Making WordPress.org


Ignore:
Timestamp:
01/16/2019 03:36:24 PM (5 years ago)
Author:
vedjain
Message:

WCPT: Applies code standard changes to wcpt plugin.

Most of the changes are small, but these are some important ones:

  1. Added nonce check in multiple places. This will ensure that request is always coming from the intended page.
  1. Escaped output HTML in many places. These are not necessarily XSS vulnerabilities, and in most places they were hardcoded. But its a good practice to always escape regardless of source.

Summary:

  • wcpt-event/class-event-admin.php
    • Added nonce check in metabox_save.
    • Escaped output in dislpay_meta_boxes
  • wcpt-event/class-event-application.php
    • Change definition of submit_application to pass $POST arguments
  • wcpt-loader.php
    • Indent whole file by 1 indent.
  • wcpt-meetup/class-meetup-admin.php
    • Added nonce check in maybe_update_meetup_data
  • wcpt-wordcamp/wordcamp-admin.php
    • Escaping in user_profile_wordcamp, column_data
    • Escaping using kses in post_row_actions
    • Use post_data_raw instead of $_POST in enforce_post_status
File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-event/notification.php

    r8084 r8085  
    55
    66if ( defined( 'WPORG_SANDBOXED' ) && WPORG_SANDBOXED ) {
    7     // If this is sandbox and then send notification of owner of sandbox (as long as sandbox username and slack username matches)
     7    // If this is sandbox and then send notification of owner of sandbox (as long as sandbox username and slack username matches).
    88    if ( defined( 'SANDBOX_SLACK_USERNAME' ) ) {
    99        $slack_username = SANDBOX_SLACK_USERNAME;
    1010    } else {
    11         $slack_username = "@" . str_replace( array( '.dev.ord', '.dev' ), '', WPORG_SANDBOXED );
     11        $slack_username = '@' . str_replace( array( '.dev.ord', '.dev' ), '', WPORG_SANDBOXED );
    1212    }
    1313    define( 'COMMUNITY_TEAM_SLACK', $slack_username );
     
    2222 *
    2323 * @param string $channel Name of the channel we want to send the notification to.
    24  * @param array  $attachment Attachment object
     24 * @param array  $attachment Attachment object.
    2525 *
    2626 * @return bool|string
    2727 */
    28 function wcpt_slack_notify ( $channel, $attachment ) {
     28function wcpt_slack_notify( $channel, $attachment ) {
    2929    if ( ! class_exists( 'Dotorg\Slack\Send' ) ) {
    3030        return false;
     
    4444 * See the structure of attachment here: https://api.slack.com/docs/message-attachments
    4545 *
    46  * @param string $message Main text to send in the notification
    47  * @param string $event_label Label for the event. Would probably be one of `WordCamp` or `Meetup`.
     46 * @param string $message Main text to send in the notification.
     47 * @param string $title   Title of the notification.
    4848 *
    4949 * @return array
    5050 */
    51 function create_event_attachment ( $message, $title ) {
     51function create_event_attachment( $message, $title ) {
    5252    // Not translating because this will be send to Slack.
    5353    return array(
    54         "title" => $title,
    55         "text" => $message,
     54        'title' => $title,
     55        'text' => $message,
    5656    );
    5757}
    5858
     59/**
     60 * Returns an attachment object to customize notification for slack.
     61 * See https://api.slack.com/docs/message-attachments
     62 *
     63 * @param string $message  Text that should be in the attachment.
     64 * @param int    $event_id Post ID of the event. Will be used to gather props.
     65 * @param string $title    TItle of the message.
     66 *
     67 * @return array
     68 */
    5969function create_event_status_attachment( $message, $event_id, $title ) {
    6070    $props = get_props_for_event( $event_id );
    6171
    62     $props_string = implode( ", ", $props );
     72    $props_string = implode( ', ', $props );
     73
    6374    return array(
    64         "title" => $title,
    65         "text" => $message,
    66         "fields" => array(
     75        'title' => $title,
     76        'text'  => $message,
     77        'fields' => array(
    6778            array(
    6879                "title" => "Application processed by",
     
    8293 * @return array Array of usernames of people who have participated in vetting this application
    8394 */
    84 function get_props_for_event ( $event_id ) {
     95function get_props_for_event( $event_id ) {
    8596    $user_ids = array();
    8697
     
    97108    $user_nicenames = get_user_nicenames_from_ids( $user_ids );
    98109
    99     // remove bot user `wordcamp`
     110    // remove bot user `wordcamp`.
    100111    $user_nicenames = array_diff( $user_nicenames, array( 'wordcamp' ) );
    101112    return $user_nicenames;
     
    105116 * Return user names for list of user ids provided in the function
    106117 *
    107  * @param array $user_ids List of user_ids
     118 * @param array $user_ids List of user_ids.
    108119 *
    109120 * @return array List of user nicenames
     
    114125    }
    115126
    116     $user_query = new WP_User_Query( array( 'include' => $user_ids, 'fields'  => array( 'user_nicename' ), ) );
     127    $user_query = new WP_User_Query(
     128        array(
     129            'include' => $user_ids,
     130            'fields'  => array( 'user_nicename' ),
     131        )
     132    );
    117133
    118134    $users = $user_query->get_results();
Note: See TracChangeset for help on using the changeset viewer.