Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.0 code cleanup #456

Merged
merged 7 commits into from
Dec 11, 2024
Merged

2.0 code cleanup #456

merged 7 commits into from
Dec 11, 2024

Conversation

krugazul
Copy link
Collaborator

@krugazul krugazul commented Dec 11, 2024
edited by github-actions bot
Loading

The following commit contains the PHP Coding standards updates, as well as the removal of unused files and functions from the code.

Summary by CodeRabbit

  • Refactor: Enhanced security measures in admin settings with nonce verification and data sanitization.
  • Style: Updated labels for block bindings and text domains to align with the 'Tour Operator' theme.
  • Refactor: Replaced strip_tags with wp_strip_all_tags for improved content sanitization.
  • Chore: Removed unused PHP classes Metaboxes and Share, along with several unused functions and template tags, improving code maintainability.
  • Documentation: Updated descriptions for "Accommodation Card", "Destination Card", "Gallery", "Itinerary List", "Room Card", and "Tour Card" for better clarity.

@krugazul krugazul added the [Type] Enhancement A suggestion for improvement label Dec 11, 2024
@krugazul krugazul added this to the 2.0.0 milestone Dec 11, 2024
@krugazul krugazul self-assigned this Dec 11, 2024
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Dec 11, 2024

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 11, 2024
edited
Loading

Image description CodeRabbit

Walkthrough

This pull request introduces a series of changes aimed at enhancing security, improving code maintainability, and refining user interface descriptions. The modifications include nonce verification, data sanitization, removal of unused classes and functions, and updates to block labels and descriptions.

Changes

Files Summary
includes/classes/admin/class-admin.php, includes/classes/admin/class-settings.php, includes/partials/help.php Added nonce verification for security, sanitized input data, and redirected securely after saving settings.
includes/classes/blocks/class-bindings.php, includes/classes/blocks/class-patterns.php, includes/classes/blocks/class-registration.php, includes/classes/legacy/class-maps.php Updated block labels, replaced strip_tags with wp_strip_all_tags for better HTML content sanitization, and updated text domain in translation functions.
includes/classes/class-metaboxes.php, includes/classes/class-share.php, includes/classes/legacy/class-accommodation.php, includes/classes/legacy/class-frontend.php, includes/classes/legacy/class-tour-operator.php, includes/classes/legacy/class-tour.php, includes/template-tags/addons.php, includes/template-tags/videos.php, tour-operator-bootstrap.php Removed unused classes and functions, cleaned up unnecessary code, and updated PHP coding standards.
includes/patterns/accommodation-card.php, includes/patterns/destination-card.php, includes/patterns/gallery.php, includes/patterns/itinerary-list.php, includes/patterns/room-card.php, includes/patterns/tour-card.php Enhanced descriptions for various UI elements to improve clarity and understanding.

🐇💻

In the land of code where the shadows lie,
A rabbit hopped by, with a twinkle in its eye.
"Fear not!" it said, with a cheerful grin,
"For every bug fixed is a definite win!"

With each line of code, carefully pruned,
A more secure future, we have attuned.
So here's to the changes, big and small,
In the realm of code, they uplift us all! 🎉🥕

Uplevel your code reviews with CodeRabbit Pro

CodeRabbit Pro

If you like this project, please support us by purchasing the Pro version. The Pro version has advanced context, superior noise reduction and several proprietary improvements compared to the open source version. Moreover, CodeRabbit Pro is free for open source projects.

@Justinabes007 Justinabes007 merged commit b19e63e into 2.0-beta-3 Dec 11, 2024
6 of 8 checks passed
@Justinabes007 Justinabes007 deleted the 2.0-code-cleanup branch December 11, 2024 13:39
github-actions[bot]
github-actions bot reviewed Dec 11, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

Commits Files that changed from the base of the PR and between 0351ad9 and 736f34a commits.
Files selected (28)
  • includes/classes/admin/class-admin.php (1)
  • includes/classes/admin/class-settings.php (4)
  • includes/classes/blocks/class-bindings.php (2)
  • includes/classes/blocks/class-patterns.php (2)
  • includes/classes/blocks/class-registration.php (1)
  • includes/classes/class-metaboxes.php (1)
  • includes/classes/class-share.php (1)
  • includes/classes/legacy/class-accommodation.php (2)
  • includes/classes/legacy/class-frontend.php (3)
  • includes/classes/legacy/class-maps.php (2)
  • includes/classes/legacy/class-scpo-engine.php (1)
  • includes/classes/legacy/class-tour-operator.php (2)
  • includes/classes/legacy/class-tour.php (2)
  • includes/partials/help.php (1)
  • includes/patterns/accommodation-card.php (1)
  • includes/patterns/destination-card.php (1)
  • includes/patterns/gallery.php (1)
  • includes/patterns/itinerary-list.php (1)
  • includes/patterns/room-card.php (1)
  • includes/patterns/tour-card.php (1)
  • includes/template-tags/accommodation.php (1)
  • includes/template-tags/addons.php (1)
  • includes/template-tags/destination.php (1)
  • includes/template-tags/general.php (1)
  • includes/template-tags/helpers.php (2)
  • includes/template-tags/tour.php (1)
  • includes/template-tags/videos.php (1)
  • tour-operator-bootstrap.php (1)
Files ignored due to filter (2)
  • assets/img/placeholders/placeholder-post-750x350 copy.jpg
  • vendor/cmb2/includes/CMB2.php
Files not summarized due to errors (6)
  • includes/classes/legacy/class-scpo-engine.php (diff tokens exceeds limit)
  • includes/template-tags/accommodation.php (diff tokens exceeds limit)
  • includes/template-tags/destination.php (diff tokens exceeds limit)
  • includes/template-tags/general.php (diff tokens exceeds limit)
  • includes/template-tags/helpers.php (diff tokens exceeds limit)
  • includes/template-tags/tour.php (diff tokens exceeds limit)
Files not reviewed due to errors (9)
  • includes/classes/admin/class-admin.php (no response)
  • includes/classes/legacy/class-accommodation.php (no response)
  • includes/classes/class-share.php (no response)
  • includes/classes/legacy/class-scpo-engine.php (no response)
  • includes/patterns/tour-card.php (no response)
  • includes/template-tags/accommodation.php (no response)
  • includes/template-tags/destination.php (no response)
  • includes/template-tags/helpers.php (no response)
  • includes/template-tags/tour.php (no response)
Files skipped from review due to trivial changes (8)
  • includes/classes/blocks/class-patterns.php
  • includes/classes/class-metaboxes.php
  • includes/classes/legacy/class-maps.php
  • includes/patterns/accommodation-card.php
  • includes/patterns/gallery.php
  • includes/patterns/itinerary-list.php
  • includes/patterns/room-card.php
  • includes/template-tags/general.php (diff too large)
Review comments generated (16)
  • Review: 10
  • LGTM: 6
Tips

Chat with Image description CodeRabbit Bot (@coderabbitai)

  • Reply on review comments left by this bot to ask follow-up questions. A review comment is a comment on a diff or a file.
  • Invite the bot into a review comment chain by tagging @coderabbitai in a reply.

Code suggestions

  • The bot may make code suggestions, but please review them carefully before committing since the line number ranges may be misaligned.
  • You can edit the comment made by the bot and manually tweak the suggestion if it is slightly off.

Pausing incremental reviews

  • Add @coderabbitai: ignore anywhere in the PR description to pause further reviews from the bot.

includes/classes/blocks/class-bindings.php
@@ -474,7 +474,7 @@ public function build_unit_field( $build = '', $field = '', $count = 1 ) {

switch ( $field ) {
case 'title':
$value = strip_tags( $rooms->item_title( '', '', false ) );
$value = wp_strip_all_tags( $rooms->item_title( '', '', false ) );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

Good job replacing strip_tags with wp_strip_all_tags. The latter is more secure as it removes all HTML tags including script and style. This change enhances the security of your code.

- $value   = strip_tags( $rooms->item_title( '', '', false ) );
+ $value   = wp_strip_all_tags( $rooms->item_title( '', '', false ) );

includes/classes/blocks/class-registration.php
@@ -432,6 +432,7 @@ protected function post_ids_exist( $ids ) {
AND ID IN (%s)
AND post_status IN ('draft', 'publish')";

// @phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The use of @phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared is a red flag. It's generally not a good practice to ignore warnings from static analysis tools like PHP CodeSniffer, especially when it comes to database queries where SQL injection vulnerabilities can occur.

Instead of ignoring the warning, you should properly prepare the SQL statement. The $wpdb->prepare() function should be used with placeholders for all variables in the query to prevent SQL injection attacks. However, since $ids is an array and IN clause is used in the SQL, you need to generate placeholders for each item in the array.

Here's how you can do it:

- AND ID IN (%s)
+ AND ID IN (" . implode(',', array_fill(0, count($ids), '%s')) . ")

- // @phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
- return (int) $wpdb->get_var( $wpdb->prepare( $query, $ids ) );
+ return (int) $wpdb->get_var( $wpdb->prepare( $query, ...$ids ) );

This way, each id in the $ids array will have its own placeholder, and the prepare method will correctly sanitize each id.

includes/classes/legacy/class-frontend.php
Comment on lines 71 to 76
add_filter( 'wpseo_breadcrumb_links', array( $this, 'wpseo_breadcrumb_links' ), 20 );
}

/**
* Initate some boolean flags
*/
public function wp_head() {
if ( ( is_singular( $this->active_post_types ) || is_post_type_archive( $this->active_post_types ) )
&& false !== $this->options
&& isset( $this->options['display']['enable_modals'] )
&& 'on' === $this->options['display']['enable_modals']
) {
$this->enable_modals = true;
}
}

/**
* a filter to overwrite the links with modal tags.
*/
public function add_modal_attributes( $html, $post_id, $link ) {
if ( true === $this->enable_modals && true === $link ) {
$html = '<a data-toggle="modal" data-target="#lsx-modal-' . $post_id . '" href="#">' . get_the_title( $post_id ) . '</a>';

if ( ! in_array( $post_id, $this->modal_ids ) ) {
$this->modal_ids[] = $post_id;
}
}

return $html;
}

/**
* a filter to overwrite the links with modal tags.
*/
public function output_modals() {
global $lsx_to_archive, $post;

if ( true === $this->enable_modals && ! empty( $this->modal_ids ) ) {
$temp = $lsx_to_archive;
$lsx_to_archive = 1;

foreach ( $this->modal_ids as $post_id ) {
$post = get_post( $post_id );
?>
<div class="lsx-modal modal fade" id="lsx-modal-<?php echo esc_attr( $post_id ); ?>" tabindex="-1" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<div class="modal-body">
<?php lsx_to_content( 'content', 'modal' ); ?>
</div>
</div>
</div>
</div>
<?php
}

$lsx_to_archive = $temp;
wp_reset_postdata();
}
?>
<div class="lsx-modal modal fade" id="lsx-modal-placeholder" tabindex="-1" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<div class="modal-header">
<h4 class="modal-title"></h4>
</div>
<div class="modal-body"></div>
</div>
</div>
</div>
<?php
}

/**
* Register and enqueue admin-specific style sheet.
*
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The removal of the wp_head function, add_modal_attributes, and output_modals functions indicates a significant change in functionality. The modal feature seems to have been removed. If this is intentional and all dependencies on these functions have been addressed, then this change is fine. However, if the modal feature is still required, you might need to reintroduce these functions or provide an alternative implementation.

includes/classes/legacy/class-frontend.php
Comment on lines 184 to 189
* Add a some classes so we can style.
*/
public function body_class( $classes ) {
global $post;
if ( false !== $this->post_types && is_singular( array_keys( $this->post_types ) ) ) {
$classes[] = 'single-tour-operator';
} elseif ( false !== $this->post_types && is_post_type_archive( array_keys( $this->post_types ) ) ) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The removal of the global $post; statement suggests that the $post global variable is no longer used in the body_class function. This is a good practice as it reduces the reliance on global state. However, ensure that there are no side effects due to this removal, especially if other methods in the class or hooks rely on this global variable being set here.

includes/classes/admin/class-settings.php
Comment on lines +48 to +50
// @phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( isset( $_GET['welcome-page'] ) ) {
// @phpcs:ignore WordPress.Security.NonceVerification.Recommended
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

While the use of @phpcs:ignore WordPress.Security.NonceVerification.Recommended is understandable to suppress warnings from PHP CodeSniffer, it's not a good practice to ignore nonce verification. Nonce verification is crucial for security as it helps protect against certain types of misuse, malicious or otherwise. Consider adding nonce verification here.

- // @phpcs:ignore WordPress.Security.NonceVerification.Recommended
- if ( isset( $_GET['welcome-page'] ) ) {
-     // @phpcs:ignore WordPress.Security.NonceVerification.Recommended
+ if ( isset( $_GET['welcome-page'] ) && check_admin_referer('welcome_nonce_action', 'welcome_nonce_field') ) {
      $display_page = sanitize_text_field( $_GET['welcome-page'] );
      $display_page = ! empty( $display_page ) ? $display_page : '';
  }

includes/classes/admin/class-settings.php
Comment on lines +535 to +537
// @phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( isset( $_POST[ $key ] ) ) {
$save = $_POST[ $key ];
$save = sanitize_text_field( $_POST[ $key ] );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

Similar to the previous comment, ignoring nonce verification is not recommended. It's better to add nonce verification to enhance security.

- // @phpcs:ignore WordPress.Security.NonceVerification.Recommended
- if ( isset( $_POST[ $key ] ) ) {
+ if ( isset( $_POST[ $key ] ) && check_admin_referer('post_nonce_action', 'post_nonce_field') ) {
      $save = sanitize_text_field( $_POST[ $key ] );
  } else if ( isset( $field['default'] ) ) {
      $save = $field['default'];
  }

includes/classes/admin/class-settings.php
Comment on lines +557 to +559
// @phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( isset( $_POST[ $tab_index . '_' . $key ] ) ) {
$save = $_POST[ $tab_index . '_' . $key ];
$save = wp_unslash( $_POST[ $tab_index . '_' . $key ] );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

Again, ignoring nonce verification is not a good practice. Please consider adding nonce verification.

- // @phpcs:ignore WordPress.Security.NonceVerification.Recommended
- if ( isset( $_POST[ $tab_index . '_' . $key ] ) ) {
+ if ( isset( $_POST[ $tab_index . '_' . $key ] ) && check_admin_referer('tab_nonce_action', 'tab_nonce_field') ) {
      $save = wp_unslash( $_POST[ $tab_index . '_' . $key ] );
  } else if ( isset( $field['default'] ) ) {
      $save = $field['default'];
  }

includes/classes/legacy/class-tour-operator.php
Comment on lines 470 to 472
/**
* checks which plugin is active, and grabs those forms.
*/
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The function checks which plugin is active, and grabs those forms seems to be missing its implementation. Please ensure that the function body is included in the commit.

 	/**
 	 * checks which plugin is active, and grabs those forms.
 	 */
+473:    public function check_active_plugin_and_grab_forms() {
+474:        // Implementation goes here...
+475:    }

includes/classes/legacy/class-tour.php
Comment on lines 205 to 210
return $html;
}

/**
* Outputs the tour meta on the modal
*/
public function content_meta() {
if ( 'tour' === get_post_type() ) {
?>
<?php
$meta_class = 'lsx-to-meta-data lsx-to-meta-data-';

lsx_to_price( '<span class="' . $meta_class . 'price"><span class="lsx-to-meta-data-key">' . esc_html__( 'From price', 'tour-operator' ) . ':</span> ', '</span>' );
lsx_to_duration( '<span class="' . $meta_class . 'duration"><span class="lsx-to-meta-data-key">' . esc_html__( 'Duration', 'tour-operator' ) . ':</span> ', '</span>' );
the_terms( get_the_ID(), 'travel-style', '<span class="' . $meta_class . 'style"><span class="lsx-to-meta-data-key">' . esc_html__( 'Travel Style', 'tour-operator' ) . ':</span> ', ', ', '</span>' );
lsx_to_connected_countries( '<span class="' . $meta_class . 'destinations"><span class="lsx-to-meta-data-key">' . esc_html__( 'Destinations', 'tour-operator' ) . ':</span> ', '</span>', true );

if ( function_exists( 'lsx_to_connected_activities' ) ) {
lsx_to_connected_activities( '<span class="' . $meta_class . 'activities"><span class="lsx-to-meta-data-key">' . esc_html__( 'Activities', 'tour-operator' ) . ':</span> ', '</span>' );
}
?>
<?php
}
}

/**
* Adds in the onsale classes.
*
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The removal of the content_meta function might have an impact on the display of tour meta data in modals. If this functionality is being moved elsewhere, ensure that it's properly handled and there are no regressions. If this function is not used anymore, then the removal is fine. However, without more context, it's hard to say if this change could introduce bugs or not. Please make sure you've tested all the related functionalities thoroughly after removing this function.

tour-operator-bootstrap.php
Comment on lines 25 to 31
// Template Tags.
require_once( LSX_TO_PATH . 'includes/template-tags/general.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/helpers.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/addons.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/accommodation.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/destination.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/tour.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/maps.php' );
require_once( LSX_TO_PATH . 'includes/template-tags/videos.php' );

// include context helper & autoloader.
require_once( LSX_TO_PATH . 'includes/tour-operator.php' );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Image description CodeRabbit

The changes seem to be removing the inclusion of several files (addons.php, accommodation.php, destination.php, tour.php, videos.php). If these files are no longer needed, this change is fine. However, if they contain necessary functionality, their removal could cause issues. Please ensure that all necessary functions from these files have been moved elsewhere or are no longer needed before proceeding with this change.

- 	require_once( LSX_TO_PATH . 'includes/template-tags/addons.php' );
- 	require_once( LSX_TO_PATH . 'includes/template-tags/accommodation.php' );
- 	require_once( LSX_TO_PATH . 'includes/template-tags/destination.php' );
- 	require_once( LSX_TO_PATH . 'includes/template-tags/tour.php' );
- 	require_once( LSX_TO_PATH . 'includes/template-tags/maps.php' );
- 	require_once( LSX_TO_PATH . 'includes/template-tags/videos.php' );
+  	require_once( LSX_TO_PATH . 'includes/template-tags/general.php' );
+  	require_once( LSX_TO_PATH . 'includes/template-tags/helpers.php' );
+  	require_once( LSX_TO_PATH . 'includes/template-tags/maps.php' );

@ZaredRogers ZaredRogers linked an issue Jan 9, 2025 that may be closed by this pull request
Parent: Tour Operator Plugin Tasks #381
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@Justinabes007 Justinabes007 Awaiting requested review from Justinabes007

Assignees

@krugazul krugazul

Labels
[Type] Enhancement A suggestion for improvement
Projects
Tour Operator
Archived in project
Milestone
2.0.0
Development

Successfully merging this pull request may close these issues.

Parent: Tour Operator Plugin Tasks
2 participants
@krugazul @Justinabes007