Issues in old-bulk-delete.php (master) - Issues in master - sudar/bulk-delete - Measure and Improve Code Quality continuously with Scrutinizer

Issues (52)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/Deprecated/old-bulk-delete.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

<?php
/**
 * Old version of Bulk_Delete.
 *
 * This class is deprecated since 6.0.0. But included here for backward compatibility.
 * Don't depend on functionality from this class.
 */
use BulkWP\BulkDelete\Core\BulkDelete;

defined( 'ABSPATH' ) || exit; // Exit if accessed directly.

/**
 * Main Bulk_Delete class.
 *
 * @property string|null translations
 * @property string|null posts_page
 * @property string|null pages_page
 * @property string|null users_page
 * @property string|null metas_page
 *
 * @since 5.0 Singleton
 * @since 6.0.0 Deprecated.
 */
final class Bulk_Delete {
	/**
	 * The one true Bulk_Delete instance.
	 *
	 * @var Bulk_Delete
	 *
	 * @since 5.0
	 */
	private static $instance;

	/**
	 * Path to the main plugin file.
	 *
	 * @var string
	 */
	private $plugin_file;

	// Deprecated constants. They are defined here for backward compatibility.
	const VERSION = '6.0.2';

	const JS_HANDLE = 'bulk-delete';

	// Cron hooks.
	const CRON_HOOK_PAGES_STATUS = 'do-bulk-delete-pages-by-status'; // used in Scheduler For Deleting Pages by Post status add-on v0.6.

	const CRON_HOOK_POST_STATUS = 'do-bulk-delete-post-status';      // used in Scheduler For Deleting Posts by Post status add-on v0.6.
	const CRON_HOOK_CATEGORY    = 'do-bulk-delete-cat';              // used in Scheduler For Deleting Posts by Category add-on v0.6.
	const CRON_HOOK_TAG         = 'do-bulk-delete-tag';              // used in Scheduler For Deleting Posts by Tag add-on v0.6.
	const CRON_HOOK_TAXONOMY    = 'do-bulk-delete-taxonomy';         // used in Scheduler For Deleting Posts by Taxonomy add-on v0.6.
	const CRON_HOOK_POST_TYPE   = 'do-bulk-delete-post-type';        // used in Scheduler For Deleting Posts by Post Type add-on v0.6.
	const CRON_HOOK_USER_ROLE   = 'do-bulk-delete-users-by-role';    // used in Scheduler for Deleting Users by User Role add-on v0.6.

	const CRON_HOOK_CUSTOM_FIELD    = 'do-bulk-delete-custom-field';         // used in Bulk Delete Posts by Custom Field add-on v1.0.
	const CRON_HOOK_TITLE           = 'do-bulk-delete-by-title';            // used in Bulk Delete Posts by Title add-on v1.0.
	const CRON_HOOK_DUPLICATE_TITLE = 'do-bulk-delete-by-duplicate-title';  // used in Bulk Delete Posts by Duplicate Title add-on v0.7.
	const CRON_HOOK_POST_BY_ROLE    = 'do-bulk-delete-posts-by-role';       // used in Bulk Delete Posts by User Role add-on v0.5.

	// Page slugs. Page slugs are still used in lot of add-ons.
	const POSTS_PAGE_SLUG = 'bulk-delete-posts';
	const PAGES_PAGE_SLUG = 'bulk-delete-pages';                     // used in Bulk Delete From Trash add-on v0.3.
	const CRON_PAGE_SLUG  = 'bulk-delete-cron';
	const ADDON_PAGE_SLUG = 'bulk-delete-addon';

	// Settings constants
	const SETTING_OPTION_GROUP      = 'bd_settings';
	const SETTING_OPTION_NAME       = 'bd_licenses';
	const SETTING_SECTION_ID        = 'bd_license_section';

	// Transient keys
	const LICENSE_CACHE_KEY_PREFIX  = 'bd-license_';

	// path variables
	// Ideally these should be constants, but because of PHP's limitations, these are static variables
	public static $PLUGIN_DIR;
	public static $PLUGIN_FILE;

	// Instance variables
	public $settings_page;
	public $misc_page;
	public $display_activate_license_form = false;

	/**
	 * Main Bulk_Delete Instance.
	 *
	 * Insures that only one instance of Bulk_Delete exists in memory at any one
	 * time. Also prevents needing to define globals all over the place.
	 *
	 * @since 5.0
	 * @static
	 * @staticvar array $instance
	 *
	 * @see BULK_DELETE()
	 *
	 * @return Bulk_Delete The one true instance of Bulk_Delete
	 */
	public static function get_instance() {
		if ( ! isset( self::$instance ) && ! ( self::$instance instanceof Bulk_Delete ) ) {
			self::$instance = new Bulk_Delete();
		}

		return self::$instance;
	}

	/**
	 * Throw error on object clone.
	 *
	 * The whole idea of the singleton design pattern is that there is a single
	 * object therefore, we don't want the object to be cloned.
	 *
	 * @since  5.0
	 * @access protected
	 *
	 * @return void
	 */
	public function __clone() {
		_doing_it_wrong( __FUNCTION__, __( 'Cheatin&#8217; huh?', 'bulk-delete' ), '5.0' );
	}

	/**
	 * Disable unserializing of the class.
	 *
	 * @since  5.0
	 * @access protected
	 *
	 * @return void
	 */
	public function __wakeup() {
		_doing_it_wrong( __FUNCTION__, __( 'Cheatin&#8217; huh?', 'bulk-delete' ), '5.0' );
	}

	/**
	 * Set path to main plugin file.
	 *
	 * @param string $plugin_file Path to main plugin file.
	 */
	public function set_plugin_file( $plugin_file ) {
		$this->plugin_file = $plugin_file;

		self::$PLUGIN_DIR  = plugin_dir_path( $plugin_file );
		self::$PLUGIN_FILE = $plugin_file;
	}

	/**
	 * Get path to main plugin file.
	 *
	 * @return string Plugin file.
	 */
	public function get_plugin_file() {
		return $this->plugin_file;
	}

	/**
	 * Monkey patch the old `add_script` method.
	 *
	 * @since 6.0.0
	 */
	public function add_script() {
		$bd = BulkDelete::get_instance();

		$post_page = $bd->get_page( self::POSTS_PAGE_SLUG );

		if ( is_null( $post_page ) ) {
			return;
		}

		$post_page->enqueue_assets();
	}

	/**
	 * Provide access to old public fields through Magic method.
	 *
	 * This function is added to provide backward compatibility and will be eventually removed from future versions.
	 *
	 * @since 6.0.0
	 *
	 * @param string $name Field.
	 *
	 * @return string|null
	 */
	public function __get( $name ) {
		$new_bd = BulkDelete::get_instance();

		switch ( $name ) {
			case 'translations':
				return $new_bd->get_translations_path();
				break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}

			case 'posts_page':
				return $new_bd->get_page_hook_suffix( 'bulk-delete-posts' );
				break;

			case 'pages_page':
				return $new_bd->get_page_hook_suffix( 'bulk-delete-pages' );
				break;

			case 'users_page':
				return $new_bd->get_page_hook_suffix( 'bulk-delete-users' );
				break;

			case 'meta_page':
				return $new_bd->get_page_hook_suffix( 'bulk-delete-metas' );
				break;
		}

		$trace = debug_backtrace();
		trigger_error( 'Undefined property via __get(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_NOTICE );

		return null;
	}
}

/**
 * The main function responsible for returning the one true Bulk_Delete
 * Instance to functions everywhere.
 *
 * Use this function like you would a global variable, except without needing
 * to declare the global.
 *
 * Example: `<?php $bulk_delete = BULK_DELETE(); ?>`
 *
 * @since 5.0
 *
 * @return Bulk_Delete The one true Bulk_Delete Instance
 */
function BULK_DELETE() {
	return Bulk_Delete::get_instance();
}

/**
 * Setup old Bulk_Delete class for backward compatibility reasons.
 *
 * Eventually this will be removed.
 *
 * @since 6.0.0
 *
 * @param string $plugin_file Main plugin file.
 */
function bd_setup_backward_compatibility( $plugin_file ) {
	$bd = BULK_DELETE();
	$bd->set_plugin_file( $plugin_file );
}
add_action( 'bd_loaded', 'bd_setup_backward_compatibility' );


1			<?php
2			/**
3			* Old version of Bulk_Delete.
4			*
5			* This class is deprecated since 6.0.0. But included here for backward compatibility.
6			* Don't depend on functionality from this class.
7			*/
8			use BulkWP\BulkDelete\Core\BulkDelete;
9
10			defined( 'ABSPATH' ) \|\| exit; // Exit if accessed directly.
11
12			/**
13			* Main Bulk_Delete class.
14			*
15			* @property string\|null translations
16			* @property string\|null posts_page
17			* @property string\|null pages_page
18			* @property string\|null users_page
19			* @property string\|null metas_page
20			*
21			* @since 5.0 Singleton
22			* @since 6.0.0 Deprecated.
23			*/
24			final class Bulk_Delete {
25			/**
26			* The one true Bulk_Delete instance.
27			*
28			* @var Bulk_Delete
29			*
30			* @since 5.0
31			*/
32			private static $instance;
33
34			/**
35			* Path to the main plugin file.
36			*
37			* @var string
38			*/
39			private $plugin_file;
40
41			// Deprecated constants. They are defined here for backward compatibility.
42			const VERSION = '6.0.2';
43
44			const JS_HANDLE = 'bulk-delete';
45
46			// Cron hooks.
47			const CRON_HOOK_PAGES_STATUS = 'do-bulk-delete-pages-by-status'; // used in Scheduler For Deleting Pages by Post status add-on v0.6.
48
49			const CRON_HOOK_POST_STATUS = 'do-bulk-delete-post-status'; // used in Scheduler For Deleting Posts by Post status add-on v0.6.
50			const CRON_HOOK_CATEGORY = 'do-bulk-delete-cat'; // used in Scheduler For Deleting Posts by Category add-on v0.6.
51			const CRON_HOOK_TAG = 'do-bulk-delete-tag'; // used in Scheduler For Deleting Posts by Tag add-on v0.6.
52			const CRON_HOOK_TAXONOMY = 'do-bulk-delete-taxonomy'; // used in Scheduler For Deleting Posts by Taxonomy add-on v0.6.
53			const CRON_HOOK_POST_TYPE = 'do-bulk-delete-post-type'; // used in Scheduler For Deleting Posts by Post Type add-on v0.6.
54			const CRON_HOOK_USER_ROLE = 'do-bulk-delete-users-by-role'; // used in Scheduler for Deleting Users by User Role add-on v0.6.
55
56			const CRON_HOOK_CUSTOM_FIELD = 'do-bulk-delete-custom-field'; // used in Bulk Delete Posts by Custom Field add-on v1.0.
57			const CRON_HOOK_TITLE = 'do-bulk-delete-by-title'; // used in Bulk Delete Posts by Title add-on v1.0.
58			const CRON_HOOK_DUPLICATE_TITLE = 'do-bulk-delete-by-duplicate-title'; // used in Bulk Delete Posts by Duplicate Title add-on v0.7.
59			const CRON_HOOK_POST_BY_ROLE = 'do-bulk-delete-posts-by-role'; // used in Bulk Delete Posts by User Role add-on v0.5.
60
61			// Page slugs. Page slugs are still used in lot of add-ons.
62			const POSTS_PAGE_SLUG = 'bulk-delete-posts';
63			const PAGES_PAGE_SLUG = 'bulk-delete-pages'; // used in Bulk Delete From Trash add-on v0.3.
64			const CRON_PAGE_SLUG = 'bulk-delete-cron';
65			const ADDON_PAGE_SLUG = 'bulk-delete-addon';
66
67			// Settings constants
68			const SETTING_OPTION_GROUP = 'bd_settings';
69			const SETTING_OPTION_NAME = 'bd_licenses';
70			const SETTING_SECTION_ID = 'bd_license_section';
71
72			// Transient keys
73			const LICENSE_CACHE_KEY_PREFIX = 'bd-license_';
74
75			// path variables
76			// Ideally these should be constants, but because of PHP's limitations, these are static variables
77			public static $PLUGIN_DIR;
78			public static $PLUGIN_FILE;
79
80			// Instance variables
81			public $settings_page;
82			public $misc_page;
83			public $display_activate_license_form = false;
84
85			/**
86			* Main Bulk_Delete Instance.
87			*
88			* Insures that only one instance of Bulk_Delete exists in memory at any one
89			* time. Also prevents needing to define globals all over the place.
90			*
91			* @since 5.0
92			* @static
93			* @staticvar array $instance
94			*
95			* @see BULK_DELETE()
96			*
97			* @return Bulk_Delete The one true instance of Bulk_Delete
98			*/
99			public static function get_instance() {
100			if ( ! isset( self::$instance ) && ! ( self::$instance instanceof Bulk_Delete ) ) {
101			self::$instance = new Bulk_Delete();
102			}
103
104			return self::$instance;
105			}
106
107			/**
108			* Throw error on object clone.
109			*
110			* The whole idea of the singleton design pattern is that there is a single
111			* object therefore, we don't want the object to be cloned.
112			*
113			* @since 5.0
114			* @access protected
115			*
116			* @return void
117			*/
118			public function __clone() {
119			_doing_it_wrong( __FUNCTION__, __( 'Cheatin’ huh?', 'bulk-delete' ), '5.0' );
120			}
121
122			/**
123			* Disable unserializing of the class.
124			*
125			* @since 5.0
126			* @access protected
127			*
128			* @return void
129			*/
130			public function __wakeup() {
131			_doing_it_wrong( __FUNCTION__, __( 'Cheatin’ huh?', 'bulk-delete' ), '5.0' );
132			}
133
134			/**
135			* Set path to main plugin file.
136			*
137			* @param string $plugin_file Path to main plugin file.
138			*/
139			public function set_plugin_file( $plugin_file ) {
140			$this->plugin_file = $plugin_file;
141
142			self::$PLUGIN_DIR = plugin_dir_path( $plugin_file );
143			self::$PLUGIN_FILE = $plugin_file;
144			}
145
146			/**
147			* Get path to main plugin file.
148			*
149			* @return string Plugin file.
150			*/
151			public function get_plugin_file() {
152			return $this->plugin_file;
153			}
154
155			/**
156			* Monkey patch the old `add_script` method.
157			*
158			* @since 6.0.0
159			*/
160			public function add_script() {
161			$bd = BulkDelete::get_instance();
162
163			$post_page = $bd->get_page( self::POSTS_PAGE_SLUG );
164
165			if ( is_null( $post_page ) ) {
166			return;
167			}
168
169			$post_page->enqueue_assets();
170			}
171
172			/**
173			* Provide access to old public fields through Magic method.
174			*
175			* This function is added to provide backward compatibility and will be eventually removed from future versions.
176			*
177			* @since 6.0.0
178			*
179			* @param string $name Field.
180			*
181			* @return string\|null
182			*/
183			public function __get( $name ) {
184			$new_bd = BulkDelete::get_instance();
185
186			switch ( $name ) {
187			case 'translations':
188			return $new_bd->get_translations_path();
189			break;
			0 ignored issues – show Unused Code introduced 2018-04-17 08:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
190
191			case 'posts_page':
192			return $new_bd->get_page_hook_suffix( 'bulk-delete-posts' );
193			break;
194
195			case 'pages_page':
196			return $new_bd->get_page_hook_suffix( 'bulk-delete-pages' );
197			break;
198
199			case 'users_page':
200			return $new_bd->get_page_hook_suffix( 'bulk-delete-users' );
201			break;
202
203			case 'meta_page':
204			return $new_bd->get_page_hook_suffix( 'bulk-delete-metas' );
205			break;
206			}
207
208			$trace = debug_backtrace();
209			trigger_error( 'Undefined property via __get(): ' . $name . ' in ' . $trace[0]['file'] . ' on line ' . $trace[0]['line'], E_USER_NOTICE );
210
211			return null;
212			}
213			}
214
215			/**
216			* The main function responsible for returning the one true Bulk_Delete
217			* Instance to functions everywhere.
218			*
219			* Use this function like you would a global variable, except without needing
220			* to declare the global.
221			*
222			* Example: `<?php $bulk_delete = BULK_DELETE(); ?>`
223			*
224			* @since 5.0
225			*
226			* @return Bulk_Delete The one true Bulk_Delete Instance
227			*/
228			function BULK_DELETE() {
229			return Bulk_Delete::get_instance();
230			}
231
232			/**
233			* Setup old Bulk_Delete class for backward compatibility reasons.
234			*
235			* Eventually this will be removed.
236			*
237			* @since 6.0.0
238			*
239			* @param string $plugin_file Main plugin file.
240			*/
241			function bd_setup_backward_compatibility( $plugin_file ) {
242			$bd = BULK_DELETE();
243			$bd->set_plugin_file( $plugin_file );
244			}
245			add_action( 'bd_loaded', 'bd_setup_backward_compatibility' );
246

sudar / bulk-delete

Issues (52)

Security Analysis not enabled

include/Deprecated/old-bulk-delete.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like