Issues in class-walker-comment.php (master) - Issues in master - staylor/WordPress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2010)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-includes/class-walker-comment.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Comment API: Walker_Comment class
 *
 * @package WordPress
 * @subpackage Comments
 * @since 4.4.0
 */

/**
 * Core walker class used to create an HTML list of comments.
 *
 * @since 2.7.0
 *
 * @see Walker
 */
class Walker_Comment extends Walker {

	/**
	 * What the class handles.
	 *
	 * @since 2.7.0
	 * @access public
	 * @var string
	 *
	 * @see Walker::$tree_type
	 */
	public $tree_type = 'comment';

	/**
	 * Database fields to use.
	 *
	 * @since 2.7.0
	 * @access public
	 * @var array
	 *
	 * @see Walker::$db_fields
	 * @todo Decouple this
	 */
	public $db_fields = array ('parent' => 'comment_parent', 'id' => 'comment_ID');

	/**
	 * Starts the list before the elements are added.
	 *
	 * @since 2.7.0
	 * @access public
	 *
	 * @see Walker::start_lvl()
	 * @global int $comment_depth
	 *
	 * @param string $output Passed by reference. Used to append additional content.
	 * @param int    $depth  Optional. Depth of the current comment. Default 0.
	 * @param array  $args   Optional. Uses 'style' argument for type of HTML list. Default empty array.
	 */
	public function start_lvl( &$output, $depth = 0, $args = array() ) {

		$GLOBALS['comment_depth'] = $depth + 1;

		switch ( $args['style'] ) {
			case 'div':
				break;
			case 'ol':
				$output .= '<ol class="children">' . "\n";
				break;
			case 'ul':
			default:
				$output .= '<ul class="children">' . "\n";
				break;
		}
	}

	/**
	 * Ends the list of items after the elements are added.
	 *
	 * @since 2.7.0
	 * @access public
	 *
	 * @see Walker::end_lvl()
	 * @global int $comment_depth
	 *
	 * @param string $output Passed by reference. Used to append additional content.
	 * @param int    $depth  Optional. Depth of the current comment. Default 0.
	 * @param array  $args   Optional. Will only append content if style argument value is 'ol' or 'ul'.
	 *                       Default empty array.
	 */
	public function end_lvl( &$output, $depth = 0, $args = array() ) {

		$GLOBALS['comment_depth'] = $depth + 1;

		switch ( $args['style'] ) {
			case 'div':
				break;
			case 'ol':
				$output .= "</ol><!-- .children -->\n";
				break;
			case 'ul':
			default:
				$output .= "</ul><!-- .children -->\n";
				break;
		}
	}

	/**
	 * Traverses elements to create list from elements.
	 *
	 * This function is designed to enhance Walker::display_element() to
	 * display children of higher nesting levels than selected inline on
	 * the highest depth level displayed. This prevents them being orphaned
	 * at the end of the comment list.
	 *
	 * Example: max_depth = 2, with 5 levels of nested content.
	 *     1
	 *      1.1
	 *        1.1.1
	 *        1.1.1.1
	 *        1.1.1.1.1
	 *        1.1.2
	 *        1.1.2.1
	 *     2
	 *      2.2
	 *
	 * @since 2.7.0
	 * @access public
	 *
	 * @see Walker::display_element()
	 * @see wp_list_comments()
	 *
	 * @param WP_Comment $element           Comment data object.
	 * @param array      $children_elements List of elements to continue traversing. Passed by reference.
	 * @param int        $max_depth         Max depth to traverse.
	 * @param int        $depth             Depth of the current element.
	 * @param array      $args              An array of arguments.
	 * @param string     $output            Used to append additional content. Passed by reference.
	 */
	public function display_element( $element, &$children_elements, $max_depth, $depth, $args, &$output ) {
		if ( !$element )
			return;

		$id_field = $this->db_fields['id'];
		$id = $element->$id_field;

		parent::display_element( $element, $children_elements, $max_depth, $depth, $args, $output );

		/*
		 * If at the max depth, and the current element still has children, loop over those
		 * and display them at this level. This is to prevent them being orphaned to the end
		 * of the list.
		 */
		if ( $max_depth <= $depth + 1 && isset( $children_elements[$id]) ) {
			foreach ( $children_elements[ $id ] as $child )
				$this->display_element( $child, $children_elements, $max_depth, $depth, $args, $output );

			unset( $children_elements[ $id ] );
		}

	}

	/**
	 * Starts the element output.
	 *
	 * @since 2.7.0
	 * @access public
	 *
	 * @see Walker::start_el()
	 * @see wp_list_comments()
	 * @global int        $comment_depth
	 * @global WP_Comment $comment
	 *
	 * @param string     $output  Used to append additional content. Passed by reference.
	 * @param WP_Comment $comment Comment data object.
	 * @param int        $depth   Optional. Depth of the current comment in reference to parents. Default 0.
	 * @param array      $args    Optional. An array of arguments. Default empty array.
	 * @param int        $id      Optional. ID of the current comment. Default 0 (unused).
	 */
	public function start_el( &$output, $comment, $depth = 0, $args = array(), $id = 0 ) {
		$depth++;
		$GLOBALS['comment_depth'] = $depth;
		$GLOBALS['comment'] = $comment;

		if ( !empty( $args['callback'] ) ) {
			ob_start();
			call_user_func( $args['callback'], $comment, $args, $depth );
			$output .= ob_get_clean();
			return;
		}

		if ( ( 'pingback' == $comment->comment_type || 'trackback' == $comment->comment_type ) && $args['short_ping'] ) {
			ob_start();
			$this->ping( $comment, $depth, $args );
			$output .= ob_get_clean();
		} elseif ( 'html5' === $args['format'] ) {
			ob_start();
			$this->html5_comment( $comment, $depth, $args );
			$output .= ob_get_clean();
		} else {
			ob_start();
			$this->comment( $comment, $depth, $args );
			$output .= ob_get_clean();
		}
	}

	/**
	 * Ends the element output, if needed.
	 *
	 * @since 2.7.0
	 * @access public
	 *
	 * @see Walker::end_el()
	 * @see wp_list_comments()
	 *
	 * @param string     $output  Used to append additional content. Passed by reference.
	 * @param WP_Comment $comment The current comment object. Default current comment.
	 * @param int        $depth   Optional. Depth of the current comment. Default 0.
	 * @param array      $args    Optional. An array of arguments. Default empty array.
	 */
	public function end_el( &$output, $comment, $depth = 0, $args = array() ) {
		if ( !empty( $args['end-callback'] ) ) {
			ob_start();
			call_user_func( $args['end-callback'], $comment, $args, $depth );
			$output .= ob_get_clean();
			return;
		}
		if ( 'div' == $args['style'] )
			$output .= "</div><!-- #comment-## -->\n";
		else
			$output .= "</li><!-- #comment-## -->\n";
	}

	/**
	 * Outputs a pingback comment.
	 *
	 * @since 3.6.0
	 * @access protected
	 *
	 * @see wp_list_comments()
	 *
	 * @param WP_Comment $comment The comment object.
	 * @param int        $depth   Depth of the current comment.
	 * @param array      $args    An array of arguments.
	 */
	protected function ping( $comment, $depth, $args ) {
		$tag = ( 'div' == $args['style'] ) ? 'div' : 'li';
?>
		<<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( '', $comment ); ?>>
			<div class="comment-body">
				<?php _e( 'Pingback:' ); ?> <?php comment_author_link( $comment ); ?> <?php edit_comment_link( __( 'Edit' ), '<span class="edit-link">', '</span>' ); ?>
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
			</div>
<?php
	}

	/**
	 * Outputs a single comment.
	 *
	 * @since 3.6.0
	 * @access protected
	 *
	 * @see wp_list_comments()
	 *
	 * @param WP_Comment $comment Comment to display.
	 * @param int        $depth   Depth of the current comment.
	 * @param array      $args    An array of arguments.
	 */
	protected function comment( $comment, $depth, $args ) {
		if ( 'div' == $args['style'] ) {
			$tag = 'div';
			$add_below = 'comment';
		} else {
			$tag = 'li';
			$add_below = 'div-comment';
		}
?>
		<<?php echo $tag; ?> <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?> id="comment-<?php comment_ID(); ?>">
		<?php if ( 'div' != $args['style'] ) : ?>
		<div id="div-comment-<?php comment_ID(); ?>" class="comment-body">
		<?php endif; ?>
		<div class="comment-author vcard">
			<?php if ( 0 != $args['avatar_size'] ) echo get_avatar( $comment, $args['avatar_size'] ); ?>
			<?php printf( __( '<cite class="fn">%s</cite> <span class="says">says:</span>' ), get_comment_author_link( $comment ) ); ?>
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
		</div>
		<?php if ( '0' == $comment->comment_approved ) : ?>
		<em class="comment-awaiting-moderation"><?php _e( 'Your comment is awaiting moderation.' ) ?></em>
		<br />
		<?php endif; ?>

		<div class="comment-meta commentmetadata"><a href="<?php echo esc_url( get_comment_link( $comment, $args ) ); ?>">
			<?php
				/* translators: 1: comment date, 2: comment time */
				printf( __( '%1$s at %2$s' ), get_comment_date( '', $comment ),  get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)' ), '&nbsp;&nbsp;', '' );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
			?>
		</div>

		<?php comment_text( $comment, array_merge( $args, array( 'add_below' => $add_below, 'depth' => $depth, 'max_depth' => $args['max_depth'] ) ) ); ?>
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

		<?php
		comment_reply_link( array_merge( $args, array(
			'add_below' => $add_below,
			'depth'     => $depth,
			'max_depth' => $args['max_depth'],
			'before'    => '<div class="reply">',
			'after'     => '</div>'
		) ) );
		?>

		<?php if ( 'div' != $args['style'] ) : ?>
		</div>
		<?php endif; ?>
<?php
	}

	/**
	 * Outputs a comment in the HTML5 format.
	 *
	 * @since 3.6.0
	 * @access protected
	 *
	 * @see wp_list_comments()
	 *
	 * @param WP_Comment $comment Comment to display.
	 * @param int        $depth   Depth of the current comment.
	 * @param array      $args    An array of arguments.
	 */
	protected function html5_comment( $comment, $depth, $args ) {
		$tag = ( 'div' === $args['style'] ) ? 'div' : 'li';
?>
		<<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?>>
			<article id="div-comment-<?php comment_ID(); ?>" class="comment-body">
				<footer class="comment-meta">
					<div class="comment-author vcard">
						<?php if ( 0 != $args['avatar_size'] ) echo get_avatar( $comment, $args['avatar_size'] ); ?>
						<?php printf( __( '%s <span class="says">says:</span>' ), sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) ) ); ?>
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
					</div><!-- .comment-author -->

					<div class="comment-metadata">
						<a href="<?php echo esc_url( get_comment_link( $comment, $args ) ); ?>">
							<time datetime="<?php comment_time( 'c' ); ?>">
								<?php
									/* translators: 1: comment date, 2: comment time */
									printf( __( '%1$s at %2$s' ), get_comment_date( '', $comment ), get_comment_time() );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
								?>
							</time>
						</a>
						<?php edit_comment_link( __( 'Edit' ), '<span class="edit-link">', '</span>' ); ?>
					</div><!-- .comment-metadata -->

					<?php if ( '0' == $comment->comment_approved ) : ?>
					<p class="comment-awaiting-moderation"><?php _e( 'Your comment is awaiting moderation.' ); ?></p>
					<?php endif; ?>
				</footer><!-- .comment-meta -->

				<div class="comment-content">
					<?php comment_text(); ?>
				</div><!-- .comment-content -->

				<?php
				comment_reply_link( array_merge( $args, array(
					'add_below' => 'div-comment',
					'depth'     => $depth,
					'max_depth' => $args['max_depth'],
					'before'    => '<div class="reply">',
					'after'     => '</div>'
				) ) );
				?>
			</article><!-- .comment-body -->
<?php
	}
}


1		<?php
2		/**
3		* Comment API: Walker_Comment class
4		*
5		* @package WordPress
6		* @subpackage Comments
7		* @since 4.4.0
8		*/
9
10		/**
11		* Core walker class used to create an HTML list of comments.
12		*
13		* @since 2.7.0
14		*
15		* @see Walker
16		*/
17		class Walker_Comment extends Walker {
18
19		/**
20		* What the class handles.
21		*
22		* @since 2.7.0
23		* @access public
24		* @var string
25		*
26		* @see Walker::$tree_type
27		*/
28		public $tree_type = 'comment';
29
30		/**
31		* Database fields to use.
32		*
33		* @since 2.7.0
34		* @access public
35		* @var array
36		*
37		* @see Walker::$db_fields
38		* @todo Decouple this
39		*/
40		public $db_fields = array ('parent' => 'comment_parent', 'id' => 'comment_ID');
41
42		/**
43		* Starts the list before the elements are added.
44		*
45		* @since 2.7.0
46		* @access public
47		*
48		* @see Walker::start_lvl()
49		* @global int $comment_depth
50		*
51		* @param string $output Passed by reference. Used to append additional content.
52		* @param int $depth Optional. Depth of the current comment. Default 0.
53		* @param array $args Optional. Uses 'style' argument for type of HTML list. Default empty array.
54		*/
55	View Code Duplication	public function start_lvl( &$output, $depth = 0, $args = array() ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
56		$GLOBALS['comment_depth'] = $depth + 1;
57
58		switch ( $args['style'] ) {
59		case 'div':
60		break;
61		case 'ol':
62		$output .= '<ol class="children">' . "\n";
63		break;
64		case 'ul':
65		default:
66		$output .= '<ul class="children">' . "\n";
67		break;
68		}
69		}
70
71		/**
72		* Ends the list of items after the elements are added.
73		*
74		* @since 2.7.0
75		* @access public
76		*
77		* @see Walker::end_lvl()
78		* @global int $comment_depth
79		*
80		* @param string $output Passed by reference. Used to append additional content.
81		* @param int $depth Optional. Depth of the current comment. Default 0.
82		* @param array $args Optional. Will only append content if style argument value is 'ol' or 'ul'.
83		* Default empty array.
84		*/
85	View Code Duplication	public function end_lvl( &$output, $depth = 0, $args = array() ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
86		$GLOBALS['comment_depth'] = $depth + 1;
87
88		switch ( $args['style'] ) {
89		case 'div':
90		break;
91		case 'ol':
92		$output .= "</ol><!-- .children -->\n";
93		break;
94		case 'ul':
95		default:
96		$output .= "</ul><!-- .children -->\n";
97		break;
98		}
99		}
100
101		/**
102		* Traverses elements to create list from elements.
103		*
104		* This function is designed to enhance Walker::display_element() to
105		* display children of higher nesting levels than selected inline on
106		* the highest depth level displayed. This prevents them being orphaned
107		* at the end of the comment list.
108		*
109		* Example: max_depth = 2, with 5 levels of nested content.
110		* 1
111		* 1.1
112		* 1.1.1
113		* 1.1.1.1
114		* 1.1.1.1.1
115		* 1.1.2
116		* 1.1.2.1
117		* 2
118		* 2.2
119		*
120		* @since 2.7.0
121		* @access public
122		*
123		* @see Walker::display_element()
124		* @see wp_list_comments()
125		*
126		* @param WP_Comment $element Comment data object.
127		* @param array $children_elements List of elements to continue traversing. Passed by reference.
128		* @param int $max_depth Max depth to traverse.
129		* @param int $depth Depth of the current element.
130		* @param array $args An array of arguments.
131		* @param string $output Used to append additional content. Passed by reference.
132		*/
133		public function display_element( $element, &$children_elements, $max_depth, $depth, $args, &$output ) {
134		if ( !$element )
135		return;
136
137		$id_field = $this->db_fields['id'];
138		$id = $element->$id_field;
139
140		parent::display_element( $element, $children_elements, $max_depth, $depth, $args, $output );
141
142		/*
143		* If at the max depth, and the current element still has children, loop over those
144		* and display them at this level. This is to prevent them being orphaned to the end
145		* of the list.
146		*/
147		if ( $max_depth <= $depth + 1 && isset( $children_elements[$id]) ) {
148		foreach ( $children_elements[ $id ] as $child )
149		$this->display_element( $child, $children_elements, $max_depth, $depth, $args, $output );
150
151		unset( $children_elements[ $id ] );
152		}
153
154		}
155
156		/**
157		* Starts the element output.
158		*
159		* @since 2.7.0
160		* @access public
161		*
162		* @see Walker::start_el()
163		* @see wp_list_comments()
164		* @global int $comment_depth
165		* @global WP_Comment $comment
166		*
167		* @param string $output Used to append additional content. Passed by reference.
168		* @param WP_Comment $comment Comment data object.
169		* @param int $depth Optional. Depth of the current comment in reference to parents. Default 0.
170		* @param array $args Optional. An array of arguments. Default empty array.
171		* @param int $id Optional. ID of the current comment. Default 0 (unused).
172		*/
173		public function start_el( &$output, $comment, $depth = 0, $args = array(), $id = 0 ) {
174		$depth++;
175		$GLOBALS['comment_depth'] = $depth;
176		$GLOBALS['comment'] = $comment;
177
178	View Code Duplication	if ( !empty( $args['callback'] ) ) {
179		ob_start();
180		call_user_func( $args['callback'], $comment, $args, $depth );
181		$output .= ob_get_clean();
182		return;
183		}
184
185		if ( ( 'pingback' == $comment->comment_type \|\| 'trackback' == $comment->comment_type ) && $args['short_ping'] ) {
186		ob_start();
187		$this->ping( $comment, $depth, $args );
188		$output .= ob_get_clean();
189		} elseif ( 'html5' === $args['format'] ) {
190		ob_start();
191		$this->html5_comment( $comment, $depth, $args );
192		$output .= ob_get_clean();
193		} else {
194		ob_start();
195		$this->comment( $comment, $depth, $args );
196		$output .= ob_get_clean();
197		}
198		}
199
200		/**
201		* Ends the element output, if needed.
202		*
203		* @since 2.7.0
204		* @access public
205		*
206		* @see Walker::end_el()
207		* @see wp_list_comments()
208		*
209		* @param string $output Used to append additional content. Passed by reference.
210		* @param WP_Comment $comment The current comment object. Default current comment.
211		* @param int $depth Optional. Depth of the current comment. Default 0.
212		* @param array $args Optional. An array of arguments. Default empty array.
213		*/
214		public function end_el( &$output, $comment, $depth = 0, $args = array() ) {
215	View Code Duplication	if ( !empty( $args['end-callback'] ) ) {
216		ob_start();
217		call_user_func( $args['end-callback'], $comment, $args, $depth );
218		$output .= ob_get_clean();
219		return;
220		}
221		if ( 'div' == $args['style'] )
222		$output .= "</div><!-- #comment-## -->\n";
223		else
224		$output .= "</li><!-- #comment-## -->\n";
225		}
226
227		/**
228		* Outputs a pingback comment.
229		*
230		* @since 3.6.0
231		* @access protected
232		*
233		* @see wp_list_comments()
234		*
235		* @param WP_Comment $comment The comment object.
236		* @param int $depth Depth of the current comment.
237		* @param array $args An array of arguments.
238		*/
239		protected function ping( $comment, $depth, $args ) {
240		$tag = ( 'div' == $args['style'] ) ? 'div' : 'li';
241		?>
242		<<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( '', $comment ); ?>>
243		<div class="comment-body">
244		<?php _e( 'Pingback:' ); ?> <?php comment_author_link( $comment ); ?> <?php edit_comment_link( __( 'Edit' ), '<span class="edit-link">', '</span>' ); ?>
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$comment` is of type `object<WP_Comment>`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
245		</div>
246		<?php
247		}
248
249		/**
250		* Outputs a single comment.
251		*
252		* @since 3.6.0
253		* @access protected
254		*
255		* @see wp_list_comments()
256		*
257		* @param WP_Comment $comment Comment to display.
258		* @param int $depth Depth of the current comment.
259		* @param array $args An array of arguments.
260		*/
261		protected function comment( $comment, $depth, $args ) {
262		if ( 'div' == $args['style'] ) {
263		$tag = 'div';
264		$add_below = 'comment';
265		} else {
266		$tag = 'li';
267		$add_below = 'div-comment';
268		}
269		?>
270		<<?php echo $tag; ?> <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?> id="comment-<?php comment_ID(); ?>">
271		<?php if ( 'div' != $args['style'] ) : ?>
272		<div id="div-comment-<?php comment_ID(); ?>" class="comment-body">
273		<?php endif; ?>
274		<div class="comment-author vcard">
275		<?php if ( 0 != $args['avatar_size'] ) echo get_avatar( $comment, $args['avatar_size'] ); ?>
276		<?php printf( __( '<cite class="fn">%s</cite> <span class="says">says:</span>' ), get_comment_author_link( $comment ) ); ?>
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$comment` is of type `object<WP_Comment>`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
277		</div>
278		<?php if ( '0' == $comment->comment_approved ) : ?>
279		<em class="comment-awaiting-moderation"><?php _e( 'Your comment is awaiting moderation.' ) ?></em>
280		<br />
281		<?php endif; ?>
282
283		<div class="comment-meta commentmetadata"><a href="<?php echo esc_url( get_comment_link( $comment, $args ) ); ?>">
284		<?php
285		/* translators: 1: comment date, 2: comment time */
286		printf( __( '%1$s at %2$s' ), get_comment_date( '', $comment ), get_comment_time() ); ?></a><?php edit_comment_link( __( '(Edit)' ), '  ', '' );
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$comment` is of type `object<WP_Comment>`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
287		?>
288		</div>
289
290		<?php comment_text( $comment, array_merge( $args, array( 'add_below' => $add_below, 'depth' => $depth, 'max_depth' => $args['max_depth'] ) ) ); ?>
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$comment` is of type `object<WP_Comment>`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
291
292		<?php
293		comment_reply_link( array_merge( $args, array(
294		'add_below' => $add_below,
295		'depth' => $depth,
296		'max_depth' => $args['max_depth'],
297		'before' => '<div class="reply">',
298		'after' => '</div>'
299		) ) );
300		?>
301
302		<?php if ( 'div' != $args['style'] ) : ?>
303		</div>
304		<?php endif; ?>
305		<?php
306		}
307
308		/**
309		* Outputs a comment in the HTML5 format.
310		*
311		* @since 3.6.0
312		* @access protected
313		*
314		* @see wp_list_comments()
315		*
316		* @param WP_Comment $comment Comment to display.
317		* @param int $depth Depth of the current comment.
318		* @param array $args An array of arguments.
319		*/
320		protected function html5_comment( $comment, $depth, $args ) {
321		$tag = ( 'div' === $args['style'] ) ? 'div' : 'li';
322		?>
323		<<?php echo $tag; ?> id="comment-<?php comment_ID(); ?>" <?php comment_class( $this->has_children ? 'parent' : '', $comment ); ?>>
324		<article id="div-comment-<?php comment_ID(); ?>" class="comment-body">
325		<footer class="comment-meta">
326		<div class="comment-author vcard">
327		<?php if ( 0 != $args['avatar_size'] ) echo get_avatar( $comment, $args['avatar_size'] ); ?>
328		<?php printf( __( '%s <span class="says">says:</span>' ), sprintf( '<b class="fn">%s</b>', get_comment_author_link( $comment ) ) ); ?>
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$comment` is of type `object<WP_Comment>`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
329		</div><!-- .comment-author -->
330
331		<div class="comment-metadata">
332		<a href="<?php echo esc_url( get_comment_link( $comment, $args ) ); ?>">
333		<time datetime="<?php comment_time( 'c' ); ?>">
334		<?php
335		/* translators: 1: comment date, 2: comment time */
336		printf( __( '%1$s at %2$s' ), get_comment_date( '', $comment ), get_comment_time() );
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$comment` is of type `object<WP_Comment>`, but the function expects a `integer`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
337		?>
338		</time>
339		</a>
340		<?php edit_comment_link( __( 'Edit' ), '<span class="edit-link">', '</span>' ); ?>
341		</div><!-- .comment-metadata -->
342
343		<?php if ( '0' == $comment->comment_approved ) : ?>
344		<p class="comment-awaiting-moderation"><?php _e( 'Your comment is awaiting moderation.' ); ?></p>
345		<?php endif; ?>
346		</footer><!-- .comment-meta -->
347
348		<div class="comment-content">
349		<?php comment_text(); ?>
350		</div><!-- .comment-content -->
351
352		<?php
353		comment_reply_link( array_merge( $args, array(
354		'add_below' => 'div-comment',
355		'depth' => $depth,
356		'max_depth' => $args['max_depth'],
357		'before' => '<div class="reply">',
358		'after' => '</div>'
359		) ) );
360		?>
361		</article><!-- .comment-body -->
362		<?php
363		}
364		}
365

staylor / WordPress

Issues (2010)

Security Analysis not enabled

wp-includes/class-walker-comment.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like