Issues in image.php (master) - Issues in master - rousnay/lighthouse - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1378)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/acf/fields/image.php (21 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
*  ACF Image Field Class
*
*  All the logic for this field type
*
*  @class 		acf_field_image
*  @extends		acf_field
*  @package		ACF
*  @subpackage	Fields
*/

if( ! class_exists('acf_field_image') ) :

class acf_field_image extends acf_field {
	
	
	/*
	*  __construct
	*
	*  This function will setup the field type data
	*
	*  @type	function
	*  @date	5/03/2014
	*  @since	5.0.0
	*
	*  @param	n/a
	*  @return	n/a
	*/

	
	function __construct() {

		
		// vars
		$this->name = 'image';
		$this->label = __("Image",'acf');
class MyClass { }

$x = new MyClass();
$x->foo = true;
		$this->category = 'content';
		$this->defaults = array(
			'return_format'	=> 'array',
			'preview_size'	=> 'thumbnail',
			'library'		=> 'all',
			'min_width'		=> 0,
			'min_height'	=> 0,
			'min_size'		=> 0,
			'max_width'		=> 0,
			'max_height'	=> 0,
			'max_size'		=> 0,
			'mime_types'	=> ''
		);
		$this->l10n = array(
			'select'		=> __("Select Image",'acf'),
			'edit'			=> __("Edit Image",'acf'),
			'update'		=> __("Update Image",'acf'),
			'uploadedTo'	=> __("Uploaded to this post",'acf'),
			'all'			=> __("All images",'acf'),
		);
		
		
		// filters
		add_filter('get_media_item_args',				array($this, 'get_media_item_args'));
		add_filter('wp_prepare_attachment_for_js',		array($this, 'wp_prepare_attachment_for_js'), 10, 3);
		
		
		// do not delete!
    	parent::__construct();
    
    }
    
	
	/*
	*  render_field()
	*
	*  Create the HTML interface for your field
	*
	*  @param	$field - an array holding all the field's data
	*
	*  @type	action
	*  @since	3.6
	*  @date	23/01/13
	*/
	
	function render_field( $field ) {

		
		// vars
		$uploader = acf_get_setting('uploader');
		
		
		// enqueue
		if( $uploader == 'wp' ) {
			
			acf_enqueue_uploader();
			
		}
		
		
		// vars
		$url = '';
		$div = array(
			'class'					=> 'acf-image-uploader acf-cf',
			'data-preview_size'		=> $field['preview_size'],
			'data-library'			=> $field['library'],
			'data-mime_types'		=> $field['mime_types'],
			'data-uploader'			=> $uploader
		);
		
		
		// has value?
		if( $field['value'] && is_numeric($field['value']) ) {
			
			$url = wp_get_attachment_image_src($field['value'], $field['preview_size']);
			
			if( $url ) {
				
				$url = $url[0];
			
				$div['class'] .= ' has-value';
			
			}
						
		}
		
?>
<div <?php acf_esc_attr_e( $div ); ?>>
	<div class="acf-hidden">
		<?php acf_hidden_input(array( 'name' => $field['name'], 'value' => $field['value'], 'data-name' => 'id' )); ?>
	</div>
	<div class="view show-if-value acf-soh">
		<img data-name="image" src="<?php echo $url; ?>" alt=""/>
		<ul class="acf-hl acf-soh-target">
			<?php if( $uploader != 'basic' ): ?>
				<li><a class="acf-icon -pencil dark" data-name="edit" href="#"></a></li>
			<?php endif; ?>
			<li><a class="acf-icon -cancel dark" data-name="remove" href="#"></a></li>
		</ul>
	</div>
	<div class="view hide-if-value">
		<?php if( $uploader == 'basic' ): ?>

			
			<?php if( $field['value'] && !is_numeric($field['value']) ): ?>
				<div class="acf-error-message"><p><?php echo $field['value']; ?></p></div>
			<?php endif; ?>
			
			<input type="file" name="<?php echo $field['name']; ?>" id="<?php echo $field['id']; ?>" />
			
		<?php else: ?>
			
			<p style="margin:0;"><?php _e('No image selected','acf'); ?> <a data-name="add" class="acf-button" href="#"><?php _e('Add Image','acf'); ?></a></p>
			
		<?php endif; ?>
	</div>
</div>
<?php
		
	}
	
	
	/*
	*  render_field_settings()
	*
	*  Create extra options for your field. This is rendered when editing a field.
	*  The value of $field['name'] can be used (like bellow) to save extra data to the $field
	*
	*  @type	action
	*  @since	3.6
	*  @date	23/01/13
	*
	*  @param	$field	- an array holding all the field's data
	*/
	
	function render_field_settings( $field ) {

		
		// clear numeric settings
		$clear = array(
			'min_width',
			'min_height',
			'min_size',
			'max_width',
			'max_height',
			'max_size'
		);
		
		foreach( $clear as $k ) {
			
			if( empty($field[$k]) ) {
				
				$field[$k] = '';
				
			}
			
		}
		
		
		// return_format
		acf_render_field_setting( $field, array(
			'label'			=> __('Return Value','acf'),
			'instructions'	=> __('Specify the returned value on front end','acf'),
			'type'			=> 'radio',
			'name'			=> 'return_format',
			'layout'		=> 'horizontal',
			'choices'		=> array(
				'array'			=> __("Image Array",'acf'),
				'url'			=> __("Image URL",'acf'),
				'id'			=> __("Image ID",'acf')
			)
		));
		
		
		// preview_size
		acf_render_field_setting( $field, array(
			'label'			=> __('Preview Size','acf'),
			'instructions'	=> __('Shown when entering data','acf'),
			'type'			=> 'select',
			'name'			=> 'preview_size',
			'choices'		=> acf_get_image_sizes()
		));
		
		
		// library
		acf_render_field_setting( $field, array(
			'label'			=> __('Library','acf'),
			'instructions'	=> __('Limit the media library choice','acf'),
			'type'			=> 'radio',
			'name'			=> 'library',
			'layout'		=> 'horizontal',
			'choices' 		=> array(
				'all'			=> __('All', 'acf'),
				'uploadedTo'	=> __('Uploaded to post', 'acf')
			)
		));
		
		
		// min
		acf_render_field_setting( $field, array(
			'label'			=> __('Minimum','acf'),
			'instructions'	=> __('Restrict which images can be uploaded','acf'),
			'type'			=> 'text',
			'name'			=> 'min_width',
			'prepend'		=> __('Width', 'acf'),
			'append'		=> 'px',
		));
		
		acf_render_field_setting( $field, array(
			'label'			=> '',
			'type'			=> 'text',
			'name'			=> 'min_height',
			'prepend'		=> __('Height', 'acf'),
			'append'		=> 'px',
			'wrapper'		=> array(
				'data-append' => 'min_width'
			)
		));
		
		acf_render_field_setting( $field, array(
			'label'			=> '',
			'type'			=> 'text',
			'name'			=> 'min_size',
			'prepend'		=> __('File size', 'acf'),
			'append'		=> 'MB',
			'wrapper'		=> array(
				'data-append' => 'min_width'
			)
		));	
		
		
		// max
		acf_render_field_setting( $field, array(
			'label'			=> __('Maximum','acf'),
			'instructions'	=> __('Restrict which images can be uploaded','acf'),
			'type'			=> 'text',
			'name'			=> 'max_width',
			'prepend'		=> __('Width', 'acf'),
			'append'		=> 'px',
		));
		
		acf_render_field_setting( $field, array(
			'label'			=> '',
			'type'			=> 'text',
			'name'			=> 'max_height',
			'prepend'		=> __('Height', 'acf'),
			'append'		=> 'px',
			'wrapper'		=> array(
				'data-append' => 'max_width'
			)
		));
		
		acf_render_field_setting( $field, array(
			'label'			=> '',
			'type'			=> 'text',
			'name'			=> 'max_size',
			'prepend'		=> __('File size', 'acf'),
			'append'		=> 'MB',
			'wrapper'		=> array(
				'data-append' => 'max_width'
			)
		));	
		
		
		// allowed type
		acf_render_field_setting( $field, array(
			'label'			=> __('Allowed file types','acf'),
			'instructions'	=> __('Comma separated list. Leave blank for all types','acf'),
			'type'			=> 'text',
			'name'			=> 'mime_types',
		));
		
	}
	
	
	/*
	*  format_value()
	*
	*  This filter is appied to the $value after it is loaded from the db and before it is returned to the template
	*
	*  @type	filter
	*  @since	3.6
	*  @date	23/01/13
	*
	*  @param	$value (mixed) the value which was loaded from the database
	*  @param	$post_id (mixed) the $post_id from which the value was loaded
	*  @param	$field (array) the field array holding all the field options
	*
	*  @return	$value (mixed) the modified value
	*/

	
	function format_value( $value, $post_id, $field ) {

		
		// bail early if no value
		if( empty($value) ) {
		
			return false;
			
		}
		
		
		// bail early if not numeric (error message)
		if( !is_numeric($value) ) {
			
			return false;
				
		}
		
		
		// convert to int
		$value = intval($value);
		
		
		// format
		if( $field['return_format'] == 'url' ) {
		
			return wp_get_attachment_url( $value );
			
		} elseif( $field['return_format'] == 'array' ) {
			
			return acf_get_attachment( $value );
			
		}
		
		
		// return
		return $value;
		
	}
	
	
	/*
	*  get_media_item_args
	*
	*  description
	*
	*  @type	function
	*  @date	27/01/13
	*  @since	3.6.0
	*
	*  @param	$vars (array)
	*  @return	$vars
	*/

	
	function get_media_item_args( $vars ) {

	
	    $vars['send'] = true;
	    return($vars);
	    
	}
	
	
	/*
	*  image_size_names_choose
	*
	*  @description: 
	*  @since: 3.5.7
	*  @created: 13/01/13
	*/
	
	/*
function image_size_names_choose( $sizes )
	{
		global $_wp_additional_image_sizes;
			
		if( $_wp_additional_image_sizes )
		{
			foreach( $_wp_additional_image_sizes as $k => $v )
			{
				$title = $k;
				$title = str_replace('-', ' ', $title);
				$title = str_replace('_', ' ', $title);
				$title = ucwords( $title );
				
				$sizes[ $k ] = $title;
			}
			// foreach( $image_sizes as $image_size )
		}
		
        return $sizes;
	}
*/
	
	
	/*
	*  wp_prepare_attachment_for_js
	*
	*  this filter allows ACF to add in extra data to an attachment JS object
	*  This sneaky hook adds the missing sizes to each attachment in the 3.5 uploader. 
	*  It would be a lot easier to add all the sizes to the 'image_size_names_choose' filter but 
	*  then it will show up on the normal the_content editor
	*
	*  @type	function
	*  @since:	3.5.7
	*  @date	13/01/13
	*
	*  @param	{int}	$post_id
	*  @return	{int}	$post_id
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	*/

	
	function wp_prepare_attachment_for_js( $response, $attachment, $meta ) {

		
		// only for image
		if( $response['type'] != 'image' ) {
		
			return $response;
			
		}
		
		
		// make sure sizes exist. Perhaps they dont?
		if( !isset($meta['sizes']) ) {
		
			return $response;
			
		}
		
		
		$attachment_url = $response['url'];
		$base_url = str_replace( wp_basename( $attachment_url ), '', $attachment_url );
		
		if( isset($meta['sizes']) && is_array($meta['sizes']) ) {
		
			foreach( $meta['sizes'] as $k => $v ) {
			
				if( !isset($response['sizes'][ $k ]) ) {
				
					$response['sizes'][ $k ] = array(
						'height'      => $v['height'],
						'width'       => $v['width'],
						'url'         => $base_url .  $v['file'],
						'orientation' => $v['height'] > $v['width'] ? 'portrait' : 'landscape',
					);
				}
				
			}
			
		}

		return $response;
	}
	
	
	/*
	*  update_value()
	*
	*  This filter is appied to the $value before it is updated in the db
	*
	*  @type	filter
	*  @since	3.6
	*  @date	23/01/13
	*
	*  @param	$value - the value which will be saved in the database
	*  @param	$post_id - the $post_id of which the value will be saved
	*  @param	$field - the field array holding all the field options
	*
	*  @return	$value - the modified value
	*/

	
	function update_value( $value, $post_id, $field ) {

		
		// array?
		if( is_array($value) && isset($value['ID']) ) {
		
			return $value['ID'];	
			
		}
		
		
		// object?
		if( is_object($value) && isset($value->ID) ) {
		
			return $value->ID;
			
		}
		
		
		// return
		return $value;
	}
	
	
}

new acf_field_image();

endif;

?>


1		<?php
2
3		/*
4		* ACF Image Field Class
5		*
6		* All the logic for this field type
7		*
8		* @class acf_field_image
9		* @extends acf_field
10		* @package ACF
11		* @subpackage Fields
12		*/
13
14		if( ! class_exists('acf_field_image') ) :
15
16		class acf_field_image extends acf_field {
17
18
19		/*
20		* __construct
21		*
22		* This function will setup the field type data
23		*
24		* @type function
25		* @date 5/03/2014
26		* @since 5.0.0
27		*
28		* @param n/a
29		* @return n/a
30		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `n/a` could not be parsed: Unknown type name "n/a" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
31
32		function __construct() {
		0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
33
34		// vars
35		$this->name = 'image';
36		$this->label = __("Image",'acf');
		0 ignored issues – show Bug introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `label` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
37		$this->category = 'content';
38		$this->defaults = array(
39		'return_format' => 'array',
40		'preview_size' => 'thumbnail',
41		'library' => 'all',
42		'min_width' => 0,
43		'min_height' => 0,
44		'min_size' => 0,
45		'max_width' => 0,
46		'max_height' => 0,
47		'max_size' => 0,
48		'mime_types' => ''
49		);
50		$this->l10n = array(
51		'select' => __("Select Image",'acf'),
52		'edit' => __("Edit Image",'acf'),
53		'update' => __("Update Image",'acf'),
54		'uploadedTo' => __("Uploaded to this post",'acf'),
55		'all' => __("All images",'acf'),
56		);
57
58
59		// filters
60		add_filter('get_media_item_args', array($this, 'get_media_item_args'));
61		add_filter('wp_prepare_attachment_for_js', array($this, 'wp_prepare_attachment_for_js'), 10, 3);
62
63
64		// do not delete!
65		parent::__construct();
66
67		}
68
69
70		/*
71		* render_field()
72		*
73		* Create the HTML interface for your field
74		*
75		* @param $field - an array holding all the field's data
76		*
77		* @type action
78		* @since 3.6
79		* @date 23/01/13
80		*/
81
82		function render_field( $field ) {
		0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
83
84		// vars
85		$uploader = acf_get_setting('uploader');
86
87
88		// enqueue
89		if( $uploader == 'wp' ) {
90
91		acf_enqueue_uploader();
92
93		}
94
95
96		// vars
97		$url = '';
98		$div = array(
99		'class' => 'acf-image-uploader acf-cf',
100		'data-preview_size' => $field['preview_size'],
101		'data-library' => $field['library'],
102		'data-mime_types' => $field['mime_types'],
103		'data-uploader' => $uploader
104		);
105
106
107		// has value?
108		if( $field['value'] && is_numeric($field['value']) ) {
109
110		$url = wp_get_attachment_image_src($field['value'], $field['preview_size']);
111
112		if( $url ) {
113
114		$url = $url[0];
115
116		$div['class'] .= ' has-value';
117
118		}
119
120		}
121
122		?>
123		<div <?php acf_esc_attr_e( $div ); ?>>
124		<div class="acf-hidden">
125		<?php acf_hidden_input(array( 'name' => $field['name'], 'value' => $field['value'], 'data-name' => 'id' )); ?>
126		</div>
127		<div class="view show-if-value acf-soh">
128		<img data-name="image" src="<?php echo $url; ?>" alt=""/>
129		<ul class="acf-hl acf-soh-target">
130		<?php if( $uploader != 'basic' ): ?>
131		<li><a class="acf-icon -pencil dark" data-name="edit" href="#"></a></li>
132		<?php endif; ?>
133		<li><a class="acf-icon -cancel dark" data-name="remove" href="#"></a></li>
134		</ul>
135		</div>
136		<div class="view hide-if-value">
137	View Code Duplication	<?php if( $uploader == 'basic' ): ?>
		0 ignored issues – show Duplication introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
138
139		<?php if( $field['value'] && !is_numeric($field['value']) ): ?>
140		<div class="acf-error-message"><p><?php echo $field['value']; ?></p></div>
141		<?php endif; ?>
142
143		<input type="file" name="<?php echo $field['name']; ?>" id="<?php echo $field['id']; ?>" />
144
145		<?php else: ?>
146
147		<p style="margin:0;"><?php _e('No image selected','acf'); ?> <a data-name="add" class="acf-button" href="#"><?php _e('Add Image','acf'); ?></a></p>
148
149		<?php endif; ?>
150		</div>
151		</div>
152		<?php
153
154		}
155
156
157		/*
158		* render_field_settings()
159		*
160		* Create extra options for your field. This is rendered when editing a field.
161		* The value of $field['name'] can be used (like bellow) to save extra data to the $field
162		*
163		* @type action
164		* @since 3.6
165		* @date 23/01/13
166		*
167		* @param $field - an array holding all the field's data
168		*/
169
170		function render_field_settings( $field ) {
		0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
171
172		// clear numeric settings
173		$clear = array(
174		'min_width',
175		'min_height',
176		'min_size',
177		'max_width',
178		'max_height',
179		'max_size'
180		);
181
182		foreach( $clear as $k ) {
183
184		if( empty($field[$k]) ) {
185
186		$field[$k] = '';
187
188		}
189
190		}
191
192
193		// return_format
194		acf_render_field_setting( $field, array(
195		'label' => __('Return Value','acf'),
196		'instructions' => __('Specify the returned value on front end','acf'),
197		'type' => 'radio',
198		'name' => 'return_format',
199		'layout' => 'horizontal',
200		'choices' => array(
201		'array' => __("Image Array",'acf'),
202		'url' => __("Image URL",'acf'),
203		'id' => __("Image ID",'acf')
204		)
205		));
206
207
208		// preview_size
209		acf_render_field_setting( $field, array(
210		'label' => __('Preview Size','acf'),
211		'instructions' => __('Shown when entering data','acf'),
212		'type' => 'select',
213		'name' => 'preview_size',
214		'choices' => acf_get_image_sizes()
215		));
216
217
218		// library
219		acf_render_field_setting( $field, array(
220		'label' => __('Library','acf'),
221		'instructions' => __('Limit the media library choice','acf'),
222		'type' => 'radio',
223		'name' => 'library',
224		'layout' => 'horizontal',
225		'choices' => array(
226		'all' => __('All', 'acf'),
227		'uploadedTo' => __('Uploaded to post', 'acf')
228		)
229		));
230
231
232		// min
233		acf_render_field_setting( $field, array(
234		'label' => __('Minimum','acf'),
235		'instructions' => __('Restrict which images can be uploaded','acf'),
236		'type' => 'text',
237		'name' => 'min_width',
238		'prepend' => __('Width', 'acf'),
239		'append' => 'px',
240		));
241
242		acf_render_field_setting( $field, array(
243		'label' => '',
244		'type' => 'text',
245		'name' => 'min_height',
246		'prepend' => __('Height', 'acf'),
247		'append' => 'px',
248		'wrapper' => array(
249		'data-append' => 'min_width'
250		)
251		));
252
253		acf_render_field_setting( $field, array(
254		'label' => '',
255		'type' => 'text',
256		'name' => 'min_size',
257		'prepend' => __('File size', 'acf'),
258		'append' => 'MB',
259		'wrapper' => array(
260		'data-append' => 'min_width'
261		)
262		));
263
264
265		// max
266		acf_render_field_setting( $field, array(
267		'label' => __('Maximum','acf'),
268		'instructions' => __('Restrict which images can be uploaded','acf'),
269		'type' => 'text',
270		'name' => 'max_width',
271		'prepend' => __('Width', 'acf'),
272		'append' => 'px',
273		));
274
275		acf_render_field_setting( $field, array(
276		'label' => '',
277		'type' => 'text',
278		'name' => 'max_height',
279		'prepend' => __('Height', 'acf'),
280		'append' => 'px',
281		'wrapper' => array(
282		'data-append' => 'max_width'
283		)
284		));
285
286		acf_render_field_setting( $field, array(
287		'label' => '',
288		'type' => 'text',
289		'name' => 'max_size',
290		'prepend' => __('File size', 'acf'),
291		'append' => 'MB',
292		'wrapper' => array(
293		'data-append' => 'max_width'
294		)
295		));
296
297
298		// allowed type
299		acf_render_field_setting( $field, array(
300		'label' => __('Allowed file types','acf'),
301		'instructions' => __('Comma separated list. Leave blank for all types','acf'),
302		'type' => 'text',
303		'name' => 'mime_types',
304		));
305
306		}
307
308
309		/*
310		* format_value()
311		*
312		* This filter is appied to the $value after it is loaded from the db and before it is returned to the template
313		*
314		* @type filter
315		* @since 3.6
316		* @date 23/01/13
317		*
318		* @param $value (mixed) the value which was loaded from the database
319		* @param $post_id (mixed) the $post_id from which the value was loaded
320		* @param $field (array) the field array holding all the field options
321		*
322		* @return $value (mixed) the modified value
323		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$value` could not be parsed: Unknown type name "$value" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
324
325	View Code Duplication	function format_value( $value, $post_id, $field ) {
		0 ignored issues – show Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$post_id` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Duplication introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
326
327		// bail early if no value
328		if( empty($value) ) {
329
330		return false;
331
332		}
333
334
335		// bail early if not numeric (error message)
336		if( !is_numeric($value) ) {
337
338		return false;
339
340		}
341
342
343		// convert to int
344		$value = intval($value);
345
346
347		// format
348		if( $field['return_format'] == 'url' ) {
349
350		return wp_get_attachment_url( $value );
351
352		} elseif( $field['return_format'] == 'array' ) {
353
354		return acf_get_attachment( $value );
355
356		}
357
358
359		// return
360		return $value;
361
362		}
363
364
365		/*
366		* get_media_item_args
367		*
368		* description
369		*
370		* @type function
371		* @date 27/01/13
372		* @since 3.6.0
373		*
374		* @param $vars (array)
375		* @return $vars
376		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$vars` could not be parsed: Unknown type name "$vars" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
377
378		function get_media_item_args( $vars ) {
		0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
379
380		$vars['send'] = true;
381		return($vars);
382
383		}
384
385
386		/*
387		* image_size_names_choose
388		*
389		* @description:
390		* @since: 3.5.7
391		* @created: 13/01/13
392		*/
393
394		/*
395		function image_size_names_choose( $sizes )
396		{
397		global $_wp_additional_image_sizes;
398
399		if( $_wp_additional_image_sizes )
400		{
401		foreach( $_wp_additional_image_sizes as $k => $v )
402		{
403		$title = $k;
404		$title = str_replace('-', ' ', $title);
405		$title = str_replace('_', ' ', $title);
406		$title = ucwords( $title );
407
408		$sizes[ $k ] = $title;
409		}
410		// foreach( $image_sizes as $image_size )
411		}
412
413		return $sizes;
414		}
415		*/
416
417
418		/*
419		* wp_prepare_attachment_for_js
420		*
421		* this filter allows ACF to add in extra data to an attachment JS object
422		* This sneaky hook adds the missing sizes to each attachment in the 3.5 uploader.
423		* It would be a lot easier to add all the sizes to the 'image_size_names_choose' filter but
424		* then it will show up on the normal the_content editor
425		*
426		* @type function
427		* @since: 3.5.7
428		* @date 13/01/13
429		*
430		* @param {int} $post_id
431		* @return {int} $post_id
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `{int}` could not be parsed: Unknown type name "{int}" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history... Bug introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$post_id`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
432		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `{int}` could not be parsed: Unknown type name "{int}" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
433
434		function wp_prepare_attachment_for_js( $response, $attachment, $meta ) {
		0 ignored issues – show Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
435
436		// only for image
437		if( $response['type'] != 'image' ) {
438
439		return $response;
440
441		}
442
443
444		// make sure sizes exist. Perhaps they dont?
445		if( !isset($meta['sizes']) ) {
446
447		return $response;
448
449		}
450
451
452		$attachment_url = $response['url'];
453		$base_url = str_replace( wp_basename( $attachment_url ), '', $attachment_url );
454
455		if( isset($meta['sizes']) && is_array($meta['sizes']) ) {
456
457		foreach( $meta['sizes'] as $k => $v ) {
458
459		if( !isset($response['sizes'][ $k ]) ) {
460
461		$response['sizes'][ $k ] = array(
462		'height' => $v['height'],
463		'width' => $v['width'],
464		'url' => $base_url . $v['file'],
465		'orientation' => $v['height'] > $v['width'] ? 'portrait' : 'landscape',
466		);
467		}
468
469		}
470
471		}
472
473		return $response;
474		}
475
476
477		/*
478		* update_value()
479		*
480		* This filter is appied to the $value before it is updated in the db
481		*
482		* @type filter
483		* @since 3.6
484		* @date 23/01/13
485		*
486		* @param $value - the value which will be saved in the database
487		* @param $post_id - the $post_id of which the value will be saved
488		* @param $field - the field array holding all the field options
489		*
490		* @return $value - the modified value
491		*/
		0 ignored issues – show Documentation introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `$value` could not be parsed: Unknown type name "$value" at position 0. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
492
493	View Code Duplication	function update_value( $value, $post_id, $field ) {
		0 ignored issues – show Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$post_id` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$field` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Best Practice introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history... Duplication introduced 2016-02-10 19:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
494
495		// array?
496		if( is_array($value) && isset($value['ID']) ) {
497
498		return $value['ID'];
499
500		}
501
502
503		// object?
504		if( is_object($value) && isset($value->ID) ) {
505
506		return $value->ID;
507
508		}
509
510
511		// return
512		return $value;
513		}
514
515
516		}
517
518		new acf_field_image();
519
520		endif;
521
522		?>
523

rousnay / lighthouse

Issues (1378)

Security Analysis not enabled

includes/acf/fields/image.php (21 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like