Making WordPress.org


Ignore:
Timestamp:
01/16/2019 03:36:24 PM (5 years ago)
Author:
vedjain
Message:

WCPT: Applies code standard changes to wcpt plugin.

Most of the changes are small, but these are some important ones:

  1. Added nonce check in multiple places. This will ensure that request is always coming from the intended page.
  1. Escaped output HTML in many places. These are not necessarily XSS vulnerabilities, and in most places they were hardcoded. But its a good practice to always escape regardless of source.

Summary:

  • wcpt-event/class-event-admin.php
    • Added nonce check in metabox_save.
    • Escaped output in dislpay_meta_boxes
  • wcpt-event/class-event-application.php
    • Change definition of submit_application to pass $POST arguments
  • wcpt-loader.php
    • Indent whole file by 1 indent.
  • wcpt-meetup/class-meetup-admin.php
    • Added nonce check in maybe_update_meetup_data
  • wcpt-wordcamp/wordcamp-admin.php
    • Escaping in user_profile_wordcamp, column_data
    • Escaping using kses in post_row_actions
    • Use post_data_raw instead of $_POST in enforce_post_status
File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-loader.php

    r8083 r8085  
    11<?php
     2
    23/*
    34Plugin Name: WordCamp Post Type
     
    1819define( 'WCPT_URL', plugins_url( '/', __FILE__ ) );
    1920
    20 if ( !class_exists( 'WCPT_Loader' ) ) :
    21 /**
    22  * WCPT_Loader
    23  *
    24  * @package
    25  * @subpackage Loader
    26  * @since WordCamp Post Type (0.1)
    27  *
    28  */
    29 class WCPT_Loader {
     21if ( ! class_exists( 'WCPT_Loader' ) ) :
     22    /**
     23     * WCPT_Loader
     24     *
     25     * @package
     26     * @subpackage Loader
     27     * @since WordCamp Post Type (0.1)
     28     */
     29    class WCPT_Loader {
    3030
    31     /**
    32     * The main WordCamp Post Type loader
    33     */
    34     function __construct() {
    35         add_action( 'plugins_loaded', array( $this, 'core_admin' ) );
    36         add_action( 'init', array( $this, 'core_text_domain' ) );
     31        /**
     32        * The main WordCamp Post Type loader
     33        */
     34        public function __construct() {
     35            add_action( 'plugins_loaded', array( $this, 'core_admin' ) );
     36            add_action( 'init', array( $this, 'core_text_domain' ) );
    3737
    38         $this->includes();
    39     }
     38            $this->includes();
     39        }
    4040
    41     /**
    42     * WordCamp Core File Includes
    43     */
    44     function includes() {
    45         // Load the files
    46         require_once ( WCPT_DIR . 'wcpt-functions.php' );
    47         require_once ( WCPT_DIR . 'wcpt-wordcamp/wordcamp-loader.php' );
    48         require_once ( WCPT_DIR . 'wcpt-meetup/meetup-loader.php' );
    49         require_once ( WCPT_DIR . 'wcpt-event/tracker.php' );
    50         require_once ( WCPT_DIR . 'wcpt-wordcamp/wordcamp.php' );
    51         require_once ( WCPT_DIR . 'wcpt-meetup/meetup.php' );
    52         require_once ( WCPT_DIR . 'wcpt-meetup/class-meetup-admin.php' );
    53         require_once ( WCPT_DIR . 'wcpt-event/class-event-admin.php' ); // required for declined application cron to work.
     41        /**
     42        * WordCamp Core File Includes
     43        */
     44        public function includes() {
     45            // Load the files.
     46            require_once( WCPT_DIR . 'wcpt-functions.php' );
     47            require_once( WCPT_DIR . 'wcpt-wordcamp/wordcamp-loader.php' );
     48            require_once( WCPT_DIR . 'wcpt-meetup/meetup-loader.php' );
     49            require_once( WCPT_DIR . 'wcpt-event/tracker.php' );
     50            require_once( WCPT_DIR . 'wcpt-wordcamp/wordcamp.php' );
     51            require_once( WCPT_DIR . 'wcpt-meetup/meetup.php' );
     52            require_once( WCPT_DIR . 'wcpt-meetup/class-meetup-admin.php' );
     53            require_once( WCPT_DIR . 'wcpt-event/class-event-admin.php' ); // required for declined application cron to work.
    5454
    55         // Require admin files.
    56         if ( is_admin() || ( defined( 'DOING_CRON' ) && DOING_CRON ) ) {
    57             require_once ( WCPT_DIR . 'wcpt-admin.php' );
    58             require_once ( WCPT_DIR . 'wcpt-wordcamp/wordcamp-admin.php' );
    59             require_once ( WCPT_DIR . 'wcpt-wordcamp/privacy.php' );
    60             require_once ( WCPT_DIR . 'mentors/dashboard.php' );
     55            // Require admin files.
     56            if ( is_admin() || ( defined( 'DOING_CRON' ) && DOING_CRON ) ) {
     57                require_once( WCPT_DIR . 'wcpt-admin.php' );
     58                require_once( WCPT_DIR . 'wcpt-wordcamp/wordcamp-admin.php' );
     59                require_once( WCPT_DIR . 'wcpt-wordcamp/privacy.php' );
     60                require_once( WCPT_DIR . 'mentors/dashboard.php' );
     61            }
     62        }
     63
     64        /**
     65         * Initialize core admin objects
     66         */
     67        public function core_admin() {
     68            // Quick admin check.
     69            if ( ! is_admin() && ( ! defined( 'DOING_CRON' ) || ! DOING_CRON ) ) {
     70                return;
     71            }
     72
     73            // Create admin.
     74            $GLOBALS['wcpt_admin']     = new WCPT_Admin();
     75            $GLOBALS['wordcamp_admin'] = new WordCamp_Admin();
     76            $GLOBALS['meetup_admin']   = new Meetup_Admin();
     77        }
     78
     79        /**
     80         * Load the translation file for current language
     81         */
     82        public function core_text_domain() {
     83            $locale = apply_filters( 'wcpt_textdomain', get_locale() );
     84            $mofile = WCPT_DIR . "wcpt-languages/wcpt-$locale.mo";
     85
     86            load_textdomain( 'wcpt', $mofile );
    6187        }
    6288    }
    6389
    64     function core_admin() {
    65         // Quick admin check
    66         if ( ! is_admin() && ( ! defined( 'DOING_CRON' ) || ! DOING_CRON ) ) {
    67             return;
    68         }
     90endif; // class_exists check.
    6991
    70         // Create admin
    71         $GLOBALS['wcpt_admin'] = new WCPT_Admin;
    72         $GLOBALS['wordcamp_admin'] = new WordCamp_Admin;
    73         $GLOBALS['meetup_admin'] = new Meetup_Admin();
    74     }
    75 
    76     /**
    77      * core_text_domain ()
    78      *
    79      * Load the translation file for current language
    80      */
    81     function core_text_domain() {
    82         $locale = apply_filters( 'wcpt_textdomain', get_locale() );
    83         $mofile = WCPT_DIR . "wcpt-languages/wcpt-$locale.mo";
    84 
    85         load_textdomain( 'wcpt', $mofile );
    86     }
    87 }
    88 
    89 endif; // class_exists check
    90 
    91 // Load everything up
    92 $wcpt_loader     = new WCPT_Loader;
    93 $wordcamp_loader = new WordCamp_Loader;
    94 $meetup_loader = new Meetup_Loader();
     92// Load everything up.
     93$wcpt_loader     = new WCPT_Loader();
     94$wordcamp_loader = new WordCamp_Loader();
     95$meetup_loader   = new Meetup_Loader();
Note: See TracChangeset for help on using the changeset viewer.