Issues in upload.php (master) - Issues in master - staylor/WordPress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2010)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-admin/upload.php (3 issues)

Labels

Bug 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Media Library administration panel.
 *
 * @package WordPress
 * @subpackage Administration
 */

/** WordPress Administration Bootstrap */
require_once( dirname( __FILE__ ) . '/admin.php' );

if ( !current_user_can('upload_files') )
	wp_die( __( 'Sorry, you are not allowed to upload files.' ) );

$mode = get_user_option( 'media_library_mode', get_current_user_id() ) ? get_user_option( 'media_library_mode', get_current_user_id() ) : 'grid';
$modes = array( 'grid', 'list' );

if ( isset( $_GET['mode'] ) && in_array( $_GET['mode'], $modes ) ) {
	$mode = $_GET['mode'];
	update_user_option( get_current_user_id(), 'media_library_mode', $mode );
}

if ( 'grid' === $mode ) {
	wp_enqueue_media();
	wp_enqueue_script( 'media-grid' );
	wp_enqueue_script( 'media' );

	remove_action( 'admin_head', 'wp_admin_canonical_url' );

	$q = $_GET;
	// let JS handle this
	unset( $q['s'] );
	$vars = wp_edit_attachments_query_vars( $q );
	$ignore = array( 'mode', 'post_type', 'post_status', 'posts_per_page' );
	foreach ( $vars as $key => $value ) {
		if ( ! $value || in_array( $key, $ignore ) ) {
			unset( $vars[ $key ] );
		}
	}

	wp_localize_script( 'media-grid', '_wpMediaGridSettings', array(
		'adminUrl' => parse_url( self_admin_url(), PHP_URL_PATH ),
		'queryVars' => (object) $vars
	) );

	get_current_screen()->add_help_tab( array(
		'id'		=> 'overview',
		'title'		=> __( 'Overview' ),
		'content'	=>
			'<p>' . __( 'All the files you&#8217;ve uploaded are listed in the Media Library, with the most recent uploads listed first.' ) . '</p>' .
			'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>' .
			'<p>' . __( 'To delete media items, click the Bulk Select button at the top of the screen. Select any items you wish to delete, then click the Delete Selected button. Clicking the Cancel Selection button takes you back to viewing your media.' ) . '</p>'
	) );

	get_current_screen()->add_help_tab( array(
		'id'		=> 'attachment-details',
		'title'		=> __( 'Attachment Details' ),
		'content'	=>
			'<p>' . __( 'Clicking an item will display an Attachment Details dialog, which allows you to preview media and make quick edits. Any changes you make to the attachment details will be automatically saved.' ) . '</p>' .
			'<p>' . __( 'Use the arrow buttons at the top of the dialog, or the left and right arrow keys on your keyboard, to navigate between media items quickly.' ) . '</p>' .
			'<p>' . __( 'You can also delete individual items and access the extended edit screen from the details dialog.' ) . '</p>'
	) );

	get_current_screen()->set_help_sidebar(
		'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
		'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen" target="_blank">Documentation on Media Library</a>' ) . '</p>' .
		'<p>' . __( '<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
	);

	$title = __('Media Library');
	$parent_file = 'upload.php';

	require_once( ABSPATH . 'wp-admin/admin-header.php' );
	?>
	<div class="wrap" id="wp-media-grid" data-search="<?php _admin_search_query() ?>">
		<h1>
		<?php
		echo esc_html( $title );
		if ( current_user_can( 'upload_files' ) ) { ?>
			<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a><?php
		}
		?>
		</h1>
		<div class="error hide-if-js">
			<p><?php printf(
				/* translators: %s: list view URL */
				__( 'The grid view for the Media Library requires JavaScript. <a href="%s">Switch to the list view</a>.' ),
				'upload.php?mode=list'
			); ?></p>
		</div>
	</div>
	<?php
	include( ABSPATH . 'wp-admin/admin-footer.php' );
	exit;
}

$wp_list_table = _get_list_table('WP_Media_List_Table');
$pagenum = $wp_list_table->get_pagenum();

// Handle bulk actions
$doaction = $wp_list_table->current_action();

if ( $doaction ) {
	check_admin_referer('bulk-media');

	if ( 'delete_all' == $doaction ) {
		$post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" );
		$doaction = 'delete';
	} elseif ( isset( $_REQUEST['media'] ) ) {
		$post_ids = $_REQUEST['media'];
	} elseif ( isset( $_REQUEST['ids'] ) ) {
		$post_ids = explode( ',', $_REQUEST['ids'] );
	}

	$location = 'upload.php';
	if ( $referer = wp_get_referer() ) {
		if ( false !== strpos( $referer, 'upload.php' ) )
			$location = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'message', 'ids', 'posted' ), $referer );
	}

	switch ( $doaction ) {
		case 'detach':
			wp_media_attach_action( $_REQUEST['parent_post_id'], 'detach' );
			break;

		case 'attach':
			wp_media_attach_action( $_REQUEST['found_post_id'] );
			break;

		case 'trash':
			if ( !isset( $post_ids ) )
				break;
			foreach ( (array) $post_ids as $post_id ) {
				if ( !current_user_can( 'delete_post', $post_id ) )
					wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );

				if ( !wp_trash_post( $post_id ) )
					wp_die( __( 'Error in moving to Trash.' ) );
			}
			$location = add_query_arg( array( 'trashed' => count( $post_ids ), 'ids' => join( ',', $post_ids ) ), $location );
			break;
		case 'untrash':
			if ( !isset( $post_ids ) )
				break;
			foreach ( (array) $post_ids as $post_id ) {
				if ( !current_user_can( 'delete_post', $post_id ) )
					wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );

				if ( !wp_untrash_post( $post_id ) )
					wp_die( __( 'Error in restoring from Trash.' ) );
			}
			$location = add_query_arg( 'untrashed', count( $post_ids ), $location );
			break;
		case 'delete':
			if ( !isset( $post_ids ) )
				break;
			foreach ( (array) $post_ids as $post_id_del ) {
				if ( !current_user_can( 'delete_post', $post_id_del ) )
					wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );

				if ( !wp_delete_attachment( $post_id_del ) )
					wp_die( __( 'Error in deleting.' ) );
			}
			$location = add_query_arg( 'deleted', count( $post_ids ), $location );
			break;
	}

	wp_redirect( $location );
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
	exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
	 wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );

	 exit;
}

$wp_list_table->prepare_items();

$title = __('Media Library');
$parent_file = 'upload.php';

wp_enqueue_script( 'media' );

add_screen_option( 'per_page' );

get_current_screen()->add_help_tab( array(
'id'		=> 'overview',
'title'		=> __('Overview'),
'content'	=>
	'<p>' . __( 'All the files you&#8217;ve uploaded are listed in the Media Library, with the most recent uploads listed first. You can use the Screen Options tab to customize the display of this screen.' ) . '</p>' .
	'<p>' . __( 'You can narrow the list by file type/status or by date using the dropdown menus above the media table.' ) . '</p>' .
	'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>'
) );
get_current_screen()->add_help_tab( array(
'id'		=> 'actions-links',
'title'		=> __('Available Actions'),
'content'	=>
	'<p>' . __( 'Hovering over a row reveals action links: Edit, Delete Permanently, and View. Clicking Edit or on the media file&#8217;s name displays a simple screen to edit that individual file&#8217;s metadata. Clicking Delete Permanently will delete the file from the media library (as well as from any posts to which it is currently attached). View will take you to the display page for that file.' ) . '</p>'
) );
get_current_screen()->add_help_tab( array(
'id'		=> 'attaching-files',
'title'		=> __('Attaching Files'),
'content'	=>
	'<p>' . __( 'If a media file has not been attached to any content, you will see that in the Uploaded To column, and can click on Attach to launch a small popup that will allow you to search for existing content and attach the file.' ) . '</p>'
) );

get_current_screen()->set_help_sidebar(
	'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
	'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen" target="_blank">Documentation on Media Library</a>' ) . '</p>' .
	'<p>' . __( '<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
);

get_current_screen()->set_screen_reader_content( array(
	'heading_views'      => __( 'Filter media items list' ),
	'heading_pagination' => __( 'Media items list navigation' ),
	'heading_list'       => __( 'Media items list' ),
) );

require_once( ABSPATH . 'wp-admin/admin-header.php' );
?>

<div class="wrap">
<h1>
<?php
echo esc_html( $title );
if ( current_user_can( 'upload_files' ) ) { ?>
	<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x('Add New', 'file'); ?></a><?php
}
if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) {
	/* translators: %s: search keywords */
	printf( '<span class="subtitle">' . __( 'Search results for &#8220;%s&#8221;' ) . '</span>', get_search_query() );
}
?>
</h1>

<?php
$message = '';
if ( ! empty( $_GET['posted'] ) ) {
	$message = __( 'Media file updated.' );
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('posted'), $_SERVER['REQUEST_URI']);
}

if ( ! empty( $_GET['attached'] ) && $attached = absint( $_GET['attached'] ) ) {
	if ( 1 == $attached ) {
		$message = __( 'Media file attached.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file attached.', '%s media files attached.', $attached );
	}
	$message = sprintf( $message, number_format_i18n( $attached ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
}

if ( ! empty( $_GET['detach'] ) && $detached = absint( $_GET['detach'] ) ) {
	if ( 1 == $detached ) {
		$message = __( 'Media file detached.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file detached.', '%s media files detached.', $detached );
	}
	$message = sprintf( $message, number_format_i18n( $detached ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
}

if ( ! empty( $_GET['deleted'] ) && $deleted = absint( $_GET['deleted'] ) ) {
	if ( 1 == $deleted ) {
		$message = __( 'Media file permanently deleted.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file permanently deleted.', '%s media files permanently deleted.', $deleted );
	}
	$message = sprintf( $message, number_format_i18n( $deleted ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('deleted'), $_SERVER['REQUEST_URI']);
}

if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) {
	if ( 1 == $trashed ) {
		$message = __( 'Media file moved to the trash.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file moved to the trash.', '%s media files moved to the trash.', $trashed );
	}
	$message = sprintf( $message, number_format_i18n( $trashed ) );
	$message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
}

if ( ! empty( $_GET['untrashed'] ) && $untrashed = absint( $_GET['untrashed'] ) ) {
	if ( 1 == $untrashed ) {
		$message = __( 'Media file restored from the trash.' );
	} else {
		/* translators: %s: number of media files */
		$message = _n( '%s media file restored from the trash.', '%s media files restored from the trash.', $untrashed );
	}
	$message = sprintf( $message, number_format_i18n( $untrashed ) );
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('untrashed'), $_SERVER['REQUEST_URI']);
}

$messages[1] = __( 'Media file updated.' );
$messages[2] = __( 'Media file permanently deleted.' );
$messages[3] = __( 'Error saving media file.' );
$messages[4] = __( 'Media file moved to the trash.' ) . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __( 'Undo' ) . '</a>';
$messages[5] = __( 'Media file restored from the trash.' );

if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) {
	$message = $messages[ $_GET['message'] ];
	$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
}

if ( !empty($message) ) { ?>
<div id="message" class="updated notice is-dismissible"><p><?php echo $message; ?></p></div>
<?php } ?>

<form id="posts-filter" method="get">

<?php $wp_list_table->views(); ?>

<?php $wp_list_table->display(); ?>

<div id="ajax-response"></div>
<?php find_posts_div(); ?>
</form>
</div>

<?php
include( ABSPATH . 'wp-admin/admin-footer.php' );


1		<?php
2		/**
3		* Media Library administration panel.
4		*
5		* @package WordPress
6		* @subpackage Administration
7		*/
8
9		/** WordPress Administration Bootstrap */
10		require_once( dirname( __FILE__ ) . '/admin.php' );
11
12		if ( !current_user_can('upload_files') )
13		wp_die( __( 'Sorry, you are not allowed to upload files.' ) );
14
15		$mode = get_user_option( 'media_library_mode', get_current_user_id() ) ? get_user_option( 'media_library_mode', get_current_user_id() ) : 'grid';
16		$modes = array( 'grid', 'list' );
17
18		if ( isset( $_GET['mode'] ) && in_array( $_GET['mode'], $modes ) ) {
19		$mode = $_GET['mode'];
20		update_user_option( get_current_user_id(), 'media_library_mode', $mode );
21		}
22
23		if ( 'grid' === $mode ) {
24		wp_enqueue_media();
25		wp_enqueue_script( 'media-grid' );
26		wp_enqueue_script( 'media' );
27
28		remove_action( 'admin_head', 'wp_admin_canonical_url' );
29
30		$q = $_GET;
31		// let JS handle this
32		unset( $q['s'] );
33		$vars = wp_edit_attachments_query_vars( $q );
34		$ignore = array( 'mode', 'post_type', 'post_status', 'posts_per_page' );
35		foreach ( $vars as $key => $value ) {
36		if ( ! $value \|\| in_array( $key, $ignore ) ) {
37		unset( $vars[ $key ] );
38		}
39		}
40
41		wp_localize_script( 'media-grid', '_wpMediaGridSettings', array(
42		'adminUrl' => parse_url( self_admin_url(), PHP_URL_PATH ),
43		'queryVars' => (object) $vars
44		) );
45
46		get_current_screen()->add_help_tab( array(
47		'id' => 'overview',
48		'title' => __( 'Overview' ),
49		'content' =>
50		'<p>' . __( 'All the files you’ve uploaded are listed in the Media Library, with the most recent uploads listed first.' ) . '</p>' .
51		'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>' .
52		'<p>' . __( 'To delete media items, click the Bulk Select button at the top of the screen. Select any items you wish to delete, then click the Delete Selected button. Clicking the Cancel Selection button takes you back to viewing your media.' ) . '</p>'
53		) );
54
55		get_current_screen()->add_help_tab( array(
56		'id' => 'attachment-details',
57		'title' => __( 'Attachment Details' ),
58		'content' =>
59		'<p>' . __( 'Clicking an item will display an Attachment Details dialog, which allows you to preview media and make quick edits. Any changes you make to the attachment details will be automatically saved.' ) . '</p>' .
60		'<p>' . __( 'Use the arrow buttons at the top of the dialog, or the left and right arrow keys on your keyboard, to navigate between media items quickly.' ) . '</p>' .
61		'<p>' . __( 'You can also delete individual items and access the extended edit screen from the details dialog.' ) . '</p>'
62		) );
63
64		get_current_screen()->set_help_sidebar(
65		'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
66		'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen" target="_blank">Documentation on Media Library</a>' ) . '</p>' .
67		'<p>' . __( '<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
68		);
69
70		$title = __('Media Library');
71		$parent_file = 'upload.php';
72
73		require_once( ABSPATH . 'wp-admin/admin-header.php' );
74		?>
75		<div class="wrap" id="wp-media-grid" data-search="<?php _admin_search_query() ?>">
76		<h1>
77		<?php
78		echo esc_html( $title );
79	View Code Duplication	if ( current_user_can( 'upload_files' ) ) { ?>
80		<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'file' ); ?></a><?php
81		}
82		?>
83		</h1>
84		<div class="error hide-if-js">
85		<p><?php printf(
86		/* translators: %s: list view URL */
87		__( 'The grid view for the Media Library requires JavaScript. <a href="%s">Switch to the list view</a>.' ),
88		'upload.php?mode=list'
89		); ?></p>
90		</div>
91		</div>
92		<?php
93		include( ABSPATH . 'wp-admin/admin-footer.php' );
94		exit;
95		}
96
97		$wp_list_table = _get_list_table('WP_Media_List_Table');
98		$pagenum = $wp_list_table->get_pagenum();
99
100		// Handle bulk actions
101		$doaction = $wp_list_table->current_action();
102
103		if ( $doaction ) {
104		check_admin_referer('bulk-media');
105
106		if ( 'delete_all' == $doaction ) {
107		$post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" );
108		$doaction = 'delete';
109		} elseif ( isset( $_REQUEST['media'] ) ) {
110		$post_ids = $_REQUEST['media'];
111		} elseif ( isset( $_REQUEST['ids'] ) ) {
112		$post_ids = explode( ',', $_REQUEST['ids'] );
113		}
114
115		$location = 'upload.php';
116		if ( $referer = wp_get_referer() ) {
117		if ( false !== strpos( $referer, 'upload.php' ) )
118		$location = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'message', 'ids', 'posted' ), $referer );
119		}
120
121		switch ( $doaction ) {
122		case 'detach':
123		wp_media_attach_action( $_REQUEST['parent_post_id'], 'detach' );
124		break;
125
126		case 'attach':
127		wp_media_attach_action( $_REQUEST['found_post_id'] );
128		break;
129
130		case 'trash':
131		if ( !isset( $post_ids ) )
132		break;
133		foreach ( (array) $post_ids as $post_id ) {
134		if ( !current_user_can( 'delete_post', $post_id ) )
135		wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );
136
137		if ( !wp_trash_post( $post_id ) )
138		wp_die( __( 'Error in moving to Trash.' ) );
139		}
140		$location = add_query_arg( array( 'trashed' => count( $post_ids ), 'ids' => join( ',', $post_ids ) ), $location );
141		break;
142	View Code Duplication	case 'untrash':
143		if ( !isset( $post_ids ) )
144		break;
145		foreach ( (array) $post_ids as $post_id ) {
146		if ( !current_user_can( 'delete_post', $post_id ) )
147		wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );
148
149		if ( !wp_untrash_post( $post_id ) )
150		wp_die( __( 'Error in restoring from Trash.' ) );
151		}
152		$location = add_query_arg( 'untrashed', count( $post_ids ), $location );
153		break;
154	View Code Duplication	case 'delete':
155		if ( !isset( $post_ids ) )
156		break;
157		foreach ( (array) $post_ids as $post_id_del ) {
158		if ( !current_user_can( 'delete_post', $post_id_del ) )
159		wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );
160
161		if ( !wp_delete_attachment( $post_id_del ) )
162		wp_die( __( 'Error in deleting.' ) );
163		}
164		$location = add_query_arg( 'deleted', count( $post_ids ), $location );
165		break;
166		}
167
168		wp_redirect( $location );
		0 ignored issues – show Bug introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$location` defined by `remove_query_arg(array('...', 'posted'), $referer)` on line `118` can also be of type `boolean`; however, `wp_redirect()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
169		exit;
170	View Code Duplication	} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
171		wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
		0 ignored issues – show Bug introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `wp_unslash($_SERVER['REQUEST_URI'])` targeting `wp_unslash()` can also be of type `array`; however, `remove_query_arg()` does only seem to accept `boolean\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history... Bug introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `remove_query_arg(array('...SERVER['REQUEST_URI']))` targeting `remove_query_arg()` can also be of type `boolean`; however, `wp_redirect()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
172		exit;
173		}
174
175		$wp_list_table->prepare_items();
176
177		$title = __('Media Library');
178		$parent_file = 'upload.php';
179
180		wp_enqueue_script( 'media' );
181
182		add_screen_option( 'per_page' );
183
184		get_current_screen()->add_help_tab( array(
185		'id' => 'overview',
186		'title' => __('Overview'),
187		'content' =>
188		'<p>' . __( 'All the files you’ve uploaded are listed in the Media Library, with the most recent uploads listed first. You can use the Screen Options tab to customize the display of this screen.' ) . '</p>' .
189		'<p>' . __( 'You can narrow the list by file type/status or by date using the dropdown menus above the media table.' ) . '</p>' .
190		'<p>' . __( 'You can view your media in a simple visual grid or a list with columns. Switch between these views using the icons to the left above the media.' ) . '</p>'
191		) );
192		get_current_screen()->add_help_tab( array(
193		'id' => 'actions-links',
194		'title' => __('Available Actions'),
195		'content' =>
196		'<p>' . __( 'Hovering over a row reveals action links: Edit, Delete Permanently, and View. Clicking Edit or on the media file’s name displays a simple screen to edit that individual file’s metadata. Clicking Delete Permanently will delete the file from the media library (as well as from any posts to which it is currently attached). View will take you to the display page for that file.' ) . '</p>'
197		) );
198		get_current_screen()->add_help_tab( array(
199		'id' => 'attaching-files',
200		'title' => __('Attaching Files'),
201		'content' =>
202		'<p>' . __( 'If a media file has not been attached to any content, you will see that in the Uploaded To column, and can click on Attach to launch a small popup that will allow you to search for existing content and attach the file.' ) . '</p>'
203		) );
204
205		get_current_screen()->set_help_sidebar(
206		'<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
207		'<p>' . __( '<a href="https://codex.wordpress.org/Media_Library_Screen" target="_blank">Documentation on Media Library</a>' ) . '</p>' .
208		'<p>' . __( '<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
209		);
210
211		get_current_screen()->set_screen_reader_content( array(
212		'heading_views' => __( 'Filter media items list' ),
213		'heading_pagination' => __( 'Media items list navigation' ),
214		'heading_list' => __( 'Media items list' ),
215		) );
216
217		require_once( ABSPATH . 'wp-admin/admin-header.php' );
218		?>
219
220		<div class="wrap">
221		<h1>
222		<?php
223		echo esc_html( $title );
224	View Code Duplication	if ( current_user_can( 'upload_files' ) ) { ?>
225		<a href="<?php echo admin_url( 'media-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x('Add New', 'file'); ?></a><?php
226		}
227	View Code Duplication	if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) {
228		/* translators: %s: search keywords */
229		printf( '<span class="subtitle">' . __( 'Search results for “%s”' ) . '</span>', get_search_query() );
230		}
231		?>
232		</h1>
233
234		<?php
235		$message = '';
236		if ( ! empty( $_GET['posted'] ) ) {
237		$message = __( 'Media file updated.' );
238		$_SERVER['REQUEST_URI'] = remove_query_arg(array('posted'), $_SERVER['REQUEST_URI']);
239		}
240
241	View Code Duplication	if ( ! empty( $_GET['attached'] ) && $attached = absint( $_GET['attached'] ) ) {
242		if ( 1 == $attached ) {
243		$message = __( 'Media file attached.' );
244		} else {
245		/* translators: %s: number of media files */
246		$message = _n( '%s media file attached.', '%s media files attached.', $attached );
247		}
248		$message = sprintf( $message, number_format_i18n( $attached ) );
249		$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
250		}
251
252	View Code Duplication	if ( ! empty( $_GET['detach'] ) && $detached = absint( $_GET['detach'] ) ) {
253		if ( 1 == $detached ) {
254		$message = __( 'Media file detached.' );
255		} else {
256		/* translators: %s: number of media files */
257		$message = _n( '%s media file detached.', '%s media files detached.', $detached );
258		}
259		$message = sprintf( $message, number_format_i18n( $detached ) );
260		$_SERVER['REQUEST_URI'] = remove_query_arg( array( 'detach', 'attached' ), $_SERVER['REQUEST_URI'] );
261		}
262
263	View Code Duplication	if ( ! empty( $_GET['deleted'] ) && $deleted = absint( $_GET['deleted'] ) ) {
264		if ( 1 == $deleted ) {
265		$message = __( 'Media file permanently deleted.' );
266		} else {
267		/* translators: %s: number of media files */
268		$message = _n( '%s media file permanently deleted.', '%s media files permanently deleted.', $deleted );
269		}
270		$message = sprintf( $message, number_format_i18n( $deleted ) );
271		$_SERVER['REQUEST_URI'] = remove_query_arg(array('deleted'), $_SERVER['REQUEST_URI']);
272		}
273
274		if ( ! empty( $_GET['trashed'] ) && $trashed = absint( $_GET['trashed'] ) ) {
275		if ( 1 == $trashed ) {
276		$message = __( 'Media file moved to the trash.' );
277		} else {
278		/* translators: %s: number of media files */
279		$message = _n( '%s media file moved to the trash.', '%s media files moved to the trash.', $trashed );
280		}
281		$message = sprintf( $message, number_format_i18n( $trashed ) );
282		$message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
283		$_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
284		}
285
286	View Code Duplication	if ( ! empty( $_GET['untrashed'] ) && $untrashed = absint( $_GET['untrashed'] ) ) {
287		if ( 1 == $untrashed ) {
288		$message = __( 'Media file restored from the trash.' );
289		} else {
290		/* translators: %s: number of media files */
291		$message = _n( '%s media file restored from the trash.', '%s media files restored from the trash.', $untrashed );
292		}
293		$message = sprintf( $message, number_format_i18n( $untrashed ) );
294		$_SERVER['REQUEST_URI'] = remove_query_arg(array('untrashed'), $_SERVER['REQUEST_URI']);
295		}
296
297		$messages[1] = __( 'Media file updated.' );
298		$messages[2] = __( 'Media file permanently deleted.' );
299		$messages[3] = __( 'Error saving media file.' );
300		$messages[4] = __( 'Media file moved to the trash.' ) . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __( 'Undo' ) . '</a>';
301		$messages[5] = __( 'Media file restored from the trash.' );
302
303		if ( ! empty( $_GET['message'] ) && isset( $messages[ $_GET['message'] ] ) ) {
304		$message = $messages[ $_GET['message'] ];
305		$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
306		}
307
308		if ( !empty($message) ) { ?>
309		<div id="message" class="updated notice is-dismissible"><p><?php echo $message; ?></p></div>
310		<?php } ?>
311
312		<form id="posts-filter" method="get">
313
314		<?php $wp_list_table->views(); ?>
315
316		<?php $wp_list_table->display(); ?>
317
318		<div id="ajax-response"></div>
319		<?php find_posts_div(); ?>
320		</form>
321		</div>
322
323		<?php
324		include( ABSPATH . 'wp-admin/admin-footer.php' );
325

staylor / WordPress

Issues (2010)

Security Analysis not enabled

wp-admin/upload.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like