Issues (896)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/class-sensei-list-table.php (9 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
0 ignored issues
show
Coding Style Compatibility introduced by
For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 14 and the first side effect is on line 2.

The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.

The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.

To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.

Loading history...
2
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
3
4
/**
5
 * Generic Data Table parent Class in Sensei.
6
 *
7
 *
8
 * @package Core
9
 * @author Automattic
10
 *
11
 * @since 1.2.0
12
 *
13
 */
14
class Sensei_List_Table extends WP_List_Table {
15
	public $token;
16
17
	/**
18
	 * Used for indicating if the output is for csv or not
19
	 *
20
	 * @var bool $csv_output
21
	 * @access public
22
	 */
23
	public $csv_output = false;
24
25
	/**
26
	 * Used for storing the string of a search for passing between functions
27
	 *
28
	 * @var string $search
29
	 * @access public
30
	 */
31
	public $search = false;
32
33
	/**
34
	 * Used for storing the total number of items available for the given query
35
	 * also used for generating the pagination.
36
	 *
37
	 * @var int $total_items
38
	 * @access public
39
	 */
40
	public $total_items = 0;
41
42
43
    /**
44
     * @var array $sortable_columns
45
     *
46
     */
47
    public $sortable_columns = array();
48
49
    /**
50
     * @var array columns
51
     */
52
    public $columns = array();
53
54
	/**
55
	 * Constructor
56
	 * @since  1.2.0
57
	 * @return  void
0 ignored issues
show
Comprehensibility Best Practice introduced by
Adding a @return annotation to constructors is generally not recommended as a constructor does not have a meaningful return value.

Adding a @return annotation to a constructor is not recommended, since a constructor does not have a meaningful return value.

Please refer to the PHP core documentation on constructors.

Loading history...
58
	 */
59
	public function __construct ( $token ) {
60
		// Class Variables
61
		$this->token = $token;
62
63
		parent::__construct( array(
64
								'singular' => 'wp_list_table_' . $this->token, // Singular label
65
								'plural'   => 'wp_list_table_' . $this->token . 's', // Plural label
66
								'ajax'     => false // No Ajax for this table
67
		) );
68
69
		// Actions
70
		add_action( 'sensei_before_list_table', array( $this, 'table_search_form' ), 5 );
71
72
	} // End __construct()
73
74
	/**
75
	 * remove_sortable_columns removes all sortable columns by returning an empty array
76
	 * @param  array $columns Existing columns
77
	 * @return array          Modified columns
78
	 */
79
	public function remove_sortable_columns( $columns ) {
80
		return array();
81
	}
82
83
	/**
84
	 * extra_tablenav adds extra markup in the toolbars before or after the list
85
	 * @since  1.2.0
86
	 * @param string $which, helps you decide if you add the markup after (bottom) or before (top) the list
0 ignored issues
show
There is no parameter named $which,. Did you maybe mean $which?

This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. It has, however, found a similar but not annotated parameter which might be a good fit.

Consider the following example. The parameter $ireland is not defined by the method finale(...).

/**
 * @param array $germany
 * @param array $ireland
 */
function finale($germany, $island) {
    return "2:1";
}

The most likely cause is that the parameter was changed, but the annotation was not.

Loading history...
87
	 */
88
	public function extra_tablenav( $which ) {
89
		if ( $which == "top" ){
90
			//The code that goes before the table is here
91
			do_action( 'sensei_before_list_table' );
92
		} // End If Statement
93
		if ( $which == "bottom" ){
94
			//The code that goes after the table is there
95
			do_action( 'sensei_after_list_table' );
96
		} // End If Statement
97
	} // End extra_tablenav()
98
99
	/**
100
	 * table_search_form outputs search form for table
101
	 * @since  1.2.0
102
	 * @return void
103
	 */
104
	public function table_search_form() {
105
		if ( empty( $_REQUEST['s'] ) && !$this->has_items() ) {
106
			return;
107
		}
108
		?><form method="get">
109
			<?php
110
			if( isset( $_GET ) && count( $_GET ) > 0 ) {
111
				foreach( $_GET as $k => $v ) {
112
					if( 's' != $k ) { ?>
113
114
                        <input type="hidden" name="<?php echo esc_attr( $k ); ?>" value="<?php echo esc_attr( $v ); ?>" />
115
116
                    <?php  }
117
				}
118
			}
119
			?>
120
			<?php $this->search_box( __( 'Search Users' ,'woothemes-sensei' ), 'search_id'); ?>
121
		</form><?php
122
	} // End table_search_form()
123
124
	/**
125
	 * get_columns Define the columns that are going to be used in the table
126
	 * @since  1.2.0
127
	 * @return array $columns, the array of columns to use with the table
128
	 */
129
	public function get_columns() {
130
		return $columns = $this->columns;
0 ignored issues
show
$columns is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
131
	} // End get_columns()
132
133
	/**
134
	 * get_sortable_columns Decide which columns to activate the sorting functionality on
135
	 * @since  1.2.0
136
	 * @return array $sortable, the array of columns that can be sorted by the user
137
	 */
138
	public function get_sortable_columns() {
139
		return $sortable = $this->sortable_columns;
0 ignored issues
show
$sortable is not used, you could remove the assignment.

This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently.

$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

Both the $myVar assignment in line 1 and the $higher assignment in line 2 are dead. The first because $myVar is never used and the second because $higher is always overwritten for every possible time line.

Loading history...
140
	} // End get_sortable_columns()
141
142
	/**
143
	 * Overriding parent WP-List-Table get_column_info()
144
	 * @since  1.7.0
145
	 * @return array
146
	 */
147
	function get_column_info() {
0 ignored issues
show
It is generally recommended to explicitly declare the visibility for methods.

Adding explicit visibility (private, protected, or public) is generally recommend to communicate to other developers how, and from where this method is intended to be used.

Loading history...
148
		if ( isset( $this->_column_headers ) )
149
			return $this->_column_headers;
150
151
		$columns = $this->get_columns();
152
		$hidden = get_hidden_columns( $this->screen );
153
154
		/**
155
		 * Filter the list table sortable columns for a specific screen.
156
		 *
157
		 * The dynamic portion of the hook name, $this->screen->id, refers
158
		 * to the ID of the current screen, usually a string.
159
		 *
160
		 * @since 3.5.0
161
		 *
162
		 * @param array $sortable_columns An array of sortable columns.
163
		 */
164
		$_sortable = apply_filters( "manage_{$this->screen->id}_sortable_columns", $this->get_sortable_columns() );
165
166
		$sortable = array();
167
		foreach ( $_sortable as $id => $data ) {
168
			if ( empty( $data ) )
169
				continue;
170
171
			$data = (array) $data;
172
			if ( !isset( $data[1] ) )
173
				$data[1] = false;
174
175
			$sortable[$id] = $data;
176
		}
177
178
        $primary = $this->get_primary_column_name();
179
        $this->_column_headers = array( $columns, $hidden, $sortable, $primary );
180
181
		return $this->_column_headers;
182
	}
183
184
	/**
185
	 * Called by WP-List-Table and wrapping get_row_data() (needs overriding) with the elements needed for HTML output
186
	 *
187
	 * @since  1.7.0
188
	 * @param object $item The current item
189
	 */
190
	function single_row( $item ) {
0 ignored issues
show
It is generally recommended to explicitly declare the visibility for methods.

Adding explicit visibility (private, protected, or public) is generally recommend to communicate to other developers how, and from where this method is intended to be used.

Loading history...
191
		static $row_class = '';
192
		$row_class = ( $row_class == '' ? ' class="alternate"' : '' );
193
194
		echo '<tr' . $row_class . '>';
195
196
		$column_data = $this->get_row_data( $item );
0 ignored issues
show
Are you sure the assignment to $column_data is correct as $this->get_row_data($item) (which targets Sensei_List_Table::get_row_data()) seems to always return null.

This check looks for function or method calls that always return null and whose return value is assigned to a variable.

class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();

The method getObject() can return nothing but null, so it makes no sense to assign that value to a variable.

The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.

Loading history...
197
198
		list( $columns, $hidden ) = $this->get_column_info();
199
200
		foreach ( $columns as $column_name => $column_display_name ) {
201
			$class = "class='$column_name column-$column_name'";
202
203
			$style = '';
204
			if ( in_array( $column_name, $hidden ) )
205
				$style = ' style="display:none;"';
206
207
			$attributes = "$class$style";
208
209
			echo "<td $attributes>";
210
			if ( isset($column_data[$column_name]) ) {
211
				echo $column_data[$column_name];
212
			}
213
			echo "</td>";
214
		}
215
216
		echo '</tr>';
217
	}
218
219
	/**
220
	 * @since 1.7.0
221
	 * @access public
222
	 * @abstract
223
	 */
224
	protected function get_row_data( $item ) {
225
		die( 'either function WooThemes_Sensei_List_Table::get_row_data() must be over-ridden in a sub-class or WooThemes_Sensei_List_Table::single_row() should be.' );
226
	}
227
228
	/**
229
	 * no_items sets output when no items are found
230
	 * Overloads the parent method
231
	 * @since  1.2.0
232
	 * @return void
233
	 */
234
	function no_items() {
0 ignored issues
show
It is generally recommended to explicitly declare the visibility for methods.

Adding explicit visibility (private, protected, or public) is generally recommend to communicate to other developers how, and from where this method is intended to be used.

Loading history...
235
236
		 _e( 'No items found.', 'woothemes-sensei' );
237
238
	} // End no_items()
239
240
	/**
241
	 * get_bulk_actions sets the bulk actions list
242
	 * @since  1.2.0
243
	 * @return array action list
244
	 */
245
	public function get_bulk_actions() {
246
		return array();
247
	} // End overview_actions_filters()
248
249
	/**
250
	 * bulk_actions output for the bulk actions area
251
	 * @since  1.2.0
252
	 * @return void
253
	 */
254
	public function bulk_actions( $which = '' ) {
255
		// This will be output Above the table headers on the left
256
		echo apply_filters( 'sensei_list_bulk_actions', '' );
257
	} // End bulk_actions()
258
259
} // End Class
260
261
/**
262
 * Class WooThemes_Sensei_List_Table
263
 * @ignore only for backward compatibility
264
 * @since 1.9.0
265
 */
266
class WooThemes_Sensei_List_Table extends Sensei_List_Table {}
267