Skip to content
Permalink
Browse files Browse the repository at this point in the history
Whitespace/code cleanup
* add limits and no_count_rows to optimize queries
* add some missing output escaping
* change some spaces to tabs, some remain
* add coding standards spacing to JS as well
* cast post id as (int) to avoid XSS vector
  • Loading branch information
Adam Silverstein committed Dec 1, 2014
1 parent fd32c06 commit b8a5671
Show file tree
Hide file tree
Showing 5 changed files with 63 additions and 55 deletions.
34 changes: 18 additions & 16 deletions hrm-jobs.php
Expand Up @@ -30,7 +30,7 @@ function hrm_jobs_enqueue_scripts() {
wp_enqueue_script( 'reorder-js', plugins_url( '/js/reorder.js', __FILE__), array('jquery'), '', true );
wp_enqueue_script( 'jquery-ui-datepicker' );
wp_enqueue_script( 'field-date-js', plugins_url('js/Field_Date.js', __FILE__), array('jquery-core', 'jquery-ui-core', 'jquery-ui-datepicker'), '', true );
wp_enqueue_style('jquery-style', 'http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css');
wp_enqueue_style( 'jquery-style', 'http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css' );
}
}
add_action( 'admin_enqueue_scripts', 'hrm_jobs_enqueue_scripts' );
Expand All @@ -46,13 +46,13 @@ function hrm_jobs_enqueue_scripts() {
* Create Sorting Admin Page
*/
function hrm_jobs_add_menu_page() {
add_submenu_page(
'edit.php?post_type=job',
'Reorder Jobs',
'Reorder Jobs',
'edit_pages',
'reorder_jobs',
'hrm_jobs_render_admin'
add_submenu_page(
'edit.php?post_type=job',
'Reorder Jobs',
'Reorder Jobs',
'edit_pages',
'reorder_jobs',
'hrm_jobs_render_admin'
);
}

Expand All @@ -64,35 +64,37 @@ function hrm_jobs_list_shortcode ( $atts, $content = null ) {
$args = array(
'post_type' => 'job',
'orderby' => 'menu_order',
'order' => 'ASC'
'order' => 'ASC',
'post_per_page' => 100, /* add a reasonable max # rows */
'no_found_rows' => true, /* don't generate a count as part of query */
);

$jobs = new WP_Query( $args );
?>

<?php if ( $jobs->have_posts() ) : ?>

<table id="job-list">
<tr>
<th>Job Title</th>
<th>Location</th>
<th></th>
</tr>
<?php while ( $jobs->have_posts() ) : $jobs->the_post(); ?>

<?php $jobUrl = get_permalink(); ?>

<tr>
<td id="<?php the_id(); ?>"><?php the_title(); ?></td>
<td><?php the_terms( $post->ID, 'location') ?></td>
<td><a href="<?php echo esc_url($jobUrl) ?>">Learn More</a></td>
<td><a href="<?php echo esc_url( $jobUrl ) ?>">Learn More</a></td>
</tr>

<?php endwhile; ?>
</table>
</table>

<?php else: ?>
<p><?php _e('You have no Jobs to display.', 'hrm_jobs'); ?></p>
<p><?php _e( 'You have no Jobs to display.', 'hrm_jobs' ); ?></p>
<?php endif; ?>
</div>

Expand Down
6 changes: 3 additions & 3 deletions jobs-cpt.php
@@ -1,6 +1,6 @@
<?php
function hrm_jobs_posttype() {

$labels = array(
'name' => 'Jobs',
'singular_name' => 'Job',
Expand All @@ -17,7 +17,7 @@ function hrm_jobs_posttype() {
'not_found' => 'No jobs found.',
'not_found_in_trash' => 'No jobs found in Trash.',
);

$args = array(
'labels' => $labels,
'public' => true,
Expand Down Expand Up @@ -45,7 +45,7 @@ function hrm_jobs_my_rewrite_flush() {
register_activation_hook( __FILE__, 'hrm_jobs_my_rewrite_flush' );

function hrm_location_tax() {

$labels = array(
'name' => _x( 'Locations', 'taxonomy general name' ),
'singular_name' => _x( 'Location', 'taxonomy singular name' ),
Expand Down
42 changes: 21 additions & 21 deletions jobs-fields.php
@@ -1,14 +1,14 @@
<?php
<?php

/**
* Adds a meta box to the post editing screen
*/
function hrm_custom_meta() {
add_meta_box(
'hrm_meta',
__( 'Job Listing', 'hrm-jobs' ),
'hrm_meta_callback',
'job'
add_meta_box(
'hrm_meta',
__( 'Job Listing', 'hrm-jobs' ),
'hrm_meta_callback',
'job'
);
}
add_action( 'add_meta_boxes', 'hrm_custom_meta' );
Expand All @@ -25,24 +25,24 @@ function hrm_meta_callback( $post ) {
<div class="meta-th">
<label for="job-id" class="hrm-row-title"><?php _e( 'Job ID', 'hrm-textdomain' )?></label>
</div>
<div class="meta-td">
<input type="text" name="job-id" id="job-id" value="<?php if ( isset ( $hrm_stored_meta['job-id'] ) ) echo $hrm_stored_meta['job-id'][0]; ?>" />
<div class="meta-td">
<input type="text" name="job-id" id="job-id" value="<?php if ( isset ( $hrm_stored_meta['job-id'] ) ) echo esc_attr( $hrm_stored_meta['job-id'][0] ); ?>" />
</div>
</div>
<div class="meta-row">
<div class="meta-th">
<label for="date_listed" class="wpdt-row-title"><?php _e( 'Date Listed', 'hrm-textdomain' )?></label>
</div>
<div class="meta-td">
<input type="text" size="10" class="wpdt-row-content datepicker" name="date_listed" id="date_listed" value="<?php if ( isset ( $hrm_stored_meta['date_listed'] ) ) echo $hrm_stored_meta['date_listed'][0]; ?>" />
<input type="text" size="10" class="wpdt-row-content datepicker" name="date_listed" id="date_listed" value="<?php if ( isset ( $hrm_stored_meta['date_listed'] ) ) echo esc_attr( $hrm_stored_meta['date_listed'][0] ); ?>" />
</div>
</div>
<div class="meta-row">
<div class="meta-th">
<label for="application_deadline" class="wpdt-row-title"><?php _e( 'Application Deadline', 'hrm-textdomain' )?></label>
</div>
<div class="meta-td">
<input type="text" size="10" class="wpdt-row-content datepicker" name="application_deadline" id="application_deadline" value="<?php if ( isset ( $hrm_stored_meta['application_deadline'] ) ) echo $hrm_stored_meta['application_deadline'][0]; ?>" />
<input type="text" size="10" class="wpdt-row-content datepicker" name="application_deadline" id="application_deadline" value="<?php if ( isset ( $hrm_stored_meta['application_deadline'] ) ) echo esc_attr( $hrm_stored_meta['application_deadline'][0] ); ?>" />
</div>
</div>
<div class="meta-row">
Expand All @@ -54,7 +54,7 @@ function hrm_meta_callback( $post ) {

$content = get_post_meta( $post->ID, 'principle_duties', true );
$editor_id = 'principle_duties';
$settings = array(
$settings = array(
'textarea_rows' => 5,
);

Expand All @@ -68,15 +68,15 @@ function hrm_meta_callback( $post ) {
<label for="minimum-requirements" class="wpdt-row-title"><?php _e( 'Minimum Requirements', 'hrm-textdomain' )?></label>
</div>
<div class="meta-td">
<textarea name="minimum-requirements" class ="hrm-textarea" id="minimum-requirements"><?php if ( isset ( $hrm_stored_meta['minimum-requirements'] ) ) echo $hrm_stored_meta['minimum-requirements'][0]; ?></textarea>
<textarea name="minimum-requirements" class ="hrm-textarea" id="minimum-requirements"><?php if ( isset ( $hrm_stored_meta['minimum-requirements'] ) ) echo esc_attr( $hrm_stored_meta['minimum-requirements'][0] ); ?></textarea>
</div>
</div>
<div class="meta-row">
<div class="meta-th">
<label for="preferred-requirements" class="wpdt-row-title"><?php _e( 'Preferred Requirements', 'hrm-textdomain' )?></label>
</div>
<div class="meta-td">
<textarea name="preferred-requirements" class ="hrm-textarea" id="preferred-requirements"><?php if ( isset ( $hrm_stored_meta['preferred-requirements'] ) ) echo $hrm_stored_meta['preferred-requirements'][0]; ?></textarea>
<textarea name="preferred-requirements" class ="hrm-textarea" id="preferred-requirements"><?php if ( isset ( $hrm_stored_meta['preferred-requirements'] ) ) echo esc_attr( $hrm_stored_meta['preferred-requirements'][0] ); ?></textarea>
</div>
</div>
<div class="meta-row">
Expand All @@ -99,17 +99,17 @@ function hrm_meta_callback( $post ) {
* Saves the custom meta input
*/
function hrm_meta_save( $post_id ) {

// Checks save status
$is_autosave = wp_is_post_autosave( $post_id );
$is_revision = wp_is_post_revision( $post_id );
$is_valid_nonce = ( isset( $_POST[ 'hrm_nonce' ] ) && wp_verify_nonce( $_POST[ 'hrm_nonce' ], basename( __FILE__ ) ) ) ? 'true' : 'false';

// Exits script depending on save status
if ( $is_autosave || $is_revision || !$is_valid_nonce ) {
return;
}

// Checks for input and sanitizes/saves if needed
if( isset( $_POST[ 'job-id' ] ) ) {
update_post_meta( $post_id, 'job-id', sanitize_text_field( $_POST[ 'job-id' ] ) );
Expand All @@ -122,7 +122,7 @@ function hrm_meta_save( $post_id ) {
if( isset( $_POST[ 'minimum-requirements' ] ) ) {
update_post_meta( $post_id, 'minimum-requirements', sanitize_text_field( $_POST[ 'minimum-requirements' ] ) );
}

if( isset( $_POST[ 'date_listed' ] ) ) {
update_post_meta( $post_id, 'date_listed', sanitize_text_field( $_POST[ 'date_listed' ] ) );
}
Expand All @@ -145,15 +145,15 @@ function hrm_meta_save( $post_id ) {
* Change Placeholder text in Default title field.
*/
function change_default_title( $title ){

$screen = get_current_screen();

if ( 'job' == $screen->post_type ){
$title = "Enter Job Title Here";
}

return $title;
}

add_filter( 'enter_title_here', 'change_default_title' );

18 changes: 9 additions & 9 deletions js/reorder.js
@@ -1,11 +1,11 @@
jQuery(document).ready(function($) {
$('div#jobs-admin-sort').each(function() {
$( 'div#jobs-admin-sort' ).each(function() {

var sortList = $('ul#custom-type-list');
var sortList = $( 'ul#custom-type-list' );

sortList.sortable({
update: function(event, ui) {
$('#loading-animation').show(); // Show the animate loading gif while waiting
$( '#loading-animation' ).show(); // Show the animate loading gif while waiting

opts = {
url: ajaxurl, // ajaxurl is defined by WordPress and points to /wp-admin/admin-ajax.php
Expand All @@ -15,17 +15,17 @@ jQuery(document).ready(function($) {
dataType: 'json',
data:{
action: 'save_sort', // Tell WordPress how to handle this ajax request
order: sortList.sortable('toArray').toString() // Passes ID's of list items in 1,3,2 format
order: sortList.sortable( 'toArray' ).toString() // Passes ID's of list items in 1,3,2 format
},
success: function(response) {
$('div#message').remove();
$('#loading-animation').hide(); // Hide the loading animation
$('div#jobs-admin-sort h2:first').after('<div id="message" class="updated below-h2"><p>Jobs sort order has been saved</p></div>');
$( 'div#message' ).remove();
$( '#loading-animation' ).hide(); // Hide the loading animation
$( 'div#jobs-admin-sort h2:first' ).after( '<div id="message" class="updated below-h2"><p>Jobs sort order has been saved</p></div>' );
return;
},
error: function(xhr,textStatus,e) {
$('#loading-animation').hide(); // Hide the loading animation
$('div#jobs-admin-sort h2:first').after('<div id="message" class="error below-h2"><p>There was an error saving the sort order. Please try again later.</p></div>');
$( '#loading-animation' ).hide(); // Hide the loading animation
$( 'div#jobs-admin-sort h2:first' ).after( '<div id="message" class="error below-h2"><p>There was an error saving the sort order. Please try again later.</p></div>' );
return;
}
};
Expand Down
18 changes: 12 additions & 6 deletions render-admin.php
Expand Up @@ -4,23 +4,26 @@ function hrm_jobs_render_admin() {
$args = array(
'post_type' => 'job',
'orderby' => 'menu_order',
'order' => 'ASC'
'order' => 'ASC',
'post_per_page' => 100, /* add a reasonable max # rows */
'no_found_rows' => true, /* don't generate a count as part of query */

);

$jobs = new WP_Query( $args );
?>
<div id="jobs-admin-sort" class="wrap">
<div id="icon-job-admin" class="icon32"><br /></div>
<h2><?php _e('Sort Job Positions', 'hrm_jobs'); ?> <img src=" <?php echo admin_url(); ?>/images/loading.gif" id="loading-animation" /></h2>
<h2><?php _e('Sort Job Positions', 'hrm_jobs'); ?> <img src="<?php echo esc_url( admin_url() . '/images/loading.gif' ); ?>" id="loading-animation" /></h2>
<?php if ( $jobs->have_posts() ) : ?>
<p><?php _e('<strong>Note:</strong> this only affects the Jobs listed using the shortcode functions', 'hrm_jobs'); ?></p>
<p><?php _e('<strong>Note:</strong> this only affects the Jobs listed using the shortcode functions', 'hrm_jobs'); ?></p>
<ul id="custom-type-list">
<?php while ( $jobs->have_posts() ) : $jobs->the_post(); ?>
<li id="<?php the_id(); ?>"><?php the_title(); ?></li>
<?php endwhile; ?>
</ul>
</ul>
<?php else: ?>
<p><?php _e('You have no Jobs to sort.', 'hrm_jobs'); ?></p>
<p><?php _e( 'You have no Jobs to sort.', 'hrm_jobs' ); ?></p>
<?php endif; ?>
</div>

Expand All @@ -31,11 +34,14 @@ function hrm_jobs_render_admin() {

function hrm_jobs_save_order() {

//@todo add a nonce here to verify user intent
//@todo add a capability check to ensure use caps

global $wpdb; // WordPress database class
$order = explode(',', $_POST['order']);
$counter = 0;
foreach ($order as $item_id) {
$wpdb->update($wpdb->posts, array( 'menu_order' => $counter ), array( 'ID' => $item_id) );
$wpdb->update( $wpdb->posts, array( 'menu_order' => $counter ), array( 'ID' => (int) $item_id) );
$counter++;
}
die(1);
Expand Down

0 comments on commit b8a5671

Please sign in to comment.