From 47057ffe0d1e73fa2094450bafaeffc1bbae91ce Mon Sep 17 00:00:00 2001 From: Andreas Brain Date: Sat, 2 Nov 2024 16:01:46 +0100 Subject: [PATCH 1/4] Add more rules for phpcs --- .phpcs.xml | 8 ++++++++ src/includes/Core.php | 9 ++++++--- src/includes/Data.php | 3 +-- src/includes/Model/IncidentReport.php | 6 +++--- src/includes/Options.php | 2 +- src/includes/Update.php | 5 ++--- 6 files changed, 21 insertions(+), 12 deletions(-) diff --git a/.phpcs.xml b/.phpcs.xml index cdd0a72c..4e463138 100644 --- a/.phpcs.xml +++ b/.phpcs.xml @@ -113,4 +113,12 @@ + + + + + + + + diff --git a/src/includes/Core.php b/src/includes/Core.php index dda51601..4817867d 100644 --- a/src/includes/Core.php +++ b/src/includes/Core.php @@ -7,7 +7,6 @@ use abrain\Einsatzverwaltung\Util\Formatter; use function add_action; use function add_option; -use function error_log; use function get_option; use function plugin_basename; use function plugin_dir_url; @@ -107,7 +106,7 @@ private function __construct() public function addHooks() { if (empty($this->pluginFile)) { - error_log('einsatzverwaltung: Plugin file has not been set via setPluginFile()'); + wp_trigger_error(__FUNCTION__, 'Plugin file has not been set via setPluginFile()', E_USER_WARNING); return; } @@ -225,7 +224,11 @@ private function maybeUpdate() $update = new Update(); $updateResult = $update->doUpdate($currentDbVersion, self::DB_VERSION); if (is_wp_error($updateResult)) { - error_log("Das Datenbank-Upgrade wurde mit folgendem Fehler beendet: {$updateResult->get_error_message()}"); + wp_trigger_error( + __FUNCTION__, + 'The database upgrade was terminated with the following error: ' . $updateResult->get_error_message(), + E_USER_WARNING + ); } } diff --git a/src/includes/Data.php b/src/includes/Data.php index 51026164..4b7be605 100644 --- a/src/includes/Data.php +++ b/src/includes/Data.php @@ -15,7 +15,6 @@ use function current_user_can; use function defined; use function delete_post_meta; -use function error_log; use function filter_input; use function get_post_meta; use function get_post_type; @@ -286,7 +285,7 @@ private function adjustPostDate(WP_Post $post) $updateArgs['post_date_gmt'] = get_gmt_from_date($updateArgs['post_date']); $updateResult = wp_update_post($updateArgs); if (is_wp_error($updateResult)) { - error_log($updateResult->get_error_message()); + wp_trigger_error(__FUNCTION__, 'Error updating post date: ' . $updateResult->get_error_message(), E_USER_WARNING); } // Zwischenspeicher wird nur in der Entwurfsphase benötigt diff --git a/src/includes/Model/IncidentReport.php b/src/includes/Model/IncidentReport.php index 10b84286..837fac6c 100644 --- a/src/includes/Model/IncidentReport.php +++ b/src/includes/Model/IncidentReport.php @@ -7,6 +7,7 @@ use abrain\Einsatzverwaltung\Types\Vehicle; use abrain\Einsatzverwaltung\Utilities; use DateTime; +use Exception; use WP_Post; use WP_Term; use function array_filter; @@ -15,7 +16,6 @@ use function array_map; use function get_post; use function get_post_type; -use function error_log; use function get_the_terms; use function in_array; use function intval; @@ -42,6 +42,7 @@ class IncidentReport * IncidentReport constructor. * * @param int|WP_Post $post + * @throws Exception */ public function __construct($post = null) { @@ -50,8 +51,7 @@ public function __construct($post = null) } if (get_post_type($post) !== 'einsatz') { - error_log('The given post object is not an incident report'); // TODO throw exception - return; + throw new Exception('The given post object is not an incident report'); } $this->post = get_post($post); diff --git a/src/includes/Options.php b/src/includes/Options.php index b6001147..d4a9d4e0 100644 --- a/src/includes/Options.php +++ b/src/includes/Options.php @@ -35,7 +35,7 @@ public function getOption(string $key) // Fehlenden Standardwert beklagen, außer es handelt sich um eine Rechteeinstellung if (strpos($key, 'einsatzvw_cap_roles_') !== 0) { - error_log(sprintf('Kein Standardwert für %s gefunden!', $key)); + wp_trigger_error(__FUNCTION__, sprintf('Did not find default value for option %s', $key), E_USER_WARNING); } return get_option($key, false); diff --git a/src/includes/Update.php b/src/includes/Update.php index 0e78f23f..ef826910 100644 --- a/src/includes/Update.php +++ b/src/includes/Update.php @@ -11,7 +11,6 @@ use function array_map; use function delete_option; use function delete_term_meta; -use function error_log; use function function_exists; use function get_editable_roles; use function get_option; @@ -159,7 +158,7 @@ private function upgrade054() array('%d') ); if (false === $result) { - error_log('Problem beim Aktualisieren des GMT-Datums bei Post-ID ' . $bericht->ID); + wp_trigger_error(__FUNCTION__, 'Problem beim Aktualisieren des GMT-Datums bei Post-ID ' . $bericht->ID); } } @@ -565,7 +564,7 @@ public function upgrade180() foreach ($oldUnits as $oldUnit) { $newUnit = wp_insert_term($oldUnit->post_title, 'evw_unit'); if (is_wp_error($newUnit)) { - error_log('Could not create term for Unit: ' . $newUnit->get_error_message()); + wp_trigger_error(__FUNCTION__, 'Could not create term for Unit: ' . $newUnit->get_error_message()); continue; } $termId = $newUnit['term_id']; From b328bc36a80abc15f66ddf67829c20ae2e3eee17 Mon Sep 17 00:00:00 2001 From: Andreas Brain Date: Sat, 2 Nov 2024 18:57:29 +0100 Subject: [PATCH 2/4] More escaping --- .phpcs.xml | 3 ++ src/includes/Settings/MainPage.php | 42 +++++++++++------------- src/includes/Settings/Pages/About.php | 2 +- src/includes/Settings/Pages/Advanced.php | 15 ++------- src/includes/Settings/Pages/Numbers.php | 8 ++--- src/includes/Settings/Pages/Report.php | 2 +- src/includes/Settings/Pages/SubPage.php | 22 +++++++------ 7 files changed, 44 insertions(+), 50 deletions(-) diff --git a/.phpcs.xml b/.phpcs.xml index 4e463138..f1b309a5 100644 --- a/.phpcs.xml +++ b/.phpcs.xml @@ -121,4 +121,7 @@ + + + diff --git a/src/includes/Settings/MainPage.php b/src/includes/Settings/MainPage.php index 64147165..1bc91682 100644 --- a/src/includes/Settings/MainPage.php +++ b/src/includes/Settings/MainPage.php @@ -93,27 +93,22 @@ public function addToSettingsMenu() public function echoSettingsPage() { if (!current_user_can('manage_options')) { - wp_die(__('You do not have sufficient permissions to manage options for this site.', 'einsatzverwaltung')); + wp_die(esc_html__('You do not have sufficient permissions to manage options for this site.', 'einsatzverwaltung')); } - echo '
'; - printf('

%s › Einsatzverwaltung

', __('Settings', 'einsatzverwaltung')); + $heading = sprintf('%s › Einsatzverwaltung', __('Settings', 'einsatzverwaltung')); + echo '

' . esc_html($heading) . '

'; // Check if any page uses the same permalink as the archive $conflictingPage = $this->getConflictingPage(); if ($conflictingPage instanceof WP_Post) { - $pageEditLink = sprintf( - '%2$s', - esc_url(get_edit_post_link($conflictingPage->ID)), - esc_html($conflictingPage->post_title) - ); $message = sprintf( - // translators: 1: title of the page, 2: URL - esc_html__('The page %1$s uses the same permalink as the archive (%2$s). Please change the permalink of the page.', 'einsatzverwaltung'), - $pageEditLink, - sprintf('%s', esc_html(get_permalink($conflictingPage))) + // translators: 1: title of the page, 2: page ID, 3: URL + __('The page "%1$s" uses the same permalink as the archive (%2$s). Please change the permalink of the page.', 'einsatzverwaltung'), + $conflictingPage->post_title, + get_permalink($conflictingPage) ); - printf('

%s

', $message); + printf('

%s

', esc_html($message)); } $currentSubPage = $this->getCurrentSubPage(); @@ -127,17 +122,20 @@ public function echoSettingsPage() ); foreach ($this->subPages as $subPage) { if ($this->isCurrentSubPage($subPage)) { - $format = '%s'; + printf( + '%s', + esc_url(sprintf("?page=%s&tab=%s", self::EVW_SETTINGS_SLUG, $subPage->identifier)), + "nav-tab nav-tab-active", + esc_html($subPage->title) + ); } else { - $format = '%s'; + printf( + '%s', + esc_url(sprintf("?page=%s&tab=%s", self::EVW_SETTINGS_SLUG, $subPage->identifier)), + "nav-tab", + esc_html($subPage->title) + ); } - printf( - $format, - self::EVW_SETTINGS_SLUG, - $subPage->identifier, - $this->isCurrentSubPage($subPage) ? "nav-tab nav-tab-active" : "nav-tab", - esc_html($subPage->title) - ); } echo ''; diff --git a/src/includes/Settings/Pages/About.php b/src/includes/Settings/Pages/About.php index 8cd8145d..6fdc19c0 100644 --- a/src/includes/Settings/Pages/About.php +++ b/src/includes/Settings/Pages/About.php @@ -46,7 +46,7 @@ public function echoStaticContent()

Bei Problembeschreibungen helfen mir die folgenden Angaben bei der Eingrenzung der Ursache: - +

diff --git a/src/includes/Settings/Pages/Advanced.php b/src/includes/Settings/Pages/Advanced.php index 9bcb8233..b99e359c 100644 --- a/src/includes/Settings/Pages/Advanced.php +++ b/src/includes/Settings/Pages/Advanced.php @@ -93,17 +93,8 @@ public function addSettingsSections() function () { global $wp_rewrite; if ($wp_rewrite->using_permalinks() === false) { - echo '

'; - printf('%s ', esc_html(__('Note:', 'einsatzverwaltung'))); - printf( - // Translators: %s: permalinks - __('These settings currently have no effect, as WordPress uses plain %s', 'einsatzverwaltung'), - sprintf( - '%s', - admin_url('options-permalink.php'), - __('permalinks', 'einsatzverwaltung') - ) - ); + printf('

%s ', esc_html__('Note:', 'einsatzverwaltung')); + esc_html_e('These settings currently have no effect, as WordPress uses plain permalinks', 'einsatzverwaltung'); echo '

'; } printf( @@ -187,7 +178,7 @@ public function echoFieldCoreFeatures() ); printf( '

%s

', - __('You can activate these features of Posts also for Incident Reports.', 'einsatzverwaltung') + esc_html__('You can activate these features of Posts also for Incident Reports.', 'einsatzverwaltung') ); echo ''; } diff --git a/src/includes/Settings/Pages/Numbers.php b/src/includes/Settings/Pages/Numbers.php index e9493744..33de98d7 100644 --- a/src/includes/Settings/Pages/Numbers.php +++ b/src/includes/Settings/Pages/Numbers.php @@ -69,7 +69,7 @@ public function echoFieldAuto() ); printf( '

%s

', - __('If deactivated, incident numbers can be maintained manually.', 'einsatzverwaltung') + esc_html__('If deactivated, incident numbers can be maintained manually.', 'einsatzverwaltung') ); } @@ -84,7 +84,7 @@ public function echoFieldDigits() echo ''; printf( '

%s

', - __('The sequential number gets padded with leading zeros until it has this length.', 'einsatzverwaltung') + esc_html__('The sequential number gets padded with leading zeros until it has this length.', 'einsatzverwaltung') ); } @@ -96,7 +96,7 @@ public function echoFieldOrder() ); printf( '

%s

', - __('By default, the year comes before the sequential number. Activate this option to reverse the order.', 'einsatzverwaltung') + esc_html__('By default, the year comes before the sequential number. Activate this option to reverse the order.', 'einsatzverwaltung') ); } @@ -111,7 +111,7 @@ public function echoFieldSeparator() echo ''; printf( '

%s

', - __('This character separates the year and the sequential number.', 'einsatzverwaltung') + esc_html__('This character separates the year and the sequential number.', 'einsatzverwaltung') ); } diff --git a/src/includes/Settings/Pages/Report.php b/src/includes/Settings/Pages/Report.php index c747a016..93888d99 100644 --- a/src/includes/Settings/Pages/Report.php +++ b/src/includes/Settings/Pages/Report.php @@ -173,7 +173,7 @@ public function echoFieldReportTemplate() echo '
'; $this->echoRadioButtons('einsatzverwaltung_use_reporttemplate', $this->useReportTemplateOptions, 'no'); echo '

'; - printf('Die Option "%s" wird nicht empfohlen, ist aber bei manchen Themes die einzige Möglichkeit, das Template in Übersichten nutzen zu können.', $this->useReportTemplateOptions['everywhere']['label']); + printf('Die Option "%s" wird nicht empfohlen, ist aber bei manchen Themes die einzige Möglichkeit, das Template in Übersichten nutzen zu können.', esc_html($this->useReportTemplateOptions['everywhere']['label'])); echo '

'; $this->echoTextarea('einsatzverwaltung_reporttemplate'); echo '

Es kann sein, dass das Theme in Übersichten nur den Auszug anzeigt. Dessen Aussehen kann mit einem eigenen Template festgelegt werden (siehe unten).

'; diff --git a/src/includes/Settings/Pages/SubPage.php b/src/includes/Settings/Pages/SubPage.php index 6cc85092..6bae46bd 100644 --- a/src/includes/Settings/Pages/SubPage.php +++ b/src/includes/Settings/Pages/SubPage.php @@ -106,22 +106,24 @@ protected function echoRadioButtons($name, $options, $defaultValue) { $currentValue = get_option($name, $defaultValue); foreach ($options as $value => $option) { + printf( + '
'; } } From bcfd04e2e300682e3b6a93f5494502535252ec2c Mon Sep 17 00:00:00 2001 From: Andreas Brain Date: Sat, 2 Nov 2024 20:13:41 +0100 Subject: [PATCH 3/4] Add more recommended WP phpcs rules --- .phpcs.xml | 34 +++++++++++++++++++ src/includes/Admin/Initializer.php | 11 +++--- src/includes/Export/Page.php | 3 +- src/includes/Frontend.php | 2 +- src/includes/Settings/MainPage.php | 4 +-- src/includes/Types/IncidentType.php | 2 +- src/includes/Types/Vehicle.php | 23 ------------- src/includes/Widgets/RecentIncidents.php | 6 ++-- .../Widgets/RecentIncidentsFormatted.php | 6 ++-- tests/unit/Admin/InitializerTest.php | 6 ++-- 10 files changed, 56 insertions(+), 41 deletions(-) diff --git a/.phpcs.xml b/.phpcs.xml index f1b309a5..b55e986b 100644 --- a/.phpcs.xml +++ b/.phpcs.xml @@ -124,4 +124,38 @@ + + + + + + + + + + + + + + tests/ + + + + + + + + + + + + + + + + + + + + diff --git a/src/includes/Admin/Initializer.php b/src/includes/Admin/Initializer.php index 2e83dc87..59b9d5b4 100644 --- a/src/includes/Admin/Initializer.php +++ b/src/includes/Admin/Initializer.php @@ -107,7 +107,8 @@ public function enqueueEditScripts($hook) 'einsatzverwaltung-edit-script', Core::$scriptUrl . 'einsatzverwaltung-edit.js', array('jquery', 'jquery-ui-autocomplete', 'wp-i18n'), - Core::VERSION + Core::VERSION, + true ); wp_localize_script( 'einsatzverwaltung-edit-script', @@ -126,7 +127,8 @@ public function enqueueEditScripts($hook) 'einsatzverwaltung-settings-script', Core::$scriptUrl . 'einsatzverwaltung-settings.js', array('jquery-ui-draggable', 'jquery-ui-droppable', 'jquery-ui-sortable'), - Core::VERSION + Core::VERSION, + true ); } elseif ('edit.php' == $hook) { $screen = get_current_screen(); @@ -135,7 +137,7 @@ public function enqueueEditScripts($hook) 'einsatzverwaltung-report-list-table', Core::$scriptUrl . 'report-list-table.js', false, - null, + Core::VERSION, true ); } @@ -169,7 +171,8 @@ public function enqueueEditScripts($hook) 'einsatzverwaltung-admin-script', Core::$scriptUrl . 'einsatzverwaltung-admin.js', array('wp-color-picker'), - Core::VERSION + Core::VERSION, + true ); wp_enqueue_style('wp-color-picker'); } diff --git a/src/includes/Export/Page.php b/src/includes/Export/Page.php index 1fe848e1..d4685d0f 100644 --- a/src/includes/Export/Page.php +++ b/src/includes/Export/Page.php @@ -48,7 +48,8 @@ public function enqueueAdminScripts($hook) 'einsatzverwaltung-export', Core::$scriptUrl . 'export.js', array('jquery'), - Core::VERSION + Core::VERSION, + true ); } diff --git a/src/includes/Frontend.php b/src/includes/Frontend.php index 65de4c31..7ece1402 100644 --- a/src/includes/Frontend.php +++ b/src/includes/Frontend.php @@ -100,7 +100,7 @@ public function enqueueStyleAndScripts() Core::VERSION ); wp_add_inline_style('einsatzverwaltung-frontend', ReportListRenderer::getDynamicCss()); - wp_enqueue_script('einsatzverwaltung-reportlist', Core::$scriptUrl . 'reportlist.js'); + wp_enqueue_script('einsatzverwaltung-reportlist', Core::$scriptUrl . 'reportlist.js', [], Core::VERSION, true); } /** diff --git a/src/includes/Settings/MainPage.php b/src/includes/Settings/MainPage.php index 1bc91682..1fdab15b 100644 --- a/src/includes/Settings/MainPage.php +++ b/src/includes/Settings/MainPage.php @@ -20,9 +20,9 @@ use function get_permalink; use function get_post_type_archive_link; use function home_url; -use function parse_url; use function str_replace; use function strpos; +use function wp_parse_url; use const PHP_URL_PATH; /** @@ -165,7 +165,7 @@ private function getConflictingPage(): ?WP_Post if (strpos($reportArchiveUrl, $homeUrl) === 0) { $reportArchivePath = str_replace($homeUrl, '', $reportArchiveUrl); } else { - $reportArchivePath = parse_url($reportArchiveUrl, PHP_URL_PATH); + $reportArchivePath = wp_parse_url($reportArchiveUrl, PHP_URL_PATH); } return get_page_by_path($reportArchivePath); diff --git a/src/includes/Types/IncidentType.php b/src/includes/Types/IncidentType.php index 088c5bc0..16299230 100644 --- a/src/includes/Types/IncidentType.php +++ b/src/includes/Types/IncidentType.php @@ -129,7 +129,7 @@ public function registerHooks() // Enqueue the scripts to handle media upload and selection if ($screen->taxonomy === self::getSlug() && in_array($screen->base, array('edit-tags', 'term'))) { wp_enqueue_media(); - wp_enqueue_script('einsatzverwaltung-media-selector', Core::$scriptUrl . 'media-selector.js'); + wp_enqueue_script('einsatzverwaltung-media-selector', Core::$scriptUrl . 'media-selector.js', [], Core::VERSION, true); } }); diff --git a/src/includes/Types/Vehicle.php b/src/includes/Types/Vehicle.php index 65b90c2d..9802c579 100644 --- a/src/includes/Types/Vehicle.php +++ b/src/includes/Types/Vehicle.php @@ -166,7 +166,6 @@ public function registerHooks() { $taxonomySlug = self::getSlug(); add_action("{$taxonomySlug}_pre_add_form", array($this, 'deprectatedHierarchyNotice')); - add_action('admin_menu', array($this, 'addBadgeToMenu')); /** * Prevent the Gutenberg Editor from creating a UI for this taxonomy, so we can use our own @@ -205,28 +204,6 @@ public function deprectatedHierarchyNotice() } } - public function addBadgeToMenu() - { - global $submenu; - $termsWithParentCount = $this->getTermsWithParentCount(); - if ($termsWithParentCount > 0) { - $submenuKey = 'edit.php?post_type=' . Report::getSlug(); - if (array_key_exists($submenuKey, $submenu)) { - $vehicleEntry = array_filter($submenu[$submenuKey], function ($entry) { - return $entry[2] === 'edit-tags.php?taxonomy=fahrzeug&post_type=einsatz'; - }); - - foreach ($vehicleEntry as $id => $entry) { - $entry[0] .= sprintf( - ' %d', - esc_html($termsWithParentCount) - ); - $submenu[$submenuKey][$id] = $entry; - } - } - } - } - /** * @return int Returns the number of terms in this taxonomy that have a parent term. */ diff --git a/src/includes/Widgets/RecentIncidents.php b/src/includes/Widgets/RecentIncidents.php index 52579563..58305c8e 100644 --- a/src/includes/Widgets/RecentIncidents.php +++ b/src/includes/Widgets/RecentIncidents.php @@ -16,8 +16,8 @@ use function get_queried_object_id; use function get_taxonomy; use function printf; -use function strip_tags; use function trim; +use function wp_strip_all_tags; /** * WordPress-Widget für die letzten X Einsätze @@ -116,7 +116,7 @@ private function echoReports(array $instance, string $title) // Add a nav element for accessibility if (current_theme_supports('html5', 'navigation-widgets')) { - $title = trim(strip_tags($title)); + $title = trim(wp_strip_all_tags($title)); $ariaLabel = !empty($title) ? $title : $this->defaultTitle; printf('