Issues in class.wp-scripts.php (master) - Issues in master - staylor/WordPress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2010)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-includes/class.wp-scripts.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Dependencies API: WP_Scripts class
 *
 * @since 2.6.0
 *
 * @package WordPress
 * @subpackage Dependencies
 */

/**
 * Core class used to register scripts.
 *
 * @package WordPress
 * @uses WP_Dependencies
 * @since 2.1.0
 */
class WP_Scripts extends WP_Dependencies {
	/**
	 * Base URL for scripts.
	 *
	 * Full URL with trailing slash.
	 *
	 * @since 2.6.0
	 * @access public
	 * @var string
	 */
	public $base_url;

	/**
	 * URL of the content directory.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var string
	 */
	public $content_url;

	/**
	 * Default version string for stylesheets.
	 *
	 * @since 2.6.0
	 * @access public
	 * @var string
	 */
	public $default_version;

	/**
	 * Holds handles of scripts which are enqueued in footer.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var array
	 */
	public $in_footer = array();

	/**
	 * Holds a list of script handles which will be concatenated.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var string
	 */
	public $concat = '';

	/**
	 * Holds a string which contains script handles and their version.
	 *
	 * @since 2.8.0
	 * @deprecated 3.4.0
	 * @access public
	 * @var string
	 */
	public $concat_version = '';

	/**
	 * Whether to perform concatenation.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var bool
	 */
	public $do_concat = false;

	/**
	 * Holds HTML markup of scripts and additional data if concatenation
	 * is enabled.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var string
	 */
	public $print_html = '';

	/**
	 * Holds inline code if concatenation is enabled.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var string
	 */
	public $print_code = '';

	/**
	 * Holds a list of script handles which are not in the default directory
	 * if concatenation is enabled.
	 *
	 * Unused in core.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var string
	 */
	public $ext_handles = '';

	/**
	 * Holds a string which contains handles and versions of scripts which
	 * are not in the default directory if concatenation is enabled.
	 *
	 * Unused in core.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var string
	 */
	public $ext_version = '';

	/**
	 * List of default directories.
	 *
	 * @since 2.8.0
	 * @access public
	 * @var array
	 */
	public $default_dirs;

	/**
	 * Constructor.
	 *
	 * @since 2.6.0
	 * @access public
	 */
	public function __construct() {
		$this->init();
		add_action( 'init', array( $this, 'init' ), 0 );
	}

	/**
	 * Initialize the class.
	 *
	 * @since 3.4.0
	 * @access public
	 */
	public function init() {
		/**
		 * Fires when the WP_Scripts instance is initialized.
		 *
		 * @since 2.6.0
		 *
		 * @param WP_Scripts &$this WP_Scripts instance, passed by reference.
		 */
		do_action_ref_array( 'wp_default_scripts', array(&$this) );
	}

	/**
	 * Prints scripts.
	 *
	 * Prints the scripts passed to it or the print queue. Also prints all necessary dependencies.
	 *
	 * @since 2.1.0
	 * @since 2.8.0 Added the `$group` parameter.
	 * @access public
	 *
	 * @param mixed $handles Optional. Scripts to be printed. (void) prints queue, (string) prints
	 *                       that script, (array of strings) prints those scripts. Default false.
	 * @param int   $group   Optional. If scripts were queued in groups prints this group number.
	 *                       Default false.
	 * @return array Scripts that have been printed.
	 */
	public function print_scripts( $handles = false, $group = false ) {
		return $this->do_items( $handles, $group );
	}

	/**
	 * Prints extra scripts of a registered script.
	 *
	 * @since 2.1.0
	 * @since 2.8.0 Added the `$echo` parameter.
	 * @deprecated 3.3.0
	 * @access public
	 *
	 * @see print_extra_script()
	 *
	 * @param string $handle The script's registered handle.
	 * @param bool   $echo   Optional. Whether to echo the extra script instead of just returning it.
	 *                       Default true.
	 * @return bool|string|void Void if no data exists, extra scripts if `$echo` is true, true otherwise.
	 */
	public function print_scripts_l10n( $handle, $echo = true ) {
		_deprecated_function( __FUNCTION__, '3.3.0', 'print_extra_script()' );
		return $this->print_extra_script( $handle, $echo );
	}

	/**
	 * Prints extra scripts of a registered script.
	 *
	 * @since 3.3.0
	 * @access public
	 *
	 * @param string $handle The script's registered handle.
	 * @param bool   $echo   Optional. Whether to echo the extra script instead of just returning it.
	 *                       Default true.
	 * @return bool|string|void Void if no data exists, extra scripts if `$echo` is true, true otherwise.
	 */
	public function print_extra_script( $handle, $echo = true ) {
		if ( !$output = $this->get_data( $handle, 'data' ) )
			return;

		if ( !$echo )
			return $output;

		echo "<script type='text/javascript'>\n"; // CDATA and type='text/javascript' is not needed for HTML 5
		echo "/* <![CDATA[ */\n";
		echo "$output\n";
		echo "/* ]]> */\n";
		echo "</script>\n";

		return true;
	}

	/**
	 * Processes a script dependency.
	 *
	 * @since 2.6.0
	 * @since 2.8.0 Added the `$group` parameter.
	 * @access public
	 *
	 * @see WP_Dependencies::do_item()
	 *
	 * @param string $handle    The script's registered handle.
	 * @param int|false $group  Optional. Group level: (int) level, (false) no groups. Default false.
	 * @return bool True on success, false on failure.
	 */
	public function do_item( $handle, $group = false ) {
		if ( !parent::do_item($handle) )
			return false;

		if ( 0 === $group && $this->groups[$handle] > 0 ) {
			$this->in_footer[] = $handle;
			return false;
		}

		if ( false === $group && in_array($handle, $this->in_footer, true) )
			$this->in_footer = array_diff( $this->in_footer, (array) $handle );

		$obj = $this->registered[$handle];

		if ( null === $obj->ver ) {
			$ver = '';
		} else {
			$ver = $obj->ver ? $obj->ver : $this->default_version;
		}

		if ( isset($this->args[$handle]) )
			$ver = $ver ? $ver . '&amp;' . $this->args[$handle] : $this->args[$handle];

		$src = $obj->src;
		$cond_before = $cond_after = '';
		$conditional = isset( $obj->extra['conditional'] ) ? $obj->extra['conditional'] : '';

		if ( $conditional ) {
			$cond_before = "<!--[if {$conditional}]>\n";
			$cond_after = "<![endif]-->\n";
		}

		$before_handle = $this->print_inline_script( $handle, 'before', false );
		$after_handle = $this->print_inline_script( $handle, 'after', false );

		if ( $before_handle ) {
			$before_handle = sprintf( "<script type='text/javascript'>\n%s\n</script>\n", $before_handle );
		}

		if ( $after_handle ) {
			$after_handle = sprintf( "<script type='text/javascript'>\n%s\n</script>\n", $after_handle );
		}

		if ( $this->do_concat ) {
			/**
			 * Filters the script loader source.
			 *
			 * @since 2.2.0
			 *
			 * @param string $src    Script loader source path.
			 * @param string $handle Script handle.
			 */
			$srce = apply_filters( 'script_loader_src', $src, $handle );

			if ( $this->in_default_dir( $srce ) && ( $before_handle || $after_handle ) ) {
				$this->do_concat = false;

				// Have to print the so-far concatenated scripts right away to maintain the right order.
				_print_scripts();
				$this->reset();
			} elseif ( $this->in_default_dir( $srce ) && ! $conditional ) {
				$this->print_code .= $this->print_extra_script( $handle, false );
				$this->concat .= "$handle,";
				$this->concat_version .= "$handle$ver";

				return true;
			} else {
				$this->ext_handles .= "$handle,";
				$this->ext_version .= "$handle$ver";
			}
		}

		$has_conditional_data = $conditional && $this->get_data( $handle, 'data' );

		if ( $has_conditional_data ) {
			echo $cond_before;
		}

		$this->print_extra_script( $handle );

		if ( $has_conditional_data ) {
			echo $cond_after;
		}

		// A single item may alias a set of items, by having dependencies, but no source.
		if ( ! $obj->src ) {
			return true;
		}

		if ( ! preg_match( '|^(https?:)?//|', $src ) && ! ( $this->content_url && 0 === strpos( $src, $this->content_url ) ) ) {
			$src = $this->base_url . $src;
		}

		if ( ! empty( $ver ) )
			$src = add_query_arg( 'ver', $ver, $src );

		/** This filter is documented in wp-includes/class.wp-scripts.php */
		$src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) );

		if ( ! $src )
			return true;

		$tag = "{$cond_before}{$before_handle}<script type='text/javascript' src='$src'></script>\n{$after_handle}{$cond_after}";

		/**
		 * Filters the HTML script tag of an enqueued script.
		 *
		 * @since 4.1.0
		 *
		 * @param string $tag    The `<script>` tag for the enqueued script.
		 * @param string $handle The script's registered handle.
		 * @param string $src    The script's source URL.
		 */
		$tag = apply_filters( 'script_loader_tag', $tag, $handle, $src );

		if ( $this->do_concat ) {
			$this->print_html .= $tag;
		} else {
			echo $tag;
		}

		return true;
	}

	/**
	 * Adds extra code to a registered script.
	 *
	 * @since 4.5.0
	 * @access public
	 *
	 * @param string $handle   Name of the script to add the inline script to. Must be lowercase.
	 * @param string $data     String containing the javascript to be added.
	 * @param string $position Optional. Whether to add the inline script before the handle
	 *                         or after. Default 'after'.
	 * @return bool True on success, false on failure.
	 */
	public function add_inline_script( $handle, $data, $position = 'after' ) {

		if ( ! $data ) {
			return false;
		}

		if ( 'after' !== $position ) {
			$position = 'before';
		}

		$script   = (array) $this->get_data( $handle, $position );
		$script[] = $data;

		return $this->add_data( $handle, $position, $script );
	}

	/**
	 * Prints inline scripts registered for a specific handle.
	 *
	 * @since 4.5.0
	 * @access public
	 *
	 * @param string $handle   Name of the script to add the inline script to. Must be lowercase.
	 * @param string $position Optional. Whether to add the inline script before the handle
	 *                         or after. Default 'after'.
	 * @param bool $echo       Optional. Whether to echo the script instead of just returning it.
	 *                         Default true.
	 * @return string|false Script on success, false otherwise.
	 */
	public function print_inline_script( $handle, $position = 'after', $echo = true ) {

		$output = $this->get_data( $handle, $position );

		if ( empty( $output ) ) {
			return false;
		}

		$output = trim( implode( "\n", $output ), "\n" );

		if ( $echo ) {
			printf( "<script type='text/javascript'>\n%s\n</script>\n", $output );
		}

		return $output;
	}

	/**
	 * Localizes a script, only if the script has already been added.
	 *
	 * @since 2.1.0
	 * @access public
	 *
	 * @param string $handle
	 * @param string $object_name
	 * @param array $l10n
	 * @return bool
	 */
	public function localize( $handle, $object_name, $l10n ) {
		if ( $handle === 'jquery' )
			$handle = 'jquery-core';

		if ( is_array($l10n) && isset($l10n['l10n_print_after']) ) { // back compat, preserve the code in 'l10n_print_after' if present
			$after = $l10n['l10n_print_after'];
			unset($l10n['l10n_print_after']);
		}

		foreach ( (array) $l10n as $key => $value ) {
			if ( !is_scalar($value) )
				continue;

			$l10n[$key] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8');
		}

		$script = "var $object_name = " . wp_json_encode( $l10n ) . ';';

		if ( !empty($after) )
			$script .= "\n$after;";

		$data = $this->get_data( $handle, 'data' );

		if ( !empty( $data ) )
			$script = "$data\n$script";

		return $this->add_data( $handle, 'data', $script );
	}

	/**
	 * Sets handle group.
	 *
	 * @since 2.8.0
	 * @access public
	 *
	 * @see WP_Dependencies::set_group()
	 *
	 * @param string    $handle    Name of the item. Should be unique.
	 * @param bool      $recursion Internal flag that calling function was called recursively.
	 * @param int|false $group     Optional. Group level: (int) level, (false) no groups. Default false.
	 * @return bool Not already in the group or a lower group
	 */
	public function set_group( $handle, $recursion, $group = false ) {
		if ( isset( $this->registered[$handle]->args ) && $this->registered[$handle]->args === 1 )
			$grp = 1;
		else
			$grp = (int) $this->get_data( $handle, 'group' );

		if ( false !== $group && $grp > $group )
			$grp = $group;

		return parent::set_group( $handle, $recursion, $grp );
	}

	/**
	 * Determines script dependencies.
     *
	 * @since 2.1.0
	 * @access public
	 *
	 * @see WP_Dependencies::all_deps()
	 *
	 * @param mixed     $handles   Item handle and argument (string) or item handles and arguments (array of strings).
	 * @param bool      $recursion Internal flag that function is calling itself.
	 * @param int|false $group     Optional. Group level: (int) level, (false) no groups. Default false.
	 * @return bool True on success, false on failure.
	 */
	public function all_deps( $handles, $recursion = false, $group = false ) {

		$r = parent::all_deps( $handles, $recursion, $group );
		if ( ! $recursion ) {
			/**
			 * Filters the list of script dependencies left to print.
			 *
			 * @since 2.3.0
			 *
			 * @param array $to_do An array of script dependencies.
			 */
			$this->to_do = apply_filters( 'print_scripts_array', $this->to_do );

		}
		return $r;
	}

	/**
	 * Processes items and dependencies for the head group.
	 *
	 * @since 2.8.0
	 * @access public
	 *
	 * @see WP_Dependencies::do_items()
	 *
	 * @return array Handles of items that have been processed.
	 */
	public function do_head_items() {
		$this->do_items(false, 0);
		return $this->done;
	}

	/**
	 * Processes items and dependencies for the footer group.
	 *
	 * @since 2.8.0
	 * @access public
	 *
	 * @see WP_Dependencies::do_items()
	 *
	 * @return array Handles of items that have been processed.
	 */
	public function do_footer_items() {
		$this->do_items(false, 1);
		return $this->done;
	}

	/**
	 * Whether a handle's source is in a default directory.
	 *
	 * @since 2.8.0
	 * @access public
	 *
	 * @param string $src The source of the enqueued script.
	 * @return bool True if found, false if not.
	 */
	public function in_default_dir( $src ) {
		if ( ! $this->default_dirs ) {
			return true;
		}

		if ( 0 === strpos( $src, '/' . WPINC . '/js/l10n' ) ) {
			return false;
		}

		foreach ( (array) $this->default_dirs as $test ) {
			if ( 0 === strpos( $src, $test ) ) {
				return true;
			}
		}
		return false;
	}

	/**
	 * Resets class properties.
	 *
	 * @since 2.8.0
	 * @access public
	 */
	public function reset() {
		$this->do_concat = false;
		$this->print_code = '';
		$this->concat = '';
		$this->concat_version = '';

		$this->print_html = '';
		$this->ext_version = '';
		$this->ext_handles = '';
	}
}


1		<?php
2		/**
3		* Dependencies API: WP_Scripts class
4		*
5		* @since 2.6.0
6		*
7		* @package WordPress
8		* @subpackage Dependencies
9		*/
10
11		/**
12		* Core class used to register scripts.
13		*
14		* @package WordPress
15		* @uses WP_Dependencies
16		* @since 2.1.0
17		*/
18		class WP_Scripts extends WP_Dependencies {
19		/**
20		* Base URL for scripts.
21		*
22		* Full URL with trailing slash.
23		*
24		* @since 2.6.0
25		* @access public
26		* @var string
27		*/
28		public $base_url;
29
30		/**
31		* URL of the content directory.
32		*
33		* @since 2.8.0
34		* @access public
35		* @var string
36		*/
37		public $content_url;
38
39		/**
40		* Default version string for stylesheets.
41		*
42		* @since 2.6.0
43		* @access public
44		* @var string
45		*/
46		public $default_version;
47
48		/**
49		* Holds handles of scripts which are enqueued in footer.
50		*
51		* @since 2.8.0
52		* @access public
53		* @var array
54		*/
55		public $in_footer = array();
56
57		/**
58		* Holds a list of script handles which will be concatenated.
59		*
60		* @since 2.8.0
61		* @access public
62		* @var string
63		*/
64		public $concat = '';
65
66		/**
67		* Holds a string which contains script handles and their version.
68		*
69		* @since 2.8.0
70		* @deprecated 3.4.0
71		* @access public
72		* @var string
73		*/
74		public $concat_version = '';
75
76		/**
77		* Whether to perform concatenation.
78		*
79		* @since 2.8.0
80		* @access public
81		* @var bool
82		*/
83		public $do_concat = false;
84
85		/**
86		* Holds HTML markup of scripts and additional data if concatenation
87		* is enabled.
88		*
89		* @since 2.8.0
90		* @access public
91		* @var string
92		*/
93		public $print_html = '';
94
95		/**
96		* Holds inline code if concatenation is enabled.
97		*
98		* @since 2.8.0
99		* @access public
100		* @var string
101		*/
102		public $print_code = '';
103
104		/**
105		* Holds a list of script handles which are not in the default directory
106		* if concatenation is enabled.
107		*
108		* Unused in core.
109		*
110		* @since 2.8.0
111		* @access public
112		* @var string
113		*/
114		public $ext_handles = '';
115
116		/**
117		* Holds a string which contains handles and versions of scripts which
118		* are not in the default directory if concatenation is enabled.
119		*
120		* Unused in core.
121		*
122		* @since 2.8.0
123		* @access public
124		* @var string
125		*/
126		public $ext_version = '';
127
128		/**
129		* List of default directories.
130		*
131		* @since 2.8.0
132		* @access public
133		* @var array
134		*/
135		public $default_dirs;
136
137		/**
138		* Constructor.
139		*
140		* @since 2.6.0
141		* @access public
142		*/
143		public function __construct() {
144		$this->init();
145		add_action( 'init', array( $this, 'init' ), 0 );
146		}
147
148		/**
149		* Initialize the class.
150		*
151		* @since 3.4.0
152		* @access public
153		*/
154		public function init() {
155		/**
156		* Fires when the WP_Scripts instance is initialized.
157		*
158		* @since 2.6.0
159		*
160		* @param WP_Scripts &$this WP_Scripts instance, passed by reference.
161		*/
162		do_action_ref_array( 'wp_default_scripts', array(&$this) );
163		}
164
165		/**
166		* Prints scripts.
167		*
168		* Prints the scripts passed to it or the print queue. Also prints all necessary dependencies.
169		*
170		* @since 2.1.0
171		* @since 2.8.0 Added the `$group` parameter.
172		* @access public
173		*
174		* @param mixed $handles Optional. Scripts to be printed. (void) prints queue, (string) prints
175		* that script, (array of strings) prints those scripts. Default false.
176		* @param int $group Optional. If scripts were queued in groups prints this group number.
177		* Default false.
178		* @return array Scripts that have been printed.
179		*/
180		public function print_scripts( $handles = false, $group = false ) {
181		return $this->do_items( $handles, $group );
182		}
183
184		/**
185		* Prints extra scripts of a registered script.
186		*
187		* @since 2.1.0
188		* @since 2.8.0 Added the `$echo` parameter.
189		* @deprecated 3.3.0
190		* @access public
191		*
192		* @see print_extra_script()
193		*
194		* @param string $handle The script's registered handle.
195		* @param bool $echo Optional. Whether to echo the extra script instead of just returning it.
196		* Default true.
197		* @return bool\|string\|void Void if no data exists, extra scripts if `$echo` is true, true otherwise.
198		*/
199		public function print_scripts_l10n( $handle, $echo = true ) {
200		_deprecated_function( __FUNCTION__, '3.3.0', 'print_extra_script()' );
201		return $this->print_extra_script( $handle, $echo );
202		}
203
204		/**
205		* Prints extra scripts of a registered script.
206		*
207		* @since 3.3.0
208		* @access public
209		*
210		* @param string $handle The script's registered handle.
211		* @param bool $echo Optional. Whether to echo the extra script instead of just returning it.
212		* Default true.
213		* @return bool\|string\|void Void if no data exists, extra scripts if `$echo` is true, true otherwise.
214		*/
215		public function print_extra_script( $handle, $echo = true ) {
216		if ( !$output = $this->get_data( $handle, 'data' ) )
217		return;
218
219		if ( !$echo )
220		return $output;
221
222		echo "<script type='text/javascript'>\n"; // CDATA and type='text/javascript' is not needed for HTML 5
223		echo "/* <![CDATA[ */\n";
224		echo "$output\n";
225		echo "/* ]]> */\n";
226		echo "</script>\n";
227
228		return true;
229		}
230
231		/**
232		* Processes a script dependency.
233		*
234		* @since 2.6.0
235		* @since 2.8.0 Added the `$group` parameter.
236		* @access public
237		*
238		* @see WP_Dependencies::do_item()
239		*
240		* @param string $handle The script's registered handle.
241		* @param int\|false $group Optional. Group level: (int) level, (false) no groups. Default false.
242		* @return bool True on success, false on failure.
243		*/
244		public function do_item( $handle, $group = false ) {
245		if ( !parent::do_item($handle) )
246		return false;
247
248		if ( 0 === $group && $this->groups[$handle] > 0 ) {
249		$this->in_footer[] = $handle;
250		return false;
251		}
252
253		if ( false === $group && in_array($handle, $this->in_footer, true) )
254		$this->in_footer = array_diff( $this->in_footer, (array) $handle );
255
256		$obj = $this->registered[$handle];
257
258	View Code Duplication	if ( null === $obj->ver ) {
259		$ver = '';
260		} else {
261		$ver = $obj->ver ? $obj->ver : $this->default_version;
262		}
263
264	View Code Duplication	if ( isset($this->args[$handle]) )
265		$ver = $ver ? $ver . '&' . $this->args[$handle] : $this->args[$handle];
266
267		$src = $obj->src;
268		$cond_before = $cond_after = '';
269		$conditional = isset( $obj->extra['conditional'] ) ? $obj->extra['conditional'] : '';
270
271		if ( $conditional ) {
272		$cond_before = "<!--[if {$conditional}]>\n";
273		$cond_after = "<![endif]-->\n";
274		}
275
276		$before_handle = $this->print_inline_script( $handle, 'before', false );
277		$after_handle = $this->print_inline_script( $handle, 'after', false );
278
279		if ( $before_handle ) {
280		$before_handle = sprintf( "<script type='text/javascript'>\n%s\n</script>\n", $before_handle );
281		}
282
283		if ( $after_handle ) {
284		$after_handle = sprintf( "<script type='text/javascript'>\n%s\n</script>\n", $after_handle );
285		}
286
287		if ( $this->do_concat ) {
288		/**
289		* Filters the script loader source.
290		*
291		* @since 2.2.0
292		*
293		* @param string $src Script loader source path.
294		* @param string $handle Script handle.
295		*/
296		$srce = apply_filters( 'script_loader_src', $src, $handle );
297
298		if ( $this->in_default_dir( $srce ) && ( $before_handle \|\| $after_handle ) ) {
299		$this->do_concat = false;
300
301		// Have to print the so-far concatenated scripts right away to maintain the right order.
302		_print_scripts();
303		$this->reset();
304		} elseif ( $this->in_default_dir( $srce ) && ! $conditional ) {
305		$this->print_code .= $this->print_extra_script( $handle, false );
306		$this->concat .= "$handle,";
307		$this->concat_version .= "$handle$ver";
		0 ignored issues – show Deprecated Code introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `WP_Scripts::$concat_version` has been deprecated with message: 3.4.0 This property has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the property will be removed from the class and what other property to use instead. Loading history...
308		return true;
309		} else {
310		$this->ext_handles .= "$handle,";
311		$this->ext_version .= "$handle$ver";
312		}
313		}
314
315		$has_conditional_data = $conditional && $this->get_data( $handle, 'data' );
316
317		if ( $has_conditional_data ) {
318		echo $cond_before;
319		}
320
321		$this->print_extra_script( $handle );
322
323		if ( $has_conditional_data ) {
324		echo $cond_after;
325		}
326
327		// A single item may alias a set of items, by having dependencies, but no source.
328		if ( ! $obj->src ) {
329		return true;
330		}
331
332	View Code Duplication	if ( ! preg_match( '\|^(https?:)?//\|', $src ) && ! ( $this->content_url && 0 === strpos( $src, $this->content_url ) ) ) {
333		$src = $this->base_url . $src;
334		}
335
336		if ( ! empty( $ver ) )
337		$src = add_query_arg( 'ver', $ver, $src );
338
339		/** This filter is documented in wp-includes/class.wp-scripts.php */
340		$src = esc_url( apply_filters( 'script_loader_src', $src, $handle ) );
341
342		if ( ! $src )
343		return true;
344
345		$tag = "{$cond_before}{$before_handle}<script type='text/javascript' src='$src'></script>\n{$after_handle}{$cond_after}";
346
347		/**
348		* Filters the HTML script tag of an enqueued script.
349		*
350		* @since 4.1.0
351		*
352		* @param string $tag The `<script>` tag for the enqueued script.
353		* @param string $handle The script's registered handle.
354		* @param string $src The script's source URL.
355		*/
356		$tag = apply_filters( 'script_loader_tag', $tag, $handle, $src );
357
358		if ( $this->do_concat ) {
359		$this->print_html .= $tag;
360		} else {
361		echo $tag;
362		}
363
364		return true;
365		}
366
367		/**
368		* Adds extra code to a registered script.
369		*
370		* @since 4.5.0
371		* @access public
372		*
373		* @param string $handle Name of the script to add the inline script to. Must be lowercase.
374		* @param string $data String containing the javascript to be added.
375		* @param string $position Optional. Whether to add the inline script before the handle
376		* or after. Default 'after'.
377		* @return bool True on success, false on failure.
378		*/
379	View Code Duplication	public function add_inline_script( $handle, $data, $position = 'after' ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
380		if ( ! $data ) {
381		return false;
382		}
383
384		if ( 'after' !== $position ) {
385		$position = 'before';
386		}
387
388		$script = (array) $this->get_data( $handle, $position );
389		$script[] = $data;
390
391		return $this->add_data( $handle, $position, $script );
392		}
393
394		/**
395		* Prints inline scripts registered for a specific handle.
396		*
397		* @since 4.5.0
398		* @access public
399		*
400		* @param string $handle Name of the script to add the inline script to. Must be lowercase.
401		* @param string $position Optional. Whether to add the inline script before the handle
402		* or after. Default 'after'.
403		* @param bool $echo Optional. Whether to echo the script instead of just returning it.
404		* Default true.
405		* @return string\|false Script on success, false otherwise.
406		*/
407	View Code Duplication	public function print_inline_script( $handle, $position = 'after', $echo = true ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
408		$output = $this->get_data( $handle, $position );
409
410		if ( empty( $output ) ) {
411		return false;
412		}
413
414		$output = trim( implode( "\n", $output ), "\n" );
415
416		if ( $echo ) {
417		printf( "<script type='text/javascript'>\n%s\n</script>\n", $output );
418		}
419
420		return $output;
421		}
422
423		/**
424		* Localizes a script, only if the script has already been added.
425		*
426		* @since 2.1.0
427		* @access public
428		*
429		* @param string $handle
430		* @param string $object_name
431		* @param array $l10n
432		* @return bool
433		*/
434		public function localize( $handle, $object_name, $l10n ) {
435		if ( $handle === 'jquery' )
436		$handle = 'jquery-core';
437
438		if ( is_array($l10n) && isset($l10n['l10n_print_after']) ) { // back compat, preserve the code in 'l10n_print_after' if present
439		$after = $l10n['l10n_print_after'];
440		unset($l10n['l10n_print_after']);
441		}
442
443		foreach ( (array) $l10n as $key => $value ) {
444		if ( !is_scalar($value) )
445		continue;
446
447		$l10n[$key] = html_entity_decode( (string) $value, ENT_QUOTES, 'UTF-8');
448		}
449
450		$script = "var $object_name = " . wp_json_encode( $l10n ) . ';';
451
452		if ( !empty($after) )
453		$script .= "\n$after;";
454
455		$data = $this->get_data( $handle, 'data' );
456
457		if ( !empty( $data ) )
458		$script = "$data\n$script";
459
460		return $this->add_data( $handle, 'data', $script );
461		}
462
463		/**
464		* Sets handle group.
465		*
466		* @since 2.8.0
467		* @access public
468		*
469		* @see WP_Dependencies::set_group()
470		*
471		* @param string $handle Name of the item. Should be unique.
472		* @param bool $recursion Internal flag that calling function was called recursively.
473		* @param int\|false $group Optional. Group level: (int) level, (false) no groups. Default false.
474		* @return bool Not already in the group or a lower group
475		*/
476		public function set_group( $handle, $recursion, $group = false ) {
477		if ( isset( $this->registered[$handle]->args ) && $this->registered[$handle]->args === 1 )
478		$grp = 1;
479		else
480		$grp = (int) $this->get_data( $handle, 'group' );
481
482		if ( false !== $group && $grp > $group )
483		$grp = $group;
484
485		return parent::set_group( $handle, $recursion, $grp );
486		}
487
488		/**
489		* Determines script dependencies.
490		*
491		* @since 2.1.0
492		* @access public
493		*
494		* @see WP_Dependencies::all_deps()
495		*
496		* @param mixed $handles Item handle and argument (string) or item handles and arguments (array of strings).
497		* @param bool $recursion Internal flag that function is calling itself.
498		* @param int\|false $group Optional. Group level: (int) level, (false) no groups. Default false.
499		* @return bool True on success, false on failure.
500		*/
501	View Code Duplication	public function all_deps( $handles, $recursion = false, $group = false ) {
		0 ignored issues – show Duplication introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
502		$r = parent::all_deps( $handles, $recursion, $group );
503		if ( ! $recursion ) {
504		/**
505		* Filters the list of script dependencies left to print.
506		*
507		* @since 2.3.0
508		*
509		* @param array $to_do An array of script dependencies.
510		*/
511		$this->to_do = apply_filters( 'print_scripts_array', $this->to_do );
		0 ignored issues – show Documentation Bug introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `apply_filters('print_scr...s_array', $this->to_do)` of type `*` is incompatible with the declared type `array` of property `$to_do`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
512		}
513		return $r;
514		}
515
516		/**
517		* Processes items and dependencies for the head group.
518		*
519		* @since 2.8.0
520		* @access public
521		*
522		* @see WP_Dependencies::do_items()
523		*
524		* @return array Handles of items that have been processed.
525		*/
526		public function do_head_items() {
527		$this->do_items(false, 0);
528		return $this->done;
529		}
530
531		/**
532		* Processes items and dependencies for the footer group.
533		*
534		* @since 2.8.0
535		* @access public
536		*
537		* @see WP_Dependencies::do_items()
538		*
539		* @return array Handles of items that have been processed.
540		*/
541		public function do_footer_items() {
542		$this->do_items(false, 1);
543		return $this->done;
544		}
545
546		/**
547		* Whether a handle's source is in a default directory.
548		*
549		* @since 2.8.0
550		* @access public
551		*
552		* @param string $src The source of the enqueued script.
553		* @return bool True if found, false if not.
554		*/
555		public function in_default_dir( $src ) {
556		if ( ! $this->default_dirs ) {
557		return true;
558		}
559
560		if ( 0 === strpos( $src, '/' . WPINC . '/js/l10n' ) ) {
561		return false;
562		}
563
564		foreach ( (array) $this->default_dirs as $test ) {
565		if ( 0 === strpos( $src, $test ) ) {
566		return true;
567		}
568		}
569		return false;
570		}
571
572		/**
573		* Resets class properties.
574		*
575		* @since 2.8.0
576		* @access public
577		*/
578		public function reset() {
579		$this->do_concat = false;
580		$this->print_code = '';
581		$this->concat = '';
582		$this->concat_version = '';
		0 ignored issues – show Deprecated Code introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `WP_Scripts::$concat_version` has been deprecated with message: 3.4.0 This property has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the property will be removed from the class and what other property to use instead. Loading history...
583		$this->print_html = '';
584		$this->ext_version = '';
585		$this->ext_handles = '';
586		}
587		}
588

staylor / WordPress

Issues (2010)

Security Analysis not enabled

wp-includes/class.wp-scripts.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like