From 7f1e6a24c4dd16cc5b9ba0fefdb5332b0014c7bf Mon Sep 17 00:00:00 2001
From: mmtr <1233880+mmtr@users.noreply.github.com>
Date: Wed, 18 Dec 2024 16:17:34 +0100
Subject: [PATCH 1/3] Post categories: Add quick action to change the default
 category

---
 .../add-set-default-category-quick-action     |  4 +
 .../src/class-jetpack-mu-wpcom.php            |  1 +
 .../post-categories/quick-actions.php         | 89 +++++++++++++++++++
 3 files changed, 94 insertions(+)
 create mode 100644 projects/packages/jetpack-mu-wpcom/changelog/add-set-default-category-quick-action
 create mode 100644 projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php

diff --git a/projects/packages/jetpack-mu-wpcom/changelog/add-set-default-category-quick-action b/projects/packages/jetpack-mu-wpcom/changelog/add-set-default-category-quick-action
new file mode 100644
index 0000000000000..562cea91dca9a
--- /dev/null
+++ b/projects/packages/jetpack-mu-wpcom/changelog/add-set-default-category-quick-action
@@ -0,0 +1,4 @@
+Significance: patch
+Type: added
+
+Post categories: Add quick action to change default category
diff --git a/projects/packages/jetpack-mu-wpcom/src/class-jetpack-mu-wpcom.php b/projects/packages/jetpack-mu-wpcom/src/class-jetpack-mu-wpcom.php
index a607b7e67d910..c45b9d15e6315 100644
--- a/projects/packages/jetpack-mu-wpcom/src/class-jetpack-mu-wpcom.php
+++ b/projects/packages/jetpack-mu-wpcom/src/class-jetpack-mu-wpcom.php
@@ -107,6 +107,7 @@ public static function load_features() {
 		require_once __DIR__ . '/features/import-customizations/import-customizations.php';
 		require_once __DIR__ . '/features/marketplace-products-updater/class-marketplace-products-updater.php';
 		require_once __DIR__ . '/features/media/heif-support.php';
+		require_once __DIR__ . '/features/post-categories/quick-actions.php';
 		require_once __DIR__ . '/features/site-editor-dashboard-link/site-editor-dashboard-link.php';
 		require_once __DIR__ . '/features/wpcom-admin-dashboard/wpcom-admin-dashboard.php';
 		require_once __DIR__ . '/features/wpcom-block-editor/class-jetpack-wpcom-block-editor.php';
diff --git a/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php b/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
new file mode 100644
index 0000000000000..cacb295e7ec6c
--- /dev/null
+++ b/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Quick actions for the categories list page.
+ *
+ * @package automattic/jetpack-mu-wpcom
+ */
+
+/**
+ * Adds a quick action to change the default post category.
+ *
+ * @param string[] $actions An array of action links to be displayed.
+ * @param WP_Term  $category Category object.
+ *
+ * @return string[] Filtered actions.
+ */
+function wpcom_add_set_default_category_quick_action( $actions, $category ) {
+	if ( ! current_user_can( 'manage_options' ) ) {
+		return $actions;
+	}
+
+	$default_category = (int) get_option( 'default_category' );
+	if ( $category->term_id === $default_category ) {
+		return $actions;
+	}
+
+	$link = add_query_arg(
+		array(
+			'category' => $category->term_id,
+			'action'   => 'wpcom-set-default-category',
+		)
+	);
+	$link = wp_nonce_url( $link, 'wpcom-set-default-category' );
+
+	$actions['set-default'] = sprintf(
+		'<a href="%1$s" aria-label="%2$s">%3$s</a>',
+		esc_url( $link ),
+		/* translators: category name */
+		esc_attr( sprintf( __( 'Set &#8220;%s&#8221; as the default category', 'jetpack-mu-wpcom' ), $category->name ) ),
+		esc_html( __( 'Set as default', 'jetpack-mu-wpcom' ) )
+	);
+	return $actions;
+}
+add_filter( 'category_row_actions', 'wpcom_add_set_default_category_quick_action', 10, 2 );
+
+/**
+ * Changes the default post category.
+ */
+function wpcom_set_default_category() {
+	if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ), 'wpcom-set-default-category' ) ) {
+		return;
+	}
+
+	if ( ! current_user_can( 'manage_options' ) ) {
+		return;
+	}
+
+	if ( ! isset( $_GET['taxonomy'] ) || 'category' !== sanitize_text_field( wp_unslash( $_GET['taxonomy'] ) ) ) {
+		return;
+	}
+
+	if ( ! isset( $_GET['action'] ) || 'wpcom-set-default-category' !== sanitize_text_field( wp_unslash( $_GET['action'] ) ) ) {
+		return;
+	}
+
+	if ( ! isset( $_GET['category'] ) ) {
+		return;
+	}
+
+	$new_default_category = get_category( sanitize_text_field( wp_unslash( $_GET['category'] ) ) );
+	if ( is_wp_error( $new_default_category ) || ! $new_default_category ) {
+		return;
+	}
+
+	update_option( 'default_category', $new_default_category->term_id );
+
+	add_action(
+		'admin_notices',
+		function () {
+			wp_admin_notice(
+				__( 'Default category changed successfully.', 'jetpack-mu-wpcom' ),
+				array(
+					'type'        => 'success',
+					'dismissible' => true,
+				)
+			);
+		}
+	);
+}
+add_action( 'load-edit-tags.php', 'wpcom_set_default_category' );

From 0b33e380d786310036b4dc34a8c9469ab15c24c5 Mon Sep 17 00:00:00 2001
From: mmtr <1233880+mmtr@users.noreply.github.com>
Date: Wed, 18 Dec 2024 16:31:06 +0100
Subject: [PATCH 2/3] Fix Phan error

---
 .../src/features/post-categories/quick-actions.php         | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php b/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
index cacb295e7ec6c..8b5429a5e438f 100644
--- a/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
+++ b/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
@@ -66,7 +66,12 @@ function wpcom_set_default_category() {
 		return;
 	}
 
-	$new_default_category = get_category( sanitize_text_field( wp_unslash( $_GET['category'] ) ) );
+	$new_default_category_id = sanitize_text_field( wp_unslash( $_GET['category'] ) );
+	if ( ! is_numeric( $new_default_category_id ) ) {
+		return;
+	}
+
+	$new_default_category = get_category( (int) $new_default_category_id );
 	if ( is_wp_error( $new_default_category ) || ! $new_default_category ) {
 		return;
 	}

From 094a30d87e0839fca315f618e03d19347fb080f2 Mon Sep 17 00:00:00 2001
From: mmtr <1233880+mmtr@users.noreply.github.com>
Date: Thu, 19 Dec 2024 15:32:48 +0100
Subject: [PATCH 3/3] More secure nonce

---
 .../post-categories/quick-actions.php         | 35 ++++++++-----------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php b/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
index 8b5429a5e438f..3259f07466dca 100644
--- a/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
+++ b/projects/packages/jetpack-mu-wpcom/src/features/post-categories/quick-actions.php
@@ -23,15 +23,12 @@ function wpcom_add_set_default_category_quick_action( $actions, $category ) {
 		return $actions;
 	}
 
-	$link = add_query_arg(
-		array(
-			'category' => $category->term_id,
-			'action'   => 'wpcom-set-default-category',
-		)
-	);
-	$link = wp_nonce_url( $link, 'wpcom-set-default-category' );
+	$action = 'set-default';
+
+	$link = add_query_arg( array( $action => $category->term_id ) );
+	$link = wp_nonce_url( $link, $action . '_' . $category->term_id );
 
-	$actions['set-default'] = sprintf(
+	$actions[ $action ] = sprintf(
 		'<a href="%1$s" aria-label="%2$s">%3$s</a>',
 		esc_url( $link ),
 		/* translators: category name */
@@ -46,7 +43,7 @@ function wpcom_add_set_default_category_quick_action( $actions, $category ) {
  * Changes the default post category.
  */
 function wpcom_set_default_category() {
-	if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ), 'wpcom-set-default-category' ) ) {
+	if ( ! isset( $_GET['taxonomy'] ) || 'category' !== sanitize_text_field( wp_unslash( $_GET['taxonomy'] ) ) ) {
 		return;
 	}
 
@@ -54,29 +51,25 @@ function wpcom_set_default_category() {
 		return;
 	}
 
-	if ( ! isset( $_GET['taxonomy'] ) || 'category' !== sanitize_text_field( wp_unslash( $_GET['taxonomy'] ) ) ) {
-		return;
-	}
+	$action = 'set-default';
 
-	if ( ! isset( $_GET['action'] ) || 'wpcom-set-default-category' !== sanitize_text_field( wp_unslash( $_GET['action'] ) ) ) {
+	if ( ! isset( $_GET[ $action ] ) ) {
 		return;
 	}
 
-	if ( ! isset( $_GET['category'] ) ) {
+	$category_id = sanitize_text_field( wp_unslash( $_GET[ $action ] ) );
+	if ( ! is_numeric( $category_id ) ) {
 		return;
 	}
 
-	$new_default_category_id = sanitize_text_field( wp_unslash( $_GET['category'] ) );
-	if ( ! is_numeric( $new_default_category_id ) ) {
-		return;
-	}
+	check_admin_referer( $action . '_' . $category_id );
 
-	$new_default_category = get_category( (int) $new_default_category_id );
-	if ( is_wp_error( $new_default_category ) || ! $new_default_category ) {
+	$category = get_category( (int) $category_id );
+	if ( is_wp_error( $category ) || ! $category ) {
 		return;
 	}
 
-	update_option( 'default_category', $new_default_category->term_id );
+	update_option( 'default_category', $category->term_id );
 
 	add_action(
 		'admin_notices',