Skip to content

Commit

Permalink
Fixed coding standards
Browse files Browse the repository at this point in the history
  • Loading branch information
@claudiosanches @claudiulodro
claudiosanches authored and claudiulodro committed Nov 28, 2018
1 parent 35c701b commit 2198432
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions includes/api/class-wc-rest-authentication.php
View file
Expand Up @@ -140,15 +140,15 @@ private function perform_basic_authentication() {
$consumer_secret = '';

// If the $_GET parameters are present, use those first.
if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) {
$consumer_key = $_GET['consumer_key']; // WPCS: sanitization ok.
$consumer_secret = $_GET['consumer_secret']; // WPCS: sanitization ok.
if ( ! empty( $_GET['consumer_key'] ) && ! empty( $_GET['consumer_secret'] ) ) { // WPCS: CSRF ok.
$consumer_key = $_GET['consumer_key']; // WPCS: CSRF ok, sanitization ok.
$consumer_secret = $_GET['consumer_secret']; // WPCS: CSRF ok, sanitization ok.
}

// If the above is not present, we will do full basic auth.
if ( ! $consumer_key && ! empty( $_SERVER['PHP_AUTH_USER'] ) && ! empty( $_SERVER['PHP_AUTH_PW'] ) ) {
$consumer_key = $_SERVER['PHP_AUTH_USER']; // WPCS: sanitization ok.
$consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: sanitization ok.
$consumer_key = $_SERVER['PHP_AUTH_USER']; // WPCS: CSRF ok, sanitization ok.
$consumer_secret = $_SERVER['PHP_AUTH_PW']; // WPCS: CSRF ok, sanitization ok.
}

// Stop if don't have any key.
Expand Down Expand Up @@ -353,7 +353,7 @@ private function perform_oauth_authentication() {
*/
private function check_oauth_signature( $user, $params ) {
$http_method = isset( $_SERVER['REQUEST_METHOD'] ) ? strtoupper( $_SERVER['REQUEST_METHOD'] ) : ''; // WPCS: sanitization ok.
$request_path = isset( $_SERVER['REQUEST_URI'] ) ? parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) : ''; // WPCS: sanitization ok.
$request_path = isset( $_SERVER['REQUEST_URI'] ) ? wp_parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) : ''; // WPCS: sanitization ok.
$wp_base = get_home_url( null, '/', 'relative' );
if ( substr( $request_path, 0, strlen( $wp_base ) ) === $wp_base ) {
$request_path = substr( $request_path, strlen( $wp_base ) );
Expand Down Expand Up @@ -468,7 +468,7 @@ private function check_oauth_timestamp_and_nonce( $user, $timestamp, $nonce ) {
$used_nonces = array();
}

if ( in_array( $nonce, $used_nonces ) ) {
if ( in_array( $nonce, $used_nonces, true ) ) {
return new WP_Error( 'woocommerce_rest_authentication_error', __( 'Invalid nonce - nonce has already been used.', 'woocommerce' ), array( 'status' => 401 ) );
}

Expand Down Expand Up @@ -510,7 +510,8 @@ private function get_user_data_by_consumer_key( $consumer_key ) {
SELECT key_id, user_id, permissions, consumer_key, consumer_secret, nonces
FROM {$wpdb->prefix}woocommerce_api_keys
WHERE consumer_key = %s
", $consumer_key
",
$consumer_key
)
);

Expand Down

0 comments on commit 2198432

Please sign in to comment.