Merge pull request #54 from Akash-Raj-ST/fix/deprecation-issue

Fix: Add missing properties to class and add VIP phpcs standards

Author: HILAYTRIVEDI

.circleci/phpcs.xml

@@ -17,22 +17,25 @@
 	<!-- Don't fail in CI if there are warnings. -->
 	<config name="ignore_warnings_on_exit" value="1" />
 
-	<!-- Only worry about WordPress 5.0+. -->
-	<config name="minimum_supported_wp_version" value="5.0" />
+	<config name="minimum_supported_wp_version" value="6.6" />
 
 	<rule ref="WordPress">
 		<exclude name="WordPress.WhiteSpace.PrecisionAlignment.Found" />
 	</rule>
 
-	<rule ref="WordPress-Core"></rule>
+	<rule ref="WordPress-Extra" />
+	<rule ref="WordPress-VIP-Go" />
 
-	<rule ref="WordPress-VIP">
-		<exclude name="WordPress.VIP.SuperGlobalInputUsage" />
-		<exclude name="WordPress.VIP.RestrictedFunctions.switch_to_blog" />
-		<exclude name="WordPress.VIP.RestrictedFunctions.get_page_by_title" />
-		<exclude name="WordPress.VIP.RestrictedFunctions.get_page_by_title_get_page_by_title" />
+	<rule ref="WordPress-Core">
+		<exclude name="Generic.Arrays.DisallowShortArraySyntax" />
+		<exclude name="Universal.Arrays.DisallowShortArraySyntax.Found" />
 	</rule>
 
+	<config name="testVersion" value="8.3-" />
+
+	<arg name="extensions" value="php"/>
+	<arg value="sp"/>
+
 	<rule ref="WordPress.Files.FileName.InvalidClassFileName">
 		<exclude-pattern>/lib/*</exclude-pattern>
 		<exclude-pattern>/src/*</exclude-pattern>

src/class-wordpress-options-panels.php

@@ -29,6 +29,13 @@ class WordPress_Options_Panels {
 	 */
 	public $installed_url;
 
+	/**
+	 * Asset Directory URL
+	 *
+	 * @var string
+	 */
+	public $asset_dir_url = null;
+
 	/**
 	 * Load files required to use this utility.
 	 *
@@ -43,15 +50,15 @@ public function __construct(
 		$plugin_basedir,
 		$asset_dir_url = null
 	) {
-		$current_dir  = dirname( __FILE__ );
+		$current_dir  = __DIR__;
 		$relative_dir = str_replace( $plugin_basedir . '/', '', $current_dir );
 
 		$this->installed_dir = $plugin_basedir . '/' . $relative_dir;
 		$this->installed_url = $plugins_installed_url . $relative_dir;
 		$this->asset_dir_url = $asset_dir_url;
 
 		// Data api wrappers.
-		foreach ( glob( trailingslashit( dirname( __FILE__ ) ) . 'inc/api/class-*.php' ) as $file ) {
+		foreach ( glob( trailingslashit( __DIR__ ) . 'inc/api/class-*.php' ) as $file ) {
 			include_once $file;
 		}
 
@@ -68,7 +75,7 @@ public function __construct(
 		include_once 'inc/panel-parts/class-section.php';
 
 		// Load the individual parts.
-		foreach ( glob( trailingslashit( dirname( __FILE__ ) ) . 'inc/fields/class-*.php' ) as $file ) {
+		foreach ( glob( trailingslashit( __DIR__ ) . 'inc/fields/class-*.php' ) as $file ) {
 			require_once $file;
 		}
 
@@ -99,5 +106,4 @@ public function register_page( $options_page_slug, $options_page_type, $parent_m
 			$this->asset_dir_url
 		);
 	}
-
 }

src/inc/api/class-mcrypt.php

@@ -105,5 +105,4 @@ public static function mcrypt_decrypt( $encrypted_string ) {
 		);
 		// @codingStandardsIgnoreEnd
 	}
-
 }

src/inc/api/class-part.php

@@ -158,7 +158,7 @@ public function maybe_process_update() {
 		if ( ! isset( $_POST['_wpnonce'] ) ) {
 			return false;
 		}
-		$wpnonce = ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) ) ? filter_input( INPUT_POST, '_wpnonce' ) : null;
+		$wpnonce = ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) ) ? sanitize_text_field( $_POST['_wpnonce'] ) : null;
 
 		// Only allow class to be used by panel OR encrypted pwds never updated after insert.
 		if ( empty( $wpnonce ) || wp_verify_nonce( $wpnonce ) ) {
@@ -251,31 +251,32 @@ public function input_value( $type, $established_data, $use_data_value = false )
 	 * @return bool|string
 	 */
 	public function run_save_process() {
-		$nonce               = ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) ) ? filter_input( INPUT_POST, '_wpnonce' ) : null;
+		$nonce               = ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) ) ? sanitize_text_field( $_POST['_wpnonce'] ) : null;
 		$page_slug_as_action = $this->section->panel->page->slug;
 		if ( empty( $nonce ) || false === wp_verify_nonce( $nonce, $page_slug_as_action ) ) {
 			return false; // Only run logic if asked to run & auth'd by nonce.
 		}
 
 		$type = ( ! empty( $this->field_type ) ) ? $this->field_type : $this->input_type;
 
-		$field_input = isset( $_POST[ $this->id ] ) ? filter_input( INPUT_POST, $this->id ) : false;
+		$field_input = isset( $_POST[ $this->id ] ) ? sanitize_text_field( $_POST[ $this->id ] ) : false;
 
 		$sanitize_input = $this->sanitize_data_input( $type, $this->id, $field_input );
 
-		$updated = new Update(
+		$update_obj = new Update();
+		$updated    = $update_obj->get_save_data(
 			$this->section->panel->page->slug, // Used to check nonce.
 			$this->data_api, // Doing this way to allow multi-api saving from single section down-the-road.
 			$this->id, // This is the data storage key in the database.
 			$sanitize_input, // Sanitized input (maybe empty, triggering delete).
 			isset( $this->obj_id ) ? $this->obj_id : null // Maybe an object ID needed for metadata API.
 		);
 
-		if ( $updated ) {
-			return $this->id;
+		if ( empty( $updated ) || is_wp_error( $updated ) ) {
+			return false;
 		}
 
-		return false;
+		return $this->id;
 	}
 
 	/**
@@ -310,7 +311,7 @@ protected function sanitize_data_input( $input_type, $id, $value ) {
 		if ( ! isset( $_POST['_wpnonce'] ) ) {
 			return false;
 		}
-		$wpnonce = ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) ) ? filter_input( INPUT_POST, '_wpnonce' ) : null;
+		$wpnonce = ( isset( $_POST['submit'] ) && isset( $_POST['_wpnonce'] ) ) ? sanitize_text_field( $_POST['_wpnonce'] ) : null;
 
 		// Only allow class to be used by panel OR encrypted pwds never updated after insert.
 		if ( empty( $wpnonce ) || wp_verify_nonce( $wpnonce ) ) {
@@ -319,7 +320,7 @@ protected function sanitize_data_input( $input_type, $id, $value ) {
 
 		switch ( $input_type ) {
 			case 'password':
-				$hidden_pwd_field = isset( $_POST[ 'stored_' . $id ] ) ? filter_input( INPUT_POST, 'stored_' . $id ) : null;
+				$hidden_pwd_field = isset( $_POST[ 'stored_' . $id ] ) ? sanitize_text_field( $_POST[ 'stored_' . $id ] ) : null;
 
 				if ( $hidden_pwd_field === $value && ! empty( $value ) ) {
 					return '### wpop-encrypted-pwd-field-val-unchanged ###';
@@ -357,5 +358,4 @@ protected function sanitize_data_input( $input_type, $id, $value ) {
 	 * Render is an output placeholder for sub parts.
 	 */
 	abstract public function render();
-
 }

src/inc/api/class-read.php

@@ -53,26 +53,21 @@ class Read {
 	/**
 	 * Read constructor.
 	 *
-	 * @param string $panel_id Panel ID is a string slug.
-	 * @param string $type     Type.
-	 * @param string $key      Key.
-	 * @param null   $default  Default.
-	 * @param null   $obj_id   Object ID.
-	 * @param bool   $single   Is single object type status.
-	 *
-	 * @return array|int|string|null|bool
+	 * @param string $panel_id     Panel ID is a string slug.
+	 * @param string $type         Type.
+	 * @param string $key          Key.
+	 * @param null   $default_val  Default.
+	 * @param null   $obj_id       Object ID.
+	 * @param bool   $single       Is single object type status.
 	 */
-	public function __construct( $panel_id, $type, $key, $default = null, $obj_id = null, $single = true ) {
+	public function __construct( $panel_id, $type, $key, $default_val = null, $obj_id = null, $single = true ) {
 		$this->type   = $type;
 		$this->key    = $key;
 		$this->obj_id = $obj_id;
 		$this->single = $single;
 
 		// 1. Data API switchboard
 		$this->get_data();
-
-		// 2. Return data for use by field.
-		return $this->response;
 	}
 
 	/**
@@ -106,5 +101,4 @@ public function get_data() {
 				break;
 		}
 	}
-
 }

src/inc/api/class-update.php

@@ -15,21 +15,23 @@
  */
 class Update {
 	/**
-	 * Update constructor.
+	 * Save data wrapper for nonce check.
 	 *
 	 * @param string $page_slug Page URL.
 	 * @param string $type      Type.
 	 * @param string $key       Key.
 	 * @param string $value     Value.
 	 * @param null   $obj_id    Object ID.
 	 * @param bool   $autoload  Autoload status.
+	 *
+	 * @return bool|int|\WP_Error
 	 */
-	public function __construct( $page_slug, $type, $key, $value, $obj_id = null, $autoload = true ) {
+	public function get_save_data( $page_slug, $type, $key, $value, $obj_id = null, $autoload = true ) {
 		// Confirms both that POST is happening and that _wpnonce was sent, otherwise returns false to not try updates.
 		if ( ! isset( $_POST['_wpnonce'] ) ) {
 			return false;
 		}
-		$wpnonce = isset( $_POST['_wpnonce'] ) ? filter_input( INPUT_POST, '_wpnonce' ) : null;
+		$wpnonce = isset( $_POST['_wpnonce'] ) ? sanitize_text_field( $_POST['_wpnonce'] ) : null;
 
 		// Only allow class to be used by panel OR encrypted pwds never updated after insert.
 		if ( ! wp_verify_nonce( $wpnonce, $page_slug ) || '### wpop-encrypted-pwd-field-val-unchanged ###' === $value ) {
@@ -150,5 +152,4 @@ private static function handle_term_meta_save( $id, $key, $value ) {
 	private static function handle_post_meta_save( $id, $key, $value ) {
 		return empty( $value ) ? delete_post_meta( $id, $key ) : update_post_meta( $id, $key, $value );
 	}
-
 }

src/inc/class-page.php

@@ -113,6 +113,20 @@ class Page {
 	 */
 	public $installed_dir_uri = null;
 
+	/**
+	 * Asset Directory URL
+	 *
+	 * @var string
+	 */
+	public $asset_dir_url = null;
+
+	/**
+	 * Menu Position
+	 *
+	 * @var int|float
+	 */
+	public $position = null;
+
 	/**
 	 * Update Counts
 	 *
@@ -225,8 +239,12 @@ public function build_parts() {
 					/**
 					 * Print WordPress Notices with Panel Information
 					 */
-					if ( ! empty( filter_input( INPUT_GET, 'submit' ) ) ) {
-						$this->echo_notifications();
+					if ( isset( $_GET['submit'] ) && isset( $_GET['_wpnonce'] ) ) {
+						$nonce = sanitize_text_field( $_GET['_wpnonce'] );
+
+						if ( wp_verify_nonce( $nonce, $this->slug ) ) {
+							$this->echo_notifications();
+						}
 					}
 
 					$this->page_header();
@@ -319,7 +337,7 @@ public function page_footer() {
 						do_action( 'wpop_page_footer' );
 						?>
 						<ul>
-							<li>Stored in: <code><?php echo esc_attr( $this->get_storage_table() ); ?></code></li>
+							<li>Stored in: <code><?php echo esc_html( $this->get_storage_table() ); ?></code></li>
 						</ul>
 					</div>
 				</div>

src/inc/fields/class-checkbox.php

@@ -63,5 +63,4 @@ public function render() {
 		</div>
 		<?php
 	}
-
 }

src/inc/fields/class-include-partial.php

@@ -57,5 +57,4 @@ public function render() {
 		</li>
 		<?php
 	}
-
 }

src/inc/fields/class-media.php

@@ -83,5 +83,4 @@ class="button button-hero img-upload"
 		</a>
 		<?php
 	}
-
 }