) && false === $uploads['error'] ) ) {
		return 0;
	}

	$filename = wp_unique_filename( $uploads['path'], $filename );
	$new_file = $uploads['path'] . '/' . $filename;

	$file_data = @file_get_contents( $url );


	if ( ! $file_data ) {
		return 0;
	}

	file_put_contents( $new_file, $file_data );


	$stat  = stat( dirname( $new_file ) );
	$perms = $stat['mode'] & 0000666;
	@chmod( $new_file, $perms );


	$wp_filetype = wp_check_filetype( $filename );

	if ( ! $wp_filetype['type'] || ! $wp_filetype['ext'] ) {
		return 0;
	}

	$attachment = array(
		'post_mime_type' => $wp_filetype['type'],
		'guid'           => $uploads['url'] . '/' . $filename,
		'post_parent'    => null,
		'post_title'     => $title,
		'post_content'   => '',
	);

	$attachment_id = wp_insert_attachment( $attachment, $new_file, $post_parent );

	if ( is_wp_error( $attachment_id ) ) {
		return 0;
	}

	require_once ABSPATH . 'wp-admin/includes/media.php';
	require_once ABSPATH . 'wp-admin/includes/image.php';

	wp_update_attachment_metadata( $attachment_id, $meta_data = wp_generate_attachment_metadata( $attachment_id, $new_file ) );

	if ( 0 < $post_parent && $featured ) {
		update_post_meta( $post_parent, '_thumbnail_id', $attachment_id );
	}

	return $attachment_id;
}

/**
 * Resize an image on demand
 *
 * @param int          $attachment_id Attachment ID
 * @param string|array $size          Size to be generated
 *
 * @return boolean Image generation result
 *
 * @since 2.3
 */
function pods_image_resize( $attachment_id, $size ) {

	$size_data = array();

	if ( ! is_array( $size ) ) {
		// Basic image size string
		global $wp_image_sizes;
function myFunction($a, $b) {
    // Do something
}

		if ( isset( $wp_image_sizes[ $size ] ) && ! empty( $wp_image_sizes[ $size ] ) ) {
			// Registered image size
			$size_data = $wp_image_sizes[ $size ];
		} elseif ( preg_match( '/[0-9]+x[0-9]+/', $size ) || preg_match( '/[0-9]+x[0-9]+x[0-1]/', $size ) ) {
			// Custom on-the-fly image size
			$size = explode( 'x', $size );

			$size_data = array(
				'width'  => (int) $size[0],
				'height' => (int) $size[1],
				'crop'   => (int) ( isset( $size[2] ) ? $size[2] : 1 ),
			);

			$size = $size_data['width'] . 'x' . $size_data['height'];
		}
	} elseif ( 2 <= count( $size ) ) {
		// Image size array
		if ( isset( $size['width'] ) ) {
			$size_data = $size;
		} else {
			$size_data = array(
				'width'  => (int) $size[0],
				'height' => (int) $size[1],
				'crop'   => (int) ( isset( $size[2] ) ? $size[2] : 1 ),
			);
		}

		$size = $size_data['width'] . 'x' . $size_data['height'];
	}//end if

	if ( empty( $size_data ) ) {
		return false;
	}

	require_once ABSPATH . 'wp-admin/includes/image.php';

	$attachment = get_post( $attachment_id );
	$file       = get_attached_file( $attachment_id );

	if ( $file && file_exists( $file ) ) {
		$metadata = wp_get_attachment_metadata( $attachment_id );

		if ( ! empty( $metadata ) && preg_match( '!^image/!', get_post_mime_type( $attachment ) ) && file_is_displayable_image( $file ) ) {
			$editor = wp_get_image_editor( $file );

			if ( ! is_wp_error( $editor ) ) {
				$metadata['sizes'] = array_merge( $metadata['sizes'], $editor->multi_resize( array( $size => $size_data ) ) );

				wp_update_attachment_metadata( $attachment_id, $metadata );

				return true;
			}
		}
	}

	return false;
}

/**
 * Output an audio field as a video player.
 *
 * @uses  wp_audio_shortcode()
 *
 * @since 2.5
 *
 * @param string|array $url  Can be a URL of the source file, or a Pods audio field.
 * @param bool|array   $args Optional. Additional arguments to pass to wp_audio_shortcode
 *
 * @return string
 */
function pods_audio( $url, $args = false ) {

	if ( is_array( $url ) ) {
		if ( ! is_null( pods_v( 'ID', $url ) ) ) {
			$id  = pods_v( 'ID', $url );
			$url = wp_get_attachment_url( $id );
		} else {
			return;
		}
	}

	$audio_args = array( 'src' => $url );

	if ( is_array( $args ) ) {
		$audio_args = array_merge( $audio_args, $args );
	}

	return wp_audio_shortcode( $audio_args );

}

/**
 * Output a video field as a video player.
 *
 * @uses  wp_video_shortcode()
 *
 * @since 2.5
 *
 * @param string|array $url  Can be a URL of the source file, or a Pods video field.
 * @param bool|array   $args Optional. Additional arguments to pass to wp_video_shortcode()
 *
 * @return string
 */
function pods_video( $url, $args = false ) {

	if ( is_array( $url ) ) {
		if ( ! is_null( pods_v( 'ID', $url ) ) ) {
			$id  = pods_v( 'ID', $url );
			$url = wp_get_attachment_url( $id );
		} else {
			return;
		}
	}

	$video_args = array( 'src' => $url );

	if ( is_array( $args ) ) {
		$video_args = array_merge( $video_args, $args );
	}

	return wp_video_shortcode( $video_args );

}


Issues (2873)

Security Analysis not enabled

includes/media.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1			<?php
2			/**
3			* @package Pods\Global\Functions\Media
4			*/
5			/**
6			* Get the Attachment ID for a specific image field
7			*
8			* @param array\|int\|string $image The image field array, ID, or guid
9			*
10			* @return int Attachment ID
11			*
12			* @since 2.0.5
13			*/
14			function pods_image_id_from_field( $image ) {
15
16			$id = 0;
17
18			if ( ! empty( $image ) ) {
19			if ( is_array( $image ) ) {
20			if ( isset( $image[0] ) ) {
21			$id = pods_image_id_from_field( $image[0] );
22			} elseif ( isset( $image['ID'] ) ) {
23			$id = $image['ID'];
24			} elseif ( isset( $image['guid'] ) ) {
25			$id = pods_image_id_from_field( $image['guid'] );
26			} elseif ( isset( $image['id'] ) ) {
27			$id = $image['id'];
28			} else {
29			$id = pods_image_id_from_field( current( $image ) );
30			}
31			} else {
32			if ( false === strpos( $image, '.' ) && is_numeric( $image ) ) {
33			$id = $image;
34
35			$the_post_type = get_post_type( $id );
36
37			if ( false === $the_post_type ) {
38			$id = 0;
39			} elseif ( 'attachment' !== $the_post_type ) {
40			$id = get_post_thumbnail_id( $id );
41			}
42			} else {
43			$guid = pods_query( "SELECT `ID` FROM @wp_posts WHERE `post_type` = 'attachment' AND `guid` = %s", array( $image ) );
44
45			if ( ! empty( $guid ) ) {
46			$id = $guid[0]->ID;
47			}
48			}
49			}//end if
50			}//end if
51
52			$id = (int) $id;
53
54			return $id;
55			}
56
57			/**
58			* Get the <img> HTML for a specific image field
59			*
60			* @param array\|int\|string $image The image field array, ID, or guid
61			* @param string\|array $size Image size to use
62			* @param int $default Default image to show if image not found, can be field array, ID, or guid
63			* @param string\|array $attributes <img> Attributes array or string (passed to wp_get_attachment_image
64			* @param boolean $force Force generation of image (if custom size array provided)
65			*
66			* @return string <img> HTML or empty if image not found
67			*
68			* @since 2.0.5
69			*/
70			function pods_image( $image, $size = 'thumbnail', $default = 0, $attributes = '', $force = false ) {
71
72			$html = '';
73
74			$id = pods_image_id_from_field( $image );
75
76			if ( 0 == $default ) {
77			/**
78			* Filter for default value
79			*
80			* Use to set a fallback image to be used when the image passed to pods_image can not be found. Will only take effect if $default is not set.
81			*
82			* @since 2.3.19
83			*
84			* @param array\|int\|string $default Default image to show if image not found, can be field array, ID, or guid
85			*/
86			$default = apply_filters( 'pods_image_default', $default );
87			}
88
89			$default = pods_image_id_from_field( $default );
90
91			if ( 0 < $id ) {
92			if ( $force ) {
93			$full = wp_get_attachment_image_src( $id, 'full' );
94			$src = wp_get_attachment_image_src( $id, $size );
95
96			if ( 'full' !== $size && $full[0] == $src[0] ) {
97			pods_image_resize( $id, $size );
98			}
99			}
100
101			$html = wp_get_attachment_image( $id, $size, true, $attributes );
102			}
103
104			if ( empty( $html ) && 0 < $default ) {
105			if ( $force ) {
106			$full = wp_get_attachment_image_src( $default, 'full' );
107			$src = wp_get_attachment_image_src( $default, $size );
108
109			if ( 'full' !== $size && $full[0] == $src[0] ) {
110			pods_image_resize( $default, $size );
111			}
112			}
113
114			$html = wp_get_attachment_image( $default, $size, true, $attributes );
115			}
116
117			return $html;
118			}
119
120			/**
121			* Get the Image URL for a specific image field
122			*
123			* @param array\|int\|string $image The image field array, ID, or guid
124			* @param string\|array $size Image size to use
125			* @param int $default Default image to show if image not found, can be field array, ID, or guid
126			* @param boolean $force Force generation of image (if custom size array provided)
127			*
128			* @return string Image URL or empty if image not found
129			*
130			* @since 2.0.5
131			*/
132			function pods_image_url( $image, $size = 'thumbnail', $default = 0, $force = false ) {
133
134			$url = '';
135
136			$id = pods_image_id_from_field( $image );
137			$default = pods_image_id_from_field( $default );
138
139			if ( 0 < $id ) {
140			if ( $force ) {
141			$full = wp_get_attachment_image_src( $id, 'full' );
142			$src = wp_get_attachment_image_src( $id, $size );
143
144			if ( 'full' !== $size && $full[0] == $src[0] ) {
145			pods_image_resize( $id, $size );
146			}
147			}
148
149			$src = wp_get_attachment_image_src( $id, $size );
150
151			if ( ! empty( $src ) ) {
152			$url = $src[0];
153			} else {
154			// Handle non-images
155			$attachment = get_post( $id );
156
157			if ( ! preg_match( '!^image/!', get_post_mime_type( $attachment ) ) ) {
158			$url = wp_get_attachment_url( $id );
159			}
160			}
161			}//end if
162
163			if ( empty( $url ) && 0 < $default ) {
164			if ( $force ) {
165			$full = wp_get_attachment_image_src( $default, 'full' );
166			$src = wp_get_attachment_image_src( $default, $size );
167
168			if ( 'full' !== $size && $full[0] == $src[0] ) {
169			pods_image_resize( $default, $size );
170			}
171			}
172
173			$src = wp_get_attachment_image_src( $default, $size );
174
175			if ( ! empty( $src ) ) {
176			$url = $src[0];
177			} else {
178			// Handle non-images
179			$attachment = get_post( $default );
180
181			if ( ! preg_match( '!^image/!', get_post_mime_type( $attachment ) ) ) {
182			$url = wp_get_attachment_url( $default );
183			}
184			}
185			}//end if
186
187			return $url;
188			}
189
190			/**
191			* Import media from a specific URL, saving as an attachment
192			*
193			* @param string $url URL to media for import
194			* @param int $post_parent ID of post parent, default none
			0 ignored issues – show Documentation introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$post_parent` not be `integer\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
195			* @param boolean $featured Whether to set it as the featured (post thumbnail) of the post parent
196			*
197			* @return int Attachment ID
198			*
199			* @since 2.3
200			*/
201			function pods_attachment_import( $url, $post_parent = null, $featured = false ) {
202
203			$filename = explode( '?', $url );
204			$filename = $filename[0];
205
206			$filename = explode( '#', $filename );
207			$filename = $filename[0];
208
209			$filename = substr( $filename, ( strrpos( $filename, '/' ) ) + 1 );
210
211			$title = substr( $filename, 0, ( strrpos( $filename, '.' ) ) );
212
213			if ( ! ( ( $uploads = wp_upload_dir( current_time( 'mysql' ) ) ) && false === $uploads['error'] ) ) {
214			return 0;
215			}
216
217			$filename = wp_unique_filename( $uploads['path'], $filename );
218			$new_file = $uploads['path'] . '/' . $filename;
219
220			$file_data = @file_get_contents( $url );
			0 ignored issues – show Coding Style introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Silencing errors is discouraged Loading history... introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this file_get_contents is highly discouraged, please use wpcom_vip_file_get_contents() instead. Loading history...
221
222			if ( ! $file_data ) {
223			return 0;
224			}
225
226			file_put_contents( $new_file, $file_data );
			0 ignored issues – show introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Filesystem writes are forbidden, you should not be using file_put_contents() Loading history...
227
228			$stat = stat( dirname( $new_file ) );
229			$perms = $stat['mode'] & 0000666;
230			@chmod( $new_file, $perms );
			0 ignored issues – show Coding Style introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Silencing errors is discouraged Loading history... introduced 2018-03-03 20:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this Filesystem writes are forbidden, you should not be using chmod() Loading history...
231
232			$wp_filetype = wp_check_filetype( $filename );
233
234			if ( ! $wp_filetype['type'] \|\| ! $wp_filetype['ext'] ) {
235			return 0;
236			}
237
238			$attachment = array(
239			'post_mime_type' => $wp_filetype['type'],
240			'guid' => $uploads['url'] . '/' . $filename,
241			'post_parent' => null,
242			'post_title' => $title,
243			'post_content' => '',
244			);
245
246			$attachment_id = wp_insert_attachment( $attachment, $new_file, $post_parent );
247
248			if ( is_wp_error( $attachment_id ) ) {
249			return 0;
250			}
251
252			require_once ABSPATH . 'wp-admin/includes/media.php';
253			require_once ABSPATH . 'wp-admin/includes/image.php';
254
255			wp_update_attachment_metadata( $attachment_id, $meta_data = wp_generate_attachment_metadata( $attachment_id, $new_file ) );
256
257			if ( 0 < $post_parent && $featured ) {
258			update_post_meta( $post_parent, '_thumbnail_id', $attachment_id );
259			}
260
261			return $attachment_id;
262			}
263
264			/**
265			* Resize an image on demand
266			*
267			* @param int $attachment_id Attachment ID
268			* @param string\|array $size Size to be generated
269			*
270			* @return boolean Image generation result
271			*
272			* @since 2.3
273			*/
274			function pods_image_resize( $attachment_id, $size ) {
275
276			$size_data = array();
277
278			if ( ! is_array( $size ) ) {
279			// Basic image size string
280			global $wp_image_sizes;
			0 ignored issues – show Compatibility Best Practice introduced 2018-03-02 22:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
281
282			if ( isset( $wp_image_sizes[ $size ] ) && ! empty( $wp_image_sizes[ $size ] ) ) {
283			// Registered image size
284			$size_data = $wp_image_sizes[ $size ];
285			} elseif ( preg_match( '/[0-9]+x[0-9]+/', $size ) \|\| preg_match( '/[0-9]+x[0-9]+x[0-1]/', $size ) ) {
286			// Custom on-the-fly image size
287			$size = explode( 'x', $size );
288
289			$size_data = array(
290			'width' => (int) $size[0],
291			'height' => (int) $size[1],
292			'crop' => (int) ( isset( $size[2] ) ? $size[2] : 1 ),
293			);
294
295			$size = $size_data['width'] . 'x' . $size_data['height'];
296			}
297			} elseif ( 2 <= count( $size ) ) {
298			// Image size array
299			if ( isset( $size['width'] ) ) {
300			$size_data = $size;
301			} else {
302			$size_data = array(
303			'width' => (int) $size[0],
304			'height' => (int) $size[1],
305			'crop' => (int) ( isset( $size[2] ) ? $size[2] : 1 ),
306			);
307			}
308
309			$size = $size_data['width'] . 'x' . $size_data['height'];
310			}//end if
311
312			if ( empty( $size_data ) ) {
313			return false;
314			}
315
316			require_once ABSPATH . 'wp-admin/includes/image.php';
317
318			$attachment = get_post( $attachment_id );
319			$file = get_attached_file( $attachment_id );
320
321			if ( $file && file_exists( $file ) ) {
322			$metadata = wp_get_attachment_metadata( $attachment_id );
323
324			if ( ! empty( $metadata ) && preg_match( '!^image/!', get_post_mime_type( $attachment ) ) && file_is_displayable_image( $file ) ) {
325			$editor = wp_get_image_editor( $file );
326
327			if ( ! is_wp_error( $editor ) ) {
328			$metadata['sizes'] = array_merge( $metadata['sizes'], $editor->multi_resize( array( $size => $size_data ) ) );
329
330			wp_update_attachment_metadata( $attachment_id, $metadata );
331
332			return true;
333			}
334			}
335			}
336
337			return false;
338			}
339
340			/**
341			* Output an audio field as a video player.
342			*
343			* @uses wp_audio_shortcode()
344			*
345			* @since 2.5
346			*
347			* @param string\|array $url Can be a URL of the source file, or a Pods audio field.
348			* @param bool\|array $args Optional. Additional arguments to pass to wp_audio_shortcode
349			*
350			* @return string
351			*/
352			function pods_audio( $url, $args = false ) {
353
354			if ( is_array( $url ) ) {
355			if ( ! is_null( pods_v( 'ID', $url ) ) ) {
356			$id = pods_v( 'ID', $url );
357			$url = wp_get_attachment_url( $id );
358			} else {
359			return;
360			}
361			}
362
363			$audio_args = array( 'src' => $url );
364
365			if ( is_array( $args ) ) {
366			$audio_args = array_merge( $audio_args, $args );
367			}
368
369			return wp_audio_shortcode( $audio_args );
370
371			}
372
373			/**
374			* Output a video field as a video player.
375			*
376			* @uses wp_video_shortcode()
377			*
378			* @since 2.5
379			*
380			* @param string\|array $url Can be a URL of the source file, or a Pods video field.
381			* @param bool\|array $args Optional. Additional arguments to pass to wp_video_shortcode()
382			*
383			* @return string
384			*/
385			function pods_video( $url, $args = false ) {
386
387			if ( is_array( $url ) ) {
388			if ( ! is_null( pods_v( 'ID', $url ) ) ) {
389			$id = pods_v( 'ID', $url );
390			$url = wp_get_attachment_url( $id );
391			} else {
392			return;
393			}
394			}
395
396			$video_args = array( 'src' => $url );
397
398			if ( is_array( $args ) ) {
399			$video_args = array_merge( $video_args, $args );
400			}
401
402			return wp_video_shortcode( $video_args );
403
404			}
405

pods-framework / pods

Issues (2873)

Security Analysis not enabled

includes/media.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like