Role edit page cleanup. Adds the members_sanitize_role() function.

justintadlock · Jul 18, 2015 · 462a3e8 · 462a3e8
1 parent 9be048b
commit 462a3e8
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 36 deletions.
diff --git a/admin/role-edit.php b/admin/role-edit.php
@@ -6,83 +6,97 @@
  * @subpackage Admin
  */
 
-/* Get the current role object to edit. */
-$role = get_role( esc_attr( strip_tags( $_GET['role'] ) ) );
+// If the current user can't edit roles, don't proceed.
+if ( ! current_user_can( 'edit_roles' ) )
+	wp_die( esc_html__( 'Whoah, partner!', 'members' ) );
 
-/* Get all the capabilities */
+// Get the current role object to edit.
+$role = get_role( members_sanitize_role( $_GET['role'] ) );
+
+// If we don't have a real role, die.
+if ( is_null( $role ) )
+	wp_die( esc_html__( 'The requested role to edit does not exist.', 'members' ) );
+
+// Get all the capabilities.
 $capabilities = members_get_capabilities();
 
-/* Check if the current user can edit roles and the form has been submitted. */
-if ( current_user_can( 'edit_roles' ) && ( isset( $_POST['role-caps'] ) || isset( $_POST['new-cap'] ) ) ) {
+// Set the `$role_updated` variable.
+$role_updated = false;
 
-	/* Verify the nonce. */
+// Check if the form has been submitted.
+if ( isset( $_POST['role-caps'] ) || isset( $_POST['new-cap'] ) ) {
+
+	// Verify the nonce.
 	check_admin_referer( members_get_nonce( 'edit-roles' ) );
 
-	/* Set the $role_updated variable to true. */
+	// Set the $role_updated variable to true.
 	$role_updated = true;
 
-	/* Loop through all available capabilities. */
+	// Loop through all available capabilities.
 	foreach ( $capabilities as $cap ) {
 
-		/* Get the posted capability. */
+		// Get the posted capability.
 		$posted_cap = isset( $_POST['role-caps']["{$role->name}-{$cap}"] ) ? $_POST['role-caps']["{$role->name}-{$cap}"] : false;
 
-		/* If the role doesn't have the capability and it was selected, add it. */
-		if ( !$role->has_cap( $cap ) && !empty( $posted_cap ) )
+		// If the role doesn't have the capability and it was selected, add it.
+		if ( ! $role->has_cap( $cap ) && ! empty( $posted_cap ) )
 			$role->add_cap( $cap );
 
-		/* If the role has the capability and it wasn't selected, remove it. */
+		// If the role has the capability and it wasn't selected, remove it.
 		elseif ( $role->has_cap( $cap ) && empty( $posted_cap ) )
 			$role->remove_cap( $cap );
 
-	} // End loop through existing capabilities
+	} // End loop through existing capabilities.
 
-	/* If new caps were added and are in an array, we need to add them. */
-	if ( !empty( $_POST['new-cap'] ) && is_array( $_POST['new-cap'] ) ) {
+	// If new caps were added and are in an array, we need to add them.
+	if ( ! empty( $_POST['new-cap'] ) && is_array( $_POST['new-cap'] ) ) {
 
-		/* Loop through each new capability from the edit roles form. */
+		// Loop through each new capability from the edit roles form.
 		foreach ( $_POST['new-cap'] as $new_cap ) {
 
-			/* Sanitize the new capability to remove any unwanted characters. */
+			// Sanitize the new capability to remove any unwanted characters.
 			$new_cap = sanitize_key( $new_cap );
 
-			/* Run one more check to make sure the new capability exists. Add the cap to the role. */
+			// Run one more check to make sure the new capability exists. Add the cap to the role.
 			if ( !empty( $new_cap ) && !$role->has_cap( $new_cap ) )
 				$role->add_cap( $new_cap );
 
-		} // End loop through new capabilities
+		} // End loop through new capabilities.
 
-		/* If new caps are added, we need to reset the $capabilities array. */
+		// If new caps are added, we need to reset the $capabilities array.
 		$capabilities = members_get_capabilities();
 
-	} // End check for new capabilities
+	} // End check for new capabilities.
 
-} // End check for form submission ?>
+} // End check for form submission. ?>
 
 <div class="wrap">
 
-	<?php screen_icon(); ?>
-
 	<h2>
 		<?php _e( 'Edit Role', 'members' ); ?>
 		<?php if ( current_user_can( 'create_roles' ) ) echo '<a href="' . admin_url( 'users.php?page=role-new' ) . '" class="add-new-h2">' . __( 'Add New', 'members' ) . '</a>'; ?>
 	</h2>
 
-	<?php if ( !empty( $role_updated ) ) echo '<div class="updated"><p><strong>' . __( 'Role updated.', 'members' ) . '</strong></p><p><a href="' . admin_url( 'users.php?page=roles' ) . '">' . __( '&larr; Back to Roles', 'members' ) . '</a></p></div>'; ?>
+	<?php if ( $role_updated ) : ?>
+		<div class="updated">
+			<p><strong><?php esc_html_e( 'Role updated.', 'members' ); ?></strong></p>
+			<p><?php printf( '<a href="%s">%s</a>', members_edit_roles_url(), esc_html__( '&larr; Back to roles screen', 'members' ) ); ?>
+		</div>
+	<?php endif; ?>
 
 	<?php do_action( 'members_pre_edit_role_form' ); //Available pre-form hook for displaying messages. ?>
 
 	<div id="poststuff">
 
-		<form name="form0" method="post" action="<?php echo admin_url( esc_url( "users.php?page=roles&amp;action=edit&amp;role={$role->name}" ) ); ?>">
+		<form name="form0" method="post" action="<?php echo esc_url( add_query_arg( array( 'page' => 'roles', 'action' => 'edit', 'role' => $role->name ), admin_url( 'users.php' ) ) ); ?>">
 
 			<?php wp_nonce_field( members_get_nonce( 'edit-roles' ) ); ?>
 
 			<table class="form-table">
 
 				<tr>
 					<th>
-						<?php _e( 'Role Name', 'members' ); ?>
+						<?php esc_html_e( 'Role Name', 'members' ); ?>
 					</th>
 					<td>
 						<input type="text" disabled="disabled" readonly="readonly" value="<?php echo esc_attr( $role->name ); ?>" />
@@ -91,30 +105,32 @@
 
 				<tr>
 					<th>
-						<?php _e( 'Capabilities', 'members' ); ?>
+						<?php esc_html_e( 'Capabilities', 'members' ); ?>
 					</th>
 
 					<td>
-						<?php $i = -1; foreach ( $capabilities as $cap ) { ?>
+						<?php $i = -1; foreach ( $capabilities as $cap ) : ?>
 
 							<div class="members-role-checkbox <?php if ( ++$i % 3 == 0 ) echo 'clear'; ?>">
-								<?php $has_cap = ( $role->has_cap( $cap ) ? true : false ); ?>
-								<input  type="checkbox" name="<?php echo esc_attr( "role-caps[{$role->name}-{$cap}]" ); ?>" id="<?php echo esc_attr( "{$role->name}-{$cap}" ); ?>" <?php checked( true, $has_cap ); ?> value="true" /> 
-								<label for="<?php echo esc_attr( "{$role->name}-{$cap}" ); ?>" class="<?php echo ( $has_cap ? 'has-cap' : 'has-cap-not' ); ?>"><?php echo $cap; ?></label>
+								<?php $has_cap = $role->has_cap( $cap ) ? true : false; // Note: $role->has_cap() returns a string intead of TRUE. ?>
+								<label class="<?php echo ( $has_cap ? 'has-cap' : 'has-cap-not' ); ?>">
+									<input type="checkbox" name="<?php echo esc_attr( "role-caps[{$role->name}-{$cap}]" ); ?>" <?php checked( true, $has_cap ); ?> value="true" />
+									<?php echo esc_html( $cap ); ?>
+								</label>
 							</div>
 
-						<?php } // Endforeach ?>
+						<?php endforeach; ?>
 					</td>
 				</tr>
 
 				<tr>
 					<th>
-						<?php _e( 'Custom Capabilities', 'members' ); ?>
+						<?php esc_html_e( 'Custom Capabilities', 'members' ); ?>
 					</th>
 					<td>
 
 						<p class="members-add-new-cap-wrap clear hide-if-no-js">
-							<a class="button-secondary" id="members-add-new-cap"><?php _e( 'Add New Capability', 'members' ); ?></a>
+							<a class="button-secondary" id="members-add-new-cap"><?php esc_html_e( 'Add New Capability', 'members' ); ?></a>
 						</p>
 						<p class="new-cap-holder">
 							<input type="text" class="new-cap hide-if-js" name="new-cap[]" value="" size="20" />
@@ -130,4 +146,4 @@
 
 	</div><!-- #poststuff -->
 
-</div><!-- .wrap -->
+</div><!-- .wrap -->
diff --git a/includes/roles.php b/includes/roles.php
@@ -1,5 +1,13 @@
 <?php
 
+function members_sanitize_role( $role ) {
+	return apply_filters( 'members_sanitize_role', str_replace( '-', '_', sanitize_key( $role ) ), $role );
+}
+
+function members_edit_roles_url() {
+	return esc_url( add_query_arg( 'page', 'roles', admin_url( 'users.php' ) ) );
+}
+
 function members_get_user_role_names( $user_id ) {
 
 	$user = new WP_User( $user_id );