Issues in class-email-access-email.php (master) - Issues in master - ravinderk/Give - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4335)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/admin/emails/class-email-access-email.php (7 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Email access notification
 *
 *
 * @package     Give
 * @subpackage  Classes/Emails
 * @copyright   Copyright (c) 2016, GiveWP
 * @license     https://opensource.org/licenses/gpl-license GNU Public License
 * @since       2.0
 */

// Exit if access directly.
if ( ! defined( 'ABSPATH' ) ) {
	exit;
}

if ( ! class_exists( 'Give_Email_Access_Email' ) ) :

	/**
	 * Give_Email_Access_Email
	 *
	 * @abstract
	 * @since 2.0
	 */
	class Give_Email_Access_Email extends Give_Email_Notification {
		/**
		 * Create a class instance.
		 *
		 * @access public
		 * @since  2.0
		 */
		public function init() {
			$this->load( array(
				'id'                           => 'email-access',
				'label'                        => __( 'Email access', 'give' ),
				'description'                  => __( 'Sent when donors request access to their donation history using only their email as verification. (See Settings > General > Access Control)', 'give' ),
				'notification_status'          => give_get_option( 'email_access', 'disabled' ),
				'form_metabox_setting'         => false,
				'notification_status_editable' => false,
				'email_tag_context'            => 'donor',
				'recipient_group_name'         => __( 'Donor', 'give' ),
				'default_email_subject'        => sprintf( __( 'Please confirm your email for %s', 'give' ), get_bloginfo( 'url' ) ),
				'default_email_message'        => $this->get_default_email_message(),
				'default_email_header'         => __( 'Confirm Email', 'give' ),
				'notices' => array(
					'non-notification-status-editable' => sprintf(
						'%1$s <a href="%2$s">%3$s &raquo;</a>',
						__( 'This notification is automatically toggled based on whether the email access is enabled or not.', 'give' ),
						esc_url( admin_url('edit.php?post_type=give_forms&page=give-settings&tab=general&section=access-control') ),

						__( 'Edit Setting', 'give' )
					)
				),
			) );

			add_filter( "give_{$this->config['id']}_email_notification", array( $this, 'setup_email_notification' ), 10, 2 );
			add_action( 'give_save_settings_give_settings', array( $this, 'set_notification_status' ), 10, 2 );
			add_filter( 'give_email_preview_header', array( $this, 'email_preview_header' ), 10, 2 );
		}

		/**
		 * Get email subject.
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @param int $form_id
		 *
		 * @return string
		 */
		public function get_email_subject( $form_id = null ) {

			$subject = wp_strip_all_tags(
				Give_Email_Notification_Util::get_value(
					$this,
					Give_Email_Setting_Field::get_prefix( $this, $form_id ) . 'email_subject',
					$form_id,
					$this->config['default_email_subject']
				)
			);

			/**
			 * Filters the donation notification subject.
			 * Note: This filter will deprecate soon.
			 *
			 * @since 1.0
			 */
			$subject = apply_filters( 'give_email_access_token_subject', $subject );

			/**
			 * Filters the donation notification subject.
			 *
			 * @since 2.0
			 */
			$subject = apply_filters( "give_{$this->config['id']}_get_email_subject", $subject, $this, $form_id );

			return $subject;
		}


		/**
		 * Get email attachment.
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @param int $form_id
		 *
		 * @return string
		 */
		public function get_email_message( $form_id = null ) {

			$message = Give_Email_Notification_Util::get_value(
				$this,
				Give_Email_Setting_Field::get_prefix( $this, $form_id ) . 'email_message',
				$form_id,
				$this->config['default_email_message']
			);

			/**
			 * Filter the email message
			 * Note: This filter will deprecate soon.
			 *
			 * @since 1.0
			 */
			$message = apply_filters( 'give_email_access_token_message', $message );

			/**
			 * Filter the email message
			 *
			 * @since 2.0
			 */
			$message = apply_filters( "give_{$this->config['id']}_get_default_email_message", $message, $this, $form_id );

			return $message;
		}


		/**
		 * Get email attachment.
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @param int $form_id
		 * @return array
		 */
		public function get_email_attachments( $form_id = null ) {
			/**
			 * Filters the donation notification email attachments.
			 * By default, there is no attachment but plugins can hook in to provide one more multiple.
			 * Note: This filter will deprecate soon.
			 *
			 * @since 1.0
			 */
			$attachments = apply_filters( 'give_admin_donation_notification_attachments', array() );

			/**
			 * Filters the donation notification email attachments.
			 * By default, there is no attachment but plugins can hook in to provide one more multiple.
			 *
			 * @since 2.0
			 */
			$attachments = apply_filters( "give_{$this->config['id']}_get_email_attachments", $attachments, $this, $form_id );

			return $attachments;
		}


		/**
		 * Get default email message.
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @return string
		 */
		public function get_default_email_message() {
			$message = __( 'Please click the link to access your donation history on {site_url}. If you did not request this email, please contact {admin_email}.', 'give' ) . "\n\n";
			$message .= '{email_access_link}' . "\n\n";
			$message .= "\n\n";
			$message .= __( 'Sincerely,', 'give' ) . "\n";
			$message .= get_bloginfo( 'name' ) . "\n";

			/**
			 * Filter the new donation email message
			 *
			 * @since 2.0
			 *
			 * @param string $message
			 */
			return apply_filters( "give_{$this->config['id']}_get_default_email_message", $message, $this );
		}


		/**
		 * Get email header
		 *
		 * @since 2.2.1
		 * @access public
		 *
		 * @param null $form_id
		 *
		 * @return string
		 */
		public function get_email_header( $form_id = null ) {
			$subject = parent::get_email_header( $form_id );

			/**
			 * Filter the email header
			 *
			 * @since 1.0
			 */
			$subject  =  apply_filters( 'give_email_access_token_heading', $subject );


			return  $subject;
		}


		/**
		 * Set email data
		 *
		 * @since 2.0
		 */
		public function setup_email_data() {
			/**
			 * Filters the from name.
			 * Note: This filter will deprecate soon.
			 *
			 * @since 1.0
			 */
			$from_name = apply_filters( 'give_donation_from_name', Give()->emails->get_from_name() );

			/**
			 * Filters the from email.
			 * Note: This filter will deprecate soon.
			 *
			 * @since 1.0
			 */
			$from_email = apply_filters( 'give_donation_from_address', Give()->emails->get_from_address() );

			Give()->emails->__set( 'from_name', $from_name );
			Give()->emails->__set( 'from_email', $from_email );

			/**
			 * Filters the donation notification email headers.
			 *
			 * @since 1.0
			 */
			$headers = apply_filters( 'give_admin_donation_notification_headers', Give()->emails->get_headers() );

			Give()->emails->__set( 'headers', $headers );
		}

		/**
		 * Setup email notification.
		 *
		 * @param int    $donor_id Donor ID.
		 * @param string $email    Donor Email.
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @return bool
		 */
		public function setup_email_notification( $donor_id, $email ) {
			$donor = Give()->donors->get_donor_by( 'email', $email );
			$this->recipient_email = $email;

			// Set email data.
			$this->setup_email_data();

			// Send email.
			return $this->send_email_notification(
				array(
					'donor_id' => $donor_id,
					'user_id'  => $donor->user_id
				)
			);
		}


		/**
		 * Set notification status
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @param $update_options
		 * @param $option_name
		 */
		public function set_notification_status( $update_options, $option_name ) {
			// Get updated settings.
			$update_options = give_get_settings();

			if (
				! empty( $update_options['email_access'] )
				&& ! empty( $update_options[ "{$this->config['id']}_notification" ] )
				&& $update_options['email_access'] !== $update_options[ "{$this->config['id']}_notification" ]
			) {
				$update_options[ "{$this->config['id']}_notification" ] = $update_options['email_access'];
				update_option( $option_name, $update_options, false );
			}
		}


		/**
		 * email preview header.
		 *
		 * @since  2.0
		 * @access public
		 *
		 * @param string                  $email_preview_header
		 * @param Give_Email_Access_Email $email
		 * @return string
		 */
		public function email_preview_header( $email_preview_header, $email ) {
			if( $this->config['id'] === $email->config['id'] ) {

				$email_preview_header = '';
			}

			return $email_preview_header;
		}
	}

endif; // End class_exists check

return Give_Email_Access_Email::get_instance();


1		<?php
2		/**
3		* Email access notification
4		*
5		*
6		* @package Give
7		* @subpackage Classes/Emails
8		* @copyright Copyright (c) 2016, GiveWP
9		* @license https://opensource.org/licenses/gpl-license GNU Public License
10		* @since 2.0
11		*/
12
13		// Exit if access directly.
14		if ( ! defined( 'ABSPATH' ) ) {
15		exit;
16		}
17
18		if ( ! class_exists( 'Give_Email_Access_Email' ) ) :
19
20		/**
21		* Give_Email_Access_Email
22		*
23		* @abstract
24		* @since 2.0
25		*/
26		class Give_Email_Access_Email extends Give_Email_Notification {
27		/**
28		* Create a class instance.
29		*
30		* @access public
31		* @since 2.0
32		*/
33		public function init() {
34		$this->load( array(
35		'id' => 'email-access',
36		'label' => __( 'Email access', 'give' ),
37		'description' => __( 'Sent when donors request access to their donation history using only their email as verification. (See Settings > General > Access Control)', 'give' ),
38		'notification_status' => give_get_option( 'email_access', 'disabled' ),
39		'form_metabox_setting' => false,
40		'notification_status_editable' => false,
41		'email_tag_context' => 'donor',
42		'recipient_group_name' => __( 'Donor', 'give' ),
43		'default_email_subject' => sprintf( __( 'Please confirm your email for %s', 'give' ), get_bloginfo( 'url' ) ),
44		'default_email_message' => $this->get_default_email_message(),
45		'default_email_header' => __( 'Confirm Email', 'give' ),
46		'notices' => array(
47		'non-notification-status-editable' => sprintf(
48		'%1$s <a href="%2$s">%3$s »</a>',
49		__( 'This notification is automatically toggled based on whether the email access is enabled or not.', 'give' ),
50		esc_url( admin_url('edit.php?post_type=give_forms&page=give-settings&tab=general&section=access-control') ),
		0 ignored issues – show Coding Style introduced 2018-01-16 06:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 spaces after opening bracket; 0 found Loading history... Coding Style introduced 2018-01-16 06:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 spaces before closing bracket; 0 found Loading history...
51		__( 'Edit Setting', 'give' )
52		)
53		),
54		) );
55
56		add_filter( "give_{$this->config['id']}_email_notification", array( $this, 'setup_email_notification' ), 10, 2 );
57		add_action( 'give_save_settings_give_settings', array( $this, 'set_notification_status' ), 10, 2 );
58		add_filter( 'give_email_preview_header', array( $this, 'email_preview_header' ), 10, 2 );
59		}
60
61		/**
62		* Get email subject.
63		*
64		* @since 2.0
65		* @access public
66		*
67		* @param int $form_id
68		*
69		* @return string
70		*/
71	View Code Duplication	public function get_email_subject( $form_id = null ) {
		0 ignored issues – show Duplication introduced 2017-07-31 10:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
72		$subject = wp_strip_all_tags(
73		Give_Email_Notification_Util::get_value(
74		$this,
75		Give_Email_Setting_Field::get_prefix( $this, $form_id ) . 'email_subject',
76		$form_id,
77		$this->config['default_email_subject']
78		)
79		);
80
81		/**
82		* Filters the donation notification subject.
83		* Note: This filter will deprecate soon.
84		*
85		* @since 1.0
86		*/
87		$subject = apply_filters( 'give_email_access_token_subject', $subject );
88
89		/**
90		* Filters the donation notification subject.
91		*
92		* @since 2.0
93		*/
94		$subject = apply_filters( "give_{$this->config['id']}_get_email_subject", $subject, $this, $form_id );
95
96		return $subject;
97		}
98
99
100		/**
101		* Get email attachment.
102		*
103		* @since 2.0
104		* @access public
105		*
106		* @param int $form_id
107		*
108		* @return string
109		*/
110	View Code Duplication	public function get_email_message( $form_id = null ) {
		0 ignored issues – show Duplication introduced 2017-07-31 10:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
111		$message = Give_Email_Notification_Util::get_value(
112		$this,
113		Give_Email_Setting_Field::get_prefix( $this, $form_id ) . 'email_message',
114		$form_id,
115		$this->config['default_email_message']
116		);
117
118		/**
119		* Filter the email message
120		* Note: This filter will deprecate soon.
121		*
122		* @since 1.0
123		*/
124		$message = apply_filters( 'give_email_access_token_message', $message );
125
126		/**
127		* Filter the email message
128		*
129		* @since 2.0
130		*/
131		$message = apply_filters( "give_{$this->config['id']}_get_default_email_message", $message, $this, $form_id );
132
133		return $message;
134		}
135
136
137		/**
138		* Get email attachment.
139		*
140		* @since 2.0
141		* @access public
142		*
143		* @param int $form_id
144		* @return array
145		*/
146		public function get_email_attachments( $form_id = null ) {
147		/**
148		* Filters the donation notification email attachments.
149		* By default, there is no attachment but plugins can hook in to provide one more multiple.
150		* Note: This filter will deprecate soon.
151		*
152		* @since 1.0
153		*/
154		$attachments = apply_filters( 'give_admin_donation_notification_attachments', array() );
155
156		/**
157		* Filters the donation notification email attachments.
158		* By default, there is no attachment but plugins can hook in to provide one more multiple.
159		*
160		* @since 2.0
161		*/
162		$attachments = apply_filters( "give_{$this->config['id']}_get_email_attachments", $attachments, $this, $form_id );
163
164		return $attachments;
165		}
166
167
168		/**
169		* Get default email message.
170		*
171		* @since 2.0
172		* @access public
173		*
174		* @return string
175		*/
176		public function get_default_email_message() {
177		$message = __( 'Please click the link to access your donation history on {site_url}. If you did not request this email, please contact {admin_email}.', 'give' ) . "\n\n";
178		$message .= '{email_access_link}' . "\n\n";
179		$message .= "\n\n";
180		$message .= __( 'Sincerely,', 'give' ) . "\n";
181		$message .= get_bloginfo( 'name' ) . "\n";
182
183		/**
184		* Filter the new donation email message
185		*
186		* @since 2.0
187		*
188		* @param string $message
189		*/
190		return apply_filters( "give_{$this->config['id']}_get_default_email_message", $message, $this );
191		}
192
193
194		/**
195		* Get email header
196		*
197		* @since 2.2.1
198		* @access public
199		*
200		* @param null $form_id
201		*
202		* @return string
203		*/
204		public function get_email_header( $form_id = null ) {
205		$subject = parent::get_email_header( $form_id );
206
207		/**
208		* Filter the email header
209		*
210		* @since 1.0
211		*/
212		$subject = apply_filters( 'give_email_access_token_heading', $subject );
		0 ignored issues – show introduced 2018-08-02 13:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 space after "="; 2 found Loading history...
213
214		return $subject;
215		}
216
217
218		/**
219		* Set email data
220		*
221		* @since 2.0
222		*/
223		public function setup_email_data() {
224		/**
225		* Filters the from name.
226		* Note: This filter will deprecate soon.
227		*
228		* @since 1.0
229		*/
230		$from_name = apply_filters( 'give_donation_from_name', Give()->emails->get_from_name() );
231
232		/**
233		* Filters the from email.
234		* Note: This filter will deprecate soon.
235		*
236		* @since 1.0
237		*/
238		$from_email = apply_filters( 'give_donation_from_address', Give()->emails->get_from_address() );
239
240		Give()->emails->__set( 'from_name', $from_name );
241		Give()->emails->__set( 'from_email', $from_email );
242
243		/**
244		* Filters the donation notification email headers.
245		*
246		* @since 1.0
247		*/
248		$headers = apply_filters( 'give_admin_donation_notification_headers', Give()->emails->get_headers() );
249
250		Give()->emails->__set( 'headers', $headers );
251		}
252
253		/**
254		* Setup email notification.
255		*
256		* @param int $donor_id Donor ID.
257		* @param string $email Donor Email.
258		*
259		* @since 2.0
260		* @access public
261		*
262		* @return bool
263		*/
264		public function setup_email_notification( $donor_id, $email ) {
265		$donor = Give()->donors->get_donor_by( 'email', $email );
266		$this->recipient_email = $email;
267
268		// Set email data.
269		$this->setup_email_data();
270
271		// Send email.
272		return $this->send_email_notification(
273		array(
274		'donor_id' => $donor_id,
275		'user_id' => $donor->user_id
276		)
277		);
278		}
279
280
281		/**
282		* Set notification status
283		*
284		* @since 2.0
285		* @access public
286		*
287		* @param $update_options
288		* @param $option_name
289		*/
290		public function set_notification_status( $update_options, $option_name ) {
291		// Get updated settings.
292		$update_options = give_get_settings();
293
294		if (
295		! empty( $update_options['email_access'] )
296		&& ! empty( $update_options[ "{$this->config['id']}_notification" ] )
297		&& $update_options['email_access'] !== $update_options[ "{$this->config['id']}_notification" ]
298		) {
299		$update_options[ "{$this->config['id']}_notification" ] = $update_options['email_access'];
300		update_option( $option_name, $update_options, false );
301		}
302		}
303
304
305		/**
306		* email preview header.
307		*
308		* @since 2.0
309		* @access public
310		*
311		* @param string $email_preview_header
312		* @param Give_Email_Access_Email $email
313		* @return string
314		*/
315		public function email_preview_header( $email_preview_header, $email ) {
316		if( $this->config['id'] === $email->config['id'] ) {
		0 ignored issues – show introduced 2017-07-31 10:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this Space after opening control structure is required Loading history... introduced 2017-07-31 10:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this No space before opening parenthesis is prohibited Loading history...
317		$email_preview_header = '';
318		}
319
320		return $email_preview_header;
321		}
322		}
323
324		endif; // End class_exists check
325
326		return Give_Email_Access_Email::get_instance();
327

ravinderk / Give

Issues (4335)

Security Analysis not enabled

includes/admin/emails/class-email-access-email.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like