wpallstars/wp-multisite-waas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prep Plugin for release on WordPress.org

Browse Source 
Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.
This commit is contained in:
David Stone
2025-04-07 09:15:21 -06:00
parent f05ab77418
commit a815fdf179
290 changed files with 2999 additions and 3269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
inc/list-tables/class-base-list-table.php
View File

@ -171,7 +171,7 @@ class Base_List_Table extends \WP_List_Table {
if ('grid' === $this->current_mode) {
printf(
'<button id="cb-select-all-grid" v-on:click.prevent="select_all" class="button">%s</button>',
__('Select All', 'wp-multisite-waas')
esc_html__('Select All', 'wp-multisite-waas')
);
}
}
@ -192,13 +192,8 @@ class Base_List_Table extends \WP_List_Table {
$list_table_name = $this->id;
if ( ! empty($_REQUEST['mode'])) {
if ( ! empty($_REQUEST['mode']) && in_array($_REQUEST['mode'], array_keys($this->modes), true)) {
$mode = $_REQUEST['mode'];
if (in_array($mode, array_keys($this->modes), true)) {
$mode = $_REQUEST['mode'];
}
set_user_setting("{$list_table_name}_list_mode", $mode);
} else {
$mode = get_user_setting("{$list_table_name}_list_mode", current(array_keys($this->modes)));
@ -502,7 +497,7 @@ class Base_List_Table extends \WP_List_Table {
* Any items at all?
*/
if ( ! $this->has_items() && 'page' === $this->context) {
echo wu_render_empty_state(
echo wu_render_empty_state( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[
'message' => sprintf(__("You don't have any %s yet.", 'wp-multisite-waas'), $this->labels['plural']),
'sub_message' => $this->_args['add_new'] ? __('How about we create a new one?', 'wp-multisite-waas') : __('...but you will see them here once they get created.', 'wp-multisite-waas'),
@ -531,21 +526,19 @@ class Base_List_Table extends \WP_List_Table {
$views = apply_filters("wu_{$this->id}_get_views", $this->get_views());
if (true) {
$args = array_merge(
$filters,
[
'filters_el_id' => sprintf('%s-filters', $this->id),
'has_search' => $this->has_search(),
'search_label' => $this->get_search_input_label(),
'views' => $views,
'has_view_switch' => ! empty($this->modes),
'table' => $this,
]
);
$args = array_merge(
$filters,
[
'filters_el_id' => sprintf('%s-filters', $this->id),
'has_search' => $this->has_search(),
'search_label' => $this->get_search_input_label(),
'views' => $views,
'has_view_switch' => ! empty($this->modes),
'table' => $this,
]
);
wu_get_template('base/filter', $args);
}
wu_get_template('base/filter', $args);
}
/**
@ -596,7 +589,7 @@ class Base_List_Table extends \WP_List_Table {
'<div class="wu-py-6 wu-text-gray-600 wu-text-sm wu-text-center">
<span class="">%s</span>
</div>',
__('No items found', 'wp-multisite-waas')
esc_html__('No items found', 'wp-multisite-waas')
);
}
@ -1095,7 +1088,7 @@ class Base_List_Table extends \WP_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Product $item Product object.
* @param \WP_Ultimo\Models\Product $item Product object.
*/
public function column_featured_image_id($item): string {
@ -1122,7 +1115,7 @@ class Base_List_Table extends \WP_List_Table {
/**
* Render the bulk edit checkbox.
*
* @param WP_Ultimo\Models\Product $item Product object.
* @param \WP_Ultimo\Models\Product $item Product object.
*
* @return string
*/
@ -1158,7 +1151,7 @@ class Base_List_Table extends \WP_List_Table {
<script type='text/javascript'>
document.addEventListener('DOMContentLoaded', function() {
let table_id = '<?php echo $this->_get_js_var_name(); ?>';
let table_id = '<?php echo esc_js($this->_get_js_var_name()); ?>';
/**
* Create the ajax List Table
@ -1166,8 +1159,8 @@ class Base_List_Table extends \WP_List_Table {
if (typeof window[table_id] === 'undefined') {
window[table_id + '_config'] = {
filters: <?php echo json_encode($this->get_filters()); ?>,
context: <?php echo json_encode($this->context); ?>,
filters: <?php echo wp_json_encode($this->get_filters()); ?>,
context: <?php echo wp_json_encode($this->context); ?>,
}
window[table_id] = wu_create_list(table_id).init();
@ -1409,6 +1402,7 @@ class Base_List_Table extends \WP_List_Table {
'all' => [
'field' => 'type',
'url' => '#',
// translators: %s will be replaced with a plural label
'label' => sprintf(__('All %s', 'wp-multisite-waas'), $this->get_label('plural')),
'count' => 0,
],

3
inc/list-tables/class-checkout-form-list-table.php
View File

@ -154,6 +154,7 @@ class Checkout_Form_List_Table extends Base_List_Table {
$new_checkout_form = $checkout_form->duplicate();
// translators: 1st placeholder is the original form name.
$new_name = sprintf(__('Copy of %s', 'wp-multisite-waas'), $checkout_form->get_name());
$new_checkout_form->set_name($new_name);
@ -178,7 +179,7 @@ class Checkout_Form_List_Table extends Base_List_Table {
]
);
wp_redirect($redirect_url);
wp_safe_redirect($redirect_url);
exit;
}

2
inc/list-tables/class-customer-list-table.php
View File

@ -66,7 +66,7 @@ class Customer_List_Table extends Base_List_Table {
$_filter_fields = parent::get_extra_query_fields();
$search = isset($_GET['s']) ? sanitize_text_field($_GET['s']) : false;
$search = isset($_GET['s']) ? sanitize_text_field(wp_unslash($_GET['s'])) : false;
if ( ! empty($search)) {

2
inc/list-tables/class-customers-payment-list-table.php
View File

@ -44,7 +44,7 @@ class Customers_Payment_List_Table extends Payment_List_Table {
*/
public function column_responsive($item): void {
echo wu_responsive_table_row(
echo wu_responsive_table_row( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[
'id' => $item->get_id(),
'title' => $item->get_hash(),

2
inc/list-tables/class-email-list-table.php
View File

@ -276,7 +276,7 @@ class Email_List_Table extends Base_List_Table {
]
);
wp_redirect($redirect_url);
wp_safe_redirect($redirect_url);
exit;
}

8
inc/list-tables/class-membership-line-item-list-table.php
View File

@ -42,7 +42,7 @@ class Membership_Line_Item_List_Table extends Product_List_Table {
* @param integer $per_page Items per page. This gets overridden as well.
* @param integer $page_number The page number.
* @param boolean $count Return as count or not.
* @return array
* @return array|int
*/
public function get_items($per_page = 5, $page_number = 1, $count = false) {
@ -74,7 +74,7 @@ class Membership_Line_Item_List_Table extends Product_List_Table {
$item = $item['product'];
if ( ! $item) {
echo wu_responsive_table_row(
echo wu_responsive_table_row( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[
'url' => false,
'id' => 'not-found',
@ -86,6 +86,7 @@ class Membership_Line_Item_List_Table extends Product_List_Table {
'quantity' => [
'icon' => 'dashicons-wu-package wu-align-middle wu-mr-1',
'label' => __('Quantity', 'wp-multisite-waas'),
// translators: %d is a quantity number
'value' => sprintf(__('x%d', 'wp-multisite-waas'), $quantity),
],
]
@ -98,6 +99,7 @@ class Membership_Line_Item_List_Table extends Product_List_Table {
'quantity' => [
'icon' => 'dashicons-wu-package wu-align-middle wu-mr-1',
'label' => __('Quantity', 'wp-multisite-waas'),
// translators: %d = quantity
'value' => sprintf(__('x%d', 'wp-multisite-waas'), $quantity),
],
'total' => [
@ -145,7 +147,7 @@ class Membership_Line_Item_List_Table extends Product_List_Table {
];
}
echo wu_responsive_table_row(
echo wu_responsive_table_row( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[
'id' => $item->get_id(),
'title' => $item->get_name(),

11
inc/list-tables/class-membership-list-table-widget.php
View File

@ -104,10 +104,7 @@ class Membership_List_Table_Widget extends Base_List_Table {
*/
public function get_extra_query_fields() {
$_filter_fields = parent::get_extra_query_fields();
$search = isset($_GET['s']) ? sanitize_text_field($_GET['s']) : false;
$_filter_fields = parent::get_extra_query_fields();
$_filter_fields['customer_id'] = wu_request('customer_id');
return $_filter_fields;
@ -143,7 +140,7 @@ class Membership_List_Table_Widget extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Membership $item Membership object.
* @param \WP_Ultimo\Models\Membership $item Membership object.
* @return string
*/
public function column_status($item) {
@ -160,7 +157,7 @@ class Membership_List_Table_Widget extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Membership $item Membership object.
* @param \WP_Ultimo\Models\Membership $item Membership object.
* @return string
*/
public function column_amount($item) {
@ -176,7 +173,7 @@ class Membership_List_Table_Widget extends Base_List_Table {
$message = sprintf(
// translators: %1$s is the formatted price, %2$s the duration, and %3$s the duration unit (day, week, month, etc)
_n('every %2$s', 'every %1$s %2$s', $duration, 'wp-multisite-waas'), // phpcs:ignore
_n('every %2$s', 'every %1$s %2$s', $duration, 'wp-multisite-waas'), // phpcs:ignore
$duration,
$item->get_duration_unit()
);

6
inc/list-tables/class-membership-list-table.php
View File

@ -55,10 +55,7 @@ class Membership_List_Table extends Base_List_Table {
*/
public function get_extra_query_fields() {
$_filter_fields = parent::get_extra_query_fields();
$search = isset($_GET['s']) ? sanitize_text_field($_GET['s']) : false;
$_filter_fields = parent::get_extra_query_fields();
$_filter_fields['customer_id'] = wu_request('customer_id');
return $_filter_fields;
@ -177,7 +174,6 @@ class Membership_List_Table extends Base_List_Table {
'customer' => __('Customer', 'wp-multisite-waas'),
'product' => __('Product', 'wp-multisite-waas'),
'amount' => __('Price', 'wp-multisite-waas'),
// 'sites' => __('Sites', 'wp-multisite-waas'),
'date_created' => __('Created at', 'wp-multisite-waas'),
'date_expiration' => __('Expiration', 'wp-multisite-waas'),
'id' => __('ID', 'wp-multisite-waas'),

4
inc/list-tables/class-memberships-site-list-table.php
View File

@ -44,9 +44,9 @@ class Memberships_Site_List_Table extends Customers_Site_List_Table {
*/
public function column_responsive($item): void {
$redirect = current_user_can('wu_edit_sites') ? 'wp-ultimo-edit-site' : 'wp-ultimo-sites';
$redirect = current_user_can('edit_others_posts') ? 'wp-ultimo-edit-site' : 'wp-ultimo-sites';
echo wu_responsive_table_row(
echo wu_responsive_table_row( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[
'id' => $item->get_id(),
'title' => $item->get_title(),

3
inc/list-tables/class-payment-line-item-list-table.php
View File

@ -104,6 +104,7 @@ class Payment_Line_Item_List_Table extends Line_Item_List_Table {
$first_row['subtotal'] = [
'icon' => 'dashicons-wu-info1 wu-align-middle wu-mr-1',
'label' => '',
/* translators: %s is a currency amount */
'value' => sprintf(__('Subtotal: %s', 'wp-multisite-waas'), wu_format_currency($item->get_subtotal())),
];
@ -132,7 +133,7 @@ class Payment_Line_Item_List_Table extends Line_Item_List_Table {
'value' => $item->get_description(),
];
echo wu_responsive_table_row(
echo wu_responsive_table_row( // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
[
'id' => '',
'title' => $item->get_title(),

10
inc/list-tables/class-payment-list-table-widget.php
View File

@ -101,7 +101,7 @@ class Payment_List_Table_Widget extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Payment $item Payment object.
* @param \WP_Ultimo\Models\Payment $item Payment object.
*/
public function column_hash($item): string {
@ -126,7 +126,7 @@ class Payment_List_Table_Widget extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Payment $item Payment object.
* @param \WP_Ultimo\Models\Payment $item Payment object.
* @return string
*/
public function column_status($item) {
@ -144,7 +144,7 @@ class Payment_List_Table_Widget extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Membership $item Membership object.
* @param \WP_Ultimo\Models\Membership $item Membership object.
* @return string
*/
public function column_customer($item) {
@ -181,8 +181,6 @@ class Payment_List_Table_Widget extends Base_List_Table {
$id = $customer->get_id();
$email = $customer->get_email_address();
$customer_link = wu_network_admin_url('wp-ultimo-edit-customer', $url_atts);
$html = "<a href='{$customer_link}' class='wu-p-1 wu-flex wu-flex-grow wu-bg-gray-100 wu-rounded wu-items-center wu-border wu-border-solid wu-border-gray-300'>
@ -200,7 +198,7 @@ class Payment_List_Table_Widget extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Payment $item Payment object.
* @param \WP_Ultimo\Models\Payment $item Payment object.
*/
public function column_total($item): string {

15
inc/list-tables/class-payment-list-table.php
View File

@ -57,14 +57,9 @@ class Payment_List_Table extends Base_List_Table {
*/
public function get_extra_query_fields() {
$_filter_fields = parent::get_extra_query_fields();
$search = isset($_GET['s']) ? sanitize_text_field($_GET['s']) : false;
$_filter_fields = parent::get_extra_query_fields();
$_filter_fields['membership_id'] = wu_request('membership_id', false);
$_filter_fields['customer_id'] = wu_request('customer_id', false);
$_filter_fields['customer_id'] = wu_request('customer_id', false);
$_filter_fields['parent_id__in'] = ['0', 0, '', null];
return $_filter_fields;
@ -75,7 +70,7 @@ class Payment_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Payment $item Payment object.
* @param \WP_Ultimo\Models\Payment $item Payment object.
* @return string
*/
public function column_hash($item) {
@ -129,7 +124,7 @@ class Payment_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Payment $item Payment object.
* @param \WP_Ultimo\Models\Payment $item Payment object.
* @return string
*/
public function column_product($item) {
@ -158,7 +153,7 @@ class Payment_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Payment $item Payment object.
* @param \WP_Ultimo\Models\Payment $item Payment object.
* @return string
*/
public function column_total($item) {

2
inc/list-tables/class-product-list-table.php
View File

@ -232,7 +232,7 @@ class Product_List_Table extends Base_List_Table {
]
);
wp_redirect($redirect_url);
wp_safe_redirect($redirect_url);
exit;
}

18
inc/list-tables/class-site-list-table.php
View File

@ -60,7 +60,7 @@ class Site_List_Table extends Base_List_Table {
* @param integer $per_page Number of items to display per page.
* @param integer $page_number Current page.
* @param boolean $count If we should count records or return the actual records.
* @return array
* @return array|int
*/
public function get_items($per_page = 5, $page_number = 1, $count = false) {
@ -96,7 +96,7 @@ class Site_List_Table extends Base_List_Table {
/**
* Render the bulk edit checkbox.
*
* @param WP_Ultimo\Models\Site $item Site object.
* @param \WP_Ultimo\Models\Site $item Site object.
*/
public function column_cb($item): string {
@ -169,7 +169,7 @@ class Site_List_Table extends Base_List_Table {
[
'id' => $item->get_membership_id(),
'model' => 'membership_meta_pending_site',
'redirect_to' => urlencode(
'redirect_to' => rawurlencode(
(string) wu_network_admin_url(
'wp-ultimo-sites',
[
@ -193,7 +193,7 @@ class Site_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Site $item Site object.
* @param \WP_Ultimo\Models\Site $item Site object.
*/
public function column_date_registered($item): string {
@ -207,7 +207,7 @@ class Site_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Site $item Site object.
* @param \WP_Ultimo\Models\Site $item Site object.
* @return string
*/
public function column_blog_id($item) {
@ -237,7 +237,7 @@ class Site_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Site $item Site object.
* @param \WP_Ultimo\Models\Site $item Site object.
*/
public function column_domains($item): string {
@ -286,7 +286,7 @@ class Site_List_Table extends Base_List_Table {
*
* @since 2.0.0
*
* @param WP_Ultimo\Models\Customer $item The customer being shown.
* @param \WP_Ultimo\Models\Customer $item The customer being shown.
* @return void
*/
public function single_row_grid($item): void {
@ -405,8 +405,6 @@ class Site_List_Table extends Base_List_Table {
$new_site = $site->duplicate();
$new_name = sprintf(__('Copy of %s', 'wp-multisite-waas'), $new_site->get_title());
$new_path = sprintf('%s%s', trim((string) $new_site->get_path(), '/'), 'copy');
$new_site->set_template_id($new_site->get_blog_id());
@ -435,7 +433,7 @@ class Site_List_Table extends Base_List_Table {
]
);
wp_redirect($redirect_url);
wp_safe_redirect($redirect_url);
exit;
}