Issues in acf.php (master) - Issues in master - rousnay/lighthouse - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1378)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/acf/acf.php (16 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
Plugin Name: Advanced Custom Fields Pro
Plugin URI: http://www.advancedcustomfields.com/
Description: Customise WordPress with powerful, professional and intuitive fields
Version: 5.3.3.1
Author: elliot condon
Author URI: http://www.elliotcondon.com/
Copyright: Elliot Condon
Text Domain: acf
Domain Path: /lang
*/

if( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly

if( ! class_exists('acf') ) :

class acf {
	
	// vars
	var $settings;
		
	
	/*
	*  __construct
	*
	*  A dummy constructor to ensure ACF is only initialized once
	*
	*  @type	function
	*  @date	23/06/12
	*  @since	5.0.0
	*
	*  @param	N/A
	*  @return	N/A
	*/

	
	function __construct() {

		
		/* Do nothing here */
		
	}
	
	
	/*
	*  initialize
	*
	*  The real constructor to initialize ACF
	*
	*  @type	function
	*  @date	28/09/13
	*  @since	5.0.0
	*
	*  @param	$post_id (int)
	*  @return	$post_id (int)
	*/

		
	function initialize() {

		
		// vars
		$this->settings = array(
			
			// basic
			'name'				=> __('Advanced Custom Fields', 'acf'),
			'version'			=> '5.3.3.1',
						
			// urls
			'basename'			=> plugin_basename( __FILE__ ),
			'path'				=> plugin_dir_path( __FILE__ ),
			'dir'				=> plugin_dir_url( __FILE__ ),
			
			// options
			'show_admin'		=> true,
			'show_updates'		=> true,
			'stripslashes'		=> false,
			'local'				=> true,
			'json'				=> true,
			'save_json'			=> '',
			'load_json'			=> array(),
			'default_language'	=> '',
			'current_language'	=> '',
			'capability'		=> 'manage_options',
			'uploader'			=> 'wp',
			'autoload'			=> false,
			'l10n'				=> true,
			'l10n_textdomain'	=> '',
			'l10n_field'		=> array('label', 'instructions'),
			'l10n_field_group'	=> array('title'),
		);
		
		
		// include helpers
		include_once('api/api-helpers.php');
		
		
		// api
		acf_include('api/api-value.php');
		acf_include('api/api-field.php');
		acf_include('api/api-field-group.php');
		acf_include('api/api-template.php');
		
		
		// core
		acf_include('core/ajax.php');
		acf_include('core/field.php');
		acf_include('core/input.php');
		acf_include('core/json.php');
		acf_include('core/local.php');
		acf_include('core/location.php');
		acf_include('core/media.php');
		acf_include('core/revisions.php');
		acf_include('core/compatibility.php');
		acf_include('core/third_party.php');
		
		
		// forms
		acf_include('forms/attachment.php');
		acf_include('forms/comment.php');
		acf_include('forms/post.php');
		acf_include('forms/taxonomy.php');
		acf_include('forms/user.php');
		acf_include('forms/widget.php');
		
		
		// admin
		if( is_admin() ) {
			
			acf_include('admin/admin.php');
			acf_include('admin/field-group.php');
			acf_include('admin/field-groups.php');
			acf_include('admin/update.php');
			acf_include('admin/settings-tools.php');
			//acf_include('admin/settings-addons.php');
			acf_include('admin/settings-info.php');
		}
		
		
		// pro
		acf_include('pro/acf-pro.php');
		
		
		// actions
		add_action('init',	array($this, 'init'), 5);
		add_action('init',	array($this, 'register_post_types'), 5);
		add_action('init',	array($this, 'register_post_status'), 5);
		add_action('init',	array($this, 'register_assets'), 5);
		
		
		// filters
		add_filter('posts_where',		array($this, 'posts_where'), 10, 2 );
		//add_filter('posts_request',	array($this, 'posts_request'), 10, 1 );
		
	}
	
	
	/*
	*  init
	*
	*  This function will run after all plugins and theme functions have been included
	*
	*  @type	action (init)
	*  @date	28/09/13
	*  @since	5.0.0
	*
	*  @param	N/A
	*  @return	N/A
	*/

	
	function init() {

		
		// bail early if a plugin called get_field early
		if( !did_action('plugins_loaded') ) return;
		
		
		// bail early if already init
		if( acf_get_setting('init') ) return;
		
		
		// only run once
		acf_update_setting('init', true);
		
		
		// vars
		$major = intval( acf_get_setting('version') );
		
		
		// redeclare dir
		// - allow another plugin to modify dir (maybe force SSL)
		acf_update_setting('dir', plugin_dir_url( __FILE__ ));
		
		
		// set text domain
		load_textdomain( 'acf', acf_get_path( 'lang/acf-' . get_locale() . '.mo' ) );
		
		
		// include wpml support
		if( defined('ICL_SITEPRESS_VERSION') ) {
		
			acf_include('core/wpml.php');
			
		}
		
		
		// field types
		acf_include('fields/text.php');
		acf_include('fields/textarea.php');
		acf_include('fields/number.php');
		acf_include('fields/email.php');
		acf_include('fields/url.php');
		acf_include('fields/password.php');
		acf_include('fields/wysiwyg.php');
		acf_include('fields/oembed.php');
		acf_include('fields/image.php');
		acf_include('fields/file.php');
		acf_include('fields/select.php');
		acf_include('fields/checkbox.php');
		acf_include('fields/radio.php');
		acf_include('fields/true_false.php');
		acf_include('fields/post_object.php');
		acf_include('fields/page_link.php');
		acf_include('fields/relationship.php');
		acf_include('fields/taxonomy.php');
		acf_include('fields/user.php');
		acf_include('fields/google-map.php');
		acf_include('fields/date_picker.php');
		acf_include('fields/color_picker.php');
		acf_include('fields/message.php');
		acf_include('fields/tab.php');
		
		
		// 3rd party field types
		do_action('acf/include_field_types', $major);
		
		
		// local fields
		do_action('acf/include_fields', $major);
		
		
		// action for 3rd party
		do_action('acf/init');
			
	}
	
	
	/*
	*  register_post_types
	*
	*  This function will register post types and statuses
	*
	*  @type	function
	*  @date	22/10/2015
	*  @since	5.3.2
	*
	*  @param	n/a
	*  @return	n/a
	*/

	
	function register_post_types() {

		
		// vars
		$cap = acf_get_setting('capability');
		
		
		// register post type 'acf-field-group'
		register_post_type('acf-field-group', array(
			'labels'			=> array(
			    'name'					=> __( 'Field Groups', 'acf' ),
				'singular_name'			=> __( 'Field Group', 'acf' ),
			    'add_new'				=> __( 'Add New' , 'acf' ),
			    'add_new_item'			=> __( 'Add New Field Group' , 'acf' ),
			    'edit_item'				=> __( 'Edit Field Group' , 'acf' ),
			    'new_item'				=> __( 'New Field Group' , 'acf' ),
			    'view_item'				=> __( 'View Field Group', 'acf' ),
			    'search_items'			=> __( 'Search Field Groups', 'acf' ),
			    'not_found'				=> __( 'No Field Groups found', 'acf' ),
			    'not_found_in_trash'	=> __( 'No Field Groups found in Trash', 'acf' ), 
			),
			'public'			=> false,
			'show_ui'			=> true,
			'_builtin'			=> false,
			'capability_type'	=> 'post',
			'capabilities'		=> array(
				'edit_post'			=> $cap,
				'delete_post'		=> $cap,
				'edit_posts'		=> $cap,
				'delete_posts'		=> $cap,
			),
			'hierarchical'		=> true,
			'rewrite'			=> false,
			'query_var'			=> false,
			'supports' 			=> array('title'),
			'show_in_menu'		=> false,
		));
		
		
		// register post type 'acf-field'
		register_post_type('acf-field', array(
			'labels'			=> array(
			    'name'					=> __( 'Fields', 'acf' ),
				'singular_name'			=> __( 'Field', 'acf' ),
			    'add_new'				=> __( 'Add New' , 'acf' ),
			    'add_new_item'			=> __( 'Add New Field' , 'acf' ),
			    'edit_item'				=> __( 'Edit Field' , 'acf' ),
			    'new_item'				=> __( 'New Field' , 'acf' ),
			    'view_item'				=> __( 'View Field', 'acf' ),
			    'search_items'			=> __( 'Search Fields', 'acf' ),
			    'not_found'				=> __( 'No Fields found', 'acf' ),
			    'not_found_in_trash'	=> __( 'No Fields found in Trash', 'acf' ), 
			),
			'public'			=> false,
			'show_ui'			=> false,
			'_builtin'			=> false,
			'capability_type'	=> 'post',
			'capabilities'		=> array(
				'edit_post'			=> $cap,
				'delete_post'		=> $cap,
				'edit_posts'		=> $cap,
				'delete_posts'		=> $cap,
			),
			'hierarchical'		=> true,
			'rewrite'			=> false,
			'query_var'			=> false,
			'supports' 			=> array('title'),
			'show_in_menu'		=> false,
		));
		
	}
	
	
	/*
	*  register_post_status
	*
	*  This function will register custom post statuses
	*
	*  @type	function
	*  @date	22/10/2015
	*  @since	5.3.2
	*
	*  @param	$post_id (int)
	*  @return	$post_id (int)
	*/

	
	function register_post_status() {

		
		// acf-disabled
		register_post_status('acf-disabled', array(
			'label'                     => __( 'Disabled', 'acf' ),
			'public'                    => true,
			'exclude_from_search'       => false,
			'show_in_admin_all_list'    => true,
			'show_in_admin_status_list' => true,
			'label_count'               => _n_noop( 'Disabled <span class="count">(%s)</span>', 'Disabled <span class="count">(%s)</span>', 'acf' ),
		));
		
	}
	
	
	/*
	*  register_assets
	*
	*  This function will register scripts and styles
	*
	*  @type	function
	*  @date	22/10/2015
	*  @since	5.3.2
	*
	*  @param	n/a
	*  @return	n/a
	*/

	
	function register_assets() {

		
		// vars
		$version = acf_get_setting('version');
		$lang = get_locale();
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
		$min = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '' : '.min';
		
		
		// scripts
		wp_register_script('acf-input', acf_get_dir("assets/js/acf-input{$min}.js"), array('jquery', 'jquery-ui-core', 'jquery-ui-sortable', 'jquery-ui-resizable'), $version );
		wp_register_script('acf-field-group', acf_get_dir("assets/js/acf-field-group{$min}.js"), array('acf-input'), $version );
		
		
		// styles
		wp_register_style('acf-global', acf_get_dir('assets/css/acf-global.css'), array(), $version );
		wp_register_style('acf-input', acf_get_dir('assets/css/acf-input.css'), array('acf-global'), $version );
		wp_register_style('acf-field-group', acf_get_dir('assets/css/acf-field-group.css'), array('acf-input'), $version );
		
	}
	
	
	/*
	*  posts_where
	*
	*  This function will add in some new parameters to the WP_Query args allowing fields to be found via key / name
	*
	*  @type	filter
	*  @date	5/12/2013
	*  @since	5.0.0
	*
	*  @param	$where (string)
	*  @param	$wp_query (object)
	*  @return	$where (string)
	*/

	
	function posts_where( $where, $wp_query ) {

		
		// global
		global $wpdb;
		
		
		// acf_field_key
		if( $field_key = $wp_query->get('acf_field_key') ) {
		
			$where .= $wpdb->prepare(" AND {$wpdb->posts}.post_name = %s", $field_key );
			
	    }
	    
	    
	    // acf_field_name
	    if( $field_name = $wp_query->get('acf_field_name') ) {
	    
			$where .= $wpdb->prepare(" AND {$wpdb->posts}.post_excerpt = %s", $field_name );
			
	    }
	    
	    
	    // acf_group_key
		if( $group_key = $wp_query->get('acf_group_key') ) {
		
			$where .= $wpdb->prepare(" AND {$wpdb->posts}.post_name = %s", $group_key );
			
	    }
	    
	    
	    // return
	    return $where;
	    
	}
	
	
	/*
function posts_request( $thing ) {
		
		return $thing;
	}
*/
	
}


/*
*  acf
*
*  The main function responsible for returning the one true acf Instance to functions everywhere.
*  Use this function like you would a global variable, except without needing to declare the global.
*
*  Example: <?php $acf = acf(); ?>
*
*  @type	function
*  @date	4/09/13
*  @since	4.3.0
*
*  @param	N/A
*  @return	(object)
*/

function acf() {

	global $acf;
	
	if( !isset($acf) ) {
	
		$acf = new acf();
		
		$acf->initialize();
		
	}
	
	return $acf;
	
}


// initialize
acf();


endif; // class_exists check

?>



1			<?php
2			/*
3			Plugin Name: Advanced Custom Fields Pro
4			Plugin URI: http://www.advancedcustomfields.com/
5			Description: Customise WordPress with powerful, professional and intuitive fields
6			Version: 5.3.3.1
7			Author: elliot condon
8			Author URI: http://www.elliotcondon.com/
9			Copyright: Elliot Condon
10			Text Domain: acf
11			Domain Path: /lang
12			*/
13
14			if( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
15
16			if( ! class_exists('acf') ) :
17
18			class acf {
19
20			// vars
21			var $settings;
22
23
24			/*
25			* __construct
26			*
27			* A dummy constructor to ensure ACF is only initialized once
28			*
29			* @type function
30			* @date 23/06/12
31			* @since 5.0.0
32			*
33			* @param N/A
34			* @return N/A
35			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `N/A` could not be parsed: Unknown type name "N/A" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
36
37			function __construct() {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
38
39			/* Do nothing here */
40
41			}
42
43
44			/*
45			* initialize
46			*
47			* The real constructor to initialize ACF
48			*
49			* @type function
50			* @date 28/09/13
51			* @since 5.0.0
52			*
53			* @param $post_id (int)
54			* @return $post_id (int)
55			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$post_id` could not be parsed: Unknown type name "$post_id" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
56
57			function initialize() {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
58
59			// vars
60			$this->settings = array(
61
62			// basic
63			'name' => __('Advanced Custom Fields', 'acf'),
64			'version' => '5.3.3.1',
65
66			// urls
67			'basename' => plugin_basename( __FILE__ ),
68			'path' => plugin_dir_path( __FILE__ ),
69			'dir' => plugin_dir_url( __FILE__ ),
70
71			// options
72			'show_admin' => true,
73			'show_updates' => true,
74			'stripslashes' => false,
75			'local' => true,
76			'json' => true,
77			'save_json' => '',
78			'load_json' => array(),
79			'default_language' => '',
80			'current_language' => '',
81			'capability' => 'manage_options',
82			'uploader' => 'wp',
83			'autoload' => false,
84			'l10n' => true,
85			'l10n_textdomain' => '',
86			'l10n_field' => array('label', 'instructions'),
87			'l10n_field_group' => array('title'),
88			);
89
90
91			// include helpers
92			include_once('api/api-helpers.php');
93
94
95			// api
96			acf_include('api/api-value.php');
97			acf_include('api/api-field.php');
98			acf_include('api/api-field-group.php');
99			acf_include('api/api-template.php');
100
101
102			// core
103			acf_include('core/ajax.php');
104			acf_include('core/field.php');
105			acf_include('core/input.php');
106			acf_include('core/json.php');
107			acf_include('core/local.php');
108			acf_include('core/location.php');
109			acf_include('core/media.php');
110			acf_include('core/revisions.php');
111			acf_include('core/compatibility.php');
112			acf_include('core/third_party.php');
113
114
115			// forms
116			acf_include('forms/attachment.php');
117			acf_include('forms/comment.php');
118			acf_include('forms/post.php');
119			acf_include('forms/taxonomy.php');
120			acf_include('forms/user.php');
121			acf_include('forms/widget.php');
122
123
124			// admin
125			if( is_admin() ) {
126
127			acf_include('admin/admin.php');
128			acf_include('admin/field-group.php');
129			acf_include('admin/field-groups.php');
130			acf_include('admin/update.php');
131			acf_include('admin/settings-tools.php');
132			//acf_include('admin/settings-addons.php');
133			acf_include('admin/settings-info.php');
134			}
135
136
137			// pro
138			acf_include('pro/acf-pro.php');
139
140
141			// actions
142			add_action('init', array($this, 'init'), 5);
143			add_action('init', array($this, 'register_post_types'), 5);
144			add_action('init', array($this, 'register_post_status'), 5);
145			add_action('init', array($this, 'register_assets'), 5);
146
147
148			// filters
149			add_filter('posts_where', array($this, 'posts_where'), 10, 2 );
150			//add_filter('posts_request', array($this, 'posts_request'), 10, 1 );
151
152			}
153
154
155			/*
156			* init
157			*
158			* This function will run after all plugins and theme functions have been included
159			*
160			* @type action (init)
161			* @date 28/09/13
162			* @since 5.0.0
163			*
164			* @param N/A
165			* @return N/A
166			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `N/A` could not be parsed: Unknown type name "N/A" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
167
168			function init() {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
169
170			// bail early if a plugin called get_field early
171			if( !did_action('plugins_loaded') ) return;
172
173
174			// bail early if already init
175			if( acf_get_setting('init') ) return;
176
177
178			// only run once
179			acf_update_setting('init', true);
180
181
182			// vars
183			$major = intval( acf_get_setting('version') );
184
185
186			// redeclare dir
187			// - allow another plugin to modify dir (maybe force SSL)
188			acf_update_setting('dir', plugin_dir_url( __FILE__ ));
189
190
191			// set text domain
192			load_textdomain( 'acf', acf_get_path( 'lang/acf-' . get_locale() . '.mo' ) );
193
194
195			// include wpml support
196			if( defined('ICL_SITEPRESS_VERSION') ) {
197
198			acf_include('core/wpml.php');
199
200			}
201
202
203			// field types
204			acf_include('fields/text.php');
205			acf_include('fields/textarea.php');
206			acf_include('fields/number.php');
207			acf_include('fields/email.php');
208			acf_include('fields/url.php');
209			acf_include('fields/password.php');
210			acf_include('fields/wysiwyg.php');
211			acf_include('fields/oembed.php');
212			acf_include('fields/image.php');
213			acf_include('fields/file.php');
214			acf_include('fields/select.php');
215			acf_include('fields/checkbox.php');
216			acf_include('fields/radio.php');
217			acf_include('fields/true_false.php');
218			acf_include('fields/post_object.php');
219			acf_include('fields/page_link.php');
220			acf_include('fields/relationship.php');
221			acf_include('fields/taxonomy.php');
222			acf_include('fields/user.php');
223			acf_include('fields/google-map.php');
224			acf_include('fields/date_picker.php');
225			acf_include('fields/color_picker.php');
226			acf_include('fields/message.php');
227			acf_include('fields/tab.php');
228
229
230			// 3rd party field types
231			do_action('acf/include_field_types', $major);
232
233
234			// local fields
235			do_action('acf/include_fields', $major);
236
237
238			// action for 3rd party
239			do_action('acf/init');
240
241			}
242
243
244			/*
245			* register_post_types
246			*
247			* This function will register post types and statuses
248			*
249			* @type function
250			* @date 22/10/2015
251			* @since 5.3.2
252			*
253			* @param n/a
254			* @return n/a
255			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `n/a` could not be parsed: Unknown type name "n/a" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
256
257			function register_post_types() {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
258
259			// vars
260			$cap = acf_get_setting('capability');
261
262
263			// register post type 'acf-field-group'
264			register_post_type('acf-field-group', array(
265			'labels' => array(
266			'name' => __( 'Field Groups', 'acf' ),
267			'singular_name' => __( 'Field Group', 'acf' ),
268			'add_new' => __( 'Add New' , 'acf' ),
269			'add_new_item' => __( 'Add New Field Group' , 'acf' ),
270			'edit_item' => __( 'Edit Field Group' , 'acf' ),
271			'new_item' => __( 'New Field Group' , 'acf' ),
272			'view_item' => __( 'View Field Group', 'acf' ),
273			'search_items' => __( 'Search Field Groups', 'acf' ),
274			'not_found' => __( 'No Field Groups found', 'acf' ),
275			'not_found_in_trash' => __( 'No Field Groups found in Trash', 'acf' ),
276			),
277			'public' => false,
278			'show_ui' => true,
279			'_builtin' => false,
280			'capability_type' => 'post',
281			'capabilities' => array(
282			'edit_post' => $cap,
283			'delete_post' => $cap,
284			'edit_posts' => $cap,
285			'delete_posts' => $cap,
286			),
287			'hierarchical' => true,
288			'rewrite' => false,
289			'query_var' => false,
290			'supports' => array('title'),
291			'show_in_menu' => false,
292			));
293
294
295			// register post type 'acf-field'
296			register_post_type('acf-field', array(
297			'labels' => array(
298			'name' => __( 'Fields', 'acf' ),
299			'singular_name' => __( 'Field', 'acf' ),
300			'add_new' => __( 'Add New' , 'acf' ),
301			'add_new_item' => __( 'Add New Field' , 'acf' ),
302			'edit_item' => __( 'Edit Field' , 'acf' ),
303			'new_item' => __( 'New Field' , 'acf' ),
304			'view_item' => __( 'View Field', 'acf' ),
305			'search_items' => __( 'Search Fields', 'acf' ),
306			'not_found' => __( 'No Fields found', 'acf' ),
307			'not_found_in_trash' => __( 'No Fields found in Trash', 'acf' ),
308			),
309			'public' => false,
310			'show_ui' => false,
311			'_builtin' => false,
312			'capability_type' => 'post',
313			'capabilities' => array(
314			'edit_post' => $cap,
315			'delete_post' => $cap,
316			'edit_posts' => $cap,
317			'delete_posts' => $cap,
318			),
319			'hierarchical' => true,
320			'rewrite' => false,
321			'query_var' => false,
322			'supports' => array('title'),
323			'show_in_menu' => false,
324			));
325
326			}
327
328
329			/*
330			* register_post_status
331			*
332			* This function will register custom post statuses
333			*
334			* @type function
335			* @date 22/10/2015
336			* @since 5.3.2
337			*
338			* @param $post_id (int)
339			* @return $post_id (int)
340			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$post_id` could not be parsed: Unknown type name "$post_id" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
341
342			function register_post_status() {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
343
344			// acf-disabled
345			register_post_status('acf-disabled', array(
346			'label' => __( 'Disabled', 'acf' ),
347			'public' => true,
348			'exclude_from_search' => false,
349			'show_in_admin_all_list' => true,
350			'show_in_admin_status_list' => true,
351			'label_count' => _n_noop( 'Disabled <span class="count">(%s)</span>', 'Disabled <span class="count">(%s)</span>', 'acf' ),
352			));
353
354			}
355
356
357			/*
358			* register_assets
359			*
360			* This function will register scripts and styles
361			*
362			* @type function
363			* @date 22/10/2015
364			* @since 5.3.2
365			*
366			* @param n/a
367			* @return n/a
368			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `n/a` could not be parsed: Unknown type name "n/a" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
369
370			function register_assets() {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
371
372			// vars
373			$version = acf_get_setting('version');
374			$lang = get_locale();
			0 ignored issues – show Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$lang` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
375			$min = defined('SCRIPT_DEBUG') && SCRIPT_DEBUG ? '' : '.min';
376
377
378			// scripts
379			wp_register_script('acf-input', acf_get_dir("assets/js/acf-input{$min}.js"), array('jquery', 'jquery-ui-core', 'jquery-ui-sortable', 'jquery-ui-resizable'), $version );
380			wp_register_script('acf-field-group', acf_get_dir("assets/js/acf-field-group{$min}.js"), array('acf-input'), $version );
381
382
383			// styles
384			wp_register_style('acf-global', acf_get_dir('assets/css/acf-global.css'), array(), $version );
385			wp_register_style('acf-input', acf_get_dir('assets/css/acf-input.css'), array('acf-global'), $version );
386			wp_register_style('acf-field-group', acf_get_dir('assets/css/acf-field-group.css'), array('acf-input'), $version );
387
388			}
389
390
391			/*
392			* posts_where
393			*
394			* This function will add in some new parameters to the WP_Query args allowing fields to be found via key / name
395			*
396			* @type filter
397			* @date 5/12/2013
398			* @since 5.0.0
399			*
400			* @param $where (string)
401			* @param $wp_query (object)
402			* @return $where (string)
403			*/
			0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$where` could not be parsed: Unknown type name "$where" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
404
405			function posts_where( $where, $wp_query ) {
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
406
407			// global
408			global $wpdb;
409
410
411			// acf_field_key
412			if( $field_key = $wp_query->get('acf_field_key') ) {
413
414			$where .= $wpdb->prepare(" AND {$wpdb->posts}.post_name = %s", $field_key );
415
416			}
417
418
419			// acf_field_name
420			if( $field_name = $wp_query->get('acf_field_name') ) {
421
422			$where .= $wpdb->prepare(" AND {$wpdb->posts}.post_excerpt = %s", $field_name );
423
424			}
425
426
427			// acf_group_key
428			if( $group_key = $wp_query->get('acf_group_key') ) {
429
430			$where .= $wpdb->prepare(" AND {$wpdb->posts}.post_name = %s", $group_key );
431
432			}
433
434
435			// return
436			return $where;
437
438			}
439
440
441			/*
442			function posts_request( $thing ) {
443
444			return $thing;
445			}
446			*/
447
448			}
449
450
451			/*
452			* acf
453			*
454			* The main function responsible for returning the one true acf Instance to functions everywhere.
455			* Use this function like you would a global variable, except without needing to declare the global.
456			*
457			* Example: <?php $acf = acf(); ?>
458			*
459			* @type function
460			* @date 4/09/13
461			* @since 4.3.0
462			*
463			* @param N/A
464			* @return (object)
465			*/
466
467			function acf() {
468
469			global $acf;
470
471			if( !isset($acf) ) {
472
473			$acf = new acf();
474
475			$acf->initialize();
476
477			}
478
479			return $acf;
480
481			}
482
483
484			// initialize
485			acf();
486
487
488			endif; // class_exists check
489
490			?>
			0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
491

rousnay / lighthouse

Issues (1378)

Security Analysis not enabled

includes/acf/acf.php (16 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like