Issues in api-value.php (master) - Issues in master - rousnay/lighthouse - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1378)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/acf/api/api-value.php (11 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
*  acf_get_metadata
*
*  This function will get a value from the DB
*
*  @type	function
*  @date	16/10/2015
*  @since	5.2.3
*
*  @param	$post_id (mixed)
*  @param	$name (string)
*  @param	$hidden (boolean)
*  @return	$return (mixed)
*/


function acf_get_metadata( $post_id = 0, $name = '', $hidden = false ) {
	
	// vars
	$value = null;
	
	
	// add prefix for hidden meta
	if( $hidden ) {
		
		$name = '_' . $name;
		
	}
	
	
	// post
	if( is_numeric($post_id) ) {
		
		$meta = get_metadata( 'post', $post_id, $name, false );
		
		if( isset($meta[0]) ) {
		
		 	$value = $meta[0];
		 	
	 	}
	
	// user
	} elseif( substr($post_id, 0, 5) == 'user_' ) {
		
		$user_id = (int) substr($post_id, 5);
		
		$meta = get_metadata( 'user', $user_id, $name, false );
		
		if( isset($meta[0]) ) {
		
		 	$value = $meta[0];
		 	
	 	}
	
	// comment
	} elseif( substr($post_id, 0, 8) == 'comment_' ) {
		
		$comment_id = (int) substr($post_id, 8);
		
		$meta = get_metadata( 'comment', $comment_id, $name, false );
		
		if( isset($meta[0]) ) {
		
		 	$value = $meta[0];
		 	
	 	}
	 	
	} else {

		
		// modify prefix for hidden meta
		if( $hidden ) {
			
			$post_id = '_' . $post_id;
			$name = substr($name, 1);
			
		}
		
		$value = get_option( $post_id . '_' . $name, null );
		
	}
		
	
	// return
	return $value;
	
}


/*
*  acf_update_metadata
*
*  This function will update a value from the DB
*
*  @type	function
*  @date	16/10/2015
*  @since	5.2.3
*
*  @param	$post_id (mixed)
*  @param	$name (string)
*  @param	$value (mixed)
*  @param	$hidden (boolean)
*  @return	$return (boolean)
*/


function acf_update_metadata( $post_id = 0, $name = '', $value = '', $hidden = false ) {
	
	// vars
	$return = false;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
	
	
	// add prefix for hidden meta
	if( $hidden ) {
		
		$name = '_' . $name;
		
	}
	
	
	// postmeta
	if( is_numeric($post_id) ) {
		
		$return = update_metadata('post', $post_id, $name, $value );
	
	// usermeta
	} elseif( substr($post_id, 0, 5) == 'user_' ) {
		
		$user_id = (int) substr($post_id, 5);
		
		$return = update_metadata('user', $user_id, $name, $value);
		
	// commentmeta
	} elseif( substr($post_id, 0, 8) == 'comment_' ) {
		
		$comment_id = (int) substr($post_id, 8);
		
		$return = update_metadata('comment', $comment_id, $name, $value);
	
	// options	
	} else {

		
		// modify prefix for hidden meta
		if( $hidden ) {
			
			$post_id = '_' . $post_id;
			$name = substr($name, 1);
			
		}
		
		$return = acf_update_option( $post_id . '_' . $name, $value );
		
	}
	
	
	// return
	return (boolean) $return;
	
}


/*
*  acf_delete_metadata
*
*  This function will delete a value from the DB
*
*  @type	function
*  @date	16/10/2015
*  @since	5.2.3
*
*  @param	$post_id (mixed)
*  @param	$name (string)
*  @param	$hidden (boolean)
*  @return	$return (boolean)
*/


function acf_delete_metadata( $post_id = 0, $name = '', $hidden = false ) {
	
	// vars
	$return = false;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
	
	
	// add prefix for hidden meta
	if( $hidden ) {
		
		$name = '_' . $name;
		
	}
	
	
	// postmeta
	if( is_numeric($post_id) ) {
		
		$return = delete_metadata('post', $post_id, $name );
	
	// usermeta
	} elseif( substr($post_id, 0, 5) == 'user_' ) {
		
		$user_id = (int) substr($post_id, 5);
		
		$return = delete_metadata('user', $user_id, $name);
		
	// commentmeta
	} elseif( substr($post_id, 0, 8) == 'comment_' ) {
		
		$comment_id = (int) substr($post_id, 8);
		
		$return = delete_metadata('comment', $comment_id, $name);
	
	// options	
	} else {

		
		// modify prefix for hidden meta
		if( $hidden ) {
			
			$post_id = '_' . $post_id;
			$name = substr($name, 1);
			
		}
		
		$return = delete_option( $post_id . '_' . $name );
		
	}
	
	
	// return
	return $return;
	
}


/*
*  acf_update_option
*
*  This function is a wrapper for the WP update_option but provides logic for a 'no' autoload
*
*  @type	function
*  @date	4/01/2014
*  @since	5.0.0
*
*  @param	$option (string)
*  @param	$value (mixed)
*  @param	autoload (mixed)
*  @return	(boolean)
*/

function acf_update_option( $option = '', $value = '', $autoload = null ) {
	
	// vars
	$deprecated = '';
	$return = false;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
	
	
	// autoload
	if( $autoload === null ){
		
		$autoload = acf_get_setting('autoload') ? 'yes' : 'no';
		
	}
	
	
	// for some reason, update_option does not use stripslashes_deep.
	// update_metadata -> http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/meta.php#L82: line 101 (does use stripslashes_deep)
	// update_option -> http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/option.php#L0: line 215 (does not use stripslashes_deep)
	$value = stripslashes_deep($value);
		
		
	// add or update
	if( get_option($option) !== false ) {
	
	    $return = update_option( $option, $value );
	    
	} else {
		
		$return = add_option( $option, $value, $deprecated, $autoload );
		
	}
	
	
	// return
	return $return;
	
}


/*
*  acf_get_value
*
*  This function will load in a field's value
*
*  @type	function
*  @date	28/09/13
*  @since	5.0.0
*
*  @param	$post_id (int)
*  @param	$field (array)
*  @return	(mixed)
*/

function acf_get_value( $post_id = 0, $field ) {
	
	// bail early if no $post_id (acf_form - new_post)
	if( !$post_id ) return null;
	
	
	// try cache
	$found = false;
	$cache = wp_cache_get( "load_value/post_id={$post_id}/name={$field['name']}", 'acf', false, $found );
	
	if( $found ) {
	
		return $cache;
		
	}
	
	
	// load value
	$value = acf_get_metadata( $post_id, $field['name'] );
	
	
	// if value was duplicated, it may now be a serialized string!
	$value = maybe_unserialize( $value );
	
	
	// no value? try default_value
	if( $value === null && isset($field['default_value']) ) {
		
		$value = $field['default_value'];
		
	}
	
	
	// filter for 3rd party customization
	$value = apply_filters( "acf/load_value", $value, $post_id, $field );
	$value = apply_filters( "acf/load_value/type={$field['type']}", $value, $post_id, $field );
	$value = apply_filters( "acf/load_value/name={$field['name']}", $value, $post_id, $field );
	$value = apply_filters( "acf/load_value/key={$field['key']}", $value, $post_id, $field );
	
	
	// update cache
	wp_cache_set( "load_value/post_id={$post_id}/name={$field['name']}", $value, 'acf' );

	
	// return
	return $value;
	
}


/*
*  acf_format_value
*
*  This function will format the value for front end use
*
*  @type	function
*  @date	3/07/2014
*  @since	5.0.0
*
*  @param	$value (mixed)
*  @param	$post_id (mixed)
*  @param	$field (array)
*  @return	$value
*/


function acf_format_value( $value, $post_id, $field ) {
	
	// apply filters
	$value = apply_filters( "acf/format_value", $value, $post_id, $field );
	$value = apply_filters( "acf/format_value/type={$field['type']}", $value, $post_id, $field );
	$value = apply_filters( "acf/format_value/name={$field['name']}", $value, $post_id, $field );
	$value = apply_filters( "acf/format_value/key={$field['key']}", $value, $post_id, $field );
	
	
	// return
	return $value;
	
} 


/*
*  acf_update_value
*
*  updates a value into the db
*
*  @type	action
*  @date	23/01/13
*
*  @param	$value (mixed)
*  @param	$post_id (mixed)
*  @param	$field (array)
*  @return	(boolean)
*/

function acf_update_value( $value = null, $post_id = 0, $field ) {
	
	// strip slashes
	if( acf_get_setting('stripslashes') ) {
		
		$value = stripslashes_deep($value);
		
	}
	
	
	// filter for 3rd party customization
	$value = apply_filters( "acf/update_value", $value, $post_id, $field );
	$value = apply_filters( "acf/update_value/type={$field['type']}", $value, $post_id, $field );
	$value = apply_filters( "acf/update_value/name={$field['name']}", $value, $post_id, $field );
	$value = apply_filters( "acf/update_value/key={$field['key']}", $value, $post_id, $field );
	

	// update value
	$return = acf_update_metadata( $post_id, $field['name'], $value );
	
	
	// update reference
	acf_update_metadata( $post_id, $field['name'], $field['key'], true );
	
	
	// clear cache
	wp_cache_delete( "load_value/post_id={$post_id}/name={$field['name']}", 'acf' );

	
	// return
	return $return;
	
}


/*
*  acf_delete_value
*
*  This function will delete a value from the database
*
*  @type	function
*  @date	28/09/13
*  @since	5.0.0
*
*  @param	$post_id (mixed)
*  @param	$field (array)
*  @return	(boolean)
*/

function acf_delete_value( $post_id = 0, $field ) {
	
	// action for 3rd party customization
	do_action("acf/delete_value", $post_id, $field['name'], $field);
	do_action("acf/delete_value/type={$field['type']}", $post_id, $field['name'], $field);
	do_action("acf/delete_value/name={$field['_name']}", $post_id, $field['name'], $field);
	do_action("acf/delete_value/key={$field['key']}", $post_id, $field['name'], $field);
	
	
	// delete value
	$return = acf_delete_metadata( $post_id, $field['name'] );
	
	
	// delete reference
	acf_delete_metadata( $post_id, $field['name'], true );
	
	
	// clear cache
	wp_cache_delete( "load_value/post_id={$post_id}/name={$field['name']}", 'acf' );
	
	
	// return
	return $return;
	
}

?>



1		<?php
2
3		/*
4		* acf_get_metadata
5		*
6		* This function will get a value from the DB
7		*
8		* @type function
9		* @date 16/10/2015
10		* @since 5.2.3
11		*
12		* @param $post_id (mixed)
13		* @param $name (string)
14		* @param $hidden (boolean)
15		* @return $return (mixed)
16		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$return` could not be parsed: Unknown type name "$return" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
17
18		function acf_get_metadata( $post_id = 0, $name = '', $hidden = false ) {
19
20		// vars
21		$value = null;
22
23
24		// add prefix for hidden meta
25		if( $hidden ) {
26
27		$name = '_' . $name;
28
29		}
30
31
32		// post
33		if( is_numeric($post_id) ) {
34
35		$meta = get_metadata( 'post', $post_id, $name, false );
36
37		if( isset($meta[0]) ) {
38
39		$value = $meta[0];
40
41		}
42
43		// user
44		} elseif( substr($post_id, 0, 5) == 'user_' ) {
45
46		$user_id = (int) substr($post_id, 5);
47
48		$meta = get_metadata( 'user', $user_id, $name, false );
49
50		if( isset($meta[0]) ) {
51
52		$value = $meta[0];
53
54		}
55
56		// comment
57		} elseif( substr($post_id, 0, 8) == 'comment_' ) {
58
59		$comment_id = (int) substr($post_id, 8);
60
61		$meta = get_metadata( 'comment', $comment_id, $name, false );
62
63		if( isset($meta[0]) ) {
64
65		$value = $meta[0];
66
67		}
68
69	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
70
71		// modify prefix for hidden meta
72		if( $hidden ) {
73
74		$post_id = '_' . $post_id;
75		$name = substr($name, 1);
76
77		}
78
79		$value = get_option( $post_id . '_' . $name, null );
80
81		}
82
83
84		// return
85		return $value;
86
87		}
88
89
90		/*
91		* acf_update_metadata
92		*
93		* This function will update a value from the DB
94		*
95		* @type function
96		* @date 16/10/2015
97		* @since 5.2.3
98		*
99		* @param $post_id (mixed)
100		* @param $name (string)
101		* @param $value (mixed)
102		* @param $hidden (boolean)
103		* @return $return (boolean)
104		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$return` could not be parsed: Unknown type name "$return" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
105
106		function acf_update_metadata( $post_id = 0, $name = '', $value = '', $hidden = false ) {
107
108		// vars
109		$return = false;
		0 ignored issues – show Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$return` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
110
111
112		// add prefix for hidden meta
113		if( $hidden ) {
114
115		$name = '_' . $name;
116
117		}
118
119
120		// postmeta
121		if( is_numeric($post_id) ) {
122
123		$return = update_metadata('post', $post_id, $name, $value );
124
125		// usermeta
126		} elseif( substr($post_id, 0, 5) == 'user_' ) {
127
128		$user_id = (int) substr($post_id, 5);
129
130		$return = update_metadata('user', $user_id, $name, $value);
131
132		// commentmeta
133		} elseif( substr($post_id, 0, 8) == 'comment_' ) {
134
135		$comment_id = (int) substr($post_id, 8);
136
137		$return = update_metadata('comment', $comment_id, $name, $value);
138
139		// options
140	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
141
142		// modify prefix for hidden meta
143		if( $hidden ) {
144
145		$post_id = '_' . $post_id;
146		$name = substr($name, 1);
147
148		}
149
150		$return = acf_update_option( $post_id . '_' . $name, $value );
151
152		}
153
154
155		// return
156		return (boolean) $return;
157
158		}
159
160
161		/*
162		* acf_delete_metadata
163		*
164		* This function will delete a value from the DB
165		*
166		* @type function
167		* @date 16/10/2015
168		* @since 5.2.3
169		*
170		* @param $post_id (mixed)
171		* @param $name (string)
172		* @param $hidden (boolean)
173		* @return $return (boolean)
174		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$return` could not be parsed: Unknown type name "$return" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
175
176		function acf_delete_metadata( $post_id = 0, $name = '', $hidden = false ) {
177
178		// vars
179		$return = false;
		0 ignored issues – show Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$return` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
180
181
182		// add prefix for hidden meta
183		if( $hidden ) {
184
185		$name = '_' . $name;
186
187		}
188
189
190		// postmeta
191		if( is_numeric($post_id) ) {
192
193		$return = delete_metadata('post', $post_id, $name );
194
195		// usermeta
196		} elseif( substr($post_id, 0, 5) == 'user_' ) {
197
198		$user_id = (int) substr($post_id, 5);
199
200		$return = delete_metadata('user', $user_id, $name);
201
202		// commentmeta
203		} elseif( substr($post_id, 0, 8) == 'comment_' ) {
204
205		$comment_id = (int) substr($post_id, 8);
206
207		$return = delete_metadata('comment', $comment_id, $name);
208
209		// options
210	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
211
212		// modify prefix for hidden meta
213		if( $hidden ) {
214
215		$post_id = '_' . $post_id;
216		$name = substr($name, 1);
217
218		}
219
220		$return = delete_option( $post_id . '_' . $name );
221
222		}
223
224
225		// return
226		return $return;
227
228		}
229
230
231		/*
232		* acf_update_option
233		*
234		* This function is a wrapper for the WP update_option but provides logic for a 'no' autoload
235		*
236		* @type function
237		* @date 4/01/2014
238		* @since 5.0.0
239		*
240		* @param $option (string)
241		* @param $value (mixed)
242		* @param autoload (mixed)
243		* @return (boolean)
244		*/
245
246		function acf_update_option( $option = '', $value = '', $autoload = null ) {
247
248		// vars
249		$deprecated = '';
250		$return = false;
		0 ignored issues – show Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$return` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
251
252
253		// autoload
254		if( $autoload === null ){
255
256		$autoload = acf_get_setting('autoload') ? 'yes' : 'no';
257
258		}
259
260
261		// for some reason, update_option does not use stripslashes_deep.
262		// update_metadata -> http://core.trac.wordpress.org/browser/tags/3.4.2/wp-includes/meta.php#L82: line 101 (does use stripslashes_deep)
263		// update_option -> http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/option.php#L0: line 215 (does not use stripslashes_deep)
264		$value = stripslashes_deep($value);
265
266
267		// add or update
268		if( get_option($option) !== false ) {
269
270		$return = update_option( $option, $value );
271
272		} else {
273
274		$return = add_option( $option, $value, $deprecated, $autoload );
275
276		}
277
278
279		// return
280		return $return;
281
282		}
283
284
285		/*
286		* acf_get_value
287		*
288		* This function will load in a field's value
289		*
290		* @type function
291		* @date 28/09/13
292		* @since 5.0.0
293		*
294		* @param $post_id (int)
295		* @param $field (array)
296		* @return (mixed)
297		*/
298
299		function acf_get_value( $post_id = 0, $field ) {
300
301		// bail early if no $post_id (acf_form - new_post)
302		if( !$post_id ) return null;
303
304
305		// try cache
306		$found = false;
307		$cache = wp_cache_get( "load_value/post_id={$post_id}/name={$field['name']}", 'acf', false, $found );
308
309		if( $found ) {
310
311		return $cache;
312
313		}
314
315
316		// load value
317		$value = acf_get_metadata( $post_id, $field['name'] );
318
319
320		// if value was duplicated, it may now be a serialized string!
321		$value = maybe_unserialize( $value );
322
323
324		// no value? try default_value
325		if( $value === null && isset($field['default_value']) ) {
326
327		$value = $field['default_value'];
328
329		}
330
331
332		// filter for 3rd party customization
333		$value = apply_filters( "acf/load_value", $value, $post_id, $field );
334		$value = apply_filters( "acf/load_value/type={$field['type']}", $value, $post_id, $field );
335		$value = apply_filters( "acf/load_value/name={$field['name']}", $value, $post_id, $field );
336		$value = apply_filters( "acf/load_value/key={$field['key']}", $value, $post_id, $field );
337
338
339		// update cache
340		wp_cache_set( "load_value/post_id={$post_id}/name={$field['name']}", $value, 'acf' );
341
342
343		// return
344		return $value;
345
346		}
347
348
349		/*
350		* acf_format_value
351		*
352		* This function will format the value for front end use
353		*
354		* @type function
355		* @date 3/07/2014
356		* @since 5.0.0
357		*
358		* @param $value (mixed)
359		* @param $post_id (mixed)
360		* @param $field (array)
361		* @return $value
362		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$value` could not be parsed: Unknown type name "$value" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
363
364		function acf_format_value( $value, $post_id, $field ) {
365
366		// apply filters
367		$value = apply_filters( "acf/format_value", $value, $post_id, $field );
368		$value = apply_filters( "acf/format_value/type={$field['type']}", $value, $post_id, $field );
369		$value = apply_filters( "acf/format_value/name={$field['name']}", $value, $post_id, $field );
370		$value = apply_filters( "acf/format_value/key={$field['key']}", $value, $post_id, $field );
371
372
373		// return
374		return $value;
375
376		}
377
378
379		/*
380		* acf_update_value
381		*
382		* updates a value into the db
383		*
384		* @type action
385		* @date 23/01/13
386		*
387		* @param $value (mixed)
388		* @param $post_id (mixed)
389		* @param $field (array)
390		* @return (boolean)
391		*/
392
393		function acf_update_value( $value = null, $post_id = 0, $field ) {
394
395		// strip slashes
396		if( acf_get_setting('stripslashes') ) {
397
398		$value = stripslashes_deep($value);
399
400		}
401
402
403		// filter for 3rd party customization
404		$value = apply_filters( "acf/update_value", $value, $post_id, $field );
405		$value = apply_filters( "acf/update_value/type={$field['type']}", $value, $post_id, $field );
406		$value = apply_filters( "acf/update_value/name={$field['name']}", $value, $post_id, $field );
407		$value = apply_filters( "acf/update_value/key={$field['key']}", $value, $post_id, $field );
408
409
410		// update value
411		$return = acf_update_metadata( $post_id, $field['name'], $value );
412
413
414		// update reference
415		acf_update_metadata( $post_id, $field['name'], $field['key'], true );
416
417
418		// clear cache
419		wp_cache_delete( "load_value/post_id={$post_id}/name={$field['name']}", 'acf' );
420
421
422		// return
423		return $return;
424
425		}
426
427
428		/*
429		* acf_delete_value
430		*
431		* This function will delete a value from the database
432		*
433		* @type function
434		* @date 28/09/13
435		* @since 5.0.0
436		*
437		* @param $post_id (mixed)
438		* @param $field (array)
439		* @return (boolean)
440		*/
441
442		function acf_delete_value( $post_id = 0, $field ) {
443
444		// action for 3rd party customization
445		do_action("acf/delete_value", $post_id, $field['name'], $field);
446		do_action("acf/delete_value/type={$field['type']}", $post_id, $field['name'], $field);
447		do_action("acf/delete_value/name={$field['_name']}", $post_id, $field['name'], $field);
448		do_action("acf/delete_value/key={$field['key']}", $post_id, $field['name'], $field);
449
450
451		// delete value
452		$return = acf_delete_metadata( $post_id, $field['name'] );
453
454
455		// delete reference
456		acf_delete_metadata( $post_id, $field['name'], true );
457
458
459		// clear cache
460		wp_cache_delete( "load_value/post_id={$post_id}/name={$field['name']}", 'acf' );
461
462
463		// return
464		return $return;
465
466		}
467
468		?>
		0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
469

rousnay / lighthouse

Issues (1378)

Security Analysis not enabled

includes/acf/api/api-value.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like