Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove wp_kses_post from display fields. #968

Merged
merged 3 commits into from Apr 6, 2018
Merged

Remove wp_kses_post from display fields. #968

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6ee3db4
Remove wp_kses_post from display fields.
DavidCramer Apr 4, 2018
619cc9f
Use correct render_fields method
DavidCramer Apr 4, 2018
7b436a9
Clean up code for phpcs
DavidCramer Apr 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions alerts/class-alert-type-die.php
View file
Open in desktop
Expand Up @@ -13,6 +13,7 @@
* @package WP_Stream
*/
class Alert_Type_Die extends Alert_Type {

/**
* Alert type name
*
Expand Down
57 changes: 29 additions & 28 deletions alerts/class-alert-type-email.php
View file
Open in desktop
Expand Up @@ -42,7 +42,10 @@ public function __construct( $plugin ) {
if ( ! is_admin() ) {
return;
}
add_filter( 'wp_stream_alerts_save_meta', array( $this, 'add_alert_meta' ), 10, 2 );
add_filter( 'wp_stream_alerts_save_meta', array(
$this,
'add_alert_meta',
), 10, 2 );
}

/**
Expand All @@ -68,32 +71,32 @@ public function alert( $record_id, $recordarr, $alert ) {
return;
}

// translators: Placeholder refers to the title of a site (e.g. "FooBar Website")
$message = sprintf( __( 'A Stream Alert was triggered on %s.', 'stream' ), get_bloginfo( 'name' ) ) . "\n\n";
// translators: Placeholder refers to the title of a site (e.g. "FooBar Website").
$message = sprintf( __( 'A Stream Alert was triggered on %s.', 'stream' ), get_bloginfo( 'name' ) ) . "\n\n";

$user_id = $recordarr['user_id'];
$user = get_user_by( 'id', $user_id );
$user = get_user_by( 'id', $user_id );

// translators: Placeholder refers to a username (e.g. "administrator")
// translators: Placeholder refers to a username (e.g. "administrator").
$message .= sprintf( __( "User:\t%s", 'stream' ), $user->user_login ) . "\n";

if ( ! empty( $alert->alert_meta['trigger_context'] ) ) {
$context = $this->plugin->alerts->alert_triggers['context']->get_display_value( 'list_table', $alert );
$context = $this->plugin->alerts->alert_triggers['context']->get_display_value( 'list_table', $alert );

// translators: Placeholder refers to the context of the record (e.g. "Plugins")
$message .= sprintf( __( "Context:\t%s", 'stream' ), $context ) . "\n";
// translators: Placeholder refers to the context of the record (e.g. "Plugins").
$message .= sprintf( __( "Context:\t%s", 'stream' ), $context ) . "\n";
}
if ( ! empty( $alert->alert_meta['trigger_action'] ) ) {
$action = $this->plugin->alerts->alert_triggers['action']->get_display_value( 'list_table', $alert );
$action = $this->plugin->alerts->alert_triggers['action']->get_display_value( 'list_table', $alert );

// translators: Placeholder refers to the action of the record (e.g. "Installed")
$message .= sprintf( __( "Action:\t%s", 'stream' ), $action ) . "\n";
// translators: Placeholder refers to the action of the record (e.g. "Installed").
$message .= sprintf( __( "Action:\t%s", 'stream' ), $action ) . "\n";
}

$post = null;
if ( isset( $recordarr['object_id'] ) ) {
$post_id = $recordarr['object_id'];
$post = get_post( $post_id );
$post = get_post( $post_id );
}
if ( is_object( $post ) && ! empty( $post ) ) {
$post_type = get_post_type_object( $post->post_type );
Expand All @@ -102,14 +105,14 @@ public function alert( $record_id, $recordarr, $alert ) {

$edit_post_link = get_edit_post_link( $post->ID, 'raw' );

// translators: Placeholder refers to the post type singular name (e.g. "Post")
// translators: Placeholder refers to the post type singular name (e.g. "Post").
$message .= sprintf( __( 'Edit %s', 'stream' ), $post_type->labels->singular_name ) . "\n<$edit_post_link>\n";
}

$message .= "\n";

$edit_alert_link = admin_url( 'edit.php?post_type=wp_stream_alerts#post-' . $alert->ID );
$message .= __( 'Edit Alert', 'stream' ) . "\n<$edit_alert_link>";
$message .= __( 'Edit Alert', 'stream' ) . "\n<$edit_alert_link>";

wp_mail( $options['email_recipient'], $options['email_subject'], $message );
}
Expand All @@ -136,24 +139,20 @@ public function display_fields( $alert ) {
echo '<span class="wp_stream_alert_type_description">' . esc_html__( 'Send a notification email to the recipient.', 'stream' ) . '</span>';
echo '<label for="wp_stream_email_recipient"><span class="title">' . esc_html__( 'Recipient', 'stream' ) . '</span>';
echo '<span class="input-text-wrap">';
echo wp_kses_post( $form->render_field(
'text', array( // Xss ok.
'name' => 'wp_stream_email_recipient',
'title' => esc_attr( __( 'Email Recipient', 'stream' ) ),
'value' => $options['email_recipient'],
)
) );
echo $form->render_field( 'text', array(
'name' => 'wp_stream_email_recipient',
'title' => esc_attr( __( 'Email Recipient', 'stream' ) ),
'value' => $options['email_recipient'],
) ); // Xss ok.
echo '</span></label>';

echo '<label for="wp_stream_email_subject"><span class="title">' . esc_html__( 'Subject', 'stream' ) . '</span>';
echo '<span class="input-text-wrap">';
echo wp_kses_post( $form->render_field(
'text', array( // Xss ok.
'name' => 'wp_stream_email_subject',
'title' => esc_attr( __( 'Email Subject', 'stream' ) ),
'value' => $options['email_subject'],
)
) );
echo $form->render_field( 'text', array(
'name' => 'wp_stream_email_subject',
'title' => esc_attr( __( 'Email Subject', 'stream' ) ),
'value' => $options['email_subject'],
) ); // Xss ok.
echo '</span></label>';
}

Expand All @@ -174,6 +173,7 @@ public function save_fields( $alert ) {
$alert->alert_meta['email_subject'] = sanitize_text_field( wp_unslash( $_POST['wp_stream_email_subject'] ) );
}
}

/**
* Add alert meta if this is a highlight alert
*
Expand All @@ -193,6 +193,7 @@ public function add_alert_meta( $alert_meta, $alert_type ) {
$alert_meta['email_subject'] = $email_subject;
}
}

return $alert_meta;
}
}
50 changes: 33 additions & 17 deletions alerts/class-alert-type-highlight.php
View file
Open in desktop
Expand Up @@ -13,6 +13,7 @@
* @package WP_Stream
*/
class Alert_Type_Highlight extends Alert_Type {

/**
* Main JS file script handle.
*/
Expand Down Expand Up @@ -68,17 +69,32 @@ public function __construct( $plugin ) {
if ( ! is_admin() ) {
return;
}
add_filter( 'wp_stream_record_classes', array( $this, 'post_class' ), 10, 2 );
add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_scripts' ) );
add_action( 'wp_ajax_' . self::REMOVE_ACTION, array( $this, 'ajax_remove_highlight' ) );
add_filter( 'wp_stream_record_classes', array(
$this,
'post_class',
), 10, 2 );
add_action( 'admin_enqueue_scripts', array(
$this,
'enqueue_scripts',
) );
add_action( 'wp_ajax_' . self::REMOVE_ACTION, array(
$this,
'ajax_remove_highlight',
) );

if ( ! empty( $this->plugin->connectors->connectors ) && is_array( $this->plugin->connectors->connectors ) ) {
foreach ( $this->plugin->connectors->connectors as $connector ) {
add_filter( 'wp_stream_action_links_' . $connector->name, array( $this, 'action_link_remove_highlight' ), 10, 2 );
add_filter( 'wp_stream_action_links_' . $connector->name, array(
$this,
'action_link_remove_highlight',
), 10, 2 );
}
}

add_filter( 'wp_stream_alerts_save_meta', array( $this, 'add_alert_meta' ), 10, 2 );
add_filter( 'wp_stream_alerts_save_meta', array(
$this,
'add_alert_meta',
), 10, 2 );
}

/**
Expand All @@ -93,7 +109,7 @@ public function __construct( $plugin ) {
* @return void
*/
public function alert( $record_id, $recordarr, $alert ) {
$recordarr['ID'] = $record_id;
$recordarr['ID'] = $record_id;
$this->single_alert_id = $alert->ID;
if ( ! empty( $alert->alert_meta['color'] ) ) {
$alert_meta = array(
Expand Down Expand Up @@ -124,16 +140,15 @@ public function display_fields( $alert ) {
echo '<span class="wp_stream_alert_type_description">' . esc_html__( 'Highlight this alert on the Stream records page.', 'stream' ) . '</span>';
echo '<label for="wp_stream_highlight_color"><span class="title">' . esc_html__( 'Color', 'stream' ) . '</span>';
echo '<span class="input-text-wrap">';
echo wp_kses_post( $form->render_field(
'select', array( // Xss ok.
echo $form->render_field( 'select', array(
'name' => 'wp_stream_highlight_color',
'title' => esc_attr( __( 'Highlight Color', 'stream' ) ),
'options' => $this->get_highlight_options(),
'value' => $options['color'],
)
) );
) ); // Xss ok.
echo '</span></label>';
}

/**
* Lists available color options for alerts.
*
Expand Down Expand Up @@ -161,7 +176,7 @@ public function save_fields( $alert ) {
$alert->alert_meta['color'] = 'yellow';
}
$input_color = sanitize_text_field( wp_unslash( $_POST['wp_stream_highlight_color'] ) );
if ( ! array_key_exists( $input_color , $this->get_highlight_options() ) ) {
if ( ! array_key_exists( $input_color, $this->get_highlight_options() ) ) {
$alert->alert_meta['color'] = 'yellow';
} else {
$alert->alert_meta['color'] = $input_color;
Expand Down Expand Up @@ -206,7 +221,7 @@ public function post_class( $classes, $record ) {
* @return mixed
*/
public function action_link_remove_highlight( $actions, $record ) {
$record = new Record( $record );
$record = new Record( $record );
$alerts_triggered = $record->get_meta( Alerts::ALERTS_TRIGGERED_META_KEY, true );
if ( ! empty( $alerts_triggered[ $this->slug ] ) ) {
$actions[ __( 'Remove Highlight', 'stream' ) ] = '#';
Expand Down Expand Up @@ -249,9 +264,9 @@ public function ajax_remove_highlight() {
if ( ! is_numeric( $record_id ) ) {
wp_send_json_error( $failure_message );
}
$record_obj = new \stdClass();
$record_obj->ID = $record_id;
$record = new Record( $record_obj );
$record_obj = new \stdClass();
$record_obj->ID = $record_id;
$record = new Record( $record_obj );
$alerts_triggered = $record->get_meta( Alerts::ALERTS_TRIGGERED_META_KEY, true );
if ( isset( $alerts_triggered[ $this->slug ] ) ) {
unset( $alerts_triggered[ $this->slug ] );
Expand All @@ -270,9 +285,9 @@ public function enqueue_scripts( $page ) {
wp_register_script( self::SCRIPT_HANDLE, $this->plugin->locations['url'] . 'alerts/js/alert-type-highlight.js', array( 'jquery' ) );

$exports = array(
'ajaxUrl' => admin_url( 'admin-ajax.php' ),
'ajaxUrl' => admin_url( 'admin-ajax.php' ),
'removeAction' => self::REMOVE_ACTION,
'security' => wp_create_nonce( self::REMOVE_ACTION_NONCE ),
'security' => wp_create_nonce( self::REMOVE_ACTION_NONCE ),
);

wp_scripts()->add_data(
Expand Down Expand Up @@ -303,6 +318,7 @@ public function add_alert_meta( $alert_meta, $alert_type ) {
$alert_meta['color'] = $color;
}
}

return $alert_meta;
}
}