wpallstars/wp-multisite-waas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prep Plugin for release on WordPress.org

Browse Source 
Escape everything that should be escaped.
Add nonce checks where needed.
Sanitize all inputs.
Apply Code style changes across the codebase.
Correct many deprecation notices.
Optimize load order of many filters.
This commit is contained in:
David Stone
2025-04-07 09:15:21 -06:00
parent f05ab77418
commit a815fdf179
290 changed files with 2999 additions and 3269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
views/base/edit.php
View File

@ -8,81 +8,46 @@
<div id="wp-ultimo-wrap" class="<?php wu_wrap_use_container(); ?> wrap">
<h1 class="wp-heading-inline">
<?php echo esc_html($page->edit ? $labels['edit_label'] : $labels['add_new_label']); ?>
<?php echo esc_html($page->edit ? $labels['edit_label'] : $labels['add_new_label']); ?>
<?php
/**
* You can filter the get_title_link using wu_page_list_get_title_link, see class-wu-page-list.php
*
* @since 1.8.2
*/
foreach ($page->get_title_links() as $action_link) :
$action_classes = $action_link['classes'] ?? '';
$attrs = $action_link['attrs'] ?? '';
?>
<a title="<?php echo esc_attr($action_link['label']); ?>" href="<?php echo esc_url($action_link['url']); ?>" class="page-title-action <?php echo esc_attr($action_classes); ?>" <?php echo esc_attr($attrs); ?>>
<?php if ($action_link['icon']) : ?>
<span class="dashicons dashicons-<?php echo esc_attr($action_link['icon']); ?> wu-text-sm wu-align-middle wu-h-4 wu-w-4">
&nbsp;
</span>
<?php endif; ?>
<?php echo esc_html($action_link['label']); ?>
</a>
<?php endforeach; ?>
<?php
/**
* Allow plugin developers to add additional buttons to edit pages
*
* @since 1.8.2
* @param object Object holding the information
* @param WU_Page WP Multisite WaaS Page instance
*/
do_action('wu_page_edit_after_title', $object, $page);
?>
<?php foreach ($page->get_title_links() as $action_link) : ?>
<a title="<?php echo esc_attr($action_link['label']); ?>" href="<?php echo esc_url($action_link['url']); ?>" class="page-title-action <?php echo esc_attr($action_link['classes'] ?? ''); ?>" <?php echo esc_attr($action_link['attrs'] ?? ''); ?>>
<?php if ($action_link['icon']) : ?>
<span class="dashicons dashicons-<?php echo esc_attr($action_link['icon']); ?> wu-text-sm wu-align-middle wu-h-4 wu-w-4">&nbsp;</span>
<?php endif; ?>
<?php echo esc_html($action_link['label']); ?>
</a>
<?php endforeach; ?>
<?php do_action('wu_page_edit_after_title', $object, $page); ?>
</h1>
<?php if (isset($_GET['updated'])) : ?>
<div id="message" class="updated notice wu-admin-notice notice-success is-dismissible below-h2">
<p><?php echo $labels['updated_message']; ?></p>
</div>
<div id="message" class="updated notice wu-admin-notice notice-success is-dismissible below-h2">
<p><?php echo esc_html($labels['updated_message']); ?></p>
</div>
<?php endif; ?>
<?php if (isset($_GET['notice'])) : ?>
<div id="message" class="updated notice wu-admin-notice notice-success is-dismissible below-h2">
<p><?php echo $labels['updated_message']; ?></p>
</div>
<div id="message" class="updated notice wu-admin-notice notice-success is-dismissible below-h2">
<p><?php echo esc_html($labels['updated_message']); ?></p>
</div>
<?php endif; ?>
<?php
/**
* Allow plugin developers to add additional handlers to URL query redirects
*
* @since 2.0.0
*
* @param WP_Ultimo\Admin_Pages\Base_Admin_Page $page The page object.
*/
do_action('wu_page_edit_redirect_handlers', $page);
?>
<?php do_action('wu_page_edit_redirect_handlers', $page); ?>
<hr class="wp-header-end">
<form id="form-<?php echo esc_attr($page->get_id()); ?>" name="post" method="post" autocomplete="off">
<?php wp_nonce_field('meta-box-order', 'meta-box-order-nonce', false); ?>
<?php wp_nonce_field('closedpostboxes', 'closedpostboxesnonce', false); ?>
<?php wp_nonce_field(sprintf('saving_%s', $page->object_id), sprintf('saving_%s', $page->object_id), false); ?>
<?php wp_nonce_field(sprintf('saving_%s', $page->object_id), '_wpultimo_nonce'); ?>
<?php if ($page->edit) : ?>
<?php wp_nonce_field(sprintf('deleting_%s', $page->object_id), sprintf('deleting_%s', $page->object_id), false); ?>
<?php wp_nonce_field(sprintf('deleting_%s', $page->object_id), 'delete_wpultimo_nonce'); ?>
<input type="hidden" name="id" value="<?php echo esc_attr($object->get_id()); ?>">
<?php endif; ?>
<div id="poststuff">
@ -96,12 +61,12 @@
<div id="titlewrap">
<input placeholder="<?php echo $labels['title_placeholder']; ?>" type="text" name="name" size="30" value="<?php echo method_exists($object, 'get_name') ? esc_attr($object->get_name()) : ''; ?>" id="title" spellcheck="true" autocomplete="off">
<input placeholder="<?php echo esc_attr($labels['title_placeholder']); ?>" type="text" name="name" size="30" value="<?php echo method_exists($object, 'get_name') ? esc_attr($object->get_name()) : ''; ?>" id="title" spellcheck="true" autocomplete="off">
<?php if ( ! empty($labels['title_description'])) : ?>
<span class="wu-block wu-bg-gray-100 wu-rounded wu-border-solid wu-border-gray-400 wu-border-t-0 wu-border-l wu-border-b wu-border-r wu-text-xs wu-py-2 wu-p-2 wu-pt-3 wu--mt-2">
<?php echo $labels['title_description']; ?>
<?php echo esc_html($labels['title_description']); ?>
</span>
<?php endif; ?>
@ -231,7 +196,7 @@
<?php wp_nonce_field(sprintf('deleting_%s', $page->object_id), 'delete_wpultimo_nonce'); ?>
<input type="hidden" name="id" value="<?php echo $object->get_id(); ?>">
<input type="hidden" name="id" value="<?php echo esc_attr($object->get_id()); ?>">
<?php endif; ?>