Changeset 8085 for sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-wordcamp/class-wordcamp-application.php

Timestamp:

01/16/2019 03:36:24 PM (6 years ago)

Author:

vedjain

Message:

WCPT: Applies code standard changes to wcpt plugin.

Most of the changes are small, but these are some important ones:

1. Added nonce check in multiple places. This will ensure that request is always coming from the intended page.

2. Escaped output HTML in many places. These are not necessarily XSS vulnerabilities, and in most places they were hardcoded. But its a good practice to always escape regardless of source.

Summary:

• wcpt-event/class-event-admin.php
  • Added nonce check in metabox_save.
  • Escaped output in dislpay_meta_boxes

• wcpt-event/class-event-application.php
  • Change definition of submit_application to pass $POST arguments

• wcpt-loader.php
  • Indent whole file by 1 indent.

• wcpt-meetup/class-meetup-admin.php
  • Added nonce check in maybe_update_meetup_data

• wcpt-wordcamp/wordcamp-admin.php
  • Escaping in user_profile_wordcamp, column_data
  • Escaping using kses in post_row_actions
  • Use post_data_raw instead of $_POST in enforce_post_status

File:

• sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-wordcamp/class-wordcamp-application.php (modified) (17 diffs)

sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-wordcamp/class-wordcamp-application.php

@@ -14 +14 @@
     const SHORTCODE_SLUG = 'wordcamp-organizer-application';
 
-    static function get_event_label() {
+    /**
+     * Return publicly displayed name of the event
+     *
+     * @return string
+     */
+    public static function get_event_label() {
         return __( 'WordCamp', 'wordcamporg' );
     }
@@ -23 +28 @@
      * @return string
      */
-    static function get_event_type() {
+    public static function get_event_type() {
         return WCPT_POST_TYPE_ID;
     }
@@ -30 +35 @@
      * Enqueue scripts and stylesheets
      */
-    function enqueue_assets() {
+    public function enqueue_assets() {
         global $post;
 
@@ -53 +58 @@
      * @return null|void
      */
-    function render_application_form( $countries ) {
+    public function render_application_form( $countries ) {
         render_wordcamp_application_form( $countries );
     }
@@ -64 +69 @@
      * @return array|\WP_Error
      */
-    function validate_data( $unsafe_data ) {
+    public function validate_data( $unsafe_data ) {
         $safe_data   = array();
         $unsafe_data = shortcode_atts( $this->get_default_application_values(), $unsafe_data );
@@ -98 +103 @@
      * @return array
      */
-    function get_default_application_values() {
+    public function get_default_application_values() {
         $values = array(
-            // Part 1
+            // Part 1.
             'q_1079074_first_name'                       => '',
             'q_1079074_last_name'                        => '',
@@ -118 +123 @@
             'q_1068223_hope_to_accomplish_other'         => '',
 
-            // Part 2
+            // Part 2.
             'q_1045950_active_meetup'                    => '',
             'q_1045953_role_in_meetup'                   => '',
@@ -128 +133 @@
             'q_1079082_other_tech_events_success'        => '',
 
-            // Part 3
+            // Part 3.
             'q_1079103_wordcamp_location'                => '',
             'q_1046006_wordcamp_date'                    => '',
@@ -149 +154 @@
             'q_1079098_anything_else'                    => '',
 
-            // Bonus
+            // Bonus.
             'q_1079112_best_describes_you'               => '',
             'q_1079112_best_describes_you_other'         => '',
@@ -172 +177 @@
      */
     public static function get_application_report_url() {
-        return "https://central.wordcamp.org/reports/application-status/";
+        return 'https://central.wordcamp.org/reports/application-status/';
     }
 
@@ -182 +187 @@
      * @return bool|\WP_Error
      */
-    function create_post( $data ) {
-        // Create the post
+    public function create_post( $data ) {
+        // Create the post.
         $user      = wcorg_get_user_by_canonical_names( $data['q_4236565_wporg_username'] );
         $statues   = \WordCamp_Loader::get_post_statuses();
@@ -192 +197 @@
             'post_title'  => 'WordCamp ' . $data['q_1079103_wordcamp_location'],
             'post_status' => WCPT_DEFAULT_STATUS,
-            'post_author' => is_a( $user, 'WP_User' ) ? $user->ID : 7694169, // Set `wordcamp` as author if supplied username is not valid
+            'post_author' => is_a( $user, 'WP_User' ) ? $user->ID : 7694169, // Set `wordcamp` as author if supplied username is not valid.
         );
 
@@ -201 +206 @@
         }
 
-        // Populate the meta fields
+        // Populate the meta fields.
         add_post_meta( $post_id, '_application_data', $data );
         add_post_meta( $post_id, '_application_submitter_ip_address', $_SERVER['REMOTE_ADDR'] );
 
-
         add_post_meta(
-            $post_id, 'Organizer Name', sprintf(
+            $post_id,
+            'Organizer Name',
+            sprintf(
                 '%s %s',
                 $data['q_1079074_first_name'],
@@ -220 +226 @@
 
         add_post_meta(
-            $post_id, 'Mailing Address', sprintf(
+            $post_id,
+            'Mailing Address',
+            sprintf(
                 "%s\n%s%s%s %s\n%s",
                 $data['q_1079060_add1'],
@@ -232 +240 @@
 
         add_post_meta(
-            $post_id, '_status_change', array(
+            $post_id,
+            '_status_change',
+            array(
                 'timestamp' => time(),
                 'user_id'   => is_a( $user, 'WP_User' ) ? $user->ID : 0,
@@ -248 +258 @@
      * @return null|string
      */
-    function get_organizer_email() {
+    public function get_organizer_email() {
         if ( isset( $this->post ) && isset( $this->post->ID ) ) {
             return get_post_meta( $this->post->ID, 'Email Address', true );
@@ -259 +269 @@
      * @return null|string
      */
-    function get_event_location() {
+    public function get_event_location() {
         if ( isset( $this->post ) && isset( $this->post->ID ) ) {
             return get_post_meta( $this->post->ID, 'Location', true );