From 8c374c7041796e6be7fa81dded0feef8d971540b Mon Sep 17 00:00:00 2001 From: Nilambar Sharma Date: Sat, 6 Jul 2024 14:08:37 +0545 Subject: [PATCH 1/2] Refine files --- .../classes/class-ns-featured-posts-admin.php | 7 ------- includes/classes/class-ns-featured-posts.php | 5 ----- includes/widgets/nsfp-featured-post-widget.php | 15 +++++++-------- ns-featured-posts.php | 2 +- 4 files changed, 8 insertions(+), 21 deletions(-) diff --git a/includes/classes/class-ns-featured-posts-admin.php b/includes/classes/class-ns-featured-posts-admin.php index c9c50c8..ea350bb 100644 --- a/includes/classes/class-ns-featured-posts-admin.php +++ b/includes/classes/class-ns-featured-posts-admin.php @@ -73,8 +73,6 @@ private function __construct() { $this->options = $plugin->get_options(); - - // Add an action link pointing to the options page. $base_file = $this->plugin_slug . '/' . $this->plugin_slug . '.php'; add_filter( 'plugin_action_links_' . $base_file, array( $this, 'add_plugin_action_links' ) ); @@ -524,7 +522,6 @@ public function load_assets() { ); wp_localize_script( 'nspf-admin', 'NSFP_OBJ', $localize_args ); - } /** @@ -685,13 +682,11 @@ public function custom_query_filtering( $query ) { $qv = &$query->query_vars; if ( is_admin() && 'edit.php' === $pagenow ) { - if ( ! isset( $qv['meta_query'] ) ) { $qv['meta_query'] = array(); } if ( ! empty( $_GET['filter-ns-featured-posts'] ) ) { - if ( 'yes' === $_GET['filter-ns-featured-posts'] ) { $qv['meta_query'][] = array( 'key' => '_is_ns_featured_post', @@ -880,7 +875,6 @@ public function render_attr( $attributes, $echo = true ) { $html = ''; foreach ( $attributes as $name => $value ) { - $esc_value = ''; if ( 'class' === $name && is_array( $value ) ) { @@ -889,7 +883,6 @@ public function render_attr( $attributes, $echo = true ) { if ( false !== $value && 'href' === $name ) { $esc_value = esc_url( $value ); - } elseif ( false !== $value ) { $esc_value = esc_attr( $value ); } diff --git a/includes/classes/class-ns-featured-posts.php b/includes/classes/class-ns-featured-posts.php index 03bece1..f21bc52 100644 --- a/includes/classes/class-ns-featured-posts.php +++ b/includes/classes/class-ns-featured-posts.php @@ -122,14 +122,12 @@ public static function get_instance() { public static function activate( $network_wide ) { if ( function_exists( 'is_multisite' ) && is_multisite() ) { - if ( $network_wide ) { // Get all blog ids. $blog_ids = self::get_blog_ids(); foreach ( $blog_ids as $blog_id ) { - switch_to_blog( $blog_id ); self::single_activate(); } @@ -153,14 +151,12 @@ public static function activate( $network_wide ) { public static function deactivate( $network_wide ) { if ( function_exists( 'is_multisite' ) && is_multisite() ) { - if ( $network_wide ) { // Get all blog ids. $blog_ids = self::get_blog_ids(); foreach ( $blog_ids as $blog_id ) { - switch_to_blog( $blog_id ); self::single_deactivate(); } @@ -285,7 +281,6 @@ public function migrate_options() { if ( $opt ) { if ( isset( $opt['nsfp_posttypes'] ) && ! empty( $opt['nsfp_posttypes'] ) ) { - $values = array_keys( $opt['nsfp_posttypes'] ); $values = array_filter( $values ); diff --git a/includes/widgets/nsfp-featured-post-widget.php b/includes/widgets/nsfp-featured-post-widget.php index c5e5833..dad9d4f 100644 --- a/includes/widgets/nsfp-featured-post-widget.php +++ b/includes/widgets/nsfp-featured-post-widget.php @@ -47,10 +47,10 @@ public function widget( $args, $instance ) { $number = 5; } - $post_type = isset( $instance['post_type'] ) ? esc_attr( $instance['post_type'] ) : 'post'; - $post_orderby = isset( $instance['post_orderby'] ) ? esc_attr( $instance['post_orderby'] ) : 'date'; - $post_order = isset( $instance['post_order'] ) ? esc_attr( $instance['post_order'] ) : 'desc'; - $show_date = isset( $instance['show_date'] ) ? $instance['show_date'] : false; + $post_type = isset( $instance['post_type'] ) ? esc_attr( $instance['post_type'] ) : 'post'; + $post_orderby = isset( $instance['post_orderby'] ) ? esc_attr( $instance['post_orderby'] ) : 'date'; + $post_order = isset( $instance['post_order'] ) ? esc_attr( $instance['post_order'] ) : 'desc'; + $show_date = isset( $instance['show_date'] ) ? $instance['show_date'] : false; $nsfp_query = new WP_Query( apply_filters( @@ -182,7 +182,7 @@ public function form( $instance ) { 'comment_count' => esc_html__( 'Comment Count', 'ns-featured-posts' ), 'menu_order' => esc_html__( 'Menu Order', 'ns-featured-posts' ), ); - $orderby_args = array( + $orderby_args = array( 'name' => $this->get_field_name( 'post_orderby' ), 'id' => $this->get_field_id( 'post_orderby' ), 'selected' => $instance['post_orderby'], @@ -197,7 +197,7 @@ public function form( $instance ) { 'desc' => esc_html__( 'Descending', 'ns-featured-posts' ), 'asc' => esc_html__( 'Ascending', 'ns-featured-posts' ), ); - $order_args = array( + $order_args = array( 'name' => $this->get_field_name( 'post_order' ), 'id' => $this->get_field_id( 'post_order' ), 'selected' => $instance['post_order'], @@ -226,13 +226,12 @@ protected function render_select_dropdown( $choices, $main_args ) { return; } - $defaults = array( 'id' => '', 'name' => '', 'selected' => 0, 'echo' => true, - ); + ); $r = wp_parse_args( $main_args, $defaults ); diff --git a/ns-featured-posts.php b/ns-featured-posts.php index 25eba8a..6197727 100644 --- a/ns-featured-posts.php +++ b/ns-featured-posts.php @@ -20,7 +20,7 @@ } define( 'NS_FEATURED_POSTS_VERSION', '2.0.13' ); -define( 'NS_FEATURED_POSTS_BASENAME', basename( dirname( __FILE__ ) ) ); +define( 'NS_FEATURED_POSTS_BASENAME', basename( __DIR__ ) ); define( 'NS_FEATURED_POSTS_DIR', rtrim( plugin_dir_path( __FILE__ ), '/' ) ); define( 'NS_FEATURED_POSTS_URL', rtrim( plugin_dir_url( __FILE__ ), '/' ) ); From 152a7fe61a6ef3036ee2b0f3345382f402cd5750 Mon Sep 17 00:00:00 2001 From: Nilambar Sharma Date: Sat, 6 Jul 2024 14:16:01 +0545 Subject: [PATCH 2/2] Fix CS issues --- .github/workflows/code-quality.yml | 31 ++++++++ .phpcs.xml.dist | 26 +++++++ devtools/composer.json | 1 + .../classes/class-ns-featured-posts-admin.php | 78 ++++++++++++------- includes/classes/class-ns-featured-posts.php | 2 +- .../widgets/nsfp-featured-post-widget.php | 6 +- 6 files changed, 112 insertions(+), 32 deletions(-) create mode 100644 .github/workflows/code-quality.yml diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml new file mode 100644 index 0000000..5556d7e --- /dev/null +++ b/.github/workflows/code-quality.yml @@ -0,0 +1,31 @@ +name: PHP Code Linting + +on: + pull_request: + push: + branches: + - main + - master + +jobs: + php-lint: + name: PHP Lint + runs-on: ubuntu-latest + timeout-minutes: 20 + steps: + - uses: actions/checkout@v4 + + - uses: shivammathur/setup-php@v2 + with: + php-version: '8.2' + + - name: Validate Composer configuration + run: composer validate + + - name: Install PHP dependencies + uses: ramsey/composer-install@83af392bf5f031813d25e6fe4cd626cdba9a2df6 + with: + composer-options: '--prefer-dist --no-progress --no-interaction' + + - name: Run tests + run: composer run-script phpcs diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist index 73081f2..ded2c42 100644 --- a/.phpcs.xml.dist +++ b/.phpcs.xml.dist @@ -90,6 +90,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/devtools/composer.json b/devtools/composer.json index 79d3d90..ce64f8d 100644 --- a/devtools/composer.json +++ b/devtools/composer.json @@ -2,6 +2,7 @@ "require-dev": { "dealerdirect/phpcodesniffer-composer-installer": "^1.0", "phpcompatibility/phpcompatibility-wp": "^2.1", + "slevomat/coding-standard": "^8.15", "wp-cli/i18n-command": "^2.6", "wp-coding-standards/wpcs": "^3.1" }, diff --git a/includes/classes/class-ns-featured-posts-admin.php b/includes/classes/class-ns-featured-posts-admin.php index ea350bb..a4b8110 100644 --- a/includes/classes/class-ns-featured-posts-admin.php +++ b/includes/classes/class-ns-featured-posts-admin.php @@ -5,6 +5,7 @@ * @package NS_Featured_Posts */ +use Nilambar\AdminNotice\Notice; use Nilambar\Optioner\Optioner; /** @@ -105,9 +106,13 @@ private function __construct() { add_action( 'wp_ajax_nsfp_nsbl_get_posts', array( $this, 'get_posts_ajax_callback' ) ); } + /** + * Setup admin notice. + * + * @since 2.0.10 + */ public function setup_custom_notice() { - // Setup notice. - \Nilambar\AdminNotice\Notice::init( + Notice::init( array( 'slug' => $this->plugin_slug, 'name' => esc_html__( 'NS Featured Posts', 'ns-featured-posts' ), @@ -364,7 +369,7 @@ public function ajax_handler_featured_toggle() { ); // Nonce check. - $nonce = isset( $_POST['nonce'] ) ? $_POST['nonce'] : null; // phpcs:ignore WordPress.Security.NonceVerification + $nonce = isset( $_POST['nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['nonce'] ) ) : null; // phpcs:ignore WordPress.Security.NonceVerification if ( ! wp_verify_nonce( $nonce, 'ajax-nonce' ) ) { $output['message'] = esc_html__( 'Nonce verification failed.', 'ns-featured-posts' ); @@ -372,23 +377,23 @@ public function ajax_handler_featured_toggle() { wp_send_json( $output ); } - $uno = isset( $_POST['uno'] ) ? rest_sanitize_boolean( $_POST['uno'] ) : false; + $uno = isset( $_POST['uno'] ) ? rest_sanitize_boolean( sanitize_text_field( wp_unslash( $_POST['uno'] ) ) ) : false; - $max_posts = isset( $_POST['max_posts'] ) ? absint( $_POST['max_posts'] ) : 0; - $max_status = isset( $_POST['max_status'] ) ? rest_sanitize_boolean( $_POST['max_status'] ) : false; + $max_posts = isset( $_POST['max_posts'] ) ? absint( sanitize_text_field( wp_unslash( $_POST['max_posts'] ) ) ) : 0; + $max_status = isset( $_POST['max_status'] ) ? rest_sanitize_boolean( sanitize_text_field( wp_unslash( $_POST['max_status'] ) ) ) : false; - $ns_featured = isset( $_POST['ns_featured'] ) ? $_POST['ns_featured'] : null; + $ns_featured = isset( $_POST['ns_featured'] ) ? sanitize_text_field( wp_unslash( $_POST['ns_featured'] ) ) : null; $post_id = 0; if ( isset( $_POST['post_id'] ) ) { - $post_id = (int) $_POST['post_id']; + $post_id = (int) sanitize_text_field( wp_unslash( $_POST['post_id'] ) ); } $post_type = null; if ( isset( $_POST['post_type'] ) ) { - $post_type = (string) $_POST['post_type']; + $post_type = (string) sanitize_text_field( wp_unslash( $_POST['post_type'] ) ); } if ( ! empty( $post_id ) && ! empty( $post_type ) && null !== $ns_featured ) { @@ -474,8 +479,8 @@ private function get_other_posts( $post_id, $post_type ) { $qargs = array( 'posts_per_page' => -1, 'post__not_in' => array( $post_id ), - 'meta_key' => '_is_ns_featured_post', - 'meta_value' => 'yes', + 'meta_key' => '_is_ns_featured_post', // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key + 'meta_value' => 'yes', // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_value 'post_type' => $post_type, 'post_status' => array( 'publish', 'pending', 'draft', 'auto-draft', 'future', 'private', 'inherit', 'trash' ), ); @@ -489,6 +494,13 @@ private function get_other_posts( $post_id, $post_type ) { return $output; } + /** + * Load settings assets. + * + * @since 2.0.0 + * + * @param string $hook Hook name. + */ public function load_settings_assets( $hook ) { if ( 'settings_page_ns-featured-posts' !== $hook ) { return; @@ -589,7 +601,7 @@ public function save_featured_meta_box( $post_id ) { } // If our nonce isn't there, or we can't verify it, bail. - if ( ! isset( $_POST['nsfp_featured_metabox_nonce'] ) || ! wp_verify_nonce( $_POST['nsfp_featured_metabox_nonce'], plugin_basename( __FILE__ ) ) ) { + if ( ! isset( $_POST['nsfp_featured_metabox_nonce'] ) || ! wp_verify_nonce( $_POST['nsfp_featured_metabox_nonce'], plugin_basename( __FILE__ ) ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput return $post_id; } @@ -659,7 +671,7 @@ public function custom_table_filtering() { $selected_now = ''; if ( isset( $_GET['filter-ns-featured-posts'] ) ) { - $selected_now = esc_attr( $_GET['filter-ns-featured-posts'] ); + $selected_now = sanitize_text_field( wp_unslash( $_GET['filter-ns-featured-posts'] ) ); } echo '