Skip to content

Commit

Permalink
Merge pull request #1111 from kidunot89/devops/vip-compliance
Browse files Browse the repository at this point in the history
WordPress VIP coding standards compliance
  • Loading branch information
kasparsd authored Jul 7, 2020
2 parents cb8e5c4 + 6458a3b commit d465e35
Show file tree
Hide file tree
Showing 26 changed files with 657 additions and 270 deletions.
2 changes: 1 addition & 1 deletion alerts/class-alert-type-ifttt.php
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ public function notify_ifttt( $alert, $recordarr ) {
$record_data = wp_parse_args(
$recordarr,
array(
// translators: Placeholder refers to the Event Name of the Alert (e.g. "Update a post")
/* translators: %s: the Event Name of the Alert (e.g. "Update a post") */
'summary' => sprintf( __( 'The event %s was triggered' ), $alert->alert_meta['event_name'] ),
'user_id' => get_current_user_id(),
'created' => current_time( 'Y-m-d H:i:s' ),
Expand Down
139 changes: 93 additions & 46 deletions classes/class-admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,7 @@ public function prepare_admin_notices() {
*/
public function notice( $message, $is_error = true ) {
if ( defined( 'WP_CLI' ) && WP_CLI ) {
$message = strip_tags( $message );
$message = wp_strip_all_tags( $message );

if ( $is_error ) {
WP_CLI::warning( $message );
Expand Down Expand Up @@ -392,7 +392,7 @@ public function register_menu() {
*
* @action admin_enqueue_scripts
*
* @param string $hook
* @param string $hook Current hook.
*
* @return void
*/
Expand All @@ -405,9 +405,21 @@ public function admin_enqueue_scripts( $hook ) {
$file_tmpl = 'ui/lib/timeago/locales/jquery.timeago.%s.js';

if ( file_exists( $this->plugin->locations['dir'] . sprintf( $file_tmpl, $locale ) ) ) {
wp_register_script( 'wp-stream-timeago-locale', $this->plugin->locations['url'] . sprintf( $file_tmpl, $locale ), array( 'wp-stream-timeago' ), '1' );
wp_register_script(
'wp-stream-timeago-locale',
$this->plugin->locations['url'] . sprintf( $file_tmpl, $locale ),
array( 'wp-stream-timeago' ),
'1',
false
);
} else {
wp_register_script( 'wp-stream-timeago-locale', $this->plugin->locations['url'] . sprintf( $file_tmpl, 'en' ), array( 'wp-stream-timeago' ), '1' );
wp_register_script(
'wp-stream-timeago-locale',
$this->plugin->locations['url'] . sprintf( $file_tmpl, 'en' ),
array( 'wp-stream-timeago' ),
'1',
false
);
}

$min = wp_stream_min_suffix();
Expand All @@ -429,7 +441,8 @@ public function admin_enqueue_scripts( $hook ) {
'jquery',
'wp-stream-select2',
),
$this->plugin->get_version()
$this->plugin->get_version(),
false
);
wp_enqueue_script(
'wp-stream-admin-exclude',
Expand All @@ -438,7 +451,8 @@ public function admin_enqueue_scripts( $hook ) {
'jquery',
'wp-stream-select2',
),
$this->plugin->get_version()
$this->plugin->get_version(),
false
);
wp_enqueue_script(
'wp-stream-live-updates',
Expand All @@ -447,7 +461,8 @@ public function admin_enqueue_scripts( $hook ) {
'jquery',
'heartbeat',
),
$this->plugin->get_version()
$this->plugin->get_version(),
false
);

wp_localize_script(
Expand All @@ -464,19 +479,19 @@ public function admin_enqueue_scripts( $hook ) {
)
);

$order_types = array( 'asc', 'desc' );

wp_localize_script(
'wp-stream-live-updates',
'wp_stream_live_updates',
array(
'current_screen' => $hook,
'current_page' => isset( $_GET['paged'] ) ? esc_js( $_GET['paged'] ) : '1', // WPCS: CSRF ok.
// input var okay, CSRF okay
'current_order' => isset( $_GET['order'] ) ? esc_js( $_GET['order'] ) : 'desc', // WPCS: CSRF ok.
// input var okay, CSRF okay
'current_query' => wp_stream_json_encode( $_GET ), // WPCS: CSRF ok.
// input var okay, CSRF okay
'current_query_count' => count( $_GET ), // WPCS: CSRF ok.
// input var okay, CSRF okay
'current_page' => isset( $_GET['paged'] ) ? absint( wp_unslash( $_GET['paged'] ) ) : '1', // phpcs:ignore WordPress.Security.NonceVerification.Recommended
'current_order' => isset( $_GET['order'] ) && in_array( strtolower( $_GET['order'] ), $order_types, true ) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
? esc_js( $_GET['order'] ) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
: 'desc',
'current_query' => wp_stream_json_encode( $_GET ), // phpcs:ignore WordPress.Security.NonceVerification.Recommended
'current_query_count' => count( $_GET ), // phpcs:ignore WordPress.Security.NonceVerification.Recommended
)
);
}
Expand All @@ -495,14 +510,21 @@ public function admin_enqueue_scripts( $hook ) {
*/
$bulk_actions_threshold = apply_filters( 'wp_stream_bulk_actions_threshold', 100 );

wp_enqueue_script( 'wp-stream-global', $this->plugin->locations['url'] . 'ui/js/global.' . $min . 'js', array( 'jquery' ), $this->plugin->get_version() );
wp_enqueue_script(
'wp-stream-global',
$this->plugin->locations['url'] . 'ui/js/global.' . $min . 'js',
array( 'jquery' ),
$this->plugin->get_version(),
false
);

wp_localize_script(
'wp-stream-global',
'wp_stream_global',
array(
'bulk_actions' => array(
'i18n' => array(
// translators: Placeholder refers to a number of items (e.g. "1,742")
/* translators: %s: a number of items (e.g. "1,742") */
'confirm_action' => sprintf( esc_html__( 'Are you sure you want to perform bulk actions on over %s items? This process could take a while to complete.', 'stream' ), number_format( absint( $bulk_actions_threshold ) ) ),
),
'threshold' => absint( $bulk_actions_threshold ),
Expand Down Expand Up @@ -533,7 +555,7 @@ public function is_stream_screen() {
/**
* Add a specific body class to all Stream admin screens
*
* @param string $classes CSS classes to output to body
* @param string $classes CSS classes to output to body.
*
* @filter admin_body_class
*
Expand All @@ -545,8 +567,8 @@ public function admin_body_class( $classes ) {
if ( $this->is_stream_screen() ) {
$stream_classes[] = $this->admin_body_class;

if ( isset( $_GET['page'] ) ) { // CSRF okay
$stream_classes[] = sanitize_key( $_GET['page'] ); // input var okay, CSRF okay
if ( isset( $_GET['page'] ) ) { // // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$stream_classes[] = sanitize_key( $_GET['page'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
}
}

Expand All @@ -573,7 +595,7 @@ public function admin_menu_css() {
wp_register_style( 'wp-stream-datepicker', $this->plugin->locations['url'] . 'ui/css/datepicker.' . $min . 'css', array(), $this->plugin->get_version() );
wp_register_style( 'wp-stream-icons', $this->plugin->locations['url'] . 'ui/stream-icons/style.css', array(), $this->plugin->get_version() );

// Make sure we're working off a clean version
// Make sure we're working off a clean version.
if ( ! file_exists( ABSPATH . WPINC . '/version.php' ) ) {
return;
}
Expand Down Expand Up @@ -658,7 +680,7 @@ public function wp_ajax_reset() {
return true;
}

wp_redirect(
wp_safe_redirect(
add_query_arg(
array(
'page' => is_network_admin() ? $this->network->network_settings_page_slug : $this->settings_page_slug,
Expand All @@ -671,6 +693,11 @@ public function wp_ajax_reset() {
exit;
}

/**
* Clears stream records from the database.
*
* @return void
*/
private function erase_stream_records() {
global $wpdb;

Expand All @@ -689,16 +716,26 @@ private function erase_stream_records() {
);
}

/**
* Schedules a purge of records.
*
* @return void
*/
public function purge_schedule_setup() {
if ( ! wp_next_scheduled( 'wp_stream_auto_purge' ) ) {
wp_schedule_event( time(), 'twicedaily', 'wp_stream_auto_purge' );
}
}

/**
* Executes a scheduled purge
*
* @return void
*/
public function purge_scheduled_action() {
global $wpdb;

// Don't purge when in Network Admin unless Stream is network activated
// Don't purge when in Network Admin unless Stream is network activated.
if (
is_multisite()
&&
Expand Down Expand Up @@ -727,7 +764,7 @@ public function purge_scheduled_action() {

$where = $wpdb->prepare( ' AND `stream`.`created` < %s', $date->format( 'Y-m-d H:i:s' ) );

// Multisite but NOT network activated, only purge the current blog
// Multisite but NOT network activated, only purge the current blog.
if ( is_multisite() && ! $this->plugin->is_network_activated() ) {
$where .= $wpdb->prepare( ' AND `blog_id` = %d', get_current_blog_id() );
}
Expand All @@ -742,11 +779,13 @@ public function purge_scheduled_action() {
}

/**
* @param array $links
* @param string $file
* Returns the admin action links.
*
* @filter plugin_action_links
*
* @param array $links Action links.
* @param string $file Plugin file.
*
* @return array
*/
public function plugin_action_links( $links, $file ) {
Expand Down Expand Up @@ -880,7 +919,7 @@ public function register_list_table() {
/**
* Check if a particular role has access
*
* @param string $role
* @param string $role User role.
*
* @return bool
*/
Expand All @@ -895,10 +934,10 @@ private function role_can_view( $role ) {
/**
* Filter user caps to dynamically grant our view cap based on allowed roles
*
* @param $allcaps
* @param $caps
* @param $args
* @param $user
* @param array $allcaps All capabilities.
* @param array $caps Required caps.
* @param array $args Unused.
* @param WP_User $user User.
*
* @filter user_has_cap
*
Expand Down Expand Up @@ -945,9 +984,9 @@ public function filter_user_caps( $allcaps, $caps, $args, $user = null ) {
*
* @filter role_has_cap
*
* @param $allcaps
* @param $cap
* @param $role
* @param array $allcaps All capabilities.
* @param string $cap Require cap.
* @param string $role User role.
*
* @return array
*/
Expand All @@ -962,6 +1001,8 @@ public function filter_role_caps( $allcaps, $cap, $role ) {
}

/**
* Ajax callback for return a user list.
*
* @action wp_ajax_wp_stream_filters
*/
public function ajax_filters() {
Expand Down Expand Up @@ -997,19 +1038,25 @@ function ( $user ) use ( $search ) {
$users = array_slice( $users, 0, $this->preload_users_max );
}

// Get gravatar / roles for final result set
// Get gravatar / roles for final result set.
$results = $this->get_users_record_meta( $users );

break;
}

if ( isset( $results ) ) {
echo wp_stream_json_encode( $results ); // xss ok
echo wp_stream_json_encode( $results ); // xss ok.
}

die();
}

/**
* Return relevant user meta data.
*
* @param array $authors Author data.
* @return array
*/
public function get_users_record_meta( $authors ) {
$authors_records = array();

Expand All @@ -1031,9 +1078,9 @@ public function get_users_record_meta( $authors ) {
/**
* Get user meta in a way that is also safe for VIP
*
* @param int $user_id
* @param string $meta_key
* @param bool $single (optional)
* @param int $user_id User ID.
* @param string $meta_key Meta key.
* @param bool $single Return first found meta value connected to the meta key (optional).
*
* @return mixed
*/
Expand All @@ -1048,10 +1095,10 @@ public function get_user_meta( $user_id, $meta_key, $single = true ) {
/**
* Update user meta in a way that is also safe for VIP
*
* @param int $user_id
* @param string $meta_key
* @param mixed $meta_value
* @param mixed $prev_value (optional)
* @param int $user_id User ID.
* @param string $meta_key Meta key.
* @param mixed $meta_value Meta value.
* @param mixed $prev_value Previous meta value being overwritten (optional).
*
* @return int|bool
*/
Expand All @@ -1066,9 +1113,9 @@ public function update_user_meta( $user_id, $meta_key, $meta_value, $prev_value
/**
* Delete user meta in a way that is also safe for VIP
*
* @param int $user_id
* @param string $meta_key
* @param mixed $meta_value (optional)
* @param int $user_id User ID.
* @param string $meta_key Meta key.
* @param mixed $meta_value Meta value (optional).
*
* @return bool
*/
Expand Down
6 changes: 3 additions & 3 deletions classes/class-alert-type.php
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ abstract public function alert( $record_id, $recordarr, $options );
* @param Alert $alert Alert currently being worked on.
*/
public function display_fields( $alert ) {
// Implementation optional, but recommended
// Implementation optional, but recommended.
}

/**
Expand All @@ -63,7 +63,7 @@ public function display_fields( $alert ) {
* @param Alert $alert Alert currently being worked on.
*/
public function save_fields( $alert ) {
// Implementation optional, but recommended
// Implementation optional, but recommended.
}

/**
Expand All @@ -72,7 +72,7 @@ public function save_fields( $alert ) {
* @return bool
*/
public function is_dependency_satisfied() {
// Implementation optional, but recommended
// Implementation optional, but recommended.
return true;
}
}
Loading

0 comments on commit d465e35

Please sign in to comment.