Issues in cron-functions.php (master) - Issues in master - postpromoterpro/post-promoter-pro - Measure and Improve Code Quality continuously with Scrutinizer

Issues (81)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/cron-functions.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// Exit if accessed directly
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

/**
 * Schedule social media posts with wp_schedule_single_event
 * @param  int $post_id
 * @param WP_Post $post
 * @return void
 */
function ppp_schedule_share( $post_id, $post ) {
	$allowed_post_types = ppp_allowed_post_types();

	if ( ! isset( $_POST['post_status'] ) || ! in_array( $post->post_type, $allowed_post_types ) ) {
		return;
	}

	ppp_remove_scheduled_shares( $post_id );

	if( ( $_POST['post_status'] == 'publish' && $_POST['original_post_status'] != 'publish' ) || // From anything to published
		( $_POST['post_status'] == 'future' && $_POST['original_post_status'] == 'future' ) || // Updating a future post
		( $_POST['post_status'] == 'publish' && $_POST['original_post_status'] == 'publish' ) ) { // Updating an already published post

		$timestamps = ppp_get_timestamps( $post_id );

		foreach ( $timestamps as $timestamp => $name ) {
			$timestamp = substr( $timestamp, 0, strlen( $timestamp ) - 3 );
			wp_schedule_single_event( $timestamp, 'ppp_share_post_event', array( $post_id, $name ) );
		}
	}
}
// This action is for the cron event. It triggers ppp_share_post when the crons run
add_action( 'ppp_share_post_event', 'ppp_share_post', 10, 2 );

/**
 * Given a post ID remove it's scheduled shares
 * @param  int $post_id The Post ID to remove shares for
 * @return void
 */
function ppp_remove_scheduled_shares( $post_id ) {
	do_action( 'ppp_pre_remove_scheduled_shares', $post_id );

	$current_item_shares = ppp_get_shceduled_crons( $post_id );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

	foreach ( $current_item_shares as $share ) {
		wp_clear_scheduled_hook( 'ppp_share_post_event', array( $post_id, $share['args'][1] ) );
	}

	do_action( 'ppp_post_remove_scheduled_shares', $post_id );
}

/**
 * Given an array of arguments, remove a share
 * @param  array $args Array containing 2 values $post_id and $name
 * @return void
 */
function ppp_remove_scheduled_share( $args ) {
	wp_clear_scheduled_hook( 'ppp_share_post_event', $args );
	return;
}

/**
 * Get all the crons hooked into 'ppp_share_post_event'
 * @return array All crons scheduled for Post Promoter Pro
 */
function ppp_get_scheduled_crons( $post_id = false ) {
	$all_crons = get_option( 'cron' );
	$ppp_crons = array();

	foreach ( $all_crons as $timestamp => $cron ) {
		if ( ! isset( $cron['ppp_share_post_event'] ) ) {
			continue;
		}

		foreach ( $cron['ppp_share_post_event'] as $key => $single_event ) {
			$name_parts = explode( '_', $single_event['args'][1] );
			if ( false !== $post_id && $post_id != $name_parts[2] ) {
				continue;
			}

			$single_event['timestamp'] = $timestamp;
			$ppp_crons[ $key ]         = $single_event;
		}

	}

	return apply_filters( 'ppp_get_scheduled_crons', $ppp_crons );
}

	/**
	 * Leaving in for backwards compatibility
	 *
	 * @param bool $post_id
	 *
	 * @return array
	 */
	function ppp_get_shceduled_crons( $post_id = false ) {
		return ppp_get_scheduled_crons( $post_id );
	}

/**
 * Given a time, see if there are any tweets scheduled within the range of the within
 *
 * @since  2.2.3
 * @param  int $time   The timestamp to check for
 * @param  int $within The number of seconds to check, before and after a given time
 * @return bool        If there are any tweets scheduled within this timeframe
 *
 */
function ppp_has_cron_within( $time = 0, $within = 0 ) {
	if ( empty( $time ) ) {
		$time = current_time( 'timestamp' );
	}

	if ( empty( $within ) ) {
		$within = ppp_get_default_conflict_window();
	}

	$crons = ppp_get_shceduled_crons();

	if ( empty( $crons ) ) {
		return false;
	}

	$scheduled_times = wp_list_pluck( $crons, 'timestamp' );

	$found_time = false;
	foreach ( $scheduled_times as $key => $scheduled_time ) {
		$found_time = ppp_is_time_within( $scheduled_time, $time, $within );
		if ( $found_time ) {
			break;
		}
	}

	return $found_time;
}

/**
 * Check if $time is within the +/- of $target_time
 *
 * @since  2.2.3
 * @param  integer $time        The Time to check
 * @param  integer $target_time The Target time
 * @param  integer $within      The +/- in seconds
 * @return bool                 If the time is within the range of the target_time
 *
 */
function ppp_is_time_within( $time = 0, $target_time = 0, $within = 0 ) {
	$min = $target_time - $within;
	$max = $target_time + $within;

	return ( ( $time >= $min ) && ( $time <= $max ) );
}

/**
 * The default +/- on when we should warn about conflicting tweets
 * @return int The +/- to warn on
 */
function ppp_get_default_conflict_window() {
	return apply_filters( 'ppp_default_conflict_window', HOUR_IN_SECONDS / 2 );
}

/**
 * When a post is trashed, trash it's logs as well
 *
 * @since  2.3
 * @param  int $post_id Post ID
 * @return void
 */
function ppp_trash_logs( $post_id ) {
	global $wpdb;

	$sql = $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'trash' WHERE post_parent = %d && post_type = 'wp_log'", $post_id );
	$wpdb->query( $sql );
}
add_action( 'wp_trash_post', 'ppp_trash_logs', 10, 1 );

/**
 * When a post is deleted, delete it's logs as well
 *
 * @since  2.3
 * @param  int $post_id Post ID
 * @return void
 */
function ppp_delete_logs( $post_id ) {
	global $wpdb;

	$sql = $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE post_parent = %d && post_type = 'wp_log'", $post_id );
	$wpdb->query( $sql );
}
add_action( 'delete_post', 'ppp_delete_logs', 10, 1 );

/**
 * When a post is untrashed, untrash it's logs as well
 *
 * @since  2.3
 * @param  int $post_id Post ID
 * @return void
 */
function ppp_untrash_logs( $post_id ) {
	global $wpdb;
	$post_status = get_post_status( $post_id );

	$sql = $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = '$post_status' WHERE post_parent = $post_id && post_type = 'wp_log'" );
	$wpdb->query( $sql );
}
add_action( 'untrashed_post', 'ppp_untrash_logs', 10, 1 );

/**
 * Unschedule any tweets when the post is unscheduled
 *
 * @since  2.1.2
 * @param  string $old_status The old status of the post
 * @param  string $new_status The new status of the post
 * @param  object $post       The Post Object
 * @return void
 */
function ppp_unschedule_shares( $new_status, $old_status, $post ) {

	if ( ( $old_status == 'publish' || $old_status == 'future' ) && ( $new_status != 'publish' && $new_status != 'future' ) ) {
		ppp_remove_scheduled_shares( $post->ID );
	}

}
add_action( 'transition_post_status', 'ppp_unschedule_shares', 10, 3 );

/**
 * Given a date and time string (from our post meta), return an offset timestamp
 *
 * @since  2.3
 * @param  string $date The Date
 * @param  string $time The time
 * @return long         A timestamp
 */
function ppp_generate_timestamp( $date = false, $time = false ) {
	// Just in case we need this, let's set it once
	$current_time = current_time( 'timestamp' );

	if ( empty( $date ) ) {
		$date = date( 'm/d/Y', $current_time );
	}

	if ( empty( $time ) ) {
		$time = date( 'h:ia', $current_time );
	}

	$share_time = explode( ':', $time );
	$hours      = (int) $share_time[0];
	$minutes    = (int) substr( $share_time[1], 0, 2 );
	$ampm       = strtolower( substr( $share_time[1], -2 ) );

	if ( $ampm == 'pm' && $hours != 12 ) {
		$hours = $hours + 12;
	}

	if ( $ampm == 'am' && $hours == 12 ) {
		$hours = 00;
	}

	$offset    = (int) -( get_option( 'gmt_offset' ) );
	$hours     = $hours + $offset;
	$date      = explode( '/', $date );
	$timestamp = mktime( (int) $hours, (int) $minutes, 0, (int) $date[0], (int) $date[1], (int) $date[2] );

	return $timestamp;
}



GitHub Access Token became invalid

Issues (81)

Security Analysis not enabled

includes/cron-functions.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		// Exit if accessed directly
4		if ( ! defined( 'ABSPATH' ) ) {
5		exit;
6		}
7
8		/**
9		* Schedule social media posts with wp_schedule_single_event
10		* @param int $post_id
11		* @param WP_Post $post
12		* @return void
13		*/
14		function ppp_schedule_share( $post_id, $post ) {
15		$allowed_post_types = ppp_allowed_post_types();
16
17		if ( ! isset( $_POST['post_status'] ) \|\| ! in_array( $post->post_type, $allowed_post_types ) ) {
18		return;
19		}
20
21		ppp_remove_scheduled_shares( $post_id );
22
23		if( ( $_POST['post_status'] == 'publish' && $_POST['original_post_status'] != 'publish' ) \|\| // From anything to published
24		( $_POST['post_status'] == 'future' && $_POST['original_post_status'] == 'future' ) \|\| // Updating a future post
25		( $_POST['post_status'] == 'publish' && $_POST['original_post_status'] == 'publish' ) ) { // Updating an already published post
26
27		$timestamps = ppp_get_timestamps( $post_id );
28
29		foreach ( $timestamps as $timestamp => $name ) {
30		$timestamp = substr( $timestamp, 0, strlen( $timestamp ) - 3 );
31		wp_schedule_single_event( $timestamp, 'ppp_share_post_event', array( $post_id, $name ) );
32		}
33		}
34		}
35		// This action is for the cron event. It triggers ppp_share_post when the crons run
36		add_action( 'ppp_share_post_event', 'ppp_share_post', 10, 2 );
37
38		/**
39		* Given a post ID remove it's scheduled shares
40		* @param int $post_id The Post ID to remove shares for
41		* @return void
42		*/
43		function ppp_remove_scheduled_shares( $post_id ) {
44		do_action( 'ppp_pre_remove_scheduled_shares', $post_id );
45
46		$current_item_shares = ppp_get_shceduled_crons( $post_id );
		0 ignored issues – show Documentation introduced 2016-06-26 23:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$post_id` is of type `integer`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
47
48		foreach ( $current_item_shares as $share ) {
49		wp_clear_scheduled_hook( 'ppp_share_post_event', array( $post_id, $share['args'][1] ) );
50		}
51
52		do_action( 'ppp_post_remove_scheduled_shares', $post_id );
53		}
54
55		/**
56		* Given an array of arguments, remove a share
57		* @param array $args Array containing 2 values $post_id and $name
58		* @return void
59		*/
60		function ppp_remove_scheduled_share( $args ) {
61		wp_clear_scheduled_hook( 'ppp_share_post_event', $args );
62		return;
63		}
64
65		/**
66		* Get all the crons hooked into 'ppp_share_post_event'
67		* @return array All crons scheduled for Post Promoter Pro
68		*/
69		function ppp_get_scheduled_crons( $post_id = false ) {
70	2	$all_crons = get_option( 'cron' );
71	2	$ppp_crons = array();
72
73	2	foreach ( $all_crons as $timestamp => $cron ) {
74	2	if ( ! isset( $cron['ppp_share_post_event'] ) ) {
75	2	continue;
76		}
77
78		foreach ( $cron['ppp_share_post_event'] as $key => $single_event ) {
79		$name_parts = explode( '_', $single_event['args'][1] );
80		if ( false !== $post_id && $post_id != $name_parts[2] ) {
81		continue;
82		}
83
84		$single_event['timestamp'] = $timestamp;
85		$ppp_crons[ $key ] = $single_event;
86		}
87
88	2	}
89
90	2	return apply_filters( 'ppp_get_scheduled_crons', $ppp_crons );
91		}
92
93		/**
94		* Leaving in for backwards compatibility
95		*
96		* @param bool $post_id
97		*
98		* @return array
99		*/
100		function ppp_get_shceduled_crons( $post_id = false ) {
101	2	return ppp_get_scheduled_crons( $post_id );
102		}
103
104		/**
105		* Given a time, see if there are any tweets scheduled within the range of the within
106		*
107		* @since 2.2.3
108		* @param int $time The timestamp to check for
109		* @param int $within The number of seconds to check, before and after a given time
110		* @return bool If there are any tweets scheduled within this timeframe
111		*
112		*/
113		function ppp_has_cron_within( $time = 0, $within = 0 ) {
114	1	if ( empty( $time ) ) {
115	1	$time = current_time( 'timestamp' );
116	1	}
117
118	1	if ( empty( $within ) ) {
119	1	$within = ppp_get_default_conflict_window();
120	1	}
121
122	1	$crons = ppp_get_shceduled_crons();
123
124	1	if ( empty( $crons ) ) {
125		return false;
126		}
127
128	1	$scheduled_times = wp_list_pluck( $crons, 'timestamp' );
129
130	1	$found_time = false;
131	1	foreach ( $scheduled_times as $key => $scheduled_time ) {
132	1	$found_time = ppp_is_time_within( $scheduled_time, $time, $within );
133	1	if ( $found_time ) {
134	1	break;
135		}
136	1	}
137
138	1	return $found_time;
139		}
140
141		/**
142		* Check if $time is within the +/- of $target_time
143		*
144		* @since 2.2.3
145		* @param integer $time The Time to check
146		* @param integer $target_time The Target time
147		* @param integer $within The +/- in seconds
148		* @return bool If the time is within the range of the target_time
149		*
150		*/
151		function ppp_is_time_within( $time = 0, $target_time = 0, $within = 0 ) {
152	1	$min = $target_time - $within;
153	1	$max = $target_time + $within;
154
155	1	return ( ( $time >= $min ) && ( $time <= $max ) );
156		}
157
158		/**
159		* The default +/- on when we should warn about conflicting tweets
160		* @return int The +/- to warn on
161		*/
162		function ppp_get_default_conflict_window() {
163	1	return apply_filters( 'ppp_default_conflict_window', HOUR_IN_SECONDS / 2 );
164		}
165
166		/**
167		* When a post is trashed, trash it's logs as well
168		*
169		* @since 2.3
170		* @param int $post_id Post ID
171		* @return void
172		*/
173		function ppp_trash_logs( $post_id ) {
174		global $wpdb;
175
176		$sql = $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'trash' WHERE post_parent = %d && post_type = 'wp_log'", $post_id );
177		$wpdb->query( $sql );
178		}
179		add_action( 'wp_trash_post', 'ppp_trash_logs', 10, 1 );
180
181		/**
182		* When a post is deleted, delete it's logs as well
183		*
184		* @since 2.3
185		* @param int $post_id Post ID
186		* @return void
187		*/
188		function ppp_delete_logs( $post_id ) {
189		global $wpdb;
190
191		$sql = $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE post_parent = %d && post_type = 'wp_log'", $post_id );
192		$wpdb->query( $sql );
193		}
194		add_action( 'delete_post', 'ppp_delete_logs', 10, 1 );
195
196		/**
197		* When a post is untrashed, untrash it's logs as well
198		*
199		* @since 2.3
200		* @param int $post_id Post ID
201		* @return void
202		*/
203		function ppp_untrash_logs( $post_id ) {
204		global $wpdb;
205		$post_status = get_post_status( $post_id );
206
207		$sql = $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = '$post_status' WHERE post_parent = $post_id && post_type = 'wp_log'" );
208		$wpdb->query( $sql );
209		}
210		add_action( 'untrashed_post', 'ppp_untrash_logs', 10, 1 );
211
212		/**
213		* Unschedule any tweets when the post is unscheduled
214		*
215		* @since 2.1.2
216		* @param string $old_status The old status of the post
217		* @param string $new_status The new status of the post
218		* @param object $post The Post Object
219		* @return void
220		*/
221		function ppp_unschedule_shares( $new_status, $old_status, $post ) {
222
223		if ( ( $old_status == 'publish' \|\| $old_status == 'future' ) && ( $new_status != 'publish' && $new_status != 'future' ) ) {
224		ppp_remove_scheduled_shares( $post->ID );
225		}
226
227		}
228		add_action( 'transition_post_status', 'ppp_unschedule_shares', 10, 3 );
229
230		/**
231		* Given a date and time string (from our post meta), return an offset timestamp
232		*
233		* @since 2.3
234		* @param string $date The Date
235		* @param string $time The time
236		* @return long A timestamp
237		*/
238		function ppp_generate_timestamp( $date = false, $time = false ) {
239		// Just in case we need this, let's set it once
240	1	$current_time = current_time( 'timestamp' );
241
242	1	if ( empty( $date ) ) {
243		$date = date( 'm/d/Y', $current_time );
244		}
245
246	1	if ( empty( $time ) ) {
247		$time = date( 'h:ia', $current_time );
248		}
249
250	1	$share_time = explode( ':', $time );
251	1	$hours = (int) $share_time[0];
252	1	$minutes = (int) substr( $share_time[1], 0, 2 );
253	1	$ampm = strtolower( substr( $share_time[1], -2 ) );
254
255	1	if ( $ampm == 'pm' && $hours != 12 ) {
256		$hours = $hours + 12;
257		}
258
259	1	if ( $ampm == 'am' && $hours == 12 ) {
260		$hours = 00;
261		}
262
263	1	$offset = (int) -( get_option( 'gmt_offset' ) );
264	1	$hours = $hours + $offset;
265	1	$date = explode( '/', $date );
266	1	$timestamp = mktime( (int) $hours, (int) $minutes, 0, (int) $date[0], (int) $date[1], (int) $date[2] );
267
268	1	return $timestamp;
269		}
270
271

postpromoterpro / post-promoter-pro

GitHub Access Token became invalid

Issues (81)

Security Analysis not enabled

includes/cron-functions.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like