Prep Plugin for release on WordPress.org

Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.

inc/integrations/host-providers/class-base-host-provider.php

@@ -92,7 +92,8 @@ abstract class Base_Host_Provider {
 			/*
 			 * Adds an admin notice telling the admin that they should probably enable this integration.
 			 */
-			return $this->alert_provider_detected();
+			$this->alert_provider_detected();
+			return;
 		}
 
 		/*
@@ -106,7 +107,8 @@ abstract class Base_Host_Provider {
 				/*
 				 * Adds an admin notice telling the admin that the provider is not correctly setup.
 				 */
-				return $this->alert_provider_not_setup();
+				$this->alert_provider_not_setup();
+				return;
 			}
 
 			/*
@@ -301,7 +303,7 @@ abstract class Base_Host_Provider {
 	 * Get Fields for the integration.
 	 *
 	 * @since 2.0.0
-	 * @return string
+	 * @return array
 	 */
 	public function get_fields() {
 

inc/integrations/host-providers/class-cloudways-host-provider.php

@@ -11,10 +11,6 @@ namespace WP_Ultimo\Integrations\Host_Providers;
 
 use Psr\Log\LogLevel;
 use WP_Ultimo\Domain_Mapping\Helper;
-use WP_Ultimo\Integrations\Host_Providers\Base_Host_Provider;
-
-// Exit if accessed directly
-defined('ABSPATH') || exit;
 
 /**
  * This base class should be extended to implement new host integrations for SSL and domains.
@@ -120,7 +116,7 @@ class Cloudways_Host_Provider extends Base_Host_Provider {
 		if (is_wp_error($ssl_response)) {
 			wu_log_add('integration-cloudways', '[SSL]' . $ssl_response->get_error_message(), LogLevel::ERROR);
 		} else {
-			wu_log_add('integration-cloudways', '[SSL]' . print_r($ssl_response, true));
+			wu_log_add('integration-cloudways', '[SSL]' . print_r($ssl_response, true)); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
 		}
 	}
 
@@ -246,7 +242,7 @@ class Cloudways_Host_Provider extends Base_Host_Provider {
 		if (is_wp_error($alias_response)) {
 			wu_log_add('integration-cloudways', '[Alias]' . $alias_response->get_error_message(), LogLevel::ERROR);
 		} else {
-			wu_log_add('integration-cloudways', '[Alias]' . print_r($alias_response, true));
+			wu_log_add('integration-cloudways', '[Alias]' . print_r($alias_response, true)); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
 		}
 	}
 

inc/integrations/host-providers/class-runcloud-host-provider.php

@@ -10,7 +10,6 @@
 namespace WP_Ultimo\Integrations\Host_Providers;
 
 use Psr\Log\LogLevel;
-use WP_Ultimo\Integrations\Host_Providers\Base_Host_Provider;
 
 // Exit if accessed directly
 defined('ABSPATH') || exit;
@@ -260,7 +259,7 @@ class Runcloud_Host_Provider extends Base_Host_Provider {
 				'body'        => $data,
 				'method'      => $method,
 				'headers'     => [
-					'Authorization' => 'Basic ' . base64_encode($username . ':' . $password),
+					'Authorization' => 'Basic ' . base64_encode($username . ':' . $password), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
 				],
 			]
 		);
@@ -325,7 +324,7 @@ class Runcloud_Host_Provider extends Base_Host_Provider {
 		} else {
 			$data = $this->maybe_return_runcloud_body($response);
 
-			wu_log_add('integration-runcloud', json_encode($data));
+			wu_log_add('integration-runcloud', wp_json_encode($data));
 
 			if (property_exists($data, 'id')) {
 				$ssl_id = $data->id;

inc/integrations/host-providers/class-serverpilot-host-provider.php

@@ -10,10 +10,6 @@
 namespace WP_Ultimo\Integrations\Host_Providers;
 
 use Psr\Log\LogLevel;
-use WP_Ultimo\Integrations\Host_Providers\Base_Host_Provider;
-
-// Exit if accessed directly
-defined('ABSPATH') || exit;
 
 /**
  * This base class should be extended to implement new host integrations for SSL and domains.
@@ -219,9 +215,9 @@ class ServerPilot_Host_Provider extends Base_Host_Provider {
 			'timeout'  => 45,
 			'blocking' => true,
 			'method'   => $method,
-			'body'     => $data ? json_encode($data) : [],
+			'body'     => $data ? wp_json_encode($data) : [],
 			'headers'  => [
-				'Authorization' => 'Basic ' . base64_encode(WU_SERVER_PILOT_CLIENT_ID . ':' . WU_SERVER_PILOT_API_KEY),
+				'Authorization' => 'Basic ' . base64_encode(WU_SERVER_PILOT_CLIENT_ID . ':' . WU_SERVER_PILOT_API_KEY), // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode
 				'Content-Type'  => 'application/json',
 			],
 		];
@@ -243,7 +239,7 @@ class ServerPilot_Host_Provider extends Base_Host_Provider {
 	 * Makes sure ServerPilot autoSSL is always on, when possible.
 	 *
 	 * @since 1.7.4
-	 * @return bool
+	 * @return object
 	 */
 	public function turn_server_pilot_auto_ssl_on() {
 
@@ -273,8 +269,8 @@ class ServerPilot_Host_Provider extends Base_Host_Provider {
 		 * Log response so we can see what went wrong
 		 */
 
-		// translators: %s is the json_encode of the error.
-		wu_log_add('integration-serverpilot', sprintf(__('An error occurred while trying to get the current list of domains: %s', 'wp-multisite-waas'), json_encode($app_info)), LogLevel::ERROR);
+		// translators: %s is the wp_json_encode of the error.
+		wu_log_add('integration-serverpilot', sprintf(__('An error occurred while trying to get the current list of domains: %s', 'wp-multisite-waas'), wp_json_encode($app_info)), LogLevel::ERROR);
 
 		return false;
 	}

inc/integrations/host-providers/cpanel-api/class-cpanel-api.php

@@ -128,11 +128,10 @@ class CPanel_API {
 	 *
 	 * @since 1.6.2
 	 * @param string $message Message to be logged.
-	 * @return boolean
 	 */
 	public function log($message) {
 
-		return wu_log_add('integration-cpanel', $message);
+		wu_log_add('integration-cpanel', $message);
 	}
 
 	/**
@@ -152,7 +151,7 @@ class CPanel_API {
 		if ( ! file_exists($this->cookie_file)) {
 			try {
 				fopen($this->cookie_file, 'w');
-			} catch (Exception $ex) {
+			} catch (\Exception $ex) {
 				if ( ! file_exists($this->cookie_file)) {
 					$this->log($ex . __('Cookie file missing.', 'wp-multisite-waas'));
 
@@ -232,12 +231,11 @@ class CPanel_API {
 	 * Signs in on the cPanel.
 	 *
 	 * @since 1.6.2
-	 * @return boolean
 	 */
 	private function sign_in() {
 
 		$url  = $this->get_base_url() . '/login/?login_only=1';
-		$url .= '&user=' . $this->username . '&pass=' . urlencode($this->password);
+		$url .= '&user=' . $this->username . '&pass=' . rawurlencode($this->password);
 
 		$reply = $this->request($url);
 
@@ -249,7 +247,7 @@ class CPanel_API {
 			$this->homepage = $this->get_base_url() . $reply['redirect'];
 			$this->ex_page  = $this->get_base_url() . "/{$this->cpsess}/execute/";
 		} else {
-			return $this->log(__('Cannot connect to your cPanel server : Invalid Credentials', 'wp-multisite-waas'));
+			$this->log(__('Cannot connect to your cPanel server : Invalid Credentials', 'wp-multisite-waas'));
 		}
 	}
 
@@ -257,22 +255,22 @@ class CPanel_API {
 	 * Executes API calls, taking the request to the right API version
 	 *
 	 * @since 1.6.2
-	 * @throws Exception Throwns exception when the api is invalid.
+	 * @throws \Exception Throwns exception when the api is invalid.
 	 * @param string $api API version.
 	 * @param string $module Module name, to build the endpoint.
-	 * @param string $function Endpoint function to call.
+	 * @param string $function_name Endpoint function to call.
 	 * @param array  $parameters Parameters to the API endpoint.
 	 * @return boolean
 	 */
-	public function execute($api, $module, $function, array $parameters = []) {
+	public function execute($api, $module, $function_name, array $parameters = []) {
 
 		switch ($api) {
 			case 'api2':
-				return $this->api2($module, $function, $parameters);
+				return $this->api2($module, $function_name, $parameters);
 			case 'uapi':
-				return $this->uapi($module, $function, $parameters);
+				return $this->uapi($module, $function_name, $parameters);
 			default:
-				throw new Exception('Invalid API type : api2 and uapi are accepted', 1);
+				throw new \Exception('Invalid API type : api2 and uapi are accepted', 1);
 		}
 	}
 
@@ -281,11 +279,11 @@ class CPanel_API {
 	 *
 	 * @since 1.6.2
 	 * @param string $module Module name, to build the endpoint.
-	 * @param string $function Endpoint function to call.
+	 * @param string $function_name Endpoint function to call.
 	 * @param array  $parameters Parameters to the API endpoint.
 	 * @return mixed
 	 */
-	public function uapi($module, $function, array $parameters = []) {
+	public function uapi($module, $function_name, array $parameters = []) {
 
 		if (count($parameters) < 1) {
 			$parameters = '';
@@ -293,7 +291,7 @@ class CPanel_API {
 			$parameters = (http_build_query($parameters));
 		}
 
-		return json_decode((string) $this->request($this->ex_page . $module . '/' . $function . '?' . $parameters));
+		return json_decode((string) $this->request($this->ex_page . $module . '/' . $function_name . '?' . $parameters));
 	}
 
 	/**
@@ -301,11 +299,11 @@ class CPanel_API {
 	 *
 	 * @since 1.6.2
 	 * @param string $module Module name, to build the endpoint.
-	 * @param string $function Endpoint function to call.
+	 * @param string $function_name Endpoint function to call.
 	 * @param array  $parameters Parameters to the API endpoint.
 	 * @return mixed
 	 */
-	public function api2($module, $function, array $parameters = []) {
+	public function api2($module, $function_name, array $parameters = []) {
 
 		if (count($parameters) < 1) {
 			$parameters = '';
@@ -314,9 +312,9 @@ class CPanel_API {
 		}
 
 		$url = $this->get_base_url() . $this->cpsess . '/json-api/cpanel' .
-		'?cpanel_jsonapi_version=2' .
-		"&cpanel_jsonapi_func={$function}" .
-		"&cpanel_jsonapi_module={$module}&" . $parameters;
+		       '?cpanel_jsonapi_version=2' .
+		       "&cpanel_jsonapi_func={$function_name}" .
+		       "&cpanel_jsonapi_module={$module}&" . $parameters;
 
 		return json_decode((string) $this->request($url, $parameters));
 	}