Merge pull request #160 from mattwiebe/update/wpcom-lint

Linted for wpcom

Author: akirk

bin/extract-hooks.php

@@ -102,7 +102,7 @@ function sample_ini() {
 		$comment = '';
 		$hook = false;
 
-		for ( $j = $i; $j > max( 0, $i - 10 ); $j-- ) {
+		for ( $j = $i, $l = max( 0, $i - 10 ); $j > $l; $j-- ) {
 			if ( ! is_array( $tokens[ $j ] ) ) {
 				continue;
 			}
@@ -421,7 +421,7 @@ function parse_docblock( $raw_comment, $params ) {
 			}
 
 
-			$count += 1;
+			++$count;
 			$p = preg_split( '/ +/', $param, 3 );
 			if ( '\\' === substr( $p[0], 0, 1 ) ) {
 				$p[0] = substr( $p[0], 1 );

enable-mastodon-apps.php

@@ -34,7 +34,7 @@ function ( $full_class ) {
 
 		if ( strncmp( $full_class, $base, strlen( $base ) ) === 0 ) {
 			$maybe_uppercase = str_replace( $base, '', $full_class );
-			$class = strtolower( $maybe_uppercase );
+			$class           = strtolower( $maybe_uppercase );
 			// All classes should be capitalized. If this is instead looking for a lowercase method, we ignore that.
 			if ( $maybe_uppercase === $class ) {
 				return;

includes/class-comment-cpt.php

@@ -23,7 +23,7 @@
  * This class maps comments to a custom post type.
  */
 class Comment_CPT {
-	const CPT = 'comment';
+	const CPT      = 'comment';
 	const META_KEY = 'comment_id';
 
 	/**
@@ -90,7 +90,7 @@ public static function create_comment_post( $comment_id, $comment ) {
 			return;
 		}
 		$parent_post_id = $comment->comment_post_ID;
-		$post    = get_post( $parent_post_id );
+		$post           = get_post( $parent_post_id );
 		if ( ! $post ) {
 			return;
 		}

includes/class-mastodon-admin.php

@@ -51,13 +51,13 @@ public function process_admin() {
 			return;
 		}
 
-		if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'enable-mastodon-apps' ) ) {
+		if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['_wpnonce'] ), 'enable-mastodon-apps' ) ) {
 			return;
 		}
 
-		$tab = $_GET['tab'] ?? 'welcome';
+		$tab = isset( $_GET['tab'] ) ? sanitize_key( $_GET['tab'] ) : 'welcome';
 		if ( isset( $_POST['app'] ) ) {
-			$app = Mastodon_App::get_by_client_id( $_POST['app'] );
+			$app = Mastodon_App::get_by_client_id( sanitize_text_field( wp_unslash( $_POST['app'] ) ) );
 			if ( $app ) {
 				return $this->process_admin_app_page( $app );
 			}
@@ -78,14 +78,16 @@ public function process_admin() {
 
 	public function admin_page() {
 		$this->enable_debug = get_option( 'mastodon_api_enable_debug' );
-		$tab = $_GET['tab'] ?? 'welcome';
+		// phpcs:disable WordPress.Security.NonceVerification.Recommended
+		$tab = isset( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : 'welcome';
 		if ( isset( $_GET['app'] ) ) {
-			$app = Mastodon_App::get_by_client_id( $_GET['app'] );
+			$app = Mastodon_App::get_by_client_id( sanitize_text_field( wp_unslash( $_GET['app'] ) ) );
 			if ( $app ) {
 				return $this->admin_app_page( $app );
 			}
 			$tab = 'registered-apps';
 		}
+		// phpcs:enable
 		switch ( $tab ) {
 			case 'welcome':
 				$this->admin_welcome_page();
@@ -117,13 +119,13 @@ public function admin_welcome_page() {
 	}
 
 	public function process_admin_settings_page() {
-		if ( isset( $_POST['mastodon_api_enable_logins'] ) ) {
+		if ( isset( $_POST['mastodon_api_enable_logins'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			delete_option( 'mastodon_api_disable_logins' );
 		} else {
 			update_option( 'mastodon_api_disable_logins', true );
 		}
 
-		if ( isset( $_POST['mastodon_api_enable_debug'] ) ) {
+		if ( isset( $_POST['mastodon_api_enable_debug'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			update_option( 'mastodon_api_enable_debug', true );
 		} else {
 			delete_option( 'mastodon_api_enable_debug' );
@@ -141,12 +143,12 @@ public function admin_settings_page() {
 	}
 
 	public function process_admin_debug_page() {
-		if ( isset( $_POST['mastodon_api_debug_mode'] ) ) {
+		if ( isset( $_POST['mastodon_api_debug_mode'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			update_option( 'mastodon_api_debug_mode', time() + 5 * MINUTE_IN_SECONDS );
 		} else {
 			delete_option( 'mastodon_api_debug_mode' );
 		}
-		if ( isset( $_POST['mastodon_api_auto_app_reregister'] ) ) {
+		if ( isset( $_POST['mastodon_api_auto_app_reregister'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
 			update_option( 'mastodon_api_auto_app_reregister', true );
 		} else {
 			delete_option( 'mastodon_api_auto_app_reregister' );
@@ -162,8 +164,10 @@ public function admin_tester_page() {
 	}
 
 	public function process_admin_registered_apps_page() {
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['delete-code'] ) ) {
-			$deleted = $this->oauth->get_code_storage()->expireAuthorizationCode( $_POST['delete-code'] );
+			 // phpcs:ignore WordPress.Security.NonceVerification.Missing
+			$deleted = $this->oauth->get_code_storage()->expireAuthorizationCode( sanitize_text_field( wp_unslash( $_POST['delete-code'] ) ) );
 			add_settings_error(
 				'enable-mastodon-apps',
 				'deleted-codes',
@@ -177,8 +181,10 @@ public function process_admin_registered_apps_page() {
 			return;
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['delete-token'] ) ) {
-			$deleted = $this->oauth->get_token_storage()->unsetAccessToken( $_POST['delete-token'] );
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing
+			$deleted = $this->oauth->get_token_storage()->unsetAccessToken( sanitize_text_field( wp_unslash( $_POST['delete-token'] ) ) );
 			add_settings_error(
 				'enable-mastodon-apps',
 				'deleted-tokens',
@@ -192,8 +198,10 @@ public function process_admin_registered_apps_page() {
 			return;
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['delete-app'] ) ) {
-			$deleted = Mastodon_App::get_by_client_id( $_POST['delete-app'] )->delete();
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing
+			$deleted = Mastodon_App::get_by_client_id( sanitize_text_field( wp_unslash( $_POST['delete-app'] ) ) )->delete();
 			add_settings_error(
 				'enable-mastodon-apps',
 				'deleted-apps',
@@ -207,8 +215,10 @@ public function process_admin_registered_apps_page() {
 			return;
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['clear-app-logs'] ) ) {
-			$deleted = Mastodon_App::get_by_client_id( $_POST['clear-app-logs'] )->delete_last_requests();
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing
+			$deleted = Mastodon_App::get_by_client_id( sanitize_text_field( wp_unslash( $_POST['clear-app-logs'] ) ) )->delete_last_requests();
 			if ( $deleted ) {
 				add_settings_error(
 					'enable-mastodon-apps',
@@ -226,12 +236,13 @@ public function process_admin_registered_apps_page() {
 			}
 			return;
 		}
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['clear-all-app-logs'] ) ) {
 			$total_deleted = 0;
 			foreach ( Mastodon_App::get_all() as $app ) {
 				$deleted = $app->delete_last_requests();
 				if ( $deleted ) {
-					$total_deleted += 1;
+					++$total_deleted;
 				}
 			}
 			if ( $total_deleted ) {
@@ -256,15 +267,16 @@ public function process_admin_registered_apps_page() {
 			return;
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['delete-outdated'] ) ) {
-			$apps = Mastodon_App::get_all();
+			$apps    = Mastodon_App::get_all();
 			$deleted = OAuth2\Access_Token_Storage::cleanupOldTokens();
 			if ( ! $deleted ) {
 				$deleted = 0;
 			}
 			foreach ( OAuth2\Access_Token_Storage::getAll() as $token => $data ) {
 				if ( ! isset( $apps[ $data['client_id'] ] ) ) {
-					$deleted += 1;
+					++$deleted;
 					$this->oauth->get_token_storage()->unsetAccessToken( $token );
 				}
 			}
@@ -287,7 +299,7 @@ public function process_admin_registered_apps_page() {
 			}
 			foreach ( OAuth2\Authorization_Code_Storage::getAll() as $code => $data ) {
 				if ( ! isset( $apps[ $data['client_id'] ] ) ) {
-					$deleted += 1;
+					++$deleted;
 					$this->oauth->get_code_storage()->expireAuthorizationCode( $code );
 				}
 			}
@@ -321,11 +333,12 @@ public function process_admin_registered_apps_page() {
 			return;
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['delete-never-used'] ) ) {
 			$deleted = 0;
 			foreach ( Mastodon_App::get_all() as $app ) {
 				if ( ! $app->get_last_used() ) {
-					$deleted += 1;
+					++$deleted;
 					$app->delete();
 				}
 			}
@@ -345,7 +358,7 @@ public function process_admin_registered_apps_page() {
 			foreach ( OAuth2\Access_Token_Storage::getAll() as $token => $data ) {
 				if ( empty( $data['last_used'] ) ) {
 					if ( $this->oauth->get_token_storage()->unsetAccessToken( $token ) ) {
-						$deleted += 1;
+						++$deleted;
 					}
 				}
 			}
@@ -363,6 +376,7 @@ public function process_admin_registered_apps_page() {
 			return;
 		}
 
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['delete-apps-without-tokens'] ) ) {
 			$app_tokens = array();
 			foreach ( OAuth2\Access_Token_Storage::getAll() as $token => $data ) {
@@ -374,7 +388,7 @@ public function process_admin_registered_apps_page() {
 			$deleted = 0;
 			foreach ( Mastodon_App::get_all() as $app ) {
 				if ( empty( $app_tokens[ $app->get_client_id() ] ) ) {
-					$deleted += 1;
+					++$deleted;
 					$app->delete();
 				}
 			}
@@ -391,8 +405,10 @@ public function process_admin_registered_apps_page() {
 			);
 			return;
 		}
+		// phpcs:disable WordPress.Security.NonceVerification.Missing
 		if ( isset( $_POST['app_post_formats'] ) && is_array( $_POST['app_post_formats'] ) ) {
-			foreach ( $_POST['app_post_formats'] as $client_id => $post_formats ) {
+			// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+			foreach ( wp_unslash( $_POST['app_post_formats'] ) as $client_id => $post_formats ) {
 				$post_formats = array_filter(
 					$post_formats,
 					function ( $post_format ) {
@@ -464,7 +480,7 @@ function ( $a, $b ) {
 	public function process_admin_app_page( Mastodon_App $app ) {
 
 		if ( isset( $_POST['delete-app'] ) && $_POST['delete-app'] === $app->get_client_id() ) {
-			$name = $app->get_client_name();
+			$name    = $app->get_client_name();
 			$deleted = $app->delete();
 			if ( $deleted ) {
 				$message = sprintf(
@@ -487,7 +503,7 @@ public function process_admin_app_page( Mastodon_App $app ) {
 		}
 
 		if ( isset( $_POST['delete-token'] ) ) {
-			$deleted = $this->oauth->get_token_storage()->unsetAccessToken( $_POST['delete-token'] );
+			$deleted = $this->oauth->get_token_storage()->unsetAccessToken( sanitize_text_field( wp_unslash( $_POST['delete-token'] ) ) );
 			add_settings_error(
 				'enable-mastodon-apps',
 				'deleted-tokens',
@@ -524,7 +540,7 @@ public function process_admin_app_page( Mastodon_App $app ) {
 		$post_formats = array();
 		if ( isset( $_POST['post_formats'] ) && is_array( $_POST['post_formats'] ) ) {
 			$post_formats = array_filter(
-				$_POST['post_formats'],
+				wp_unslash( $_POST['post_formats'] ),
 				function ( $post_format ) {
 					if ( ! in_array( $post_format, get_post_format_slugs(), true ) ) {
 						return false;
@@ -545,15 +561,16 @@ function ( $post_type ) {
 			)
 		);
 
-		if ( isset( $_POST['create_post_type'] ) && $_POST['create_post_type'] ) {
-			if ( isset( $post_types[ $_POST['create_post_type'] ] ) ) {
-				$app->set_create_post_type( $_POST['create_post_type'] );
+		if ( isset( $_POST['create_post_type'] ) ) {
+			$create_post_type = sanitize_text_field( wp_unslash( $_POST['create_post_type'] ) );
+			if ( isset( $post_types[ $create_post_type ] ) ) {
+				$app->set_create_post_type( $create_post_type );
 			}
 		}
 
 		if ( isset( $_POST['view_post_types'] ) && is_array( $_POST['view_post_types'] ) ) {
 			$view_post_types = array();
-			foreach ( $_POST['view_post_types'] as $post_type ) {
+			foreach ( wp_unslash( $_POST['view_post_types'] ) as $post_type ) {
 				if ( isset( $post_types[ $post_type ] ) ) {
 					$view_post_types[ $post_type ] = true;
 				}