Making WordPress.org


Ignore:
Timestamp:
01/16/2019 03:36:24 PM (5 years ago)
Author:
vedjain
Message:

WCPT: Applies code standard changes to wcpt plugin.

Most of the changes are small, but these are some important ones:

  1. Added nonce check in multiple places. This will ensure that request is always coming from the intended page.
  1. Escaped output HTML in many places. These are not necessarily XSS vulnerabilities, and in most places they were hardcoded. But its a good practice to always escape regardless of source.

Summary:

  • wcpt-event/class-event-admin.php
    • Added nonce check in metabox_save.
    • Escaped output in dislpay_meta_boxes
  • wcpt-event/class-event-application.php
    • Change definition of submit_application to pass $POST arguments
  • wcpt-loader.php
    • Indent whole file by 1 indent.
  • wcpt-meetup/class-meetup-admin.php
    • Added nonce check in maybe_update_meetup_data
  • wcpt-wordcamp/wordcamp-admin.php
    • Escaping in user_profile_wordcamp, column_data
    • Escaping using kses in post_row_actions
    • Use post_data_raw instead of $_POST in enforce_post_status
File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-wordcamp/class-wordcamp-application.php

    r8083 r8085  
    1414    const SHORTCODE_SLUG = 'wordcamp-organizer-application';
    1515
    16     static function get_event_label() {
     16    /**
     17     * Return publicly displayed name of the event
     18     *
     19     * @return string
     20     */
     21    public static function get_event_label() {
    1722        return __( 'WordCamp', 'wordcamporg' );
    1823    }
     
    2328     * @return string
    2429     */
    25     static function get_event_type() {
     30    public static function get_event_type() {
    2631        return WCPT_POST_TYPE_ID;
    2732    }
     
    3035     * Enqueue scripts and stylesheets
    3136     */
    32     function enqueue_assets() {
     37    public function enqueue_assets() {
    3338        global $post;
    3439
     
    5358     * @return null|void
    5459     */
    55     function render_application_form( $countries ) {
     60    public function render_application_form( $countries ) {
    5661        render_wordcamp_application_form( $countries );
    5762    }
     
    6469     * @return array|\WP_Error
    6570     */
    66     function validate_data( $unsafe_data ) {
     71    public function validate_data( $unsafe_data ) {
    6772        $safe_data   = array();
    6873        $unsafe_data = shortcode_atts( $this->get_default_application_values(), $unsafe_data );
     
    98103     * @return array
    99104     */
    100     function get_default_application_values() {
     105    public function get_default_application_values() {
    101106        $values = array(
    102             // Part 1
     107            // Part 1.
    103108            'q_1079074_first_name'                       => '',
    104109            'q_1079074_last_name'                        => '',
     
    118123            'q_1068223_hope_to_accomplish_other'         => '',
    119124
    120             // Part 2
     125            // Part 2.
    121126            'q_1045950_active_meetup'                    => '',
    122127            'q_1045953_role_in_meetup'                   => '',
     
    128133            'q_1079082_other_tech_events_success'        => '',
    129134
    130             // Part 3
     135            // Part 3.
    131136            'q_1079103_wordcamp_location'                => '',
    132137            'q_1046006_wordcamp_date'                    => '',
     
    149154            'q_1079098_anything_else'                    => '',
    150155
    151             // Bonus
     156            // Bonus.
    152157            'q_1079112_best_describes_you'               => '',
    153158            'q_1079112_best_describes_you_other'         => '',
     
    172177     */
    173178    public static function get_application_report_url() {
    174         return "https://central.wordcamp.org/reports/application-status/";
     179        return 'https://central.wordcamp.org/reports/application-status/';
    175180    }
    176181
     
    182187     * @return bool|\WP_Error
    183188     */
    184     function create_post( $data ) {
    185         // Create the post
     189    public function create_post( $data ) {
     190        // Create the post.
    186191        $user      = wcorg_get_user_by_canonical_names( $data['q_4236565_wporg_username'] );
    187192        $statues   = \WordCamp_Loader::get_post_statuses();
     
    192197            'post_title'  => 'WordCamp ' . $data['q_1079103_wordcamp_location'],
    193198            'post_status' => WCPT_DEFAULT_STATUS,
    194             'post_author' => is_a( $user, 'WP_User' ) ? $user->ID : 7694169, // Set `wordcamp` as author if supplied username is not valid
     199            'post_author' => is_a( $user, 'WP_User' ) ? $user->ID : 7694169, // Set `wordcamp` as author if supplied username is not valid.
    195200        );
    196201
     
    201206        }
    202207
    203         // Populate the meta fields
     208        // Populate the meta fields.
    204209        add_post_meta( $post_id, '_application_data', $data );
    205210        add_post_meta( $post_id, '_application_submitter_ip_address', $_SERVER['REMOTE_ADDR'] );
    206211
    207 
    208212        add_post_meta(
    209             $post_id, 'Organizer Name', sprintf(
     213            $post_id,
     214            'Organizer Name',
     215            sprintf(
    210216                '%s %s',
    211217                $data['q_1079074_first_name'],
     
    220226
    221227        add_post_meta(
    222             $post_id, 'Mailing Address', sprintf(
     228            $post_id,
     229            'Mailing Address',
     230            sprintf(
    223231                "%s\n%s%s%s %s\n%s",
    224232                $data['q_1079060_add1'],
     
    232240
    233241        add_post_meta(
    234             $post_id, '_status_change', array(
     242            $post_id,
     243            '_status_change',
     244            array(
    235245                'timestamp' => time(),
    236246                'user_id'   => is_a( $user, 'WP_User' ) ? $user->ID : 0,
     
    248258     * @return null|string
    249259     */
    250     function get_organizer_email() {
     260    public function get_organizer_email() {
    251261        if ( isset( $this->post ) && isset( $this->post->ID ) ) {
    252262            return get_post_meta( $this->post->ID, 'Email Address', true );
     
    259269     * @return null|string
    260270     */
    261     function get_event_location() {
     271    public function get_event_location() {
    262272        if ( isset( $this->post ) && isset( $this->post->ID ) ) {
    263273            return get_post_meta( $this->post->ID, 'Location', true );
Note: See TracChangeset for help on using the changeset viewer.