From 579fb70ba1b2fd0a0bdcd611ca02ef6b09219b4d Mon Sep 17 00:00:00 2001 From: e-baker Date: Mon, 17 Dec 2018 23:31:32 -0500 Subject: [PATCH 01/12] Adds build task to Gruntfile for plugin release --- Gruntfile.js | 27 +++++++++++++++++++++++++++ build-plugin.sh | 4 ++++ package.json | 3 ++- 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/Gruntfile.js b/Gruntfile.js index 26bedbde..59c8311d 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -78,13 +78,33 @@ module.exports = function( grunt ){ } }, + // Build a zip file for deployment + compress: { + main: { + options: { + archive: 'wordpress-plugin-template.zip' + }, + files: [ + {src: ['assets/css/*.css'], dest: 'assets/css/', filter: 'isFile'}, // includes css files in css path + {src: ['assets/js/*.min.js'], dest: 'assets/js/', filter: 'isFile'}, // includes js files in js path + {src: ['includes/*'], dest: 'includes/', filter: 'isFile'}, //includes files in includes path + {src: ['lang/*'], dest: 'lang/', filter: 'isFile' }, //includes files in lang path + {src: ['vendor/*'], dest: 'vendor/', filter: 'isFile' }, //includes files in lang path + {src: ['*.php', 'LICENSE', '*.txt'], filter: 'isFile' } + ] + } + } + }); + grunt.loadTasks('tasks'); + // Load NPM tasks to be used here grunt.loadNpmTasks( 'grunt-contrib-less' ); grunt.loadNpmTasks( 'grunt-contrib-cssmin' ); grunt.loadNpmTasks( 'grunt-contrib-uglify' ); grunt.loadNpmTasks( 'grunt-contrib-watch' ); + grunt.loadNpmTasks( 'grunt-contrib-compress' ); // Register tasks grunt.registerTask( 'default', [ @@ -93,4 +113,11 @@ module.exports = function( grunt ){ 'uglify' ]); + grunt.registerTask( 'build', [ + 'less', + 'cssmin', + 'uglify', + 'compress' + ]) + }; \ No newline at end of file diff --git a/build-plugin.sh b/build-plugin.sh index 70fbae0f..4c9edae4 100755 --- a/build-plugin.sh +++ b/build-plugin.sh @@ -62,6 +62,10 @@ cp readme.txt readme.tmp sed "s/$DEFAULT_NAME/$NAME/g" readme.tmp > readme.txt rm readme.tmp +cp Gruntfile.js Gruntfile.tmp +sed "s/$DEFAULT_SLUG/$SLUG/g" Gruntfile.tmp > Gruntfile.js +rm Gruntfile.tmp + cd lang mv $DEFAULT_SLUG.pot $SLUG.pot diff --git a/package.json b/package.json index f8f556dc..ccdcdb10 100644 --- a/package.json +++ b/package.json @@ -9,6 +9,7 @@ "grunt-contrib-cssmin": "~0.9.0", "grunt-contrib-less": "^2.0.0", "grunt-contrib-uglify": "~0.4.0", - "grunt-contrib-watch": "^1.1.0" + "grunt-contrib-watch": "^1.1.0", + "grunt-contrib-compress": "^1.4.3" } } From c52f9df08614e23fd2c987837a6b8a5124646f65 Mon Sep 17 00:00:00 2001 From: Eric Baker Date: Sun, 23 Dec 2018 16:22:01 -0500 Subject: [PATCH 02/12] Adds Class Name Question to Plugin Build Script --- build-plugin.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/build-plugin.sh b/build-plugin.sh index 4c9edae4..ab4075fa 100755 --- a/build-plugin.sh +++ b/build-plugin.sh @@ -1,23 +1,32 @@ #!/bin/bash +DEFAULT_NAME="WordPress Plugin Template" +DEFAULT_CLASS=${DEFAULT_NAME// /_} +DEFAULT_TOKEN=$( tr '[A-Z]' '[a-z]' <<< $DEFAULT_CLASS) +DEFAULT_SLUG=${DEFAULT_TOKEN//_/-} + printf "Plugin name: " read NAME +CLASS_NAME=${NAME// /_} + printf "Destination folder: " read FOLDER +printf "Class name \e[3m(Default is %s)\e[0m: " "$CLASS_NAME" +read CLASS + +if [ $CLASS == "" ]; then + $CLASS = $CLASS_NAME +fi + printf "Include Grunt support (y/n): " read GRUNT printf "Initialise new git repo (y/n): " read NEWREPO -DEFAULT_NAME="WordPress Plugin Template" -DEFAULT_CLASS=${DEFAULT_NAME// /_} -DEFAULT_TOKEN=$( tr '[A-Z]' '[a-z]' <<< $DEFAULT_CLASS) -DEFAULT_SLUG=${DEFAULT_TOKEN//_/-} -CLASS=${NAME// /_} TOKEN=$( tr '[A-Z]' '[a-z]' <<< $CLASS) SLUG=${TOKEN//_/-} From ae4874722c332ef34afd8fed4210bc3b5d5be51f Mon Sep 17 00:00:00 2001 From: Eric Baker Date: Sun, 23 Dec 2018 16:24:15 -0500 Subject: [PATCH 03/12] Updates grunt build task --- Gruntfile.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Gruntfile.js b/Gruntfile.js index 59c8311d..ae62e12f 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -87,10 +87,11 @@ module.exports = function( grunt ){ files: [ {src: ['assets/css/*.css'], dest: 'assets/css/', filter: 'isFile'}, // includes css files in css path {src: ['assets/js/*.min.js'], dest: 'assets/js/', filter: 'isFile'}, // includes js files in js path - {src: ['includes/*'], dest: 'includes/', filter: 'isFile'}, //includes files in includes path - {src: ['lang/*'], dest: 'lang/', filter: 'isFile' }, //includes files in lang path - {src: ['vendor/*'], dest: 'vendor/', filter: 'isFile' }, //includes files in lang path - {src: ['*.php', 'LICENSE', '*.txt'], filter: 'isFile' } + {src: ['assets/**', '!assets/js', '!assets/css'], dest: 'assets/', filter: 'isFile'}, // includes any other assets outside js/css + {src: ['includes/**'], dest: 'includes/', filter: 'isFile'}, //includes files in includes path + {src: ['lang/**'], dest: 'lang/', filter: 'isFile' }, //includes files in lang path + {src: ['vendor/**'], dest: 'vendor/', filter: 'isFile' }, //includes files in lang path + {src: ['*.php', 'LICENSE', '*.txt'], filter: 'isFile' } //includes base directory files ] } } From f9d31e114bc1af95de81e9f6dd68a49043708167 Mon Sep 17 00:00:00 2001 From: Aleksey Napolskih <1160500+alekseyn1@users.noreply.github.com> Date: Fri, 15 Mar 2019 18:08:45 -0700 Subject: [PATCH 04/12] Update uninstall.php --- uninstall.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/uninstall.php b/uninstall.php index 80313571..89d86ffd 100644 --- a/uninstall.php +++ b/uninstall.php @@ -15,3 +15,14 @@ } // Do something here if plugin is being uninstalled. +if ( ! defined( 'WP_UNINSTALL_PLUGIN' ) ) { + exit; +} + +//change your plugin prefix here +delete_options_prefixed( 'test_' ); + +function delete_options_prefixed( $prefix ) { + global $wpdb; + $wpdb->query( "DELETE FROM {$wpdb->options} WHERE option_name LIKE '{$prefix}%'" ); +} From 41276895db98b49f53cc64a22e8ada892cde3bea Mon Sep 17 00:00:00 2001 From: Jonathan Bossenger Date: Tue, 2 Jul 2019 15:23:12 +0200 Subject: [PATCH 05/12] Fixing the private $admin variable on the WordPress_Plugin_Template class --- includes/class-wordpress-plugin-template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/class-wordpress-plugin-template.php b/includes/class-wordpress-plugin-template.php index 4b8b4ce2..03fa5abf 100644 --- a/includes/class-wordpress-plugin-template.php +++ b/includes/class-wordpress-plugin-template.php @@ -28,7 +28,7 @@ class WordPress_Plugin_Template { * * @var WordPress_Plugin_Template_Admin_API|null */ - private $admin = null; + public $admin = null; /** * Settings class object From 016f2b168bf174124fee3e6aee019ddd10c6ba03 Mon Sep 17 00:00:00 2001 From: Alan Tygel Date: Thu, 22 Aug 2019 15:35:55 -0300 Subject: [PATCH 06/12] add options prefix customization to build script #85 --- build-plugin.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/build-plugin.sh b/build-plugin.sh index 70fbae0f..3e165b00 100755 --- a/build-plugin.sh +++ b/build-plugin.sh @@ -3,6 +3,9 @@ printf "Plugin name: " read NAME +printf "Options prefix: " +read OPT_PREFIX + printf "Destination folder: " read FOLDER @@ -16,10 +19,12 @@ DEFAULT_NAME="WordPress Plugin Template" DEFAULT_CLASS=${DEFAULT_NAME// /_} DEFAULT_TOKEN=$( tr '[A-Z]' '[a-z]' <<< $DEFAULT_CLASS) DEFAULT_SLUG=${DEFAULT_TOKEN//_/-} +DEFAULT_OPT_PREFIX="wpt_" CLASS=${NAME// /_} TOKEN=$( tr '[A-Z]' '[a-z]' <<< $CLASS) SLUG=${TOKEN//_/-} +OPT_PREFIX=${OPT_PREFIX}_ git clone https://github.com/hlashbrooke/$DEFAULT_SLUG.git $FOLDER/$SLUG @@ -113,6 +118,10 @@ cp class-$SLUG-settings.php class-$SLUG-settings.tmp sed "s/$DEFAULT_SLUG/$SLUG/g" class-$SLUG-settings.tmp > class-$SLUG-settings.php rm class-$SLUG-settings.tmp +cp class-$SLUG-settings.php class-$SLUG-settings.tmp +sed "s/$DEFAULT_OPT_PREFIX/$OPT_PREFIX/g" class-$SLUG-settings.tmp > class-$SLUG-settings.php +rm class-$SLUG-settings.tmp + cd lib mv class-$DEFAULT_SLUG-post-type.php class-$SLUG-post-type.php From 8a497ad61eef5aa4bec431c5b71188b89028a9e0 Mon Sep 17 00:00:00 2001 From: Carl Alberto Date: Mon, 21 Oct 2019 18:24:37 +0800 Subject: [PATCH 07/12] This fixes the redundant post type name after a new entry --- includes/lib/class-wordpress-plugin-template-post-type.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/lib/class-wordpress-plugin-template-post-type.php b/includes/lib/class-wordpress-plugin-template-post-type.php index fdbf55f8..f6351dc7 100644 --- a/includes/lib/class-wordpress-plugin-template-post-type.php +++ b/includes/lib/class-wordpress-plugin-template-post-type.php @@ -158,7 +158,7 @@ public function updated_messages( $messages = array() ) { 3 => __( 'Custom field deleted.', 'wordpress-plugin-template' ), 4 => sprintf( __( '%1$s updated.', 'wordpress-plugin-template' ), $this->single ), 5 => isset( $_GET['revision'] ) ? sprintf( __( '%1$s restored to revision from %2$s.', 'wordpress-plugin-template' ), $this->single, wp_post_revision_title( (int) $_GET['revision'], false ) ) : false, - 6 => sprintf( __( '%1$s published. %2$sView %3$s%4s.', 'wordpress-plugin-template' ), $this->single, '', $this->single, '' ), + 6 => sprintf( __( '%1$s published. %2$sView %3$s%4$s.', 'wordpress-plugin-template' ), $this->single, '', $this->single, '' ), 7 => sprintf( __( '%1$s saved.', 'wordpress-plugin-template' ), $this->single ), 8 => sprintf( __( '%1$s submitted. %2$sPreview post%3$s%4$s.', 'wordpress-plugin-template' ), $this->single, '', $this->single, '' ), 9 => sprintf( __( '%1$s scheduled for: %2$s. %3$sPreview %4$s%5$s.', 'wordpress-plugin-template' ), $this->single, '' . date_i18n( __( 'M j, Y @ G:i', 'wordpress-plugin-template' ), strtotime( $post->post_date ) ) . '', '', $this->single, '' ), From b703e0259c79b094726e751b61b1830fb564311c Mon Sep 17 00:00:00 2001 From: Cornel Raiu Date: Thu, 16 Apr 2020 09:02:00 +0300 Subject: [PATCH 08/12] update init localization according to WP >= 4.6 documentation --- includes/class-wordpress-plugin-template.php | 34 ++++++++------------ 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/includes/class-wordpress-plugin-template.php b/includes/class-wordpress-plugin-template.php index 03fa5abf..0143cccc 100644 --- a/includes/class-wordpress-plugin-template.php +++ b/includes/class-wordpress-plugin-template.php @@ -102,6 +102,15 @@ class WordPress_Plugin_Template { */ public $script_suffix; + /** + * Plugin Text Domain. + * + * @var string + * @access public + * @since 1.0.0 + */ + public $text_domain; + /** * Constructor funtion. * @@ -109,8 +118,9 @@ class WordPress_Plugin_Template { * @param string $version Plugin version. */ public function __construct( $file = '', $version = '1.0.0' ) { - $this->_version = $version; - $this->_token = 'wordpress_plugin_template'; + $this->_version = $version; + $this->_token = 'wordpress_plugin_template'; + $this->text_domain = 'wordpress-plugin-template'; // Load plugin environment variables. $this->file = $file; @@ -137,7 +147,7 @@ public function __construct( $file = '', $version = '1.0.0' ) { // Handle localisation. $this->load_plugin_textdomain(); - add_action( 'init', array( $this, 'load_localisation' ), 0 ); + add_action( 'init', array( $this, 'load_plugin_textdomain' ), 0 ); } // End __construct () /** @@ -235,17 +245,6 @@ public function admin_enqueue_scripts( $hook = '' ) { wp_enqueue_script( $this->_token . '-admin' ); } // End admin_enqueue_scripts () - /** - * Load plugin localisation - * - * @access public - * @return void - * @since 1.0.0 - */ - public function load_localisation() { - load_plugin_textdomain( 'wordpress-plugin-template', false, dirname( plugin_basename( $this->file ) ) . '/lang/' ); - } // End load_localisation () - /** * Load plugin textdomain * @@ -254,12 +253,7 @@ public function load_localisation() { * @since 1.0.0 */ public function load_plugin_textdomain() { - $domain = 'wordpress-plugin-template'; - - $locale = apply_filters( 'plugin_locale', get_locale(), $domain ); - - load_textdomain( $domain, WP_LANG_DIR . '/' . $domain . '/' . $domain . '-' . $locale . '.mo' ); - load_plugin_textdomain( $domain, false, dirname( plugin_basename( $this->file ) ) . '/lang/' ); + load_plugin_textdomain( $this->text_domain, false, dirname( plugin_basename( $this->file ) ) . '/lang/' ); } // End load_plugin_textdomain () /** From b48d702739dd0d984dce2d93774b439df4d9cdda Mon Sep 17 00:00:00 2001 From: Carl Alberto Date: Sat, 16 May 2020 16:57:14 +0800 Subject: [PATCH 09/12] improve html output sanitzation --- ...ass-wordpress-plugin-template-settings.php | 110 +++++++++++++++++- 1 file changed, 108 insertions(+), 2 deletions(-) diff --git a/includes/class-wordpress-plugin-template-settings.php b/includes/class-wordpress-plugin-template-settings.php index 4ea1815a..114baafd 100644 --- a/includes/class-wordpress-plugin-template-settings.php +++ b/includes/class-wordpress-plugin-template-settings.php @@ -389,7 +389,7 @@ public function register_settings() { */ public function settings_section( $section ) { $html = '

' . $this->settings[ $section['id'] ]['description'] . '

' . "\n"; - echo $html; //phpcs:ignore + echo wp_kses( $html, $this->allowed_htmls ); } /** @@ -460,7 +460,7 @@ public function settings_page() { $html .= '' . "\n"; $html .= '' . "\n"; - echo $html; //phpcs:ignore + echo wp_kses( $html, $this->allowed_htmls ); } /** @@ -499,4 +499,110 @@ public function __wakeup() { _doing_it_wrong( __FUNCTION__, esc_html( __( 'Unserializing instances of WordPress_Plugin_Template_API is forbidden.' ) ), esc_attr( $this->parent->_version ) ); } // End __wakeup() + /** + * Allowed html. + * + * @var array + */ + public $allowed_htmls = [ + 'a' => [ + 'href' => [], + 'title' => [], + 'class' => [], + ], + 'h1' => [ + 'href' => [], + 'title' => [], + 'class' => [], + ], + 'h2' => [ + 'href' => [], + 'title' => [], + 'class' => [], + ], + 'h3' => [ + 'href' => [], + 'title' => [], + 'class' => [], + ], + 'h4' => [ + 'href' => [], + 'title' => [], + 'class' => [], + ], + 'input' => [ + 'id' => [], + 'type' => [], + 'name' => [], + 'placeholder' => [], + 'value' => [], + 'class' => [], + 'checked' => [], + 'style' => [], + ], + 'select' => [ + 'id' => [], + 'type' => [], + 'name' => [], + 'placeholder' => [], + 'value' => [], + 'multiple' => [], + 'style' => [], + ], + 'option' => [ + 'id' => [], + 'type' => [], + 'name' => [], + 'placeholder' => [], + 'value' => [], + 'multiple' => [], + 'selected' => [], + ], + 'label' => [ + 'for' => [], + 'title' => [], + ], + 'span' => [ + 'class' => [], + 'title' => [], + ], + 'table' => [ + 'scope' => [], + 'title' => [], + 'class' => [], + 'role' => [], + ], + 'tbody' => [ + 'scope' => [], + 'title' => [], + 'class' => [], + 'role' => [], + ], + 'th' => [ + 'scope' => [], + 'title' => [], + ], + 'tr' => [], + 'td' => [], + 'p' => [], + 'br' => [], + 'em' => [], + 'strong' => [], + 'th' => [], + 'form' => [ + 'method' => [], + 'type' => [], + 'name' => [], + 'placeholder' => [], + 'value' => [], + 'multiple' => [], + 'selected' => [], + 'action' => [], + 'enctype' => [], + ], + 'div' => [ + 'class' => [], + 'id' => [], + ], + ]; } From ef57ebe278200c8b615efff000847b3652dfad13 Mon Sep 17 00:00:00 2001 From: Carl Alberto Date: Sun, 17 May 2020 04:37:06 +0800 Subject: [PATCH 10/12] improve output sanitation and none for settings --- ...ass-wordpress-plugin-template-settings.php | 111 ++++++++++++------ 1 file changed, 72 insertions(+), 39 deletions(-) diff --git a/includes/class-wordpress-plugin-template-settings.php b/includes/class-wordpress-plugin-template-settings.php index 114baafd..c0d4ea2a 100644 --- a/includes/class-wordpress-plugin-template-settings.php +++ b/includes/class-wordpress-plugin-template-settings.php @@ -404,11 +404,19 @@ public function settings_page() { $html .= '

' . __( 'Plugin Settings', 'wordpress-plugin-template' ) . '

' . "\n"; $tab = ''; - //phpcs:disable - if ( isset( $_GET['tab'] ) && $_GET['tab'] ) { - $tab .= $_GET['tab']; + + $nonce_name = 'WordPress_Plugin_Template_nonce'; + $nonce = sanitize_text_field( wp_create_nonce( $nonce_name ) ); + + if ( isset( $_POST['tab'] ) ) { + if ( wp_verify_nonce( $nonce, $nonce_name ) ) { + $current_section = sanitize_text_field( wp_unslash( $_POST['tab'] ) ); + } + } else { + if ( isset( $_GET['tab'] ) && sanitize_text_field( wp_unslash( $_GET['tab'] ) ) ) { + $current_section = sanitize_text_field( wp_unslash( $_GET['tab'] ) ); + } } - //phpcs:enable // Show page tabs. if ( is_array( $this->settings ) && 1 < count( $this->settings ) ) { @@ -420,19 +428,28 @@ public function settings_page() { // Set tab class. $class = 'nav-tab'; - if ( ! isset( $_GET['tab'] ) ) { //phpcs:ignore + if ( ! isset( $_GET['tab'] ) ) { if ( 0 === $c ) { $class .= ' nav-tab-active'; } } else { - if ( isset( $_GET['tab'] ) && $section == $_GET['tab'] ) { //phpcs:ignore + if ( isset( $_GET['tab'] ) && $section === $_GET['tab'] ) { + $tab = sanitize_text_field( wp_unslash( $_GET['tab'] ) ); $class .= ' nav-tab-active'; } } // Set tab link. - $tab_link = add_query_arg( array( 'tab' => $section ) ); - if ( isset( $_GET['settings-updated'] ) ) { //phpcs:ignore + $tab_link = add_query_arg( + array( + 'tab' => $section, + $nonce_name => $nonce, + ) + ); + + if ( isset( $_GET['settings-updated'] ) ) { + $updated = sanitize_text_field( wp_unslash( $_GET['settings-updated'] ) ); + $tab_link = remove_query_arg( 'settings-updated', $tab_link ); } @@ -500,47 +517,49 @@ public function __wakeup() { } // End __wakeup() /** - * Allowed html. + * Allowed html for output. * * @var array */ public $allowed_htmls = [ - 'a' => [ + 'a' => [ 'href' => [], 'title' => [], 'class' => [], ], - 'h1' => [ + 'h1' => [ 'href' => [], 'title' => [], 'class' => [], ], - 'h2' => [ + 'h2' => [ 'href' => [], 'title' => [], 'class' => [], ], - 'h3' => [ + 'h3' => [ 'href' => [], 'title' => [], 'class' => [], ], - 'h4' => [ + 'h4' => [ 'href' => [], 'title' => [], 'class' => [], ], - 'input' => [ - 'id' => [], - 'type' => [], - 'name' => [], - 'placeholder' => [], - 'value' => [], - 'class' => [], - 'checked' => [], - 'style' => [], + 'input' => [ + 'id' => [], + 'type' => [], + 'name' => [], + 'placeholder' => [], + 'value' => [], + 'class' => [], + 'checked' => [], + 'style' => [], + 'data-uploader_title' => [], + 'data-uploader_text' => [], ], - 'select' => [ + 'select' => [ 'id' => [], 'type' => [], 'name' => [], @@ -549,7 +568,7 @@ public function __wakeup() { 'multiple' => [], 'style' => [], ], - 'option' => [ + 'option' => [ 'id' => [], 'type' => [], 'name' => [], @@ -558,38 +577,31 @@ public function __wakeup() { 'multiple' => [], 'selected' => [], ], - 'label' => [ + 'label' => [ 'for' => [], 'title' => [], ], - 'span' => [ + 'span' => [ 'class' => [], 'title' => [], ], - 'table' => [ + 'table' => [ 'scope' => [], 'title' => [], 'class' => [], 'role' => [], ], - 'tbody' => [ + 'tbody' => [ 'scope' => [], 'title' => [], 'class' => [], 'role' => [], ], - 'th' => [ + 'th' => [ 'scope' => [], 'title' => [], ], - 'tr' => [], - 'td' => [], - 'p' => [], - 'br' => [], - 'em' => [], - 'strong' => [], - 'th' => [], - 'form' => [ + 'form' => [ 'method' => [], 'type' => [], 'name' => [], @@ -600,9 +612,30 @@ public function __wakeup() { 'action' => [], 'enctype' => [], ], - 'div' => [ + 'div' => [ + 'class' => [], + 'id' => [], + ], + 'img' => [ 'class' => [], 'id' => [], + 'src' => [], + ], + 'textarea' => [ + 'class' => [], + 'id' => [], + 'rows' => [], + 'cols' => [], + 'name' => [], + 'placeholder' => [], + 'spellcheck' => [], ], + 'tr' => [], + 'td' => [], + 'p' => [], + 'br' => [], + 'em' => [], + 'strong' => [], + 'th' => [], ]; } From e102c4e896f020570e17f734a815154ca3c1a452 Mon Sep 17 00:00:00 2001 From: Carl Alberto Date: Sun, 17 May 2020 04:42:21 +0800 Subject: [PATCH 11/12] change $_instance to $instance to comply wpphpcs --- includes/class-wordpress-plugin-template-settings.php | 8 ++++---- includes/class-wordpress-plugin-template.php | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/includes/class-wordpress-plugin-template-settings.php b/includes/class-wordpress-plugin-template-settings.php index c0d4ea2a..74b60c39 100644 --- a/includes/class-wordpress-plugin-template-settings.php +++ b/includes/class-wordpress-plugin-template-settings.php @@ -21,7 +21,7 @@ class WordPress_Plugin_Template_Settings { * @access private * @since 1.0.0 */ - private static $_instance = null; //phpcs:ignore + private static $instance = null; //phpcs:ignore /** * The main plugin object. @@ -492,10 +492,10 @@ public function settings_page() { * @return object WordPress_Plugin_Template_Settings instance */ public static function instance( $parent ) { - if ( is_null( self::$_instance ) ) { - self::$_instance = new self( $parent ); + if ( is_null( self::$instance ) ) { + self::$instance = new self( $parent ); } - return self::$_instance; + return self::$instance; } // End instance() /** diff --git a/includes/class-wordpress-plugin-template.php b/includes/class-wordpress-plugin-template.php index 03fa5abf..dcf17ba5 100644 --- a/includes/class-wordpress-plugin-template.php +++ b/includes/class-wordpress-plugin-template.php @@ -21,7 +21,7 @@ class WordPress_Plugin_Template { * @access private * @since 1.0.0 */ - private static $_instance = null; //phpcs:ignore + private static $instance = null; //phpcs:ignore /** * Local instance of WordPress_Plugin_Template_Admin_API @@ -276,11 +276,11 @@ public function load_plugin_textdomain() { * @static */ public static function instance( $file = '', $version = '1.0.0' ) { - if ( is_null( self::$_instance ) ) { - self::$_instance = new self( $file, $version ); + if ( is_null( self::$instance ) ) { + self::$instance = new self( $file, $version ); } - return self::$_instance; + return self::$instance; } // End instance () /** From 89cce76fbd2435dc23de368ad51b0bd44b7b2356 Mon Sep 17 00:00:00 2001 From: Carl Alberto Date: Sun, 17 May 2020 06:30:45 +0800 Subject: [PATCH 12/12] improve sanitation for admin api --- includes/class-wordpress-plugin-template-settings.php | 2 +- includes/class-wordpress-plugin-template.php | 6 +++--- includes/lib/class-wordpress-plugin-template-admin-api.php | 6 ++++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/includes/class-wordpress-plugin-template-settings.php b/includes/class-wordpress-plugin-template-settings.php index 74b60c39..45170b81 100644 --- a/includes/class-wordpress-plugin-template-settings.php +++ b/includes/class-wordpress-plugin-template-settings.php @@ -21,7 +21,7 @@ class WordPress_Plugin_Template_Settings { * @access private * @since 1.0.0 */ - private static $instance = null; //phpcs:ignore + private static $instance = null; /** * The main plugin object. diff --git a/includes/class-wordpress-plugin-template.php b/includes/class-wordpress-plugin-template.php index dcf17ba5..6220af7d 100644 --- a/includes/class-wordpress-plugin-template.php +++ b/includes/class-wordpress-plugin-template.php @@ -21,7 +21,7 @@ class WordPress_Plugin_Template { * @access private * @since 1.0.0 */ - private static $instance = null; //phpcs:ignore + private static $instance = null; /** * Local instance of WordPress_Plugin_Template_Admin_API @@ -51,7 +51,7 @@ class WordPress_Plugin_Template { /** * The token. * - * @var string + * @var strings * @access public * @since 1.0.0 */ @@ -321,7 +321,7 @@ public function install() { * @since 1.0.0 */ private function _log_version_number() { //phpcs:ignore - update_option( $this->_token . '_version', $this->_version ); + update_option( $this->_token . '_version', $this->version ); } // End _log_version_number () } diff --git a/includes/lib/class-wordpress-plugin-template-admin-api.php b/includes/lib/class-wordpress-plugin-template-admin-api.php index a25b1568..86c473aa 100644 --- a/includes/lib/class-wordpress-plugin-template-admin-api.php +++ b/includes/lib/class-wordpress-plugin-template-admin-api.php @@ -218,7 +218,8 @@ public function display_field( $data = array(), $post = null, $echo = true ) { return $html; } - echo $html; //phpcs:ignore + $sanitation = new WordPress_Plugin_Template_Settings( $this ); + echo wp_kses( $field, $sanitation->allowed_htmls ); } @@ -321,7 +322,8 @@ public function display_meta_box_field( $field = array(), $post = null ) { $field = '

' . $this->display_field( $field, $post, false ) . '

' . "\n"; - echo $field; //phpcs:ignore + $sanitation = new WordPress_Plugin_Template_Settings( $this ); + echo wp_kses( $field, $sanitation->allowed_htmls ); } /**