Changeset 8085 for sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-event/class-event-admin.php
- Timestamp:
- 01/16/2019 03:36:24 PM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-event/class-event-admin.php
r8083 r8085 42 42 43 43 add_filter( 44 'manage_' . $this->get_event_type() . '_posts_columns', array( 44 'manage_' . $this->get_event_type() . '_posts_columns', 45 array( 45 46 $this, 46 47 'column_headers', … … 60 61 add_filter( 'redirect_post_location', array( $this, 'add_admin_notices_to_redirect_url' ), 10, 2 ); 61 62 62 // Admin notices 63 // Admin notices. 63 64 add_action( 'admin_notices', array( $this, 'print_admin_notices' ) ); 64 65 … … 269 270 270 271 $log_id = add_post_meta( 271 $post->ID, '_status_change', array( 272 $post->ID, 273 '_status_change', 274 array( 272 275 'timestamp' => time(), 273 276 'user_id' => get_current_user_id(), … … 275 278 ) 276 279 ); 277 // Encoding $post_type and status_change meta ID in key so that we can fetch it if needed while simultaneously be able to have a where clause on value 278 // Because of the way MySQL works, it will still be able to use index on meta_key when searching, as long as we are querying just the prefix 280 // Encoding $post_type and status_change meta ID in key so that we can fetch it if needed while simultaneously be able to have a where clause on value. 281 // Because of the way MySQL works, it will still be able to use index on meta_key when searching, as long as we are querying just the prefix. 279 282 if ( $log_id ) { 280 283 add_post_meta( $post->ID, "_status_change_log_$post->post_type $log_id", time() ); … … 285 288 * Hooked to `transition_post_status`, will send notifications to community slack channels based whenever an application status changes to something that we are interested in. Most likely would be when an application is declined or accepted. 286 289 * 287 * @param string $new_status New status 288 * @param string $old_status Old Status 290 * @param string $new_status New status. 291 * @param string $old_status Old Status. 289 292 * @param WP_Post $event 290 293 */ … … 294 297 * Schedule notificaiton for declined application. Currently supports WordCamp and Meetup 295 298 * 296 * @param WP_Post $event Event object 297 * @param string $label Could be WordCamp or Meetup 299 * @param WP_Post $event Event object. 300 * @param string $label Could be WordCamp or Meetup. 298 301 * @param string $location 299 *300 * @return bool|string301 302 */ 302 303 public static function schedule_decline_notification( $event, $label, $location ) { … … 313 314 public static function send_decline_notification( $event_id, $label, $location ) { 314 315 $message = sprintf( 315 "A %s application for %s has been declined, and the applicant has been informed via email.",316 'A %s application for %s has been declined, and the applicant has been informed via email.', 316 317 $label, 317 318 $location … … 345 346 } 346 347 347 wp_localize_script( 'wcpt-admin', 'wcpt_admin', array( 348 'gutenberg_enabled' => $gutenberg_enabled, 349 ) ); 348 wp_localize_script( 349 'wcpt-admin', 350 'wcpt_admin', 351 array( 'gutenberg_enabled' => $gutenberg_enabled ) 352 ); 350 353 351 354 wp_enqueue_script( 'wcpt-admin' ); … … 402 405 * Save metadata from form 403 406 * 404 * @param int $post_id Post ID. 405 * @param WP_Post $post Post Object. 407 * @hook save_post 406 408 */ 407 409 public function metabox_save( $post_id, $post ) { … … 411 413 } 412 414 415 // Make sure the requset came from the edit post screen. 416 if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-post_' . $post_id ) ) { 417 die( 'Unable to verify nonce' ); 418 } 419 413 420 // Don't add/remove meta on trash, untrash, restore, etc. 414 421 if ( empty( $_POST['action'] ) || 'editpost' !== $_POST['action'] ) { … … 417 424 418 425 if ( $this->get_event_type() !== get_post_type() ) { 419 return;420 }421 422 // Make sure the requset came from the edit post screen.423 if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-post_' . $post_id ) ) {424 426 return; 425 427 } … … 432 434 $values[ $key ] = isset( $_POST[ $post_value ] ) ? esc_attr( $_POST[ $post_value ] ) : ''; 433 435 434 // Don't update protected fields 436 // Don't update protected fields. 435 437 if ( $this->is_protected_field( $key ) ) { 436 438 continue; … … 477 479 } 478 480 481 // TODO: This should also pass $_POST params since nonce is verified here. 479 482 do_action( 'wcpt_metabox_save_done', $post_id, $orig_meta_values ); 480 483 … … 500 503 } 501 504 502 // Don't show conflicting messages like 'Post submitted .'505 // Don't show conflicting messages like 'Post submitted'. 503 506 if ( in_array( 1, $this->active_admin_notices ) && false !== strpos( $location, 'message=8' ) ) { 504 507 $location = remove_query_arg( 'message', $location ); … … 527 530 $screen = get_current_screen(); 528 531 529 530 532 if ( empty( $post->post_type ) || $this->get_event_type() != $post->post_type || 'post' !== $screen->base ) { 531 533 return; … … 570 572 } 571 573 572 // Note that this is private, see wcpt_get_log_entries()574 // Note that this is private, see `wcpt_get_log_entries()`. 573 575 add_post_meta( 574 $post_id, '_note', array( 576 $post_id, 577 '_note', 578 array( 575 579 'timestamp' => time(), 576 580 'user_id' => get_current_user_id(), … … 606 610 607 611 <p> 608 <strong><?php echo $key; ?></strong>:609 <input type="checkbox" name="<?php echo $object_name; ?>"610 id="<?php echo $object_name; ?>" <?php checked( get_post_meta( $post_id, $key, true ) ); ?><?php echo $readonly; ?> />612 <strong><?php echo esc_html( $key ); ?></strong>: 613 <input type="checkbox" name="<?php echo esc_attr( $object_name ); ?>" 614 id="<?php echo esc_attr( $object_name ); ?>" <?php checked( get_post_meta( $post_id, $key, true ) ); ?><?php echo esc_attr( $readonly ); ?> /> 611 615 </p> 612 616 … … 614 618 615 619 <p> 616 <strong><?php echo $key; ?></strong>620 <strong><?php echo esc_html( $key ); ?></strong> 617 621 <?php if ( in_array( $key, $required_fields, true ) ) : ?> 618 <span class="description"><?php _e( '(required)', 'wordcamporg' ); ?></span>622 <span class="description"><?php esc_html_e( '(required)', 'wordcamporg' ); ?></span> 619 623 <?php endif; ?> 620 624 </p> … … 622 626 <p> 623 627 <label class="screen-reader-text" 624 for="<?php echo $object_name; ?>"><?php echo $key; ?></label>628 for="<?php echo esc_attr( $object_name ); ?>"><?php echo esc_html( $key ); ?></label> 625 629 626 630 <?php … … 629 633 ?> 630 634 631 <input type="text" size="36" name="<?php echo $object_name; ?>"632 id="<?php echo $object_name; ?>"633 value="<?php echo esc_attr( get_post_meta( $post_id, $key, true ) ); ?>"<?php echo $readonly; ?> />635 <input type="text" size="36" name="<?php echo esc_attr( $object_name ); ?>" 636 id="<?php echo esc_attr( $object_name ); ?>" 637 value="<?php echo esc_attr( get_post_meta( $post_id, $key, true ) ); ?>"<?php echo esc_attr( $readonly ); ?> /> 634 638 635 639 <?php … … 638 642 ?> 639 643 640 <input type="number" size="16" name="<?php echo $object_name; ?>"641 id="<?php echo $object_name; ?>"644 <input type="number" size="16" name="<?php echo esc_attr( $object_name ); ?>" 645 id="<?php echo esc_attr( $object_name ); ?>" 642 646 value="<?php echo esc_attr( get_post_meta( $post_id, $key, true ) ); ?>" 643 step="any" min="0"<?php echo $readonly; ?> />647 step="any" min="0"<?php echo esc_attr( $readonly ); ?> /> 644 648 645 649 <?php 646 650 break; 647 651 case 'date': 648 // Quick filter on dates 649 if ( $date = get_post_meta( $post_id, $key, true ) ) { 652 // Quick filter on dates. 653 $date = get_post_meta( $post_id, $key, true ); 654 if ( $date ) { 650 655 $date = date( 'Y-m-d', $date ); 651 656 } … … 653 658 ?> 654 659 655 <input type="text" size="36" class="date-field" name="<?php echo $object_name; ?>"656 id="<?php echo $object_name; ?>"657 value="<?php echo $date; ?>"<?php echo $readonly; ?> />660 <input type="text" size="36" class="date-field" name="<?php echo esc_attr( $object_name ); ?>" 661 id="<?php echo esc_attr( $object_name ); ?>" 662 value="<?php echo esc_attr( $date ); ?>"<?php echo esc_attr( $readonly ); ?> /> 658 663 659 664 <?php … … 662 667 ?> 663 668 664 <textarea rows="4" cols="23" name="<?php echo $object_name; ?>"665 id="<?php echo $object_name; ?>"<?php echo $readonly; ?>><?php echo esc_attr( get_post_meta( $post_id, $key, true ) ); ?></textarea>669 <textarea rows="4" cols="23" name="<?php echo esc_attr( $object_name ); ?>" 670 id="<?php echo esc_attr( $object_name ); ?>"<?php echo esc_attr( $readonly ); ?>><?php echo esc_attr( get_post_meta( $post_id, $key, true ) ); ?></textarea> 666 671 667 672 <?php … … 675 680 $value = get_post_meta( $post_id, $key, true ); 676 681 ?> 677 <select name="<?php echo $object_name; ?>"678 id="<?php echo $object_name; ?>"<?php echo $readonly; ?>>682 <select name="<?php echo esc_attr( $object_name ); ?>" 683 id="<?php echo esc_attr( $object_name ); ?>"<?php echo esc_attr( $readonly ); ?>> 679 684 <option value="<?php echo esc_attr( $value ); ?>" selected> 680 685 <?php echo ( $value ) ? esc_html( $currencies[ $value ] . ' (' . $value . ')' ) : ''; ?> … … 696 701 697 702 case 'deputy_list': 698 wp_dropdown_users( array( 699 'role__in' => array( 700 'administrator', 701 'editor', 702 ), 703 'name' => esc_attr( $object_name ), 704 'id' => esc_attr( $object_name ), 705 'selected' => get_post_meta( $post_id, $key, true ), 706 'show_option_none' => 'None', 707 ) ); 703 wp_dropdown_users( 704 array( 705 'role__in' => array( 706 'administrator', 707 'editor', 708 ), 709 'name' => esc_attr( $object_name ), 710 'id' => esc_attr( $object_name ), 711 'selected' => get_post_meta( $post_id, $key, true ), 712 'show_option_none' => 'None', 713 ) 714 ); 708 715 break; 709 716 default:
Note: See TracChangeset
for help on using the changeset viewer.