Issues in actions.php (master) - Issues in master - postpromoterpro/post-promoter-pro - Measure and Improve Code Quality continuously with Scrutinizer

Issues (81)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/admin/actions.php (3 issues)

Labels

Documentation 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Creates a listener for disconnecting a social media account
 *
 * Developers simply need to include the ?ppp_social_disconnect=true&ppp_network=[network_shortname]
 * in their link to disconnect and then hook ppp_disconnect-[network_shortname]
 *
 * @return void
 */
function ppp_disconnect_social() {

	if ( isset( $_GET['ppp_social_disconnect'] ) && isset( $_GET['ppp_network'] ) ) {

		if ( ! current_user_can( PostPromoterPro::get_manage_capability() ) ) {
			wp_die( __( 'You do not have permission to view this page', 'ppp-txt' ) );
		}

		$network = $_GET['ppp_network'];
		do_action( 'ppp_disconnect-' . $network );
	}
}
add_action( 'admin_init', 'ppp_disconnect_social', 10 );

/**
 * Sets up and uses the social media metabox tabs
 * @return void
 */
function ppp_generate_metabox_tabs() {
	global $visibleKey;

	$tabs = apply_filters( 'ppp_metabox_tabs', array() );
	$i = 0;
	foreach ( $tabs as $key => $values ) {
		if ( $i === 0 ) {
			$visibleKey = $key;
			$class = 'tabs';
		} else {
			$class = '';
		}

		?><li class="<?php echo $class; ?>"><a href="#<?php echo $key; ?>"><?php
		if ( $values['class'] !== false ) {
			?>
			<span class="dashicons <?php echo $values['class']; ?>"></span>&nbsp;
			<?php
		}
		echo $values['name']; ?></a></li><?php
		$i++;
	}
}
add_action( 'ppp_metabox_tabs_display', 'ppp_generate_metabox_tabs', 10 );

/**
 * Sets up and uses the social media account tabs
 * @return void
 */
function ppp_generate_social_account_tabs() {
	global $visibleSettingTab;

	$tabs = apply_filters( 'ppp_admin_tabs', array() );
	$i = 0;
	?><h2 id="ppp-social-connect-tabs" class="nav-tab-wrapper"><?php
	foreach ( $tabs as $key => $values ) {
		if ( $i === 0 ) {
			$visibleSettingTab = $key;
			$class = ' nav-tab-active';
		} else {
			$class = '';
		}
		?><a class="nav-tab<?php echo $class; ?>" href='#<?php echo $key; ?>'><?php
		if ( $values['class'] !== false ) {
			?>
			<span class="dashicons <?php echo $values['class']; ?>"></span>&nbsp;
			<?php
		}
		echo $values['name']; ?></a></li><?php
		?></a><?php
		$i++;
	}
	?></h2><?php
}
add_action( 'ppp_social_media_tabs_display', 'ppp_generate_social_account_tabs', 10 );

/**
 * Sets up and displays the social media metaboxes
 * @param  [type] $post [description]

 * @return [type]       [description]

 */
function ppp_generate_metabox_content( $post ) {
	global $visibleKey;
	$tab_content = apply_filters( 'ppp_metabox_content', array() );
	if ( empty( $tab_content ) ) {
		printf( __( 'No social media accounts active. <a href="%s">Connect with your accounts now</a>.', 'ppp-txt' ), admin_url( 'admin.php?page=ppp-social-settings' ) );
	} else {
		foreach ( $tab_content as $service ) {
			$hidden = ( $visibleKey == $service ) ? '' : ' hidden';
			?>
			<div class="wp-tab-panel tabs-panel<?php echo $hidden; ?>" id="<?php echo $service; ?>">
				<?php do_action( 'ppp_generate_metabox_content-' . $service, $post ); ?>
			</div>
			<?php
		}
	}
}
add_action( 'ppp_metabox_content_display', 'ppp_generate_metabox_content', 10, 1 );

/**
 * Sets up and displays the social media account settings
 * @return [type] [description]

 */
function ppp_generate_social_account_content() {
	global $visibleSettingTab;
	$tab_content = apply_filters( 'ppp_admin_social_content', array() );
	if ( empty( $tab_content ) ) {
		printf( __( 'No social media accounts active. <a href="%s">Connect with your accounts now</a>.', 'ppp-txt' ), admin_url( 'admin.php?page=ppp-social-settings' ) );
	} else {
		foreach ( $tab_content as $service ) {
			$hidden = ( $visibleSettingTab == $service ) ? '' : ' hidden';
			?>
			<div class="ppp-social-connect<?php echo $hidden; ?>" id="<?php echo $service; ?>">
				<?php do_action( 'ppp_connect_display-' . $service ); ?>
			</div>
			<?php
		}
	}
}
add_action( 'ppp_social_media_content_display', 'ppp_generate_social_account_content', 10, 1 );

/**
 * Listens for the share/delete actions on the schedule view
 * @return void
 */
function ppp_list_view_maybe_take_action() {
	if ( ! isset( $_GET['page'] ) || $_GET['page'] !== 'ppp-schedule-info' ) {
		return;
	}

	if ( ! isset( $_GET['action'] ) ) {
		return;
	}

	// Get the necessary info for the actions
	$post_id = isset( $_GET['post_id'] ) ? $_GET['post_id'] : 0;
	$name    = isset( $_GET['name'] ) ? $_GET['name'] : '';
	$index   = isset( $_GET['index'] ) ? $_GET['index'] : 0;
	$delete  = isset( $_GET['delete_too'] ) ? true : false;

	switch( $_GET['action'] ) {
		case 'delete_item':
			if ( ! empty( $post_id ) && ! empty( $name ) || empty( $index ) ) {
				ppp_remove_scheduled_share( array( (int)$post_id, $name ) ); // Remove the item in cron

				// Remove the item from postmeta if it exists.
				$current_post_meta = get_post_meta( $post_id, '_ppp_tweets', true );

				if ( isset( $current_post_meta[$index] ) ) {
					unset( $current_post_meta[$index] );
					update_post_meta( $post_id, '_ppp_tweets', $current_post_meta );
				}

				// Display the notice
				add_action( 'admin_notices', 'ppp_item_deleted_notice' );
			}
			break;
		case 'share_now':
			if ( ! empty( $post_id ) && ! empty( $name ) ) {
				ppp_share_post( $post_id, $name );

				if ( $delete && ! empty( $index ) ) {
					ppp_remove_scheduled_share( array( (int)$post_id, $name ) ); // Remove the item in cron

					// Remove the item from postmeta if it exists.
					$current_post_meta = get_post_meta( $post_id, '_ppp_tweets', true );

					if ( isset( $current_post_meta[$index] ) ) {
						unset( $current_post_meta[$index] );
						update_post_meta( $post_id, '_ppp_tweets', $current_post_meta );
					}

					// Display the notice
					add_action( 'admin_notices', 'ppp_item_shared_and_deleted_notice' );
				} else {
					add_action( 'admin_notices', 'ppp_item_posted_notice' );
				}
			}
			break;
		default:
			break;
	}
}
add_action( 'admin_head', 'ppp_list_view_maybe_take_action', 10 );

	// These are used by the ppp_list_view_maybe_take_action function

	/**
	 * When an entry is deleted from schedule view, register a notice
	 * @return void
	 */
	function ppp_item_deleted_notice() {
		?>
		<div class="updated">
			<p><?php _e( 'Scheduled item has been deleted.', 'ppp-txt' ); ?></p>
		</div>
		<?php
	}

	/**
	 * When an entry is shared from schedule view, register a notice
	 * @return void
	 */
	function ppp_item_posted_notice() {
		?>
		<div class="updated">
			<p><?php _e( 'Item has been shared.', 'ppp-txt' ); ?></p>
		</div>
		<?php
	}

	/**
	 * When an entry is shared and deleted from schedule view, register a notice
	 * @return void
	 */
	function ppp_item_shared_and_deleted_notice() {
		?>
		<div class="updated">
			<p><?php _e( 'Item has been shared and deleted.', 'ppp-txt' ); ?></p>
		</div>
		<?php
	}


GitHub Access Token became invalid

Issues (81)

Security Analysis not enabled

includes/admin/actions.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			// Exit if accessed directly
3			if ( ! defined( 'ABSPATH' ) ) {
4			exit;
5			}
6
7			/**
8			* Creates a listener for disconnecting a social media account
9			*
10			* Developers simply need to include the ?ppp_social_disconnect=true&ppp_network=[network_shortname]
11			* in their link to disconnect and then hook ppp_disconnect-[network_shortname]
12			*
13			* @return void
14			*/
15			function ppp_disconnect_social() {
16
17			if ( isset( $_GET['ppp_social_disconnect'] ) && isset( $_GET['ppp_network'] ) ) {
18
19			if ( ! current_user_can( PostPromoterPro::get_manage_capability() ) ) {
20			wp_die( __( 'You do not have permission to view this page', 'ppp-txt' ) );
21			}
22
23			$network = $_GET['ppp_network'];
24			do_action( 'ppp_disconnect-' . $network );
25			}
26			}
27			add_action( 'admin_init', 'ppp_disconnect_social', 10 );
28
29			/**
30			* Sets up and uses the social media metabox tabs
31			* @return void
32			*/
33			function ppp_generate_metabox_tabs() {
34			global $visibleKey;
35
36			$tabs = apply_filters( 'ppp_metabox_tabs', array() );
37			$i = 0;
38			foreach ( $tabs as $key => $values ) {
39			if ( $i === 0 ) {
40			$visibleKey = $key;
41			$class = 'tabs';
42			} else {
43			$class = '';
44			}
45
46			?><li class="<?php echo $class; ?>"><a href="#<?php echo $key; ?>"><?php
47			if ( $values['class'] !== false ) {
48			?>
49			<span class="dashicons <?php echo $values['class']; ?>"></span>
50			<?php
51			}
52			echo $values['name']; ?></a></li><?php
53			$i++;
54			}
55			}
56			add_action( 'ppp_metabox_tabs_display', 'ppp_generate_metabox_tabs', 10 );
57
58			/**
59			* Sets up and uses the social media account tabs
60			* @return void
61			*/
62			function ppp_generate_social_account_tabs() {
63			global $visibleSettingTab;
64
65			$tabs = apply_filters( 'ppp_admin_tabs', array() );
66			$i = 0;
67			?><h2 id="ppp-social-connect-tabs" class="nav-tab-wrapper"><?php
68			foreach ( $tabs as $key => $values ) {
69			if ( $i === 0 ) {
70			$visibleSettingTab = $key;
71			$class = ' nav-tab-active';
72			} else {
73			$class = '';
74			}
75			?><a class="nav-tab<?php echo $class; ?>" href='#<?php echo $key; ?>'><?php
76			if ( $values['class'] !== false ) {
77			?>
78			<span class="dashicons <?php echo $values['class']; ?>"></span>
79			<?php
80			}
81			echo $values['name']; ?></a></li><?php
82			?></a><?php
83			$i++;
84			}
85			?></h2><?php
86			}
87			add_action( 'ppp_social_media_tabs_display', 'ppp_generate_social_account_tabs', 10 );
88
89			/**
90			* Sets up and displays the social media metaboxes
91			* @param [type] $post [description]
			0 ignored issues – show Documentation introduced 2015-12-19 05:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
92			* @return [type] [description]
			0 ignored issues – show Documentation introduced 2015-12-19 05:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
93			*/
94			function ppp_generate_metabox_content( $post ) {
95			global $visibleKey;
96			$tab_content = apply_filters( 'ppp_metabox_content', array() );
97			if ( empty( $tab_content ) ) {
98			printf( __( 'No social media accounts active. <a href="%s">Connect with your accounts now</a>.', 'ppp-txt' ), admin_url( 'admin.php?page=ppp-social-settings' ) );
99			} else {
100			foreach ( $tab_content as $service ) {
101			$hidden = ( $visibleKey == $service ) ? '' : ' hidden';
102			?>
103			<div class="wp-tab-panel tabs-panel<?php echo $hidden; ?>" id="<?php echo $service; ?>">
104			<?php do_action( 'ppp_generate_metabox_content-' . $service, $post ); ?>
105			</div>
106			<?php
107			}
108			}
109			}
110			add_action( 'ppp_metabox_content_display', 'ppp_generate_metabox_content', 10, 1 );
111
112			/**
113			* Sets up and displays the social media account settings
114			* @return [type] [description]
			0 ignored issues – show Documentation introduced 2015-12-19 05:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
115			*/
116			function ppp_generate_social_account_content() {
117			global $visibleSettingTab;
118			$tab_content = apply_filters( 'ppp_admin_social_content', array() );
119			if ( empty( $tab_content ) ) {
120			printf( __( 'No social media accounts active. <a href="%s">Connect with your accounts now</a>.', 'ppp-txt' ), admin_url( 'admin.php?page=ppp-social-settings' ) );
121			} else {
122			foreach ( $tab_content as $service ) {
123			$hidden = ( $visibleSettingTab == $service ) ? '' : ' hidden';
124			?>
125			<div class="ppp-social-connect<?php echo $hidden; ?>" id="<?php echo $service; ?>">
126			<?php do_action( 'ppp_connect_display-' . $service ); ?>
127			</div>
128			<?php
129			}
130			}
131			}
132			add_action( 'ppp_social_media_content_display', 'ppp_generate_social_account_content', 10, 1 );
133
134			/**
135			* Listens for the share/delete actions on the schedule view
136			* @return void
137			*/
138			function ppp_list_view_maybe_take_action() {
139			if ( ! isset( $_GET['page'] ) \|\| $_GET['page'] !== 'ppp-schedule-info' ) {
140			return;
141			}
142
143			if ( ! isset( $_GET['action'] ) ) {
144			return;
145			}
146
147			// Get the necessary info for the actions
148			$post_id = isset( $_GET['post_id'] ) ? $_GET['post_id'] : 0;
149			$name = isset( $_GET['name'] ) ? $_GET['name'] : '';
150			$index = isset( $_GET['index'] ) ? $_GET['index'] : 0;
151			$delete = isset( $_GET['delete_too'] ) ? true : false;
152
153			switch( $_GET['action'] ) {
154			case 'delete_item':
155			if ( ! empty( $post_id ) && ! empty( $name ) \|\| empty( $index ) ) {
156			ppp_remove_scheduled_share( array( (int)$post_id, $name ) ); // Remove the item in cron
157
158			// Remove the item from postmeta if it exists.
159			$current_post_meta = get_post_meta( $post_id, '_ppp_tweets', true );
160
161			if ( isset( $current_post_meta[$index] ) ) {
162			unset( $current_post_meta[$index] );
163			update_post_meta( $post_id, '_ppp_tweets', $current_post_meta );
164			}
165
166			// Display the notice
167			add_action( 'admin_notices', 'ppp_item_deleted_notice' );
168			}
169			break;
170			case 'share_now':
171			if ( ! empty( $post_id ) && ! empty( $name ) ) {
172			ppp_share_post( $post_id, $name );
173
174			if ( $delete && ! empty( $index ) ) {
175			ppp_remove_scheduled_share( array( (int)$post_id, $name ) ); // Remove the item in cron
176
177			// Remove the item from postmeta if it exists.
178			$current_post_meta = get_post_meta( $post_id, '_ppp_tweets', true );
179
180			if ( isset( $current_post_meta[$index] ) ) {
181			unset( $current_post_meta[$index] );
182			update_post_meta( $post_id, '_ppp_tweets', $current_post_meta );
183			}
184
185			// Display the notice
186			add_action( 'admin_notices', 'ppp_item_shared_and_deleted_notice' );
187			} else {
188			add_action( 'admin_notices', 'ppp_item_posted_notice' );
189			}
190			}
191			break;
192			default:
193			break;
194			}
195			}
196			add_action( 'admin_head', 'ppp_list_view_maybe_take_action', 10 );
197
198			// These are used by the ppp_list_view_maybe_take_action function
199
200			/**
201			* When an entry is deleted from schedule view, register a notice
202			* @return void
203			*/
204			function ppp_item_deleted_notice() {
205			?>
206			<div class="updated">
207			<p><?php _e( 'Scheduled item has been deleted.', 'ppp-txt' ); ?></p>
208			</div>
209			<?php
210			}
211
212			/**
213			* When an entry is shared from schedule view, register a notice
214			* @return void
215			*/
216			function ppp_item_posted_notice() {
217			?>
218			<div class="updated">
219			<p><?php _e( 'Item has been shared.', 'ppp-txt' ); ?></p>
220			</div>
221			<?php
222			}
223
224			/**
225			* When an entry is shared and deleted from schedule view, register a notice
226			* @return void
227			*/
228			function ppp_item_shared_and_deleted_notice() {
229			?>
230			<div class="updated">
231			<p><?php _e( 'Item has been shared and deleted.', 'ppp-txt' ); ?></p>
232			</div>
233			<?php
234			}
235

postpromoterpro / post-promoter-pro

GitHub Access Token became invalid

Issues (81)

Security Analysis not enabled

includes/admin/actions.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like