Issues in class-wp-site.php (master) - Issues in master - staylor/WordPress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2010)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-includes/class-wp-site.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Site API: WP_Site class
 *
 * @package WordPress
 * @subpackage Multisite
 * @since 4.5.0
 */

/**
 * Core class used for interacting with a multisite site.
 *
 * This class is used during load to populate the `$current_blog` global and
 * setup the current site.
 *
 * @since 4.5.0
 *
 * @property int $id
 * @property int $network_id
 */
final class WP_Site {

	/**
	 * Site ID.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $blog_id;

	/**
	 * Domain of the site.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $domain = '';

	/**
	 * Path of the site.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $path = '';

	/**
	 * The ID of the site's parent network.
	 *
	 * Named "site" vs. "network" for legacy reasons. An individual site's "site" is
	 * its network.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $site_id = '0';

	/**
	 * The date on which the site was created or registered.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string Date in MySQL's datetime format.
	 */
	public $registered = '0000-00-00 00:00:00';

	/**
	 * The date and time on which site settings were last updated.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string Date in MySQL's datetime format.
	 */
	public $last_updated = '0000-00-00 00:00:00';

	/**
	 * Whether the site should be treated as public.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $public = '1';

	/**
	 * Whether the site should be treated as archived.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $archived = '0';

	/**
	 * Whether the site should be treated as mature.
	 *
	 * Handling for this does not exist throughout WordPress core, but custom
	 * implementations exist that require the property to be present.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $mature = '0';

	/**
	 * Whether the site should be treated as spam.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $spam = '0';

	/**
	 * Whether the site should be treated as deleted.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $deleted = '0';

	/**
	 * The language pack associated with this site.
	 *
	 * A numeric string, for compatibility reasons.
	 *
	 * @since 4.5.0
	 * @access public
	 * @var string
	 */
	public $lang_id = '0';

	/**
	 * Retrieves a site from the database by its ID.
	 *
	 * @static
	 * @since 4.5.0
	 * @access public
	 *
	 * @global wpdb $wpdb WordPress database abstraction object.
	 *
	 * @param int $site_id The ID of the site to retrieve.
	 * @return WP_Site|false The site's object if found. False if not.
	 */
	public static function get_instance( $site_id ) {

		global $wpdb;

		$site_id = (int) $site_id;
		if ( ! $site_id ) {
			return false;
		}

		$_site = wp_cache_get( $site_id, 'sites' );

		if ( ! $_site ) {
			$_site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = %d LIMIT 1", $site_id ) );

			if ( empty( $_site ) || is_wp_error( $_site ) ) {
				return false;
			}

			wp_cache_add( $site_id, $_site, 'sites' );
		}

		return new WP_Site( $_site );
	}

	/**
	 * Creates a new WP_Site object.
	 *
	 * Will populate object properties from the object provided and assign other
	 * default properties based on that information.
	 *
	 * @since 4.5.0
	 * @access public
	 *
	 * @param WP_Site|object $site A site object.
	 */
	public function __construct( $site ) {
		foreach( get_object_vars( $site ) as $key => $value ) {
			$this->$key = $value;
		}
	}

	/**
	 * Converts an object to array.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @return array Object as array.
	 */
	public function to_array() {
		return get_object_vars( $this );
	}

	/**
	 * Getter.
	 *
	 * Allows current multisite naming conventions when getting properties.
	 * Allows access to extended site properties.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @param string $key Property to get.
	 * @return mixed Value of the property. Null if not available.
	 */
	public function __get( $key ) {
		switch ( $key ) {
			case 'id':
				return (int) $this->blog_id;
			case 'network_id':
				return (int) $this->site_id;
			case 'blogname':
			case 'siteurl':
			case 'post_count':
			case 'home':
				if ( ! did_action( 'ms_loaded' ) ) {
					return null;
				}
				$details = $this->get_details();
				return $details->$key;
		}

		return null;
	}

	/**
	 * Isset-er.
	 *
	 * Allows current multisite naming conventions when checking for properties.
	 * Checks for extended site properties.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @param string $key Property to check if set.
	 * @return bool Whether the property is set.
	 */
	public function __isset( $key ) {
		switch ( $key ) {
			case 'id':
			case 'network_id':
				return true;
			case 'blogname':
			case 'siteurl':
			case 'post_count':
			case 'home':
				if ( ! did_action( 'ms_loaded' ) ) {
					return false;
				}
				return true;
		}

		return false;
	}

	/**
	 * Setter.
	 *
	 * Allows current multisite naming conventions while setting properties.
	 *
	 * @since 4.6.0
	 * @access public
	 *
	 * @param string $key   Property to set.
	 * @param mixed  $value Value to assign to the property.
	 */
	public function __set( $key, $value ) {

		switch ( $key ) {
			case 'id':
				$this->blog_id = (string) $value;
				break;
			case 'network_id':
				$this->site_id = (string) $value;
				break;
			default:
				$this->$key = $value;
		}
	}

	/**
	 * Retrieves the details for this site.
	 *
	 * This method is used internally to lazy-load the extended properties of a site.
	 *
	 * @since 4.6.0
	 * @access private
	 *
	 * @see WP_Site::__get()
	 *
	 * @return object A raw site object with all details included.
	 */
	private function get_details() {
		$details = wp_cache_get( $this->blog_id, 'site-details' );

		if ( false === $details ) {

			switch_to_blog( $this->blog_id );
			// Create a raw copy of the object for backwards compatibility with the filter below.
			$details = new stdClass();
			foreach ( get_object_vars( $this ) as $key => $value ) {
				$details->$key = $value;
			}
			$details->blogname   = get_option( 'blogname' );
			$details->siteurl    = get_option( 'siteurl' );
			$details->post_count = get_option( 'post_count' );
			$details->home       = get_option( 'home' );
			restore_current_blog();

			$cache_details = true;
			foreach ( array( 'blogname', 'siteurl', 'post_count', 'home' ) as $field ) {
				if ( false === $details->$field ) {
					$cache_details = false;
					break;
				}
			}

			if ( $cache_details ) {
				wp_cache_set( $this->blog_id, $details, 'site-details' );
			}
		}

		/**
		 * Filters a site's extended properties.
		 *
		 * @since 4.6.0
		 *
		 * @param object $details The site details.
		 */
		$details = apply_filters( 'site_details', $details );

		return $details;
	}
}


1		<?php
2		/**
3		* Site API: WP_Site class
4		*
5		* @package WordPress
6		* @subpackage Multisite
7		* @since 4.5.0
8		*/
9
10		/**
11		* Core class used for interacting with a multisite site.
12		*
13		* This class is used during load to populate the `$current_blog` global and
14		* setup the current site.
15		*
16		* @since 4.5.0
17		*
18		* @property int $id
19		* @property int $network_id
20		*/
21		final class WP_Site {
22
23		/**
24		* Site ID.
25		*
26		* A numeric string, for compatibility reasons.
27		*
28		* @since 4.5.0
29		* @access public
30		* @var string
31		*/
32		public $blog_id;
33
34		/**
35		* Domain of the site.
36		*
37		* @since 4.5.0
38		* @access public
39		* @var string
40		*/
41		public $domain = '';
42
43		/**
44		* Path of the site.
45		*
46		* @since 4.5.0
47		* @access public
48		* @var string
49		*/
50		public $path = '';
51
52		/**
53		* The ID of the site's parent network.
54		*
55		* Named "site" vs. "network" for legacy reasons. An individual site's "site" is
56		* its network.
57		*
58		* A numeric string, for compatibility reasons.
59		*
60		* @since 4.5.0
61		* @access public
62		* @var string
63		*/
64		public $site_id = '0';
65
66		/**
67		* The date on which the site was created or registered.
68		*
69		* @since 4.5.0
70		* @access public
71		* @var string Date in MySQL's datetime format.
72		*/
73		public $registered = '0000-00-00 00:00:00';
74
75		/**
76		* The date and time on which site settings were last updated.
77		*
78		* @since 4.5.0
79		* @access public
80		* @var string Date in MySQL's datetime format.
81		*/
82		public $last_updated = '0000-00-00 00:00:00';
83
84		/**
85		* Whether the site should be treated as public.
86		*
87		* A numeric string, for compatibility reasons.
88		*
89		* @since 4.5.0
90		* @access public
91		* @var string
92		*/
93		public $public = '1';
94
95		/**
96		* Whether the site should be treated as archived.
97		*
98		* A numeric string, for compatibility reasons.
99		*
100		* @since 4.5.0
101		* @access public
102		* @var string
103		*/
104		public $archived = '0';
105
106		/**
107		* Whether the site should be treated as mature.
108		*
109		* Handling for this does not exist throughout WordPress core, but custom
110		* implementations exist that require the property to be present.
111		*
112		* A numeric string, for compatibility reasons.
113		*
114		* @since 4.5.0
115		* @access public
116		* @var string
117		*/
118		public $mature = '0';
119
120		/**
121		* Whether the site should be treated as spam.
122		*
123		* A numeric string, for compatibility reasons.
124		*
125		* @since 4.5.0
126		* @access public
127		* @var string
128		*/
129		public $spam = '0';
130
131		/**
132		* Whether the site should be treated as deleted.
133		*
134		* A numeric string, for compatibility reasons.
135		*
136		* @since 4.5.0
137		* @access public
138		* @var string
139		*/
140		public $deleted = '0';
141
142		/**
143		* The language pack associated with this site.
144		*
145		* A numeric string, for compatibility reasons.
146		*
147		* @since 4.5.0
148		* @access public
149		* @var string
150		*/
151		public $lang_id = '0';
152
153		/**
154		* Retrieves a site from the database by its ID.
155		*
156		* @static
157		* @since 4.5.0
158		* @access public
159		*
160		* @global wpdb $wpdb WordPress database abstraction object.
161		*
162		* @param int $site_id The ID of the site to retrieve.
163		* @return WP_Site\|false The site's object if found. False if not.
164		*/
165	View Code Duplication	public static function get_instance( $site_id ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
166		global $wpdb;
167
168		$site_id = (int) $site_id;
169		if ( ! $site_id ) {
170		return false;
171		}
172
173		$_site = wp_cache_get( $site_id, 'sites' );
174
175		if ( ! $_site ) {
176		$_site = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->blogs} WHERE blog_id = %d LIMIT 1", $site_id ) );
177
178		if ( empty( $_site ) \|\| is_wp_error( $_site ) ) {
179		return false;
180		}
181
182		wp_cache_add( $site_id, $_site, 'sites' );
183		}
184
185		return new WP_Site( $_site );
186		}
187
188		/**
189		* Creates a new WP_Site object.
190		*
191		* Will populate object properties from the object provided and assign other
192		* default properties based on that information.
193		*
194		* @since 4.5.0
195		* @access public
196		*
197		* @param WP_Site\|object $site A site object.
198		*/
199		public function __construct( $site ) {
200		foreach( get_object_vars( $site ) as $key => $value ) {
201		$this->$key = $value;
202		}
203		}
204
205		/**
206		* Converts an object to array.
207		*
208		* @since 4.6.0
209		* @access public
210		*
211		* @return array Object as array.
212		*/
213		public function to_array() {
214		return get_object_vars( $this );
215		}
216
217		/**
218		* Getter.
219		*
220		* Allows current multisite naming conventions when getting properties.
221		* Allows access to extended site properties.
222		*
223		* @since 4.6.0
224		* @access public
225		*
226		* @param string $key Property to get.
227		* @return mixed Value of the property. Null if not available.
228		*/
229		public function __get( $key ) {
230		switch ( $key ) {
231		case 'id':
232		return (int) $this->blog_id;
233		case 'network_id':
234		return (int) $this->site_id;
235		case 'blogname':
236		case 'siteurl':
237		case 'post_count':
238		case 'home':
239		if ( ! did_action( 'ms_loaded' ) ) {
240		return null;
241		}
242		$details = $this->get_details();
243		return $details->$key;
244		}
245
246		return null;
247		}
248
249		/**
250		* Isset-er.
251		*
252		* Allows current multisite naming conventions when checking for properties.
253		* Checks for extended site properties.
254		*
255		* @since 4.6.0
256		* @access public
257		*
258		* @param string $key Property to check if set.
259		* @return bool Whether the property is set.
260		*/
261		public function __isset( $key ) {
262		switch ( $key ) {
263		case 'id':
264		case 'network_id':
265		return true;
266		case 'blogname':
267		case 'siteurl':
268		case 'post_count':
269		case 'home':
270		if ( ! did_action( 'ms_loaded' ) ) {
271		return false;
272		}
273		return true;
274		}
275
276		return false;
277		}
278
279		/**
280		* Setter.
281		*
282		* Allows current multisite naming conventions while setting properties.
283		*
284		* @since 4.6.0
285		* @access public
286		*
287		* @param string $key Property to set.
288		* @param mixed $value Value to assign to the property.
289		*/
290	View Code Duplication	public function __set( $key, $value ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
291		switch ( $key ) {
292		case 'id':
293		$this->blog_id = (string) $value;
294		break;
295		case 'network_id':
296		$this->site_id = (string) $value;
297		break;
298		default:
299		$this->$key = $value;
300		}
301		}
302
303		/**
304		* Retrieves the details for this site.
305		*
306		* This method is used internally to lazy-load the extended properties of a site.
307		*
308		* @since 4.6.0
309		* @access private
310		*
311		* @see WP_Site::__get()
312		*
313		* @return object A raw site object with all details included.
314		*/
315		private function get_details() {
316		$details = wp_cache_get( $this->blog_id, 'site-details' );
317
318		if ( false === $details ) {
319
320		switch_to_blog( $this->blog_id );
321		// Create a raw copy of the object for backwards compatibility with the filter below.
322		$details = new stdClass();
323		foreach ( get_object_vars( $this ) as $key => $value ) {
324		$details->$key = $value;
325		}
326		$details->blogname = get_option( 'blogname' );
327		$details->siteurl = get_option( 'siteurl' );
328		$details->post_count = get_option( 'post_count' );
329		$details->home = get_option( 'home' );
330		restore_current_blog();
331
332		$cache_details = true;
333		foreach ( array( 'blogname', 'siteurl', 'post_count', 'home' ) as $field ) {
334		if ( false === $details->$field ) {
335		$cache_details = false;
336		break;
337		}
338		}
339
340		if ( $cache_details ) {
341		wp_cache_set( $this->blog_id, $details, 'site-details' );
342		}
343		}
344
345		/**
346		* Filters a site's extended properties.
347		*
348		* @since 4.6.0
349		*
350		* @param object $details The site details.
351		*/
352		$details = apply_filters( 'site_details', $details );
353
354		return $details;
355		}
356		}
357

staylor / WordPress

Issues (2010)

Security Analysis not enabled

wp-includes/class-wp-site.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like