escaping, sanitizing, validating. did some more refactoring on functi…

…ons and comments, bumoed version to 1.0.5
caspahouzer · Mar 29, 2023 · 166fbe5 · 166fbe5
1 parent ecfd470
commit 166fbe5
Show file tree

Hide file tree

Showing 10 changed files with 47 additions and 46 deletions.
diff --git a/core.php b/core.php
@@ -51,9 +51,9 @@ public function load()
     {
         $self = new self();
 
-        add_filter('plugin_action_links_wp-cpt-tables/wp-cpt-tables.php', [$this, 'add_action_links'], 10, 2);
-        add_filter('network_admin_plugin_action_links_wp-cpt-tables/wp-cpt-tables.php', [$this, 'add_action_links_network'], 10, 2);
-        add_filter('plugin_row_meta', array($this, 'filter_plugin_row_meta'), 10, 2);
+        add_filter('plugin_action_links_wp-cpt-tables/wp-cpt-tables.php', [$this, 'addActionLinks'], 10, 2);
+        add_filter('network_admin_plugin_action_links_wp-cpt-tables/wp-cpt-tables.php', [$this, 'addActionLinksNetwork'], 10, 2);
+        add_filter('plugin_row_meta', array($this, 'filterPluginRowMeta'), 10, 2);
 
         $self->setupAdminFilters();
         $self->setupQueryFilters();
@@ -98,6 +98,9 @@ private function setupSettingsPage()
         );
     }
 
+    /**
+     * @return void
+     */
     private function setupHelper()
     {
         new WPCPT_Tables_Helper;
@@ -119,24 +122,14 @@ public function deactivate()
         flush_rewrite_rules();
     }
 
-    /**
-     * Gets the option that stores enabled post type tables and unserializes it
-     * 
-     * @return array
-     */
-    private function getEnabledPostTypes(): array
-    {
-        return array_values(get_option($this->config['tables_enabled'], []));
-    }
-
     /**
      * Filters the array of row meta for each plugin in the Plugins list table.
      *
-     * @param string[] $plugin_meta An array of the plugin's metadata.
+     * @param array $plugin_meta An array of the plugin's metadata.
      * @param string   $plugin_file Path to the plugin file relative to the plugins directory.
-     * @return string[] An array of the plugin's metadata.
+     * @return array An array of the plugin's metadata.
      */
-    public function filter_plugin_row_meta(array $plugin_meta, $plugin_file)
+    public function filterPluginRowMeta(array $plugin_meta, $plugin_file): array
     {
         if ('wp-cpt-tables/wp-cpt-tables.php' !== $plugin_file) {
             return $plugin_meta;
@@ -145,7 +138,7 @@ public function filter_plugin_row_meta(array $plugin_meta, $plugin_file)
         $plugin_meta[] = sprintf(
             '<a href="%1$s" target="_blank"><span class="dashicons dashicons-star-filled" aria-hidden="true" style="font-size:14px;line-height:1.3"></span>%2$s</a>',
             'https://www.paypal.com/donate/?hosted_button_id=JNA8L66BWE2AA',
-            esc_html_x('Sponsor', 'verb', 'query-monitor')
+            esc_html_x('Buy me a coffee', 'verb', 'wp-cpt-tables')
         );
 
         return $plugin_meta;
@@ -156,7 +149,7 @@ public function filter_plugin_row_meta(array $plugin_meta, $plugin_file)
      * @param string $file
      * @return array
      */
-    public function add_action_links($links, $file)
+    public function addActionLinks($links, $file)
     {
         $settings = '<a href="' . admin_url('options-general.php?page=' . $this->config['plugin_slug']) . '">' . __('Settings') . '</a>';
         array_unshift($links, $settings);
@@ -172,7 +165,7 @@ public function add_action_links($links, $file)
      * @param string $file
      * @return array
      */
-    public function add_action_links_network($links, $file)
+    public function addActionLinksNetwork($links, $file)
     {
         $settings = '<a href="' . admin_url('options-general.php?page=' . $this->config['plugin_slug']) . '">' . __('Settings') . '</a>';
         array_unshift($links, $settings);

diff --git a/lib/AdminFilters.php b/lib/AdminFilters.php
@@ -13,6 +13,7 @@ public function __construct()
 
     /**
      * Adds post type from GET/POST request to the url if it is an admin page
+     * 
      * @param  string $url
      * @return string
      */
@@ -21,7 +22,7 @@ public function updateAdminUrl(string $url): string
         if ($this->isAdminPage($url)) {
             $url .= sprintf(
                 '&post_type=%s',
-                $_POST['post_type'] ?? $_GET['post_type'] ?? ''
+                esc_attr($_POST['post_type']) ?? esc_attr($_GET['post_type']) ?? ''
             );
         }
 
@@ -30,6 +31,7 @@ public function updateAdminUrl(string $url): string
 
     /**
      * Returns true is the current page is in the Wordpress admin
+     * 
      * @param  string  $url
      * @return boolean
      */

diff --git a/lib/Helper.php b/lib/Helper.php
@@ -19,10 +19,9 @@ public function __construct()
      * Check if plugin is installed by getting all plugins from the plugins dir
      *
      * @param $plugin_slug
-     *
      * @return bool
      */
-    public function checkPluginInstalled($plugin_slug): bool
+    public function checkPluginInstalled(string $plugin_slug): bool
     {
         $installed_plugins = get_plugins();
 
@@ -33,10 +32,9 @@ public function checkPluginInstalled($plugin_slug): bool
      * Check if plugin is installed
      *
      * @param string $plugin_slug
-     *
      * @return bool
      */
-    public function checkPluginActive($plugin_slug): bool
+    public function checkPluginActive(string $plugin_slug): bool
     {
         if (is_plugin_active($plugin_slug)) {
             return true;
@@ -45,7 +43,15 @@ public function checkPluginActive($plugin_slug): bool
         return false;
     }
 
-    public function getCount($table, $type = '')
+    /**
+     * Count the number of rows in a table
+     * 
+     * @param  string $table
+     * @param  string $type
+     * 
+     * @return int
+     */
+    public function getCount(string $table, string $type = '')
     {
         global $wpdb;
 

diff --git a/lib/Notices.php b/lib/Notices.php
@@ -66,7 +66,7 @@ public function displayFlashNotices()
                 '<div class="notice notice-%1$s %2$s"><p>%3$s</p></div>',
                 esc_attr($notice['type']),
                 esc_attr($notice['dismissible']),
-                $notice['notice']
+                wp_kses_post($notice['notice'])
             );
         }
 

diff --git a/lib/QueryFilters.php b/lib/QueryFilters.php
@@ -87,7 +87,7 @@ public function getPostTypeFromRequest(string $query)
         preg_match("/`?post_type`?\s*=\s*'([a-zA-Z_]*)'/", $query, $postType);
 
         if ($postType = array_pop($postType)) {
-            if (isset($_GET['post_type']) && $_GET['post_type'] == $postType) {
+            if (isset($_GET['post_type']) && sanitize_key($_GET['post_type']) == $postType) {
                 return $postType;
             }
         }
@@ -162,7 +162,7 @@ public function getPostIdsFromQuery(string $query): ?string
      * @param  string $ids
      * @return string
      */
-    public function getPostTypeById($ids): ?string
+    public function getPostTypeById(string $ids): ?string
     {
         $key = __METHOD__ . $ids;
 

diff --git a/lib/SettingsPage.php b/lib/SettingsPage.php
@@ -71,8 +71,10 @@ class WPCPT_Tables_SettingsPage
      *
      * @param WPCPT_Tables_Table   $table
      * @param WPCPT_Tables_Triggers $triggers
+     * @param array $config
+     * @return void
      */
-    public function __construct(WPCPT_Tables_Table $table, WPCPT_Tables_Triggers $triggers, $config)
+    public function __construct(WPCPT_Tables_Table $table, WPCPT_Tables_Triggers $triggers, array $config)
     {
         // $this->enqueue_styles();
         $this->notices = new WPCPT_Tables_Notices;
@@ -85,13 +87,13 @@ public function __construct(WPCPT_Tables_Table $table, WPCPT_Tables_Triggers $tr
 
         $this->redirect_uri = admin_url('options-general.php?page=' . $this->config['plugin_slug']);
 
-        if (isset($_GET['action']) && $_GET['action'] == 'migrate' && isset($_GET['type'])) {
-            $this->startMigrateCustomPostType($_GET['type']);
+        if (isset($_GET['action']) && sanitize_key($_GET['action']) == 'migrate' && isset($_GET['type'])) {
+            $this->startMigrateCustomPostType(sanitize_key($_GET['type']));
             exit;
         }
 
-        if (isset($_GET['action']) && $_GET['action'] == 'revert' && isset($_GET['type'])) {
-            $this->startRevertCustomPostType($_GET['type']);
+        if (isset($_GET['action']) && sanitize_key($_GET['action']) == 'revert' && isset($_GET['type'])) {
+            $this->startRevertCustomPostType(sanitize_key($_GET['type']));
             exit;
         }
 
@@ -100,6 +102,8 @@ public function __construct(WPCPT_Tables_Table $table, WPCPT_Tables_Triggers $tr
 
     /**
      * Add settings page to admin settings menu
+     * 
+     * @return void
      */
     public function addSettingsPage()
     {
@@ -141,13 +145,11 @@ public function showSettingsPage()
     private function startRevertCustomPostType($postType)
     {
         $enabledPostTypes = $this->getEnabledPostTypes();
-        error_log(print_r($enabledPostTypes, true));
         if (($key = array_search($postType, $enabledPostTypes)) !== false) {
             unset($enabledPostTypes[$key]);
             $enabledPostTypes = array_values($enabledPostTypes);
             update_option($this->config['tables_enabled'], $enabledPostTypes, true);
         }
-        error_log(print_r($enabledPostTypes, true));
 
         $this->triggers->create($enabledPostTypes);
 
@@ -179,11 +181,11 @@ private function revertCustomPostType($postTypes)
      *
      * @return array
      */
-    private function startMigrateCustomPostType($postType)
+    private function startMigrateCustomPostType(string $postType)
     {
         $enabledPostTypes = $this->getEnabledPostTypes();
         if (!in_array($postType, $enabledPostTypes)) {
-            $enabledPostTypes[] = $postType;
+            $enabledPostTypes[] = esc_attr($postType);
             update_option($this->config['tables_enabled'], array_values($enabledPostTypes), true);
         }
 

diff --git a/lib/Triggers.php b/lib/Triggers.php
@@ -68,8 +68,6 @@ public function create(array $tables)
      */
     public function deleteAllTrigger(array $tables)
     {
-        global $wpdb;
-
         $this->db->value("DROP TRIGGER IF EXISTS " . $this->db->escape($this->config['prefix'] . $this->insertPostTrigger));
         $this->db->value("DROP TRIGGER IF EXISTS " . $this->db->escape($this->config['prefix'] . $this->insertMetaTrigger));
 

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Donate link: https://www.paypal.com/donate/?hosted_button_id=JNA8L66BWE2AA
 Tags: custom post types, CPT, CMS, post, types, post type, custom, content types, custom content types, post types
 Requires at least: 5.9
 Tested up to: 6.1.1
-Stable tag: 1.0.4
+Stable tag: 1.0.5
 Requires PHP: 7.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

diff --git a/settings.php b/settings.php
@@ -159,11 +159,11 @@
                                                 else : $bgcolor = 'white';
                                                 endif; ?>
                                                 <tr style="background-color:<?php echo $bgcolor; ?>">
-                                                    <td><?php echo $migrate['name'] ?><br /><span class="slug">Name: <?php echo $migrate['slug'] ?></span></td>
-                                                    <td><?php echo $migrate['table'] ?></td>
-                                                    <td class="center"><?php echo $migrate['count'] ?></td>
-                                                    <td class="center"><?php echo $migrate['count_meta'] ?></td>
-                                                    <td style="text-align:right"><a href="#" data-url="<?php echo admin_url('options-general.php?page=' . $this->config['plugin_slug'] . '&action=revert&type=' . $migrate['slug'], false); ?>" class="button button-small revert-button">Revert</a></td>
+                                                    <td><?php echo esc_attr($migrate['name']); ?><br /><span class="slug">Name: <?php echo esc_attr($migrate['slug']); ?></span></td>
+                                                    <td><?php echo esc_attr($migrate['table']); ?></td>
+                                                    <td class="center"><?php echo esc_attr($migrate['count']); ?></td>
+                                                    <td class="center"><?php echo esc_attr($migrate['count_meta']); ?></td>
+                                                    <td style="text-align:right"><a href="#" data-url="<?php echo admin_url('options-general.php?page=' . esc_attr($this->config['plugin_slug']) . '&action=revert&type=' . esc_attr($migrate['slug']), false); ?>" class="button button-small revert-button">Revert</a></td>
                                                 </tr>
                                             <?php endforeach; ?>
                                         </tbody>

diff --git a/wp-cpt-tables.php b/wp-cpt-tables.php
@@ -4,7 +4,7 @@
  * Plugin Name:         CPT Tables
  * Plugin URI:          https://wordpress.org/plugins/cpt-tables/
  * Description:         Allow storing custom post types in their own tables in order to make querying large datasets more efficient
- * Version:             1.0.4
+ * Version:             1.0.5
  * Requires at least:   5.9
  * Requires PHP:        7.1
  * Author:              Sebastian Klaus