Prep Plugin for release on WordPress.org (#23)

* Update translation text domain * Escape everything that should be escaped. * Add nonce checks where needed. * Sanitize all inputs. * Apply Code style changes across the codebase. * Correct many deprecation notices. * Optimize load order of many filters. * Add Proper Build script * Use emojii flags * Fix i18n deprecation notice for translating too early * Put all scripts in footer and load async
2025-04-14 11:36:46 -06:00
parent a31cfcb565
commit d88e50df38
1087 changed files with 12586 additions and 18535 deletions
--- a/inc/ui/class-login-form-element.php
+++ b/inc/ui/class-login-form-element.php
@ -9,7 +9,6 @@

 namespace WP_Ultimo\UI;

-use WP_Ultimo\UI\Base_Element;
 use WP_Ultimo\Checkout\Checkout_Pages;

 // Exit if accessed directly
@ -90,14 +89,14 @@ class Login_Form_Element extends Base_Element {
 	 *
 	 * This is used on the Blocks list of Gutenberg.
 	 * You should return a string with the localized title.
-	 * e.g. return __('My Element', 'wp-ultimo').
+	 * e.g. return __('My Element', 'wp-multisite-waas').
 	 *
 	 * @since 2.0.0
 	 * @return string
 	 */
 	public function get_title() {

-		return __('Login Form', 'wp-ultimo');
+		return __('Login Form', 'wp-multisite-waas');
 	}

 	/**
@ -106,14 +105,14 @@ class Login_Form_Element extends Base_Element {
 	 * This is also used on the Gutenberg block list
 	 * to explain what this block is about.
 	 * You should return a string with the localized title.
-	 * e.g. return __('Adds a checkout form to the page', 'wp-ultimo').
+	 * e.g. return __('Adds a checkout form to the page', 'wp-multisite-waas').
 	 *
 	 * @since 2.0.0
 	 * @return string
 	 */
 	public function get_description() {

-		return __('Adds a login form to the page.', 'wp-ultimo');
+		return __('Adds a login form to the page.', 'wp-multisite-waas');
 	}

 	/**
@ -138,23 +137,23 @@ class Login_Form_Element extends Base_Element {
 		$fields = [];

 		$fields['header'] = [
-			'title' => __('General', 'wp-ultimo'),
-			'desc'  => __('General', 'wp-ultimo'),
+			'title' => __('General', 'wp-multisite-waas'),
+			'desc'  => __('General', 'wp-multisite-waas'),
 			'type'  => 'header',
 		];

 		$fields['display_title'] = [
 			'type'    => 'toggle',
-			'title'   => __('Display Title?', 'wp-ultimo'),
-			'desc'    => __('Toggle to show/hide the title element.', 'wp-ultimo'),
+			'title'   => __('Display Title?', 'wp-multisite-waas'),
+			'desc'    => __('Toggle to show/hide the title element.', 'wp-multisite-waas'),
 			'tooltip' => '',
 			'value'   => 1,
 		];

 		$fields['title'] = [
 			'type'     => 'text',
-			'title'    => __('Title', 'wp-ultimo'),
-			'value'    => __('Login', 'wp-ultimo'),
+			'title'    => __('Title', 'wp-multisite-waas'),
+			'value'    => __('Login', 'wp-multisite-waas'),
 			'desc'     => '',
 			'tooltip'  => '',
 			'required' => [
@ -164,22 +163,22 @@ class Login_Form_Element extends Base_Element {

 		$fields['redirect_type'] = [
 			'type'    => 'select',
-			'title'   => __('Redirect Type', 'wp-ultimo'),
-			'desc'    => __('The behavior after login', 'wp-ultimo'),
+			'title'   => __('Redirect Type', 'wp-multisite-waas'),
+			'desc'    => __('The behavior after login', 'wp-multisite-waas'),
 			'tooltip' => '',
 			'default' => 'default',
 			'options' => [
-				'default'       => __('Wordpress Default', 'wp-ultimo'),
-				'customer_site' => __('Send To Customer Site', 'wp-ultimo'),
-				'main_site'     => __('Send To Main Site', 'wp-ultimo'),
+				'default'       => __('Wordpress Default', 'wp-multisite-waas'),
+				'customer_site' => __('Send To Customer Site', 'wp-multisite-waas'),
+				'main_site'     => __('Send To Main Site', 'wp-multisite-waas'),
 			],
 		];

 		$fields['customer_redirect_path'] = [
 			'type'     => 'text',
-			'title'    => __('Customer Redirect Path', 'wp-ultimo'),
-			'value'    => __('/wp-admin', 'wp-ultimo'),
-			'desc'     => __('e.g. /wp-admin', 'wp-ultimo'),
+			'title'    => __('Customer Redirect Path', 'wp-multisite-waas'),
+			'value'    => __('/wp-admin', 'wp-multisite-waas'),
+			'desc'     => __('e.g. /wp-admin', 'wp-multisite-waas'),
 			'tooltip'  => '',
 			'required' => [
 				'redirect_type' => 'customer_site',
@ -188,9 +187,9 @@ class Login_Form_Element extends Base_Element {

 		$fields['main_redirect_path'] = [
 			'type'     => 'text',
-			'title'    => __('Main Site Redirect Path', 'wp-ultimo'),
-			'value'    => __('/wp-admin', 'wp-ultimo'),
-			'desc'     => __('e.g. /wp-admin', 'wp-ultimo'),
+			'title'    => __('Main Site Redirect Path', 'wp-multisite-waas'),
+			'value'    => __('/wp-admin', 'wp-multisite-waas'),
+			'desc'     => __('e.g. /wp-admin', 'wp-multisite-waas'),
 			'tooltip'  => '',
 			'required' => [
 				'redirect_type' => 'main_site',
@ -198,66 +197,66 @@ class Login_Form_Element extends Base_Element {
 		];

 		$fields['header_username'] = [
-			'title' => __('Username Field', 'wp-ultimo'),
-			'desc'  => __('Username Field', 'wp-ultimo'),
+			'title' => __('Username Field', 'wp-multisite-waas'),
+			'desc'  => __('Username Field', 'wp-multisite-waas'),
 			'type'  => 'header',
 		];

 		$fields['label_username'] = [
 			'type'    => 'text',
-			'title'   => __('Username Field Label', 'wp-ultimo'),
-			'value'   => __('Username or Email Address', 'wp-ultimo'),
-			'desc'    => __('Leave blank to hide.', 'wp-ultimo'),
+			'title'   => __('Username Field Label', 'wp-multisite-waas'),
+			'value'   => __('Username or Email Address', 'wp-multisite-waas'),
+			'desc'    => __('Leave blank to hide.', 'wp-multisite-waas'),
 			'tooltip' => '',
 		];

 		$fields['placeholder_username'] = [
 			'type'    => 'text',
-			'title'   => __('Username Field Placeholder', 'wp-ultimo'),
-			'desc'    => __('e.g. Username Here', 'wp-ultimo'),
+			'title'   => __('Username Field Placeholder', 'wp-multisite-waas'),
+			'desc'    => __('e.g. Username Here', 'wp-multisite-waas'),
 			'value'   => '',
 			'tooltip' => '',
 		];

 		$fields['header_password'] = [
-			'title' => __('Password Field', 'wp-ultimo'),
-			'desc'  => __('Password Field', 'wp-ultimo'),
+			'title' => __('Password Field', 'wp-multisite-waas'),
+			'desc'  => __('Password Field', 'wp-multisite-waas'),
 			'type'  => 'header',
 		];

 		$fields['label_password'] = [
 			'type'    => 'text',
-			'title'   => __('Password Field Label', 'wp-ultimo'),
-			'value'   => __('Password', 'wp-ultimo'),
-			'desc'    => __('Leave blank to hide.', 'wp-ultimo'),
+			'title'   => __('Password Field Label', 'wp-multisite-waas'),
+			'value'   => __('Password', 'wp-multisite-waas'),
+			'desc'    => __('Leave blank to hide.', 'wp-multisite-waas'),
 			'tooltip' => '',
 		];

 		$fields['placeholder_password'] = [
 			'type'    => 'text',
-			'title'   => __('Password Field Placeholder', 'wp-ultimo'),
-			'desc'    => __('e.g. Your Password', 'wp-ultimo'),
+			'title'   => __('Password Field Placeholder', 'wp-multisite-waas'),
+			'desc'    => __('e.g. Your Password', 'wp-multisite-waas'),
 			'value'   => '',
 			'tooltip' => '',
 		];

 		$fields['header_remember'] = [
-			'title' => __('Remember Me', 'wp-ultimo'),
-			'desc'  => __('Remember Me', 'wp-ultimo'),
+			'title' => __('Remember Me', 'wp-multisite-waas'),
+			'desc'  => __('Remember Me', 'wp-multisite-waas'),
 			'type'  => 'header',
 		];

 		$fields['remember'] = [
 			'type'    => 'toggle',
-			'title'   => __('Display Remember Toggle?', 'wp-ultimo'),
-			'desc'    => __('Toggle to show/hide the remember me checkbox.', 'wp-ultimo'),
+			'title'   => __('Display Remember Toggle?', 'wp-multisite-waas'),
+			'desc'    => __('Toggle to show/hide the remember me checkbox.', 'wp-multisite-waas'),
 			'tooltip' => '',
 			'value'   => 1,
 		];

 		$fields['label_remember'] = [
 			'type'     => 'text',
-			'title'    => __('Remember Me Label', 'wp-ultimo'),
+			'title'    => __('Remember Me Label', 'wp-multisite-waas'),
 			'value'    => __('Remember Me'),
 			'desc'     => '',
 			'tooltip'  => '',
@ -268,8 +267,8 @@ class Login_Form_Element extends Base_Element {

 		$fields['desc_remember'] = [
 			'type'     => 'text',
-			'title'    => __('Remember Me Description', 'wp-ultimo'),
-			'value'    => __('Keep me logged in for two weeks.', 'wp-ultimo'),
+			'title'    => __('Remember Me Description', 'wp-multisite-waas'),
+			'value'    => __('Keep me logged in for two weeks.', 'wp-multisite-waas'),
 			'desc'     => '',
 			'tooltip'  => '',
 			'required' => [
@ -278,15 +277,15 @@ class Login_Form_Element extends Base_Element {
 		];

 		$fields['header_submit'] = [
-			'title' => __('Submit Button', 'wp-ultimo'),
-			'desc'  => __('Submit Button', 'wp-ultimo'),
+			'title' => __('Submit Button', 'wp-multisite-waas'),
+			'desc'  => __('Submit Button', 'wp-multisite-waas'),
 			'type'  => 'header',
 		];

 		$fields['label_log_in'] = [
 			'type'    => 'text',
-			'title'   => __('Submit Button Label', 'wp-ultimo'),
-			'value'   => __('Log In', 'wp-ultimo'),
+			'title'   => __('Submit Button Label', 'wp-multisite-waas'),
+			'value'   => __('Log In', 'wp-multisite-waas'),
 			'tooltip' => '',
 		];

@ -352,7 +351,7 @@ class Login_Form_Element extends Base_Element {

 		return [
 			'display_title'          => 1,
-			'title'                  => __('Login', 'wp-ultimo'),
+			'title'                  => __('Login', 'wp-multisite-waas'),

 			'redirect_type'          => 'default',
 			'customer_redirect_path' => '/wp-admin',
@ -368,7 +367,7 @@ class Login_Form_Element extends Base_Element {
 			'placeholder_password'   => '',

 			'label_remember'         => __('Remember Me'),
-			'desc_remember'          => __('Keep me logged in for two weeks.', 'wp-ultimo'),
+			'desc_remember'          => __('Keep me logged in for two weeks.', 'wp-multisite-waas'),

 			'label_log_in'           => __('Log In'),

@ -398,7 +397,7 @@ class Login_Form_Element extends Base_Element {
 			$rp_cookie = 'wp-resetpass-' . COOKIEHASH;

 			if (isset($_GET['key']) && isset($_GET['login'])) {
-				$value = sprintf('%s:%s', wp_unslash($_GET['login']), wp_unslash($_GET['key']));
+				$value = sprintf('%s:%s', sanitize_text_field(wp_unslash($_GET['login'])), sanitize_text_field(wp_unslash($_GET['key'])));

 				setcookie(
 					$rp_cookie,
@ -494,8 +493,7 @@ class Login_Form_Element extends Base_Element {
 				}

 				// In this case, WP will not redirect, so we need to do it here
-				wp_redirect($redirect_to);
-
+				wp_safe_redirect($redirect_to);
 				exit;
 			}

@ -512,10 +510,9 @@ class Login_Form_Element extends Base_Element {
 		} elseif ('customer_site' === $redirect_type) {
 			$user_site = get_active_blog_for_user($user->ID);

-			wp_redirect($user_site->siteurl . $requested_redirect_to);
+			wp_safe_redirect($user_site->siteurl . $requested_redirect_to);
 			exit;
 		} elseif ('main_site' === $redirect_type) {
-			wp_redirect(network_site_url($requested_redirect_to));
 			exit;
 		}

@ -603,12 +600,12 @@ class Login_Form_Element extends Base_Element {
 		} elseif ($this->is_reset_password_page()) {
 			$rp_cookie = 'wp-resetpass-' . COOKIEHASH;

-			if (isset($_COOKIE[ $rp_cookie ]) && 0 < strpos((string) $_COOKIE[ $rp_cookie ], ':')) {
-				[$rp_login, $rp_key] = explode(':', wp_unslash($_COOKIE[ $rp_cookie ]), 2);
+			if (isset($_COOKIE[ $rp_cookie ]) && str_contains(sanitize_text_field(wp_unslash($_COOKIE[ $rp_cookie ])), ':')) {
+				[$rp_login, $rp_key] = explode(':', sanitize_text_field(wp_unslash($_COOKIE[ $rp_cookie ])), 2);

 				$user = check_password_reset_key($rp_key, $rp_login);

-				if (isset($_POST['pass1']) && ! hash_equals($rp_key, $_POST['rp_key'])) {
+				if (isset($_POST['pass1']) && isset($_POST['rp_key']) && ! hash_equals(wp_unslash($_POST['rp_key']), wp_unslash($_POST['rp_key']))) {
 					$user = false;
 				}
 			} else {
@ -747,8 +744,7 @@ class Login_Form_Element extends Base_Element {
 			];

 			if (isset($_GET['redirect_to'])) {
-				$atts['redirect_type']          = 'query_redirect';
-				$fields['redirect_to']['value'] = $_GET['redirect_to'];
+				$atts['redirect_type'] = 'query_redirect';
 			} elseif ('customer_site' === $atts['redirect_type']) {
 				$fields['redirect_to']['value'] = $atts['customer_redirect_path'];
 			} elseif ('main_site' === $atts['redirect_type']) {