Issues in class-wp-terms-list-table.php (master) - Issues in master - staylor/WordPress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2010)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-admin/includes/class-wp-terms-list-table.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Sergey Biryukov 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * List Table API: WP_Terms_List_Table class
 *
 * @package WordPress
 * @subpackage Administration
 * @since 3.1.0
 */

/**
 * Core class used to implement displaying terms in a list table.
 *
 * @since 3.1.0
 * @access private
 *
 * @see WP_List_Table
 */
class WP_Terms_List_Table extends WP_List_Table {

	public $callback_args;

	private $level;

	/**
	 * Constructor.
	 *
	 * @since 3.1.0
	 * @access public
	 *
	 * @see WP_List_Table::__construct() for more information on default arguments.
	 *
	 * @global string $post_type
	 * @global string $taxonomy
	 * @global string $action
	 * @global object $tax
	 *
	 * @param array $args An associative array of arguments.
	 */
	public function __construct( $args = array() ) {
		global $post_type, $taxonomy, $action, $tax;

		parent::__construct( array(
			'plural' => 'tags',
			'singular' => 'tag',
			'screen' => isset( $args['screen'] ) ? $args['screen'] : null,
		) );

		$action    = $this->screen->action;
		$post_type = $this->screen->post_type;
		$taxonomy  = $this->screen->taxonomy;

		if ( empty( $taxonomy ) )
			$taxonomy = 'post_tag';

		if ( ! taxonomy_exists( $taxonomy ) )
			wp_die( __( 'Invalid taxonomy.' ) );

		$tax = get_taxonomy( $taxonomy );

		// @todo Still needed? Maybe just the show_ui part.
		if ( empty( $post_type ) || !in_array( $post_type, get_post_types( array( 'show_ui' => true ) ) ) )
			$post_type = 'post';

	}

	/**
	 *
	 * @return bool
	 */
	public function ajax_user_can() {
		return current_user_can( get_taxonomy( $this->screen->taxonomy )->cap->manage_terms );
	}

	/**
	 * @access public
	 */
	public function prepare_items() {
		$tags_per_page = $this->get_items_per_page( 'edit_' . $this->screen->taxonomy . '_per_page' );

		if ( 'post_tag' === $this->screen->taxonomy ) {
			/**
			 * Filters the number of terms displayed per page for the Tags list table.
			 *
			 * @since 2.8.0
			 *
			 * @param int $tags_per_page Number of tags to be displayed. Default 20.
			 */
			$tags_per_page = apply_filters( 'edit_tags_per_page', $tags_per_page );

			/**
			 * Filters the number of terms displayed per page for the Tags list table.
			 *
			 * @since 2.7.0
			 * @deprecated 2.8.0 Use edit_tags_per_page instead.
			 *
			 * @param int $tags_per_page Number of tags to be displayed. Default 20.
			 */
			$tags_per_page = apply_filters( 'tagsperpage', $tags_per_page );
		} elseif ( 'category' === $this->screen->taxonomy ) {
			/**
			 * Filters the number of terms displayed per page for the Categories list table.
			 *
			 * @since 2.8.0
			 *
			 * @param int $tags_per_page Number of categories to be displayed. Default 20.
			 */
			$tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page );
		}

		$search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';

		$args = array(
			'search' => $search,
			'page' => $this->get_pagenum(),
			'number' => $tags_per_page,
		);

		if ( !empty( $_REQUEST['orderby'] ) )
			$args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );

		if ( !empty( $_REQUEST['order'] ) )
			$args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );

		$this->callback_args = $args;

		$this->set_pagination_args( array(
			'total_items' => wp_count_terms( $this->screen->taxonomy, compact( 'search' ) ),
			'per_page' => $tags_per_page,
		) );
	}

	/**
	 *
	 * @return bool
	 */
	public function has_items() {
		// todo: populate $this->items in prepare_items()
		return true;
	}

	/**
	 * @access public
	 */
	public function no_items() {
		echo get_taxonomy( $this->screen->taxonomy )->labels->not_found;
	}

	/**
	 *
	 * @return array
	 */
	protected function get_bulk_actions() {
		$actions = array();
		$actions['delete'] = __( 'Delete' );

		return $actions;
	}

	/**
	 *
	 * @return string
	 */
	public function current_action() {
		if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' === $_REQUEST['action'] || 'delete' === $_REQUEST['action2'] ) )
			return 'bulk-delete';

		return parent::current_action();
	}

	/**
	 *
	 * @return array
	 */
	public function get_columns() {
		$columns = array(
			'cb'          => '<input type="checkbox" />',
			'name'        => _x( 'Name', 'term name' ),
			'description' => __( 'Description' ),
			'slug'        => __( 'Slug' ),
		);

		if ( 'link_category' === $this->screen->taxonomy ) {
			$columns['links'] = __( 'Links' );
		} else {
			$columns['posts'] = _x( 'Count', 'Number/count of items' );
		}

		return $columns;
	}

	/**
	 *
	 * @return array
	 */
	protected function get_sortable_columns() {
		return array(
			'name'        => 'name',
			'description' => 'description',
			'slug'        => 'slug',
			'posts'       => 'count',
			'links'       => 'count'
		);
	}

	/**
	 * @access public
	 */
	public function display_rows_or_placeholder() {
		$taxonomy = $this->screen->taxonomy;

		$args = wp_parse_args( $this->callback_args, array(
			'page' => 1,
			'number' => 20,
			'search' => '',
			'hide_empty' => 0
		) );

		$page = $args['page'];

		// Set variable because $args['number'] can be subsequently overridden.
		$number = $args['number'];

		$args['offset'] = $offset = ( $page - 1 ) * $number;

		// Convert it to table rows.
		$count = 0;

		if ( is_taxonomy_hierarchical( $taxonomy ) && ! isset( $args['orderby'] ) ) {
			// We'll need the full set of terms then.
			$args['number'] = $args['offset'] = 0;
		}
		$terms = get_terms( $taxonomy, $args );

		if ( empty( $terms ) || ! is_array( $terms ) ) {
			echo '<tr class="no-items"><td class="colspanchange" colspan="' . $this->get_column_count() . '">';
			$this->no_items();
			echo '</td></tr>';
			return;
		}

		if ( is_taxonomy_hierarchical( $taxonomy ) && ! isset( $args['orderby'] ) ) {
			if ( ! empty( $args['search'] ) ) {// Ignore children on searches.
				$children = array();
			} else {
				$children = _get_term_hierarchy( $taxonomy );
			}
			// Some funky recursion to get the job done( Paging & parents mainly ) is contained within, Skip it for non-hierarchical taxonomies for performance sake
			$this->_rows( $taxonomy, $terms, $children, $offset, $number, $count );
		} else {
			foreach ( $terms as $term ) {
				$this->single_row( $term );
			}
		}
	}

	/**
	 * @param string $taxonomy
	 * @param array $terms
	 * @param array $children
	 * @param int   $start
	 * @param int   $per_page
	 * @param int   $count
	 * @param int   $parent
	 * @param int   $level
	 */
	private function _rows( $taxonomy, $terms, &$children, $start, $per_page, &$count, $parent = 0, $level = 0 ) {

		$end = $start + $per_page;

		foreach ( $terms as $key => $term ) {

			if ( $count >= $end )
				break;

			if ( $term->parent != $parent && empty( $_REQUEST['s'] ) )
				continue;

			// If the page starts in a subtree, print the parents.
			if ( $count == $start && $term->parent > 0 && empty( $_REQUEST['s'] ) ) {
				$my_parents = $parent_ids = array();
				$p = $term->parent;
				while ( $p ) {
					$my_parent = get_term( $p, $taxonomy );
					$my_parents[] = $my_parent;
					$p = $my_parent->parent;
					if ( in_array( $p, $parent_ids ) ) // Prevent parent loops.
						break;
					$parent_ids[] = $p;
				}
				unset( $parent_ids );

				$num_parents = count( $my_parents );
				while ( $my_parent = array_pop( $my_parents ) ) {
					echo "\t";
					$this->single_row( $my_parent, $level - $num_parents );
					$num_parents--;
				}
			}

			if ( $count >= $start ) {
				echo "\t";
				$this->single_row( $term, $level );
			}

			++$count;

			unset( $terms[$key] );

			if ( isset( $children[$term->term_id] ) && empty( $_REQUEST['s'] ) )
				$this->_rows( $taxonomy, $terms, $children, $start, $per_page, $count, $term->term_id, $level + 1 );
		}
	}

	/**
	 * @global string $taxonomy
	 * @param object $tag
	 * @param int $level
	 */
	public function single_row( $tag, $level = 0 ) {
		global $taxonomy;
 		$tag = sanitize_term( $tag, $taxonomy );

		$this->level = $level;

		echo '<tr id="tag-' . $tag->term_id . '">';
		$this->single_row_columns( $tag );
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
		echo '</tr>';
	}

	/**
	 * @param object $tag
	 * @return string
	 */
	public function column_cb( $tag ) {
		$default_term = get_option( 'default_' . $this->screen->taxonomy );

		if ( current_user_can( get_taxonomy( $this->screen->taxonomy )->cap->delete_terms ) && $tag->term_id != $default_term )
			return '<label class="screen-reader-text" for="cb-select-' . $tag->term_id . '">' . sprintf( __( 'Select %s' ), $tag->name ) . '</label>'
				. '<input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" id="cb-select-' . $tag->term_id . '" />';

		return '&nbsp;';
	}

	/**
	 * @param object $tag
	 * @return string
	 */
	public function column_name( $tag ) {
		$taxonomy = $this->screen->taxonomy;

		$pad = str_repeat( '&#8212; ', max( 0, $this->level ) );

		/**
		 * Filters display of the term name in the terms list table.
		 *
		 * The default output may include padding due to the term's
		 * current level in the term hierarchy.
		 *
		 * @since 2.5.0
		 *
		 * @see WP_Terms_List_Table::column_name()
		 *
		 * @param string $pad_tag_name The term name, padded if not top-level.
		 * @param object $tag          Term object.
		 */
		$name = apply_filters( 'term_name', $pad . ' ' . $tag->name, $tag );

		$qe_data = get_term( $tag->term_id, $taxonomy, OBJECT, 'edit' );

		$uri = ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];

		$edit_link = add_query_arg(
			'wp_http_referer',
			urlencode( wp_unslash( $uri ) ),
			get_edit_term_link( $tag->term_id, $taxonomy, $this->screen->post_type )
		);

		$out = sprintf(
			'<strong><a class="row-title" href="%s" aria-label="%s">%s</a></strong><br />',
			esc_url( $edit_link ),
			/* translators: %s: taxonomy term name */
			esc_attr( sprintf( __( '&#8220;%s&#8221; (Edit)' ), $tag->name ) ),
			$name
		);

		$out .= '<div class="hidden" id="inline_' . $qe_data->term_id . '">';
		$out .= '<div class="name">' . $qe_data->name . '</div>';

		/** This filter is documented in wp-admin/edit-tag-form.php */
		$out .= '<div class="slug">' . apply_filters( 'editable_slug', $qe_data->slug, $qe_data ) . '</div>';
		$out .= '<div class="parent">' . $qe_data->parent . '</div></div>';

		return $out;
	}

	/**
	 * Gets the name of the default primary column.
	 *
	 * @since 4.3.0
	 * @access protected
	 *
	 * @return string Name of the default primary column, in this case, 'name'.
	 */
	protected function get_default_primary_column_name() {
		return 'name';
	}

	/**
	 * Generates and displays row action links.
	 *
	 * @since 4.3.0
	 * @access protected
	 *
	 * @param object $tag         Tag being acted upon.
	 * @param string $column_name Current column name.
	 * @param string $primary     Primary column name.
	 * @return string Row actions output for terms.
	 */
	protected function handle_row_actions( $tag, $column_name, $primary ) {
		if ( $primary !== $column_name ) {
			return '';
		}

		$taxonomy = $this->screen->taxonomy;
		$tax = get_taxonomy( $taxonomy );
		$default_term = get_option( 'default_' . $taxonomy );

		$uri = ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];

		$edit_link = add_query_arg(
			'wp_http_referer',
			urlencode( wp_unslash( $uri ) ),
			get_edit_term_link( $tag->term_id, $taxonomy, $this->screen->post_type )
		);

		$actions = array();
		if ( current_user_can( $tax->cap->edit_terms ) ) {
			$actions['edit'] = sprintf(
				'<a href="%s" aria-label="%s">%s</a>',
				esc_url( $edit_link ),
				/* translators: %s: taxonomy term name */
				esc_attr( sprintf( __( 'Edit &#8220;%s&#8221;' ), $tag->name ) ),
				__( 'Edit' )
			);
			$actions['inline hide-if-no-js'] = sprintf(
				'<a href="#" class="editinline aria-button-if-js" aria-label="%s">%s</a>',
				/* translators: %s: taxonomy term name */
				esc_attr( sprintf( __( 'Quick edit &#8220;%s&#8221; inline' ), $tag->name ) ),
				__( 'Quick&nbsp;Edit' )
			);
		}
		if ( current_user_can( $tax->cap->delete_terms ) && $tag->term_id != $default_term ) {
			$actions['delete'] = sprintf(
				'<a href="%s" class="delete-tag aria-button-if-js" aria-label="%s">%s</a>',
				wp_nonce_url( "edit-tags.php?action=delete&amp;taxonomy=$taxonomy&amp;tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ),
				/* translators: %s: taxonomy term name */
				esc_attr( sprintf( __( 'Delete &#8220;%s&#8221;' ), $tag->name ) ),
				__( 'Delete' )
			);
		}
		if ( $tax->public ) {
			$actions['view'] = sprintf(
				'<a href="%s" aria-label="%s">%s</a>',
				get_term_link( $tag ),
				/* translators: %s: taxonomy term name */
				esc_attr( sprintf( __( 'View &#8220;%s&#8221; archive' ), $tag->name ) ),
				__( 'View' )
			);
		}

		/**
		 * Filters the action links displayed for each term in the Tags list table.
		 *
		 * @since 2.8.0
		 * @deprecated 3.0.0 Use {$taxonomy}_row_actions instead.
		 *
		 * @param array  $actions An array of action links to be displayed. Default
		 *                        'Edit', 'Quick Edit', 'Delete', and 'View'.
		 * @param object $tag     Term object.
		 */
		$actions = apply_filters( 'tag_row_actions', $actions, $tag );

		/**
		 * Filters the action links displayed for each term in the terms list table.
		 *
		 * The dynamic portion of the hook name, `$taxonomy`, refers to the taxonomy slug.
		 *
		 * @since 3.0.0
		 *
		 * @param array  $actions An array of action links to be displayed. Default
		 *                        'Edit', 'Quick Edit', 'Delete', and 'View'.
		 * @param object $tag     Term object.
		 */
		$actions = apply_filters( "{$taxonomy}_row_actions", $actions, $tag );

		return $this->row_actions( $actions );
	}

	/**
	 * @param object $tag
	 * @return string
	 */
	public function column_description( $tag ) {
		return $tag->description;
	}

	/**
	 * @param object $tag
	 * @return string
	 */
	public function column_slug( $tag ) {
		/** This filter is documented in wp-admin/edit-tag-form.php */
		return apply_filters( 'editable_slug', $tag->slug, $tag );
	}

	/**
	 * @param object $tag
	 * @return string
	 */
	public function column_posts( $tag ) {
		$count = number_format_i18n( $tag->count );

		$tax = get_taxonomy( $this->screen->taxonomy );

		$ptype_object = get_post_type_object( $this->screen->post_type );
		if ( ! $ptype_object->show_ui )
			return $count;

		if ( $tax->query_var ) {
			$args = array( $tax->query_var => $tag->slug );
		} else {
			$args = array( 'taxonomy' => $tax->name, 'term' => $tag->slug );
		}

		if ( 'post' != $this->screen->post_type )
			$args['post_type'] = $this->screen->post_type;

		if ( 'attachment' === $this->screen->post_type )
			return "<a href='" . esc_url ( add_query_arg( $args, 'upload.php' ) ) . "'>$count</a>";

		return "<a href='" . esc_url ( add_query_arg( $args, 'edit.php' ) ) . "'>$count</a>";
	}

	/**
	 * @param object $tag
	 * @return string
	 */
	public function column_links( $tag ) {
		$count = number_format_i18n( $tag->count );
		if ( $count )
			$count = "<a href='link-manager.php?cat_id=$tag->term_id'>$count</a>";
		return $count;
	}

	/**
	 * @param object $tag
	 * @param string $column_name
	 * @return string
	 */
	public function column_default( $tag, $column_name ) {
		/**
		 * Filters the displayed columns in the terms list table.
		 *
		 * The dynamic portion of the hook name, `$this->screen->taxonomy`,
		 * refers to the slug of the current taxonomy.
		 *
		 * @since 2.8.0
		 *
		 * @param string $string      Blank string.
		 * @param string $column_name Name of the column.
		 * @param int    $term_id     Term ID.
		 */
		return apply_filters( "manage_{$this->screen->taxonomy}_custom_column", '', $column_name, $tag->term_id );
	}

	/**
	 * Outputs the hidden row displayed when inline editing
	 *
	 * @since 3.1.0
	 */
	public function inline_edit() {
		$tax = get_taxonomy( $this->screen->taxonomy );

		if ( ! current_user_can( $tax->cap->edit_terms ) )
			return;
?>

	<form method="get"><table style="display: none"><tbody id="inlineedit">
		<tr id="inline-edit" class="inline-edit-row" style="display: none"><td colspan="<?php echo $this->get_column_count(); ?>" class="colspanchange">

			<fieldset>
				<legend class="inline-edit-legend"><?php _e( 'Quick Edit' ); ?></legend>
				<div class="inline-edit-col">
				<label>
					<span class="title"><?php _ex( 'Name', 'term name' ); ?></span>
					<span class="input-text-wrap"><input type="text" name="name" class="ptitle" value="" /></span>
				</label>
	<?php if ( !global_terms_enabled() ) { ?>
				<label>
					<span class="title"><?php _e( 'Slug' ); ?></span>
					<span class="input-text-wrap"><input type="text" name="slug" class="ptitle" value="" /></span>
				</label>
	<?php } ?>
			</div></fieldset>
	<?php

		$core_columns = array( 'cb' => true, 'description' => true, 'name' => true, 'slug' => true, 'posts' => true );

		list( $columns ) = $this->get_column_info();

		foreach ( $columns as $column_name => $column_display_name ) {
			if ( isset( $core_columns[$column_name] ) )
				continue;

			/** This action is documented in wp-admin/includes/class-wp-posts-list-table.php */
			do_action( 'quick_edit_custom_box', $column_name, 'edit-tags', $this->screen->taxonomy );
		}

	?>

		<p class="inline-edit-save submit">
			<button type="button" class="cancel button-secondary alignleft"><?php _e( 'Cancel' ); ?></button>
			<button type="button" class="save button-primary alignright"><?php echo $tax->labels->update_item; ?></button>
			<span class="spinner"></span>
			<span class="error" style="display:none;"></span>
			<?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
			<input type="hidden" name="taxonomy" value="<?php echo esc_attr( $this->screen->taxonomy ); ?>" />
			<input type="hidden" name="post_type" value="<?php echo esc_attr( $this->screen->post_type ); ?>" />
			<br class="clear" />
		</p>
		</td></tr>
		</tbody></table></form>
	<?php
	}
}


1		<?php
2		/**
3		* List Table API: WP_Terms_List_Table class
4		*
5		* @package WordPress
6		* @subpackage Administration
7		* @since 3.1.0
8		*/
9
10		/**
11		* Core class used to implement displaying terms in a list table.
12		*
13		* @since 3.1.0
14		* @access private
15		*
16		* @see WP_List_Table
17		*/
18		class WP_Terms_List_Table extends WP_List_Table {
19
20		public $callback_args;
21
22		private $level;
23
24		/**
25		* Constructor.
26		*
27		* @since 3.1.0
28		* @access public
29		*
30		* @see WP_List_Table::__construct() for more information on default arguments.
31		*
32		* @global string $post_type
33		* @global string $taxonomy
34		* @global string $action
35		* @global object $tax
36		*
37		* @param array $args An associative array of arguments.
38		*/
39		public function __construct( $args = array() ) {
40		global $post_type, $taxonomy, $action, $tax;
41
42		parent::__construct( array(
43		'plural' => 'tags',
44		'singular' => 'tag',
45		'screen' => isset( $args['screen'] ) ? $args['screen'] : null,
46		) );
47
48		$action = $this->screen->action;
49		$post_type = $this->screen->post_type;
50		$taxonomy = $this->screen->taxonomy;
51
52		if ( empty( $taxonomy ) )
53		$taxonomy = 'post_tag';
54
55		if ( ! taxonomy_exists( $taxonomy ) )
56		wp_die( __( 'Invalid taxonomy.' ) );
57
58		$tax = get_taxonomy( $taxonomy );
59
60		// @todo Still needed? Maybe just the show_ui part.
61		if ( empty( $post_type ) \|\| !in_array( $post_type, get_post_types( array( 'show_ui' => true ) ) ) )
62		$post_type = 'post';
63
64		}
65
66		/**
67		*
68		* @return bool
69		*/
70		public function ajax_user_can() {
71		return current_user_can( get_taxonomy( $this->screen->taxonomy )->cap->manage_terms );
72		}
73
74		/**
75		* @access public
76		*/
77		public function prepare_items() {
78		$tags_per_page = $this->get_items_per_page( 'edit_' . $this->screen->taxonomy . '_per_page' );
79
80		if ( 'post_tag' === $this->screen->taxonomy ) {
81		/**
82		* Filters the number of terms displayed per page for the Tags list table.
83		*
84		* @since 2.8.0
85		*
86		* @param int $tags_per_page Number of tags to be displayed. Default 20.
87		*/
88		$tags_per_page = apply_filters( 'edit_tags_per_page', $tags_per_page );
89
90		/**
91		* Filters the number of terms displayed per page for the Tags list table.
92		*
93		* @since 2.7.0
94		* @deprecated 2.8.0 Use edit_tags_per_page instead.
95		*
96		* @param int $tags_per_page Number of tags to be displayed. Default 20.
97		*/
98		$tags_per_page = apply_filters( 'tagsperpage', $tags_per_page );
99		} elseif ( 'category' === $this->screen->taxonomy ) {
100		/**
101		* Filters the number of terms displayed per page for the Categories list table.
102		*
103		* @since 2.8.0
104		*
105		* @param int $tags_per_page Number of categories to be displayed. Default 20.
106		*/
107		$tags_per_page = apply_filters( 'edit_categories_per_page', $tags_per_page );
108		}
109
110		$search = !empty( $_REQUEST['s'] ) ? trim( wp_unslash( $_REQUEST['s'] ) ) : '';
111
112		$args = array(
113		'search' => $search,
114		'page' => $this->get_pagenum(),
115		'number' => $tags_per_page,
116		);
117
118	View Code Duplication	if ( !empty( $_REQUEST['orderby'] ) )
119		$args['orderby'] = trim( wp_unslash( $_REQUEST['orderby'] ) );
120
121	View Code Duplication	if ( !empty( $_REQUEST['order'] ) )
122		$args['order'] = trim( wp_unslash( $_REQUEST['order'] ) );
123
124		$this->callback_args = $args;
125
126		$this->set_pagination_args( array(
127		'total_items' => wp_count_terms( $this->screen->taxonomy, compact( 'search' ) ),
128		'per_page' => $tags_per_page,
129		) );
130		}
131
132		/**
133		*
134		* @return bool
135		*/
136		public function has_items() {
137		// todo: populate $this->items in prepare_items()
138		return true;
139		}
140
141		/**
142		* @access public
143		*/
144		public function no_items() {
145		echo get_taxonomy( $this->screen->taxonomy )->labels->not_found;
146		}
147
148		/**
149		*
150		* @return array
151		*/
152		protected function get_bulk_actions() {
153		$actions = array();
154		$actions['delete'] = __( 'Delete' );
155
156		return $actions;
157		}
158
159		/**
160		*
161		* @return string
162		*/
163		public function current_action() {
164		if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' === $_REQUEST['action'] \|\| 'delete' === $_REQUEST['action2'] ) )
165		return 'bulk-delete';
166
167		return parent::current_action();
168		}
169
170		/**
171		*
172		* @return array
173		*/
174		public function get_columns() {
175		$columns = array(
176		'cb' => '<input type="checkbox" />',
177		'name' => _x( 'Name', 'term name' ),
178		'description' => __( 'Description' ),
179		'slug' => __( 'Slug' ),
180		);
181
182		if ( 'link_category' === $this->screen->taxonomy ) {
183		$columns['links'] = __( 'Links' );
184		} else {
185		$columns['posts'] = _x( 'Count', 'Number/count of items' );
186		}
187
188		return $columns;
189		}
190
191		/**
192		*
193		* @return array
194		*/
195		protected function get_sortable_columns() {
196		return array(
197		'name' => 'name',
198		'description' => 'description',
199		'slug' => 'slug',
200		'posts' => 'count',
201		'links' => 'count'
202		);
203		}
204
205		/**
206		* @access public
207		*/
208		public function display_rows_or_placeholder() {
209		$taxonomy = $this->screen->taxonomy;
210
211		$args = wp_parse_args( $this->callback_args, array(
212		'page' => 1,
213		'number' => 20,
214		'search' => '',
215		'hide_empty' => 0
216		) );
217
218		$page = $args['page'];
219
220		// Set variable because $args['number'] can be subsequently overridden.
221		$number = $args['number'];
222
223		$args['offset'] = $offset = ( $page - 1 ) * $number;
224
225		// Convert it to table rows.
226		$count = 0;
227
228		if ( is_taxonomy_hierarchical( $taxonomy ) && ! isset( $args['orderby'] ) ) {
229		// We'll need the full set of terms then.
230		$args['number'] = $args['offset'] = 0;
231		}
232		$terms = get_terms( $taxonomy, $args );
233
234		if ( empty( $terms ) \|\| ! is_array( $terms ) ) {
235		echo '<tr class="no-items"><td class="colspanchange" colspan="' . $this->get_column_count() . '">';
236		$this->no_items();
237		echo '</td></tr>';
238		return;
239		}
240
241		if ( is_taxonomy_hierarchical( $taxonomy ) && ! isset( $args['orderby'] ) ) {
242		if ( ! empty( $args['search'] ) ) {// Ignore children on searches.
243		$children = array();
244		} else {
245		$children = _get_term_hierarchy( $taxonomy );
246		}
247		// Some funky recursion to get the job done( Paging & parents mainly ) is contained within, Skip it for non-hierarchical taxonomies for performance sake
248		$this->_rows( $taxonomy, $terms, $children, $offset, $number, $count );
249		} else {
250		foreach ( $terms as $term ) {
251		$this->single_row( $term );
252		}
253		}
254		}
255
256		/**
257		* @param string $taxonomy
258		* @param array $terms
259		* @param array $children
260		* @param int $start
261		* @param int $per_page
262		* @param int $count
263		* @param int $parent
264		* @param int $level
265		*/
266		private function _rows( $taxonomy, $terms, &$children, $start, $per_page, &$count, $parent = 0, $level = 0 ) {
267
268		$end = $start + $per_page;
269
270		foreach ( $terms as $key => $term ) {
271
272		if ( $count >= $end )
273		break;
274
275		if ( $term->parent != $parent && empty( $_REQUEST['s'] ) )
276		continue;
277
278		// If the page starts in a subtree, print the parents.
279		if ( $count == $start && $term->parent > 0 && empty( $_REQUEST['s'] ) ) {
280		$my_parents = $parent_ids = array();
281		$p = $term->parent;
282		while ( $p ) {
283		$my_parent = get_term( $p, $taxonomy );
284		$my_parents[] = $my_parent;
285		$p = $my_parent->parent;
286		if ( in_array( $p, $parent_ids ) ) // Prevent parent loops.
287		break;
288		$parent_ids[] = $p;
289		}
290		unset( $parent_ids );
291
292		$num_parents = count( $my_parents );
293	View Code Duplication	while ( $my_parent = array_pop( $my_parents ) ) {
294		echo "\t";
295		$this->single_row( $my_parent, $level - $num_parents );
296		$num_parents--;
297		}
298		}
299
300		if ( $count >= $start ) {
301		echo "\t";
302		$this->single_row( $term, $level );
303		}
304
305		++$count;
306
307		unset( $terms[$key] );
308
309		if ( isset( $children[$term->term_id] ) && empty( $_REQUEST['s'] ) )
310		$this->_rows( $taxonomy, $terms, $children, $start, $per_page, $count, $term->term_id, $level + 1 );
311		}
312		}
313
314		/**
315		* @global string $taxonomy
316		* @param object $tag
317		* @param int $level
318		*/
319		public function single_row( $tag, $level = 0 ) {
320		global $taxonomy;
321		$tag = sanitize_term( $tag, $taxonomy );
322
323		$this->level = $level;
324
325		echo '<tr id="tag-' . $tag->term_id . '">';
326		$this->single_row_columns( $tag );
		0 ignored issues – show Bug introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$tag` defined by `sanitize_term($tag, $taxonomy)` on line `321` can also be of type `array<?,,{"filter":"string"}>`; however, `WP_List_Table::single_row_columns()` does only seem to accept `object`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /* * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
327		echo '</tr>';
328		}
329
330		/**
331		* @param object $tag
332		* @return string
333		*/
334		public function column_cb( $tag ) {
335		$default_term = get_option( 'default_' . $this->screen->taxonomy );
336
337		if ( current_user_can( get_taxonomy( $this->screen->taxonomy )->cap->delete_terms ) && $tag->term_id != $default_term )
338		return '<label class="screen-reader-text" for="cb-select-' . $tag->term_id . '">' . sprintf( __( 'Select %s' ), $tag->name ) . '</label>'
339		. '<input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" id="cb-select-' . $tag->term_id . '" />';
340
341		return ' ';
342		}
343
344		/**
345		* @param object $tag
346		* @return string
347		*/
348		public function column_name( $tag ) {
349		$taxonomy = $this->screen->taxonomy;
350
351		$pad = str_repeat( '— ', max( 0, $this->level ) );
352
353		/**
354		* Filters display of the term name in the terms list table.
355		*
356		* The default output may include padding due to the term's
357		* current level in the term hierarchy.
358		*
359		* @since 2.5.0
360		*
361		* @see WP_Terms_List_Table::column_name()
362		*
363		* @param string $pad_tag_name The term name, padded if not top-level.
364		* @param object $tag Term object.
365		*/
366		$name = apply_filters( 'term_name', $pad . ' ' . $tag->name, $tag );
367
368		$qe_data = get_term( $tag->term_id, $taxonomy, OBJECT, 'edit' );
369
370		$uri = ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
371
372		$edit_link = add_query_arg(
373		'wp_http_referer',
374		urlencode( wp_unslash( $uri ) ),
375		get_edit_term_link( $tag->term_id, $taxonomy, $this->screen->post_type )
376		);
377
378		$out = sprintf(
379		'<strong><a class="row-title" href="%s" aria-label="%s">%s</a></strong><br />',
380		esc_url( $edit_link ),
381		/* translators: %s: taxonomy term name */
382		esc_attr( sprintf( __( '“%s” (Edit)' ), $tag->name ) ),
383		$name
384		);
385
386		$out .= '<div class="hidden" id="inline_' . $qe_data->term_id . '">';
387		$out .= '<div class="name">' . $qe_data->name . '</div>';
388
389		/** This filter is documented in wp-admin/edit-tag-form.php */
390		$out .= '<div class="slug">' . apply_filters( 'editable_slug', $qe_data->slug, $qe_data ) . '</div>';
391		$out .= '<div class="parent">' . $qe_data->parent . '</div></div>';
392
393		return $out;
394		}
395
396		/**
397		* Gets the name of the default primary column.
398		*
399		* @since 4.3.0
400		* @access protected
401		*
402		* @return string Name of the default primary column, in this case, 'name'.
403		*/
404		protected function get_default_primary_column_name() {
405		return 'name';
406		}
407
408		/**
409		* Generates and displays row action links.
410		*
411		* @since 4.3.0
412		* @access protected
413		*
414		* @param object $tag Tag being acted upon.
415		* @param string $column_name Current column name.
416		* @param string $primary Primary column name.
417		* @return string Row actions output for terms.
418		*/
419		protected function handle_row_actions( $tag, $column_name, $primary ) {
420		if ( $primary !== $column_name ) {
421		return '';
422		}
423
424		$taxonomy = $this->screen->taxonomy;
425		$tax = get_taxonomy( $taxonomy );
426		$default_term = get_option( 'default_' . $taxonomy );
427
428		$uri = ( defined( 'DOING_AJAX' ) && DOING_AJAX ) ? wp_get_referer() : $_SERVER['REQUEST_URI'];
429
430		$edit_link = add_query_arg(
431		'wp_http_referer',
432		urlencode( wp_unslash( $uri ) ),
433		get_edit_term_link( $tag->term_id, $taxonomy, $this->screen->post_type )
434		);
435
436		$actions = array();
437	View Code Duplication	if ( current_user_can( $tax->cap->edit_terms ) ) {
438		$actions['edit'] = sprintf(
439		'<a href="%s" aria-label="%s">%s</a>',
440		esc_url( $edit_link ),
441		/* translators: %s: taxonomy term name */
442		esc_attr( sprintf( __( 'Edit “%s”' ), $tag->name ) ),
443		__( 'Edit' )
444		);
445		$actions['inline hide-if-no-js'] = sprintf(
446		'<a href="#" class="editinline aria-button-if-js" aria-label="%s">%s</a>',
447		/* translators: %s: taxonomy term name */
448		esc_attr( sprintf( __( 'Quick edit “%s” inline' ), $tag->name ) ),
449		__( 'Quick Edit' )
450		);
451		}
452		if ( current_user_can( $tax->cap->delete_terms ) && $tag->term_id != $default_term ) {
453		$actions['delete'] = sprintf(
454		'<a href="%s" class="delete-tag aria-button-if-js" aria-label="%s">%s</a>',
455		wp_nonce_url( "edit-tags.php?action=delete&taxonomy=$taxonomy&tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ),
456		/* translators: %s: taxonomy term name */
457		esc_attr( sprintf( __( 'Delete “%s”' ), $tag->name ) ),
458		__( 'Delete' )
459		);
460		}
461		if ( $tax->public ) {
462		$actions['view'] = sprintf(
463		'<a href="%s" aria-label="%s">%s</a>',
464		get_term_link( $tag ),
465		/* translators: %s: taxonomy term name */
466		esc_attr( sprintf( __( 'View “%s” archive' ), $tag->name ) ),
467		__( 'View' )
468		);
469		}
470
471		/**
472		* Filters the action links displayed for each term in the Tags list table.
473		*
474		* @since 2.8.0
475		* @deprecated 3.0.0 Use {$taxonomy}_row_actions instead.
476		*
477		* @param array $actions An array of action links to be displayed. Default
478		* 'Edit', 'Quick Edit', 'Delete', and 'View'.
479		* @param object $tag Term object.
480		*/
481		$actions = apply_filters( 'tag_row_actions', $actions, $tag );
482
483		/**
484		* Filters the action links displayed for each term in the terms list table.
485		*
486		* The dynamic portion of the hook name, `$taxonomy`, refers to the taxonomy slug.
487		*
488		* @since 3.0.0
489		*
490		* @param array $actions An array of action links to be displayed. Default
491		* 'Edit', 'Quick Edit', 'Delete', and 'View'.
492		* @param object $tag Term object.
493		*/
494		$actions = apply_filters( "{$taxonomy}_row_actions", $actions, $tag );
495
496		return $this->row_actions( $actions );
497		}
498
499		/**
500		* @param object $tag
501		* @return string
502		*/
503		public function column_description( $tag ) {
504		return $tag->description;
505		}
506
507		/**
508		* @param object $tag
509		* @return string
510		*/
511		public function column_slug( $tag ) {
512		/** This filter is documented in wp-admin/edit-tag-form.php */
513		return apply_filters( 'editable_slug', $tag->slug, $tag );
514		}
515
516		/**
517		* @param object $tag
518		* @return string
519		*/
520		public function column_posts( $tag ) {
521		$count = number_format_i18n( $tag->count );
522
523		$tax = get_taxonomy( $this->screen->taxonomy );
524
525		$ptype_object = get_post_type_object( $this->screen->post_type );
526		if ( ! $ptype_object->show_ui )
527		return $count;
528
529		if ( $tax->query_var ) {
530		$args = array( $tax->query_var => $tag->slug );
531		} else {
532		$args = array( 'taxonomy' => $tax->name, 'term' => $tag->slug );
533		}
534
535		if ( 'post' != $this->screen->post_type )
536		$args['post_type'] = $this->screen->post_type;
537
538		if ( 'attachment' === $this->screen->post_type )
539		return "<a href='" . esc_url ( add_query_arg( $args, 'upload.php' ) ) . "'>$count</a>";
540
541		return "<a href='" . esc_url ( add_query_arg( $args, 'edit.php' ) ) . "'>$count</a>";
542		}
543
544		/**
545		* @param object $tag
546		* @return string
547		*/
548		public function column_links( $tag ) {
549		$count = number_format_i18n( $tag->count );
550		if ( $count )
551		$count = "<a href='link-manager.php?cat_id=$tag->term_id'>$count</a>";
552		return $count;
553		}
554
555		/**
556		* @param object $tag
557		* @param string $column_name
558		* @return string
559		*/
560		public function column_default( $tag, $column_name ) {
561		/**
562		* Filters the displayed columns in the terms list table.
563		*
564		* The dynamic portion of the hook name, `$this->screen->taxonomy`,
565		* refers to the slug of the current taxonomy.
566		*
567		* @since 2.8.0
568		*
569		* @param string $string Blank string.
570		* @param string $column_name Name of the column.
571		* @param int $term_id Term ID.
572		*/
573		return apply_filters( "manage_{$this->screen->taxonomy}_custom_column", '', $column_name, $tag->term_id );
574		}
575
576		/**
577		* Outputs the hidden row displayed when inline editing
578		*
579		* @since 3.1.0
580		*/
581		public function inline_edit() {
582		$tax = get_taxonomy( $this->screen->taxonomy );
583
584		if ( ! current_user_can( $tax->cap->edit_terms ) )
585		return;
586		?>
587
588		<form method="get"><table style="display: none"><tbody id="inlineedit">
589		<tr id="inline-edit" class="inline-edit-row" style="display: none"><td colspan="<?php echo $this->get_column_count(); ?>" class="colspanchange">
590
591		<fieldset>
592		<legend class="inline-edit-legend"><?php _e( 'Quick Edit' ); ?></legend>
593		<div class="inline-edit-col">
594		<label>
595		<span class="title"><?php _ex( 'Name', 'term name' ); ?></span>
596		<span class="input-text-wrap"><input type="text" name="name" class="ptitle" value="" /></span>
597		</label>
598		<?php if ( !global_terms_enabled() ) { ?>
599		<label>
600		<span class="title"><?php _e( 'Slug' ); ?></span>
601		<span class="input-text-wrap"><input type="text" name="slug" class="ptitle" value="" /></span>
602		</label>
603		<?php } ?>
604		</div></fieldset>
605		<?php
606
607		$core_columns = array( 'cb' => true, 'description' => true, 'name' => true, 'slug' => true, 'posts' => true );
608
609		list( $columns ) = $this->get_column_info();
610
611		foreach ( $columns as $column_name => $column_display_name ) {
612		if ( isset( $core_columns[$column_name] ) )
613		continue;
614
615		/** This action is documented in wp-admin/includes/class-wp-posts-list-table.php */
616		do_action( 'quick_edit_custom_box', $column_name, 'edit-tags', $this->screen->taxonomy );
617		}
618
619		?>
620
621		<p class="inline-edit-save submit">
622		<button type="button" class="cancel button-secondary alignleft"><?php _e( 'Cancel' ); ?></button>
623		<button type="button" class="save button-primary alignright"><?php echo $tax->labels->update_item; ?></button>
624		<span class="spinner"></span>
625		<span class="error" style="display:none;"></span>
626		<?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?>
627		<input type="hidden" name="taxonomy" value="<?php echo esc_attr( $this->screen->taxonomy ); ?>" />
628		<input type="hidden" name="post_type" value="<?php echo esc_attr( $this->screen->post_type ); ?>" />
629		<br class="clear" />
630		</p>
631		</td></tr>
632		</tbody></table></form>
633		<?php
634		}
635		}
636

staylor / WordPress

Issues (2010)

Security Analysis not enabled

wp-admin/includes/class-wp-terms-list-table.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like