Fix Customizer failing after upgrade; fix widget settings

assets/js/admin.js

@@ -1,4 +1,4 @@
-/* global jQuery, wpa0 */
+/* global jQuery, wpa0, wp */
 jQuery(document).ready(function($) {
     //uploading files variable
     var media_frame;
@@ -31,7 +31,7 @@ jQuery(document).ready(function($) {
         // Set the frame callback
         media_frame.on('select', function() {
             var attachment = media_frame.state().get('selection').first().toJSON();
-            $('#'+related_control_id).val(attachment.url);
+            $('#'+related_control_id).val(attachment.url).change();
         });
 
         //Open modal

lib/WP_Auth0_Embed_Widget.php

@@ -15,26 +15,21 @@ protected function getWidgetId() {
 	}
 
 	protected function getWidgetName() {
-		return 'Auth0 Lock Embed';
+		return __( 'Auth0 Login', 'wp-auth0' );
 	}
 
 	protected function getWidgetDescription() {
-		return 'Shows Auth0 Lock Embed in your sidebar';
+		return __( 'Shows Auth0 login form in your sidebar', 'wp-auth0' );
 	}
 
 	protected function showAsModal() {
 		return false;
 	}
 
 	public function form( $instance ) {
-
 		wp_enqueue_media();
-		wp_enqueue_script( 'wpa0_admin', WPA0_PLUGIN_JS_URL . 'admin.js', array( 'jquery' ), WPA0_VERSION );
+		wp_enqueue_script( 'wpa0_admin' );
 		wp_enqueue_style( 'media' );
-		wp_localize_script( 'wpa0_admin', 'wpa0', array(
-				'media_title' => __( 'Choose your icon', 'wp-auth0' ),
-				'media_button' => __( 'Choose icon', 'wp-auth0' ),
-			) );
 		require WPA0_PLUGIN_DIR . 'templates/a0-widget-setup-form.php';
 	}
 

lib/WP_Auth0_Options.php

@@ -171,8 +171,6 @@ protected function defaults() {
 			'last_step' => 1,
 			'migration_token_id' => null,
 			'jwt_auth_integration' => false,
-			'amplificator_title' => '',
-			'amplificator_subtitle' => '',
 			'connections' => array(),
 			'auth0js-cdn' => WPA0_AUTH0_JS_CDN_URL,
 

lib/WP_Auth0_Popup_Widget.php

@@ -7,11 +7,11 @@ protected function getWidgetId() {
 	}
 
 	protected function getWidgetName() {
-		return "Auth0 Lock Popup";
+		return __( 'Auth0 Popup Login', 'wp-auth0' );
 	}
 
 	protected function getWidgetDescription() {
-		return "Shows a button that once clicked will open Auth0 Lock Popup";
+		return __( 'Shows a button to pop up an Auth0 login form in your sidebar', 'wp-auth0' );
 	}
 
 	protected function showAsModal() {

lib/WP_Auth0_SocialAmplification_Widget.php

@@ -4,6 +4,7 @@ class WP_Auth0_SocialAmplification_Widget extends WP_Widget {
 
 	protected static $db_manager;
 	protected static $social_amplificator;
+	protected $options;
 
 	public static function set_context( WP_Auth0_DBManager $db_manager, WP_Auth0_Amplificator $social_amplificator ) {
 		self::$db_manager = $db_manager;
@@ -16,30 +17,66 @@ function __construct() {
 			__( $this->getWidgetName(), 'wp_auth0_widget_domain' ),
 			array( 'description' => __( $this->getWidgetDescription(), 'wpb_widget_domain' ) )
 		);
+		$this->options = WP_Auth0_Options::Instance();
 	}
 
 	protected function getWidgetId() {
 		return 'wp_auth0_social_amplification_widget';
 	}
 
 	protected function getWidgetName() {
-		return "Auth0 Social Amplification";
+		return __( 'Auth0 Social Amplification', 'wp-auth0' );
+
 	}
 
 	protected function getWidgetDescription() {
-		return "Shows Auth0 Social Amplification Widget Embed in your sidebar";
+		return __( 'Shows Auth0 Social Amplification widget in a sidebar', 'wp-auth0' );
 	}
 
+	/**
+	 * Build the widget settings form in the Customizer and wp-admin > Widgets page.
+	 *
+	 * @param array $instance - Current instance of this widget.
+	 */
 	public function form( $instance ) {
-		require WPA0_PLUGIN_DIR . 'templates/a0-widget-amplificator.php';
+		$fields = array(
+			'amplificator_title' => __( 'Widget title', 'wp-auth0' ),
+			'amplificator_subtitle' => __( 'Widget subtitle', 'wp-auth0' ),
+			'social_twitter_message' => __( 'Twitter message', 'wp-auth0' ),
+		);
+
+		foreach ( $fields as $field => $title ) {
+			$field_value = isset( $instance[ $field ] )
+				? $instance[ $field ]
+				: $this->options->get( $field );
+			printf(
+				'<p><label for="%s">%s:</label><textarea class="widefat" id="%s" name="%s">%s</textarea></p>',
+				esc_attr( $this->get_field_id( $field ) ),
+				sanitize_text_field( $title ),
+				esc_attr( $this->get_field_id( $field ) ),
+				esc_attr( $this->get_field_name( $field ) ),
+				esc_textarea( $field_value )
+			);
+		}
+
+		printf(
+			'<p>%s <a href="%s" target="_blank">%s</a>.</p>
+			<p>%s</p><ul><li><code>%s</code> - %s</li><li><code>%s</code> - %s</li></ul>',
+			__( 'App keys are required and are set on the Advanced tab of the', 'wp-auth0' ),
+			admin_url( 'admin.php?page=wpa0#advanced' ),
+			__( 'Auth0 settings page', 'wp-auth0' ),
+			__( 'You can use the following tags in the messages above:', 'wp-auth0' ),
+			'%page_url%',
+			__( 'This will be replaced by the current page URL', 'wp-auth0' ),
+			'%site_url%',
+			__( 'This will be replaced by the site URL', 'wp-auth0' )
+		);
 	}
 
 	public function update( $new_instance, $old_instance ) {
-		$options = WP_Auth0_Options::Instance();
-		$options->set( 'social_facebook_message', $new_instance['social_facebook_message'] );
-		$options->set( 'social_twitter_message', $new_instance['social_twitter_message'] );
-		$options->set( 'amplificator_title', $new_instance['amplificator_title'] );
-		$options->set( 'amplificator_subtitle', $new_instance['amplificator_subtitle'] );
+		$new_instance['social_twitter_message'] = sanitize_text_field( $new_instance['social_twitter_message'] );
+		$new_instance['amplificator_title'] = sanitize_text_field( $new_instance['amplificator_title'] );
+		$new_instance['amplificator_subtitle'] = sanitize_text_field( $new_instance['amplificator_subtitle'] );
 		return $new_instance;
 	}
 
@@ -51,17 +88,15 @@ public function widget( $args, $instance ) {
 		$user_profile = $current_user->auth0_obj;
 
 		if ( trim( $client_id ) != "" && $user_profile ) {
-			$options = WP_Auth0_Options::Instance();
-
 			$supportedProviders = array( 'facebook', 'twitter' );
 			$enabledProviders = array();
 
-			$social_facebook_key = $options->get_connection( 'social_facebook_key' );
+			$social_facebook_key = $this->options->get_connection( 'social_facebook_key' );
 			if ( !empty( $social_facebook_key ) ) {
 				$enabledProviders[] = 'facebook';
 			}
 
-			$social_twitter_key = $options->get_connection( 'social_twitter_key' );
+			$social_twitter_key = $this->options->get_connection( 'social_twitter_key' );
 			if ( !empty( $social_twitter_key ) ) {
 				$enabledProviders[] = 'twitter';
 			}
@@ -75,22 +110,19 @@ public function widget( $args, $instance ) {
 
 			echo $args['before_widget'];
 
-			$amplificator_title = $options->get( 'amplificator_title' );
-			$amplificator_subtitle = $options->get( 'amplificator_subtitle' );
-
-			if ( !empty( $amplificator_title ) ) {
-				echo "<h2 class=\"widget-title\">$amplificator_title</h2>";
+			if ( ! empty( $instance['amplificator_title'] ) ) {
+				$widget_title = strip_tags( $instance['amplificator_title'] );
+				echo '<h2 class="widget-title">' . sanitize_text_field( $widget_title ) . '</h2>';
 			}
 
-			if ( !empty( $amplificator_subtitle ) ) {
-				echo "<p>$amplificator_subtitle</p>";
+			if ( ! empty( $instance['amplificator_subtitle'] ) ) {
+				$widget_subtitle = strip_tags( $instance['amplificator_subtitle'] );
+				echo '<p>' . sanitize_text_field( $widget_subtitle ) . '</p>';
 			}
 
 			wp_enqueue_style( 'auth0-aplificator-css', WPA0_PLUGIN_CSS_URL . 'amplificator.css' );
-
-			wp_register_script( 'auth0-aplificator-js', WPA0_PLUGIN_JS_URL . 'amplificator.js' );
+			wp_enqueue_script( 'auth0-aplificator-js', WPA0_PLUGIN_JS_URL . 'amplificator.js', array( 'jquery' ), WPA0_VERSION  );
 			wp_localize_script( 'auth0-aplificator-js', 'auth0_ajax', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
-			wp_enqueue_script( 'auth0-aplificator-js' );
 
 			$current_page_url = self::current_page_url();
 
@@ -99,32 +131,41 @@ public function widget( $args, $instance ) {
 				if ( in_array( $provider, $providers ) && in_array( $provider, $enabledProviders ) ) {
 					$js_function = "Auth0Amplify(this,'$provider', '$current_page_url')";
 				} else {
-
-					$current_page_url = urlencode( $current_page_url );
-
+					$share_url = '';
 					switch ( $provider ) {
-					case 'facebook':
-						$js_function = "javascript: void window.open('https://www.facebook.com/sharer/sharer.php?u=$current_page_url', '', 'height=300, width=600');";
-						break;
-					case 'twitter':
-						$content = self::$social_amplificator->get_share_text( 'twitter', $current_page_url );
-						$js_function = "javascript: void window.open('https://twitter.com/share?url=$current_page_url&text=$content', '', 'height=300, width=600');";
-						break;
+
+						case 'facebook':
+							$share_url = 'https://www.facebook.com/sharer/sharer.php?u=' . rawurlencode( $current_page_url );
+							break;
+
+						case 'twitter':
+							$message = '';
+							if ( ! empty( $instance['social_twitter_message'] ) ) {
+								$message = str_replace( '%page_url%', $current_page_url, $instance['social_twitter_message'] );
+								$message = str_replace( '%site_url%', home_url(), $message );
+							}
+
+							$share_url = sprintf(
+								'https://twitter.com/share?url=%s&text=%s',
+								rawurlencode( $current_page_url ),
+								rawurlencode( $message )
+							);
+							break;
 					}
 
+					$js_function = sprintf(
+						"javascript: void window.open('%s', '','height=300, width=600')",
+						$share_url
+					);
 				}
 
-?>
-
-<div onclick="<?php echo $js_function; ?>"
-    title="<?php echo $provider; ?>"
-    class="a0-social a0-<?php echo $provider; ?>" dir="ltr">
-
-	<span><?php echo $provider; ?></span>
-
-</div>
-
-                <?php
+				printf(
+					'<div onclick="%s" title="%s" class="a0-social a0-%s" dir="ltr"><span>%s</span></div>',
+					esc_attr( $js_function ),
+					esc_attr( $provider ),
+					esc_attr( $provider ),
+					esc_attr( $provider )
+				);
 			}
 
 			echo $args['after_widget'];

lib/admin/WP_Auth0_Admin.php

@@ -209,6 +209,25 @@ public function init() {
 	 * Enqueue scripts for all Auth0 wp-admin pages
 	 */
 	public function admin_enqueue() {
+		// Register admin styles
+		wp_register_style( 'wpa0_bootstrap', WPA0_PLUGIN_BS_URL . 'css/bootstrap.min.css', false, '3.3.5' );
+		wp_register_style( 'wpa0_admin_initial_settup', WPA0_PLUGIN_CSS_URL . 'initial-setup.css', false, WPA0_VERSION );
+
+		// Register admin scripts
+		wp_register_script( 'wpa0_bootstrap', WPA0_PLUGIN_BS_URL . 'js/bootstrap.min.js', array( 'jquery' ), '3.3.6' );
+		wp_register_script( 'wpa0_admin', WPA0_PLUGIN_JS_URL . 'admin.js', array( 'wpa0_bootstrap' ), WPA0_VERSION );
+		wp_localize_script(
+			'wpa0_admin', 'wpa0', array(
+				'media_title'         => __( 'Choose your icon', 'wp-auth0' ),
+				'media_button'        => __( 'Choose icon', 'wp-auth0' ),
+				'clear_cache_working' => __( 'Working ...', 'wp-auth0' ),
+				'clear_cache_done'    => __( 'Done!', 'wp-auth0' ),
+				'clear_cache_nonce'   => wp_create_nonce( 'auth0_delete_cache_transient' ),
+				'ajax_url'            => admin_url( 'admin-ajax.php' ),
+			)
+		);
+		wp_register_script( 'wpa0_async', WPA0_PLUGIN_LIB_URL . 'async.min.js', false, WPA0_VERSION );
+
 		$wpa0_pages     = array( 'wpa0', 'wpa0-errors', 'wpa0-users-export', 'wpa0-import-settings', 'wpa0-setup' );
 		$wpa0_curr_page = ! empty( $_REQUEST['page'] ) ? $_REQUEST['page'] : '';
 		if ( ! in_array( $wpa0_curr_page, $wpa0_pages ) ) {
@@ -220,25 +239,13 @@ public function admin_enqueue() {
 		}
 
 		if ( in_array( $wpa0_curr_page, array( 'wpa0', 'wpa0-setup' ) ) ) {
-			wp_enqueue_script( 'wpa0_admin', WPA0_PLUGIN_JS_URL . 'admin.js', array( 'jquery' ), WPA0_VERSION );
-			wp_localize_script(
-				'wpa0_admin', 'wpa0', array(
-					'media_title'         => __( 'Choose your icon', 'wp-auth0' ),
-					'media_button'        => __( 'Choose icon', 'wp-auth0' ),
-					'clear_cache_working' => __( 'Working ...', 'wp-auth0' ),
-					'clear_cache_done'    => __( 'Done!', 'wp-auth0' ),
-					'clear_cache_nonce'   => wp_create_nonce( 'auth0_delete_cache_transient' ),
-					'ajax_url'            => admin_url( 'admin-ajax.php' ),
-				)
-			);
-
-			wp_enqueue_script( 'wpa0_async', WPA0_PLUGIN_LIB_URL . 'async.min.js', false, WPA0_VERSION );
+			wp_enqueue_script( 'wpa0_admin' );
+			wp_enqueue_script( 'wpa0_async' );
 		}
 
 		wp_enqueue_media();
-		wp_enqueue_style( 'wpa0_bootstrap', WPA0_PLUGIN_BS_URL . 'css/bootstrap.min.css', false, '3.3.5' );
-		wp_enqueue_script( 'wpa0_bootstrap', WPA0_PLUGIN_BS_URL . 'js/bootstrap.min.js', array( 'jquery' ), '3.3.6' );
-		wp_enqueue_style( 'wpa0_admin_initial_settup', WPA0_PLUGIN_CSS_URL . 'initial-setup.css', false, WPA0_VERSION );
+		wp_enqueue_style( 'wpa0_bootstrap' );
+		wp_enqueue_style( 'wpa0_admin_initial_settup' );
 
 		if ( 'wpa0-setup' === $wpa0_curr_page && isset( $_REQUEST['signup'] ) ) {
 			$cdn_url = $this->a0_options->get( 'cdn_url' );

lib/admin/WP_Auth0_Admin_Advanced.php

@@ -555,7 +555,8 @@ public function render_custom_signup_fields( $args = array() ) {
 	public function render_social_twitter_key( $args = array() ) {
 		$this->render_social_key_field( $args['label_for'], $args['opt_name'] );
 		$this->render_field_description(
-			__( 'Used for the Social Amplification Widget. ', 'wp-auth0' ) .
+			__( 'Twitter app key for the Social Amplification Widget. ', 'wp-auth0' ) .
+			__( 'The app used here needs to have "read" and "write" permissions. ', 'wp-auth0' ) .
 			$this->get_docs_link(
 				'connections/social/twitter#2-get-your-consumer-key-and-consumer-secret',
 				__( 'Instructions here', 'wp-auth0' )
@@ -575,7 +576,7 @@ public function render_social_twitter_key( $args = array() ) {
 	public function render_social_twitter_secret( $args = array() ) {
 		$this->render_social_key_field( $args['label_for'], $args['opt_name'] );
 		$this->render_field_description(
-			__( 'Used for the Social Amplification Widget. ', 'wp-auth0' ) .
+			__( 'Secret for the app above. ', 'wp-auth0' ) .
 			$this->get_docs_link(
 				'connections/social/twitter#2-get-your-consumer-key-and-consumer-secret',
 				__( 'Instructions here', 'wp-auth0' )
@@ -595,6 +596,8 @@ public function render_social_twitter_secret( $args = array() ) {
 	public function render_social_facebook_key( $args = array() ) {
 		$this->render_social_key_field( $args['label_for'], $args['opt_name'] );
 		$this->render_field_description(
+			__( 'Facebook app key for the Social Amplification Widget. ', 'wp-auth0' ) .
+			__( 'The app used here needs to have "publish_actions" permission. ', 'wp-auth0' ) .
 			__( 'Used for the Social Amplification Widget. ', 'wp-auth0' ) .
 			$this->get_docs_link(
 				'connections/social/facebook#5-get-your-app-id-and-app-secret',
@@ -615,7 +618,7 @@ public function render_social_facebook_key( $args = array() ) {
 	public function render_social_facebook_secret( $args = array() ) {
 		$this->render_social_key_field( $args['label_for'], $args['opt_name'] );
 		$this->render_field_description(
-			__( 'Used for the Social Amplification Widget. ', 'wp-auth0' ) .
+			__( 'Secret for the app above. ', 'wp-auth0' ) .
 			$this->get_docs_link(
 				'connections/social/facebook#5-get-your-app-id-and-app-secret',
 				__( 'Instructions here', 'wp-auth0' )