Prep Plugin for release on WordPress.org

Escape everything that should be escaped. Add nonce checks where needed. Sanitize all inputs. Apply Code style changes across the codebase. Correct many deprecation notices. Optimize load order of many filters.
2025-04-07 09:15:21 -06:00
parent f05ab77418
commit a815fdf179
290 changed files with 2999 additions and 3269 deletions
--- a/views/limitations/theme-selector.php
+++ b/views/limitations/theme-selector.php
@ -12,7 +12,7 @@

 		if ('force_active' === $theme_settings->behavior) {
 			$section['state']['force_active_theme'] = $theme_path;
-		} // end if;
+		}

 		?>

@ -28,13 +28,13 @@

 				<span class="wu-font-bold wu-block wu-text-xs wu-uppercase wu-text-gray-700">

-				<?php echo $theme_data['Name']; ?>
+				<?php echo esc_html($theme_data['Name']); ?>

 				</span>

 				<span class="wu-my-2 wu-block">

-				<?php echo wp_trim_words(strip_tags($theme_data['Description']), 40); ?>
+				<?php echo esc_html(wp_trim_words(wp_strip_all_tags($theme_data['Description']), 40)); ?>

 				</span>

@ -43,11 +43,11 @@
 			<div class="wu-block wu-mt-4">

 				<span class="wu-text-xs wu-text-gray-700 wu-my-1 wu-mr-4 wu-block">
-				<?php printf(__('Version %s', 'wp-multisite-waas'), $theme_data['Version']); ?>
+				<?php printf(esc_html__('Version %s', 'wp-multisite-waas'), esc_html($theme_data['Version'])); ?>
 				</span>

 				<span class="wu-text-xs wu-text-gray-700 wu-my-1 wu-mr-4 wu-block">
-				<?php printf(__('by %s', 'wp-multisite-waas'), $theme_data['Author']); ?>
+				<?php printf(esc_html__('by %s', 'wp-multisite-waas'), $theme_data['Author']); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 				</span>

 			</div>
@ -59,26 +59,24 @@
 			<img class="wu-rounded wu-w-full wu-image-preview" src="<?php echo esc_url($theme_data->get_screenshot()); ?>" data-image="<?php echo esc_url($theme_data->get_screenshot()); ?>">

 			<h3 class="wu-mb-1 wu-text-2xs wu-uppercase wu-text-gray-600">
-
-				<?php _e('Visibility', 'wp-multisite-waas'); ?>
-
+				<?php esc_html_e('Visibility', 'wp-multisite-waas'); ?>
 			</h3>

 			<select name="modules[themes][limit][<?php echo esc_attr($theme_path); ?>][visibility]" class="wu-w-full">
-				<option <?php selected('visible' === $theme_settings->visibility); ?> value="visible"><?php _e('Visible', 'wp-multisite-waas'); ?></option>
-				<option <?php selected('hidden' === $theme_settings->visibility); ?> value="hidden"><?php _e('Hidden', 'wp-multisite-waas'); ?></option>
+				<option <?php selected('visible' === $theme_settings->visibility); ?> value="visible"><?php esc_html_e('Visible', 'wp-multisite-waas'); ?></option>
+				<option <?php selected('hidden' === $theme_settings->visibility); ?> value="hidden"><?php esc_html_e('Hidden', 'wp-multisite-waas'); ?></option>
 			</select>

 			<h3 class="wu-my-1 wu-mt-4 wu-text-2xs wu-uppercase wu-text-gray-600">

-				<?php _e('Behavior', 'wp-multisite-waas'); ?>
+				<?php esc_html_e('Behavior', 'wp-multisite-waas'); ?>

 			</h3>

 			<select v-on:change="force_active_theme = ($event.target.value === 'force_active' ? '<?php echo esc_attr($theme_path); ?>' : '')" name="modules[themes][limit][<?php echo esc_attr($theme_path); ?>][behavior]" class="wu-w-full">
-				<option <?php selected('available' === $theme_settings->behavior); ?> value="available"><?php _e('Available', 'wp-multisite-waas'); ?></option>
-				<option <?php selected('not_available' === $theme_settings->behavior); ?> value="not_available"><?php _e('Not Available', 'wp-multisite-waas'); ?></option>
-				<option :disabled="force_active_theme !== '' && force_active_theme != '<?php echo esc_attr($theme_path); ?>'" <?php selected('force_active' === $theme_settings->behavior); ?> value="force_active"><?php _e('Force Activate', 'wp-multisite-waas'); ?></option>
+				<option <?php selected('available' === $theme_settings->behavior); ?> value="available"><?php esc_html_e('Available', 'wp-multisite-waas'); ?></option>
+				<option <?php selected('not_available' === $theme_settings->behavior); ?> value="not_available"><?php esc_html_e('Not Available', 'wp-multisite-waas'); ?></option>
+				<option :disabled="force_active_theme !== '' && force_active_theme != '<?php echo esc_attr($theme_path); ?>'" <?php selected('force_active' === $theme_settings->behavior); ?> value="force_active"><?php esc_html_e('Force Activate', 'wp-multisite-waas'); ?></option>
 			</select>

 			</div>
@ -88,7 +86,7 @@
 		<?php if ('product' !== $object->model && $object->get_limitations(false)->themes->exists($theme_path)) : ?>

 			<p class="wu-m-0 wu-mt-4 wu-p-2 wu-bg-blue-100 wu-text-blue-600 wu-rounded">
-				<?php _e('This value is being applied only to this entity. Changes made to the membership or product permissions will not affect this particular value.', 'wp-multisite-waas'); ?>
+				<?php esc_html_e('This value is being applied only to this entity. Changes made to the membership or product permissions will not affect this particular value.', 'wp-multisite-waas'); ?>
 			</p>

 		<?php endif; ?>