Prep Plugin for release on WordPress.org

Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.
This commit is contained in:
David Stone
2025-04-07 09:15:21 -06:00
parent f05ab77418
commit a815fdf179
290 changed files with 2999 additions and 3269 deletions
.phpcs.xml.dist
assets
inc
admin-pages
api
checkout
class-admin-notices.phpclass-ajax.phpclass-api.phpclass-async-calls.phpclass-dashboard-widgets.phpclass-domain-mapping.phpclass-faker.phpclass-helper.phpclass-light-ajax.phpclass-logger.phpclass-maintenance-mode.phpclass-newsletter.phpclass-requirements.phpclass-session-cookie.phpclass-settings.phpclass-sunrise.phpclass-views.phpclass-whitelabel.php
debug
development
functions
gateways
helpers
integrations
limitations
limits
list-tables
managers
models
tax
ui
setuptest.shsunrise.php
views
about.phpadmin-notices.php
admin-pages
base
broadcast
checkout
customers
dashboard-statistics
dashboard-widgets
domain
email
emails
events
invoice
legacy
limitations
memberships
payments
settings
shortcodes
sites
system-info
taxes
ui
wizards

@@ -5,7 +5,7 @@
* @since 2.0.0
*/
?>
<li class="<?php echo esc_attr(trim($field->wrapper_classes)); ?>" <?php echo $field->get_wrapper_html_attributes(); ?>>
<li class="<?php echo esc_attr(trim($field->wrapper_classes)); ?>" <?php echo $field->get_wrapper_html_attributes(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>>
<div class="wu-block wu-w-full">
@@ -30,7 +30,7 @@
<div class="wu-flex">
<div class="wu-w-full wu-my-1">
<input class="form-control wu-w-full" name="<?php echo esc_attr($field->id); ?>" type="text" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); ?>>
<input class="form-control wu-w-full" name="<?php echo esc_attr($field->id); ?>" type="text" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>>
</div>
<?php if (wu_get_isset($field->html_attr, 'data-base-link')) : ?>
@@ -41,7 +41,7 @@
target="_blank"
class="button"
v-show='<?php echo esc_js(wu_get_isset($field->html_attr, 'v-model')); ?>'
<?php echo wu_tooltip_text(__('View', 'wp-multisite-waas')); ?>
<?php echo wu_tooltip_text(__('View', 'wp-multisite-waas')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
>
<span class="dashicons-wu-popup wu-m-0 wu-p-0"></span>
</a>
@@ -53,13 +53,13 @@
<?php elseif ($field->money) : ?>
<money class="form-control wu-w-full wu-my-1" name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); ?>></money>
<money class="form-control wu-w-full wu-my-1" name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>></money>
<input class="form-control wu-w-full wu-my-1" name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); ?> v-if="false">
<input class="form-control wu-w-full wu-my-1" name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> v-if="false">
<?php else : ?>
<input class="form-control wu-w-full wu-my-1" name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); ?>>
<input class="form-control wu-w-full wu-my-1" name="<?php echo esc_attr($field->id); ?>" type="<?php echo esc_attr($field->type); ?>" placeholder="<?php echo esc_attr($field->placeholder); ?>" value="<?php echo esc_attr($field->value); ?>" <?php echo $field->get_html_attributes(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>>
<?php endif; ?>