Issues (2010)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-includes/class-wp-comment.php (3 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * Comment API: WP_Comment class
4
 *
5
 * @package WordPress
6
 * @subpackage Comments
7
 * @since 4.4.0
8
 */
9
10
/**
11
 * Core class used to organize comments as instantiated objects with defined members.
12
 *
13
 * @since 4.4.0
14
 */
15
final class WP_Comment {
16
17
	/**
18
	 * Comment ID.
19
	 *
20
	 * @since 4.4.0
21
	 * @access public
22
	 * @var int
23
	 */
24
	public $comment_ID;
25
26
	/**
27
	 * ID of the post the comment is associated with.
28
	 *
29
	 * @since 4.4.0
30
	 * @access public
31
	 * @var int
32
	 */
33
	public $comment_post_ID = 0;
34
35
	/**
36
	 * Comment author name.
37
	 *
38
	 * @since 4.4.0
39
	 * @access public
40
	 * @var string
41
	 */
42
	public $comment_author = '';
43
44
	/**
45
	 * Comment author email address.
46
	 *
47
	 * @since 4.4.0
48
	 * @access public
49
	 * @var string
50
	 */
51
	public $comment_author_email = '';
52
53
	/**
54
	 * Comment author URL.
55
	 *
56
	 * @since 4.4.0
57
	 * @access public
58
	 * @var string
59
	 */
60
	public $comment_author_url = '';
61
62
	/**
63
	 * Comment author IP address (IPv4 format).
64
	 *
65
	 * @since 4.4.0
66
	 * @access public
67
	 * @var string
68
	 */
69
	public $comment_author_IP = '';
70
71
	/**
72
	 * Comment date in YYYY-MM-DD HH:MM:SS format.
73
	 *
74
	 * @since 4.4.0
75
	 * @access public
76
	 * @var string
77
	 */
78
	public $comment_date = '0000-00-00 00:00:00';
79
80
	/**
81
	 * Comment GMT date in YYYY-MM-DD HH::MM:SS format.
82
	 *
83
	 * @since 4.4.0
84
	 * @access public
85
	 * @var string
86
	 */
87
	public $comment_date_gmt = '0000-00-00 00:00:00';
88
89
	/**
90
	 * Comment content.
91
	 *
92
	 * @since 4.4.0
93
	 * @access public
94
	 * @var string
95
	 */
96
	public $comment_content;
97
98
	/**
99
	 * Comment karma count.
100
	 *
101
	 * @since 4.4.0
102
	 * @access public
103
	 * @var int
104
	 */
105
	public $comment_karma = 0;
106
107
	/**
108
	 * Comment approval status.
109
	 *
110
	 * @since 4.4.0
111
	 * @access public
112
	 * @var string
113
	 */
114
	public $comment_approved = '1';
115
116
	/**
117
	 * Comment author HTTP user agent.
118
	 *
119
	 * @since 4.4.0
120
	 * @access public
121
	 * @var string
122
	 */
123
	public $comment_agent = '';
124
125
	/**
126
	 * Comment type.
127
	 *
128
	 * @since 4.4.0
129
	 * @access public
130
	 * @var string
131
	 */
132
	public $comment_type = '';
133
134
	/**
135
	 * Parent comment ID.
136
	 *
137
	 * @since 4.4.0
138
	 * @access public
139
	 * @var int
140
	 */
141
	public $comment_parent = 0;
142
143
	/**
144
	 * Comment author ID.
145
	 *
146
	 * @since 4.4.0
147
	 * @access public
148
	 * @var int
149
	 */
150
	public $user_id = 0;
151
152
	/**
153
	 * Comment children.
154
	 *
155
	 * @since 4.4.0
156
	 * @access protected
157
	 * @var array
158
	 */
159
	protected $children;
160
161
	/**
162
	 * Whether children have been populated for this comment object.
163
	 *
164
	 * @since 4.4.0
165
	 * @access protected
166
	 * @var bool
167
	 */
168
	protected $populated_children = false;
169
170
	/**
171
	 * Post fields.
172
	 *
173
	 * @since 4.4.0
174
	 * @access protected
175
	 * @var array
176
	 */
177
	protected $post_fields = array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_title', 'post_excerpt', 'post_status', 'comment_status', 'ping_status', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_content_filtered', 'post_parent', 'guid', 'menu_order', 'post_type', 'post_mime_type', 'comment_count' );
178
179
	/**
180
	 * Retrieves a WP_Comment instance.
181
	 *
182
	 * @since 4.4.0
183
	 * @access public
184
	 * @static
185
	 *
186
	 * @global wpdb $wpdb WordPress database abstraction object.
187
	 *
188
	 * @param int $id Comment ID.
189
	 * @return WP_Comment|false Comment object, otherwise false.
190
	 */
191 View Code Duplication
	public static function get_instance( $id ) {
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
192
		global $wpdb;
193
194
		$comment_id = (int) $id;
195
		if ( ! $comment_id ) {
196
			return false;
197
		}
198
199
		$_comment = wp_cache_get( $comment_id, 'comment' );
200
201
		if ( ! $_comment ) {
202
			$_comment = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id ) );
203
204
			if ( ! $_comment ) {
205
				return false;
206
			}
207
208
			wp_cache_add( $_comment->comment_ID, $_comment, 'comment' );
209
		}
210
211
		return new WP_Comment( $_comment );
212
	}
213
214
	/**
215
	 * Constructor.
216
	 *
217
	 * Populates properties with object vars.
218
	 *
219
	 * @since 4.4.0
220
	 * @access public
221
	 *
222
	 * @param WP_Comment $comment Comment object.
223
	 */
224
	public function __construct( $comment ) {
225
		foreach ( get_object_vars( $comment ) as $key => $value ) {
226
			$this->$key = $value;
227
		}
228
	}
229
230
	/**
231
	 * Convert object to array.
232
	 *
233
	 * @since 4.4.0
234
	 * @access public
235
	 *
236
	 * @return array Object as array.
237
	 */
238
	public function to_array() {
239
		return get_object_vars( $this );
240
	}
241
242
	/**
243
	 * Get the children of a comment.
244
	 *
245
	 * @since 4.4.0
246
	 * @access public
247
	 *
248
	 * @param array $args {
249
	 *     Array of arguments used to pass to get_comments() and determine format.
250
	 *
251
	 *     @type string $format        Return value format. 'tree' for a hierarchical tree, 'flat' for a flattened array.
252
	 *                                 Default 'tree'.
253
	 *     @type string $status        Comment status to limit results by. Accepts 'hold' (`comment_status=0`),
254
	 *                                 'approve' (`comment_status=1`), 'all', or a custom comment status.
255
	 *                                 Default 'all'.
256
	 *     @type string $hierarchical  Whether to include comment descendants in the results.
257
	 *                                 'threaded' returns a tree, with each comment's children
258
	 *                                 stored in a `children` property on the `WP_Comment` object.
259
	 *                                 'flat' returns a flat array of found comments plus their children.
260
	 *                                 Pass `false` to leave out descendants.
261
	 *                                 The parameter is ignored (forced to `false`) when `$fields` is 'ids' or 'counts'.
262
	 *                                 Accepts 'threaded', 'flat', or false. Default: 'threaded'.
263
	 *     @type string|array $orderby Comment status or array of statuses. To use 'meta_value'
264
	 *                                 or 'meta_value_num', `$meta_key` must also be defined.
265
	 *                                 To sort by a specific `$meta_query` clause, use that
266
	 *                                 clause's array key. Accepts 'comment_agent',
267
	 *                                 'comment_approved', 'comment_author',
268
	 *                                 'comment_author_email', 'comment_author_IP',
269
	 *                                 'comment_author_url', 'comment_content', 'comment_date',
270
	 *                                 'comment_date_gmt', 'comment_ID', 'comment_karma',
271
	 *                                 'comment_parent', 'comment_post_ID', 'comment_type',
272
	 *                                 'user_id', 'comment__in', 'meta_value', 'meta_value_num',
273
	 *                                 the value of $meta_key, and the array keys of
274
	 *                                 `$meta_query`. Also accepts false, an empty array, or
275
	 *                                 'none' to disable `ORDER BY` clause.
276
	 * }
277
	 * @return array Array of `WP_Comment` objects.
278
	 */
279
	public function get_children( $args = array() ) {
280
		$defaults = array(
281
			'format' => 'tree',
282
			'status' => 'all',
283
			'hierarchical' => 'threaded',
284
			'orderby' => '',
285
		);
286
287
		$_args = wp_parse_args( $args, $defaults );
288
		$_args['parent'] = $this->comment_ID;
289
290
		if ( is_null( $this->children ) ) {
291
			if ( $this->populated_children ) {
292
				$this->children = array();
293
			} else {
294
				$this->children = get_comments( $_args );
0 ignored issues
show
Documentation Bug introduced by
It seems like get_comments($_args) can also be of type integer. However, the property $children is declared as type array. Maybe add an additional type check?

Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.

For example, imagine you have a variable $accountId that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the id property of an instance of the Account class. This class holds a proper account, so the id value must no longer be false.

Either this assignment is in error or a type check should be added for that assignment.

class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
Loading history...
295
			}
296
		}
297
298
		if ( 'flat' === $_args['format'] ) {
299
			$children = array();
300
			foreach ( $this->children as $child ) {
0 ignored issues
show
The expression $this->children of type array|integer is not guaranteed to be traversable. How about adding an additional type check?

There are different options of fixing this problem.

  1. If you want to be on the safe side, you can add an additional type-check:

    $collection = json_decode($data, true);
    if ( ! is_array($collection)) {
        throw new \RuntimeException('$collection must be an array.');
    }
    
    foreach ($collection as $item) { /** ... */ }
    
  2. If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:

    /** @var array $collection */
    $collection = json_decode($data, true);
    
    foreach ($collection as $item) { /** .. */ }
    
  3. Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.

Loading history...
301
				$child_args = $_args;
302
				$child_args['format'] = 'flat';
303
				// get_children() resets this value automatically.
304
				unset( $child_args['parent'] );
305
306
				$children = array_merge( $children, array( $child ), $child->get_children( $child_args ) );
307
			}
308
		} else {
309
			$children = $this->children;
310
		}
311
312
		return $children;
313
	}
314
315
	/**
316
	 * Add a child to the comment.
317
	 *
318
	 * Used by `WP_Comment_Query` when bulk-filling descendants.
319
	 *
320
	 * @since 4.4.0
321
	 * @access public
322
	 *
323
	 * @param WP_Comment $child Child comment.
324
	 */
325
	public function add_child( WP_Comment $child ) {
326
		$this->children[ $child->comment_ID ] = $child;
327
	}
328
329
	/**
330
	 * Get a child comment by ID.
331
	 *
332
	 * @since 4.4.0
333
	 * @access public
334
	 *
335
	 * @param int $child_id ID of the child.
336
	 * @return WP_Comment|bool Returns the comment object if found, otherwise false.
337
	 */
338
	public function get_child( $child_id ) {
339
		if ( isset( $this->children[ $child_id ] ) ) {
340
			return $this->children[ $child_id ];
341
		}
342
343
		return false;
344
	}
345
346
	/**
347
	 * Set the 'populated_children' flag.
348
	 *
349
	 * This flag is important for ensuring that calling `get_children()` on a childless comment will not trigger
350
	 * unneeded database queries.
351
	 *
352
	 * @since 4.4.0
353
	 *
354
	 * @param bool $set Whether the comment's children have already been populated.
355
	 */
356
	public function populated_children( $set ) {
357
		$this->populated_children = (bool) $set;
358
	}
359
360
	/**
361
	 * Check whether a non-public property is set.
362
	 *
363
	 * If `$name` matches a post field, the comment post will be loaded and the post's value checked.
364
	 *
365
	 * @since 4.4.0
366
	 * @access public
367
	 *
368
	 * @param string $name Property name.
369
	 * @return bool
370
	 */
371
	public function __isset( $name ) {
372 View Code Duplication
		if ( in_array( $name, $this->post_fields ) && 0 !== (int) $this->comment_post_ID ) {
373
			$post = get_post( $this->comment_post_ID );
374
			return property_exists( $post, $name );
375
		}
376
	}
377
378
	/**
379
	 * Magic getter.
380
	 *
381
	 * If `$name` matches a post field, the comment post will be loaded and the post's value returned.
382
	 *
383
	 * @since 4.4.0
384
	 * @access public
385
	 *
386
	 * @param string $name
387
	 * @return mixed
388
	 */
389
	public function __get( $name ) {
390 View Code Duplication
		if ( in_array( $name, $this->post_fields ) ) {
391
			$post = get_post( $this->comment_post_ID );
392
			return $post->$name;
393
		}
394
	}
395
}
396