Additional Code quality improvements (2)

includes/Abstracts/AbstractRestController.php

@@ -29,6 +29,7 @@
 use IdeoLogix\DigitalLicenseManager\Database\Models\ApiKey;
 use IdeoLogix\DigitalLicenseManager\Database\Repositories\ApiKeys;
 use IdeoLogix\DigitalLicenseManager\Enums\LicenseStatus;
+use IdeoLogix\DigitalLicenseManager\Utils\HttpHelper;
 use IdeoLogix\DigitalLicenseManager\Utils\JsonFormatter;
 use IdeoLogix\DigitalLicenseManager\Utils\StringHasher;
 use WP_Error;
@@ -66,8 +67,7 @@ abstract class AbstractRestController extends WP_REST_Controller {
 	 * @return WP_REST_Response
 	 */
 	protected function response( $success, $data, $code = 200, $route = '' ) {
-		$req_method = isset( $_SERVER['REQUEST_METHOD'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_METHOD'] ) ) : '';
-		return new WP_REST_Response( array( 'success' => $success, 'data' => apply_filters( 'dlm_rest_api_pre_response', $data, $req_method, $route ) ), $code );
+		return new WP_REST_Response( array( 'success' => $success, 'data' => apply_filters( 'dlm_rest_api_pre_response', $data, HttpHelper::requestMethod(), $route ) ), $code );
 	}
 
 	/**

includes/Controllers/ApiKeys.php

@@ -55,7 +55,7 @@ public function __construct() {
 	 * @return void
 	 */
 	public function handle() {
-		$action = sanitize_text_field( wp_unslash( $_POST['dlm_action'] ) );
+		$action = isset( $_POST['dlm_action'] ) ? sanitize_text_field( wp_unslash( $_POST['dlm_action'] ) ) : '';
 
 		switch ( $action ) {
 			case 'edit':
@@ -102,7 +102,7 @@ private function edit( $id ) {
 
 		// Set the correct permissions from the form
 		if ( in_array( $_POST['permissions'], array( 'read', 'write', 'read_write' ) ) ) {
-			$permissions = sanitize_text_field( $_POST['permissions'] );
+			$permissions = sanitize_text_field( wp_unslash( $_POST['permissions'] ) );
 		}
 
 		// Check if current user can edit other users
@@ -121,7 +121,7 @@ private function edit( $id ) {
 			$id,
 			array(
 				'user_id'     => $userId,
-				'endpoints'   => JsonFormatter::encode( $_POST['endpoints'] ),
+				'endpoints'   => JsonFormatter::encode( array_map( 'sanitize_text_field', wp_unslash( $_POST['endpoints'] ) ) ),
 				'description' => $description,
 				'permissions' => $permissions
 			)
@@ -171,7 +171,7 @@ private function create() {
 
 		// Set the correct permissions from the form
 		if ( in_array( $_POST['permissions'], array( 'read', 'write', 'read_write' ) ) ) {
-			$permissions = sanitize_text_field( $_POST['permissions'] );
+			$permissions = sanitize_text_field( wp_unslash( $_POST['permissions'] ) );
 		}
 
 		// Check if current user can edit other users
@@ -195,7 +195,7 @@ private function create() {
 				'user_id'         => $userId,
 				'description'     => $description,
 				'permissions'     => $permissions,
-				'endpoints'       => JsonFormatter::encode( $_POST['endpoints'] ),
+				'endpoints'       => JsonFormatter::encode( array_map( 'sanitize_text_field', wp_unslash( $_POST['endpoints'] ) ) ),
 				'consumer_key'    => StringHasher::make( $consumerKey ),
 				'consumer_secret' => $consumerSecret,
 				'truncated_key'   => substr( $consumerKey, - 7 ),

includes/Controllers/Dropdowns.php

@@ -71,7 +71,7 @@ public function dropdownSearch() {
 			wp_die();
 		}
 
-		$type    = (string) sanitize_text_field( wp_unslash( $_REQUEST['type'] ) );
+		$type    = isset( $_REQUEST['type'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['type'] ) ) : '';
 		$page    = 1;
 		$limit   = 6;
 		$results = array();

includes/Controllers/Frontend.php

@@ -54,8 +54,8 @@ public function handle_licenses_check() {
 			exit;
 		}
 
-		$licenseKey = isset( $_POST['licenseKey'] ) ? sanitize_text_field( $_POST['licenseKey'] ) : '';
-		$email      = isset( $_POST['email'] ) ? sanitize_text_field( $_POST['email'] ) : '';
+		$licenseKey = isset( $_POST['licenseKey'] ) ? sanitize_text_field( wp_unslash( $_POST['licenseKey'] ) ) : '';
+		$email      = isset( $_POST['email'] ) ? sanitize_text_field( wp_unslash(  $_POST['email'] ) ) : '';
 		$emailCheck = isset( $_POST['echeck'] ) ? (int) $_POST['echeck'] : 0;
 
 		$service = new LicensesService();

includes/Controllers/Generators.php

@@ -148,12 +148,12 @@ public function generate() {
 			HttpHelper::redirect( admin_url( sprintf( 'admin.php?page=%s&action=edit&id=%d', PageSlug::GENERATORS, $generatorId ) ) );
 		}
 
-		if ( array_key_exists( 'order_id', $_POST ) && $_POST['order_id'] ) {
-			$orderId = absint( $_POST['order_id'] );
+		if ( array_key_exists( 'order_id', $_POST ) && (int) $_POST['order_id'] ) {
+			$orderId = (int) $_POST['order_id'];
 		}
 
-		if ( array_key_exists( 'product_id', $_POST ) && $_POST['product_id'] ) {
-			$productId = absint( $_POST['product_id'] );
+		if ( array_key_exists( 'product_id', $_POST ) && (int) $_POST['product_id'] ) {
+			$productId = (int) $_POST['product_id'];
 		}
 
 		if ( $orderId && ! apply_filters( 'dlm_validate_order_id', true, $orderId ) ) {

includes/Controllers/Licenses.php

@@ -86,27 +86,15 @@ public function importLicenseKeys() {
 			HttpHelper::redirect( $backUrl );
 		}
 
-		$orderId     = null;
-		$productId   = null;
-		$userId      = null;
+		$orderId     = array_key_exists( 'order_id', $_POST ) && (int) $_POST['order_id'] > 0 ? (int) $_POST['order_id'] : null;
+		$productId   = array_key_exists( 'product_id', $_POST ) && (int) $_POST['product_id'] > 0 ? (int) $_POST['product_id'] : null;
+		$userId      = array_key_exists( 'user_id', $_POST ) && (int) $_POST['user_id'] > 0 ? (int) $_POST['user_id'] : null;
 		$status      = LicenseStatus::ACTIVE;
-		$source      = isset( $_POST['source'] ) ? sanitize_text_field( $_POST['source'] ) : 0;
+		$source      = isset( $_POST['source'] ) ? sanitize_text_field( wp_unslash( $_POST['source'] ) ) : '';
 		$licenseKeys = array();
 
-		if ( array_key_exists( 'order_id', $_POST ) && $_POST['order_id'] ) {
-			$orderId = intval( $_POST['order_id'] );
-		}
-
-		if ( array_key_exists( 'product_id', $_POST ) && $_POST['product_id'] ) {
-			$productId = intval( $_POST['product_id'] );
-		}
-
-		if ( array_key_exists( 'user_id', $_POST ) && $_POST['user_id'] ) {
-			$userId = intval( $_POST['user_id'] );
-		}
-
-		if ( array_key_exists( 'status', $_POST ) && $_POST['status'] && in_array( $_POST['status'], LicenseStatus::$status ) ) {
-			$status = intval( $_POST['status'] );
+		if ( array_key_exists( 'status', $_POST ) && (int) $_POST['status'] && in_array( (int) $_POST['status'], LicenseStatus::$status ) ) {
+			$status = (int) $_POST['status'];
 		}
 
 		if ( $source === 'file' ) {
@@ -150,7 +138,7 @@ public function importLicenseKeys() {
 		$message  = '';
 		$callback = '';
 
-		$result['added'] = count($result['licenses']);
+		$result['added'] = count( $result['licenses'] );
 
 		if ( $result['failed'] == 0 && $result['added'] == 0 ) {
 			$callback = 'error';
@@ -197,7 +185,7 @@ public function createLicenseKey() {
 			NoticeFlasher::error( __( 'Permission denied. You don\'t have access to perform this action.', 'digital-license-manager' ) );
 			HttpHelper::redirect( sprintf( 'admin.php?page=%s', PageSlug::LICENSES ) );
 		} else {
-			$licenseKey  = isset( $_POST['license_key'] ) ? sanitize_text_field( $_POST['license_key'] ) : '';
+			$licenseKey  = isset( $_POST['license_key'] ) ? sanitize_text_field( wp_unslash( $_POST['license_key'] ) ) : '';
 			$licenseData = ArrayUtil::only( $_POST, array(
 				'license_key',
 				'status',
@@ -276,12 +264,12 @@ public function showLicenseKey() {
 			wp_die();
 		}
 
-		if ( $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
+		if ( 'POST' !== HttpHelper::requestMethod() ) {
 			wp_die( __( 'Invalid request.', 'digital-license-manager' ) );
 		}
 
 		/** @var License $license */
-		$license = LicensesRepository::instance()->findBy( array( 'id' => intval( $_POST['id'] ) ) );
+		$license = LicensesRepository::instance()->findBy( array( 'id' => isset( $_POST['id'] ) ? intval( $_POST['id'] ) : 0 ) );
 
 		$decrypted = $license->getDecryptedLicenseKey();
 		if ( is_wp_error( $decrypted ) ) {
@@ -305,13 +293,14 @@ public function showAllLicenseKeys() {
 			wp_die();
 		}
 
-		if ( $_SERVER['REQUEST_METHOD'] != 'POST' ) {
+		if ( 'POST' != HttpHelper::requestMethod() ) {
 			wp_die( __( 'Invalid request.', 'digital-license-manager' ) );
 		}
 
-		$licenseKeysIds = array();
+		$licenseKeysIds     = array();
+		$licenseKeyIdsInput = ! empty( $_POST['ids'] ) ? array_map( 'absint', json_decode( wp_unslash( $_POST['ids'] ), true ) ) : [];
 
-		foreach ( json_decode( $_POST['ids'] ) as $licenseKeyId ) {
+		foreach ( $licenseKeyIdsInput as $licenseKeyId ) {
 			$licenseKeyId = intval( $licenseKeyId );
 			/** @var License $license */
 			$license = LicensesRepository::instance()->find( $licenseKeyId );
@@ -334,10 +323,22 @@ public function showAllLicenseKeys() {
 	 * @return array|false|null
 	 */
 	public function parseImportFile() {
+
+		if ( empty( $_FILES['file'] ) ) {
+			NoticeFlasher::error( __( 'File not uploaded. Upload TXT and CSV to proceed.', 'digital-license-manager' ) );
+			HttpHelper::redirect(
+				sprintf(
+					'admin.php?page=%s&action=import',
+					PageSlug::LICENSES
+				)
+			);
+			exit();
+		}
+
 		$tmp_file             = 'import.tmp';
 		$duplicateLicenseKeys = array();
 		$licenseKeys          = null;
-		$ext                  = pathinfo( $_FILES['file']['name'], PATHINFO_EXTENSION );
+		$ext                  = pathinfo( sanitize_text_field( $_FILES['file']['name'] ), PATHINFO_EXTENSION );
 		$mimes                = array( 'application/vnd.ms-excel', 'text/plain', 'text/csv', 'text/tsv' );
 		$fileName             = $_FILES['file']['tmp_name'];
 		$uploads              = wp_upload_dir( null, false );
@@ -431,7 +432,8 @@ public function parseImportFile() {
 	 * @return array|false|string[]
 	 */
 	public function parseImportClipboard() {
-		$data = preg_split( '/[\r\n]+/', $_POST['clipboard'] );
+
+		$data = ! empty( $_POST['clipboard'] ) ? preg_split( '/[\r\n]+/', wp_unslash( $_POST['clipboard'] ) ) : [];
 		if ( ! empty( $data ) ) {
 			$data = array_map( 'sanitize_text_field', $data );
 		}
@@ -639,15 +641,8 @@ public function exportLicensesForm() {
 			$errors[] = __( 'Permission denied. You don\'t have access to this resource.', 'digital-license-manager' );
 		}
 
-		$list    = isset( $_POST['dlm_export_licenses'] ) && ! empty( $_POST['dlm_export_licenses'] ) ? explode( ',', $_POST['dlm_export_licenses'] ) : array();
-		$columns = isset( $_POST['dlm_export_columns'] ) && ! empty( $_POST['dlm_export_columns'] ) ? $_POST['dlm_export_columns'] : array();
-
-		if ( ! empty( $list ) ) {
-			$list = array_map( 'intval', $list );
-		}
-		if ( ! empty( $columns ) ) {
-			$columns = array_map( 'sanitize_text_field', $_POST['dlm_export_columns'] );
-		}
+		$list    = ! empty( $_POST['dlm_export_licenses'] ) ? array_map( 'intval', explode( ',', $_POST['dlm_export_licenses'] ) ) : array();
+		$columns = ! empty( $_POST['dlm_export_columns'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['dlm_export_columns'] ) ) : array();
 
 		if ( empty( $list ) ) {
 			$errors[] = __( 'No licenses were selected.', 'digital-license-manager' );

includes/Controllers/Menus.php

@@ -424,7 +424,7 @@ protected function getCurrentAction( $default ) {
 			return $action;
 		}
 
-		return sanitize_text_field( $_GET['action'] );
+		return sanitize_text_field( wp_unslash( $_GET['action'] ) );
 	}
 
 }

includes/Controllers/Settings.php

@@ -353,7 +353,7 @@ public function renderTab( $tab ) {
 	 */
 	public function render() {
 
-		$currentTab = isset( $_GET['tab'] ) ? sanitize_text_field( $_GET['tab'] ) : 'general';
+		$currentTab = isset( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : 'general';
 
 		if ( $currentTab == 'rest_api' ) {
 			// Add screen option.
@@ -566,8 +566,8 @@ public function handleToolProcess() {
 
 			$this->loadTools();
 
-			$tool_slug = isset( $_POST['tool'] ) ? sanitize_text_field( $_POST['tool'] ) : null;
-			$tool_id   = isset( $_POST['id'] ) ? sanitize_text_field( $_POST['id'] ) : null;
+			$tool_slug = isset( $_POST['tool'] ) ? sanitize_text_field( wp_unslash( $_POST['tool'] ) ) : null;
+			$tool_id   = isset( $_POST['id'] ) ? sanitize_text_field( wp_unslash( $_POST['id'] ) ) : null;
 			if ( is_null( $tool_slug ) || ! isset( $this->tools[ $tool_slug ] ) ) {
 				wp_send_json_error( [ 'message' => __( 'Unknown tool selected.' ) ] );
 				exit;

includes/Integrations/WooCommerce/Activations.php

@@ -92,7 +92,7 @@ public function handleLicenseActivationActions() {
 
 		if ( isset( $_POST['license_activation_delete'] ) && (int) $_POST['license_activation_delete'] ) {
 
-			$token   = isset( $_POST['activation'] ) && ! empty( $_POST['activation'] ) ? sanitize_text_field( $_POST['activation'] ) : null;
+			$token   = isset( $_POST['activation'] ) && ! empty( $_POST['activation'] ) ? sanitize_text_field( wp_unslash( $_POST['activation'] ) ) : null;
 			$service = new LicensesService();
 
 			$result = false;
@@ -101,11 +101,11 @@ public function handleLicenseActivationActions() {
 			}
 
 			if ( isset( $_POST['license'] ) ) {
-				$licenseKey = isset( $_POST['license'] ) ? sanitize_text_field( $_POST['license'] ) : null;
+				$licenseKey = isset( $_POST['license'] ) ? sanitize_text_field( wp_unslash( $_POST['license'] ) ) : null;
 				$license    = $service->find( $licenseKey );
 				$licenseId  = is_wp_error( $license ) ? '' : $license->getId();
 			} else {
-				$licenseId = isset( $_POST['license_id'] ) ? sanitize_text_field( $_POST['license_id'] ) : null;
+				$licenseId = isset( $_POST['license_id'] ) ? intval( $_POST['license_id'] ) : null;
 			}
 
 			if ( is_wp_error( $result ) ) {
@@ -132,13 +132,13 @@ public function handleManualLicenseActivation() {
 
 		$service      = new LicensesService();
 		if ( isset( $_POST['license'] ) ) {
-			$licenseKey = isset( $_POST['license'] ) ? sanitize_text_field( $_POST['license'] ) : null;
+			$licenseKey = isset( $_POST['license'] ) ? sanitize_text_field( wp_unslash( $_POST['license'] ) ) : null;
 			$license    = $service->find( $licenseKey );
 		} else {
-			$licenseId = isset( $_POST['license_id'] ) ? sanitize_text_field( $_POST['license_id'] ) : null;
+			$licenseId = isset( $_POST['license_id'] ) ? intval( $_POST['license_id'] ) : null;
 			$license   = $service->findById( $licenseId );
 		}
-		$licenseLabel = isset( $_POST['label'] ) ? sanitize_text_field( $_POST['label'] ) : null;
+		$licenseLabel = isset( $_POST['label'] ) ? sanitize_text_field( wp_unslash( $_POST['label'] ) ) : null;
 
 		if ( is_wp_error( $license ) ) {
 			$this->addNotice( 'error', $license->get_error_message() );

includes/Integrations/WooCommerce/Certificates.php

@@ -58,7 +58,7 @@ public function handleAdditionalAccountActions( $action ) {
 
 		$licenseService = new LicensesService();
 
-		$licenseKey = isset( $_POST['license'] ) ? sanitize_text_field( $_POST['license'] ) : null;
+		$licenseKey = isset( $_POST['license'] ) ? sanitize_text_field( wp_unslash(  $_POST['license'] ) ) : null;
 		$license    = $licenseService->find( $licenseKey );
 
 		$this->generateCertificatePDF( $license );

includes/Integrations/WooCommerce/MyAccount.php

@@ -30,6 +30,7 @@
 use IdeoLogix\DigitalLicenseManager\Database\Models\License;
 use IdeoLogix\DigitalLicenseManager\Database\Repositories\Licenses;
 use IdeoLogix\DigitalLicenseManager\Settings;
+use IdeoLogix\DigitalLicenseManager\Utils\HttpHelper;
 
 defined( 'ABSPATH' ) || exit;
 
@@ -87,17 +88,17 @@ public function handleAccountActions() {
 			return;
 		}
 
-		if ( ! isset( $_SERVER['REQUEST_METHOD'] ) || $_SERVER['REQUEST_METHOD'] !== 'POST' ) {
+		if ( 'POST' != HttpHelper::requestMethod() ) {
 			return;
 		}
 
-		$action              = isset( $_POST['dlm_action'] ) ? sanitize_text_field( $_POST['dlm_action'] ) : '';
+		$action              = isset( $_POST['dlm_action'] ) ? sanitize_text_field( wp_unslash( $_POST['dlm_action'] ) ) : '';
 		$whitelisted_actions = apply_filters( 'dlm_myaccount_whitelisted_actions', array() );
 		if ( empty( $whitelisted_actions ) || ! in_array( $action, $whitelisted_actions ) ) {
 			return;
 		}
 
-		$nonce = isset( $_POST['dlm_nonce'] ) ? sanitize_text_field( $_POST['dlm_nonce'] ) : '';
+		$nonce = isset( $_POST['dlm_nonce'] ) ? sanitize_key( $_POST['dlm_nonce'] ) : '';
 		if ( ! wp_verify_nonce( $nonce, 'dlm_account' ) ) {
 			wp_die( 'Link has expired. Please try again later.', 'digital-license-manager' );
 		}

includes/Integrations/WooCommerce/Products.php

@@ -178,11 +178,11 @@ public function productSave( $postId ) {
 		$product->update_meta_data( 'dlm_licensed_product_delivered_quantity', $deliveredQuantity ? $deliveredQuantity : 1 );
 
 		// Update the licenses source, according to field.
-		$licensesSource = ! empty( $_POST['dlm_licensed_product_licenses_source'] ) ? sanitize_text_field( $_POST['dlm_licensed_product_licenses_source'] ) : 'stock';
+		$licensesSource = ! empty( $_POST['dlm_licensed_product_licenses_source'] ) ? sanitize_text_field( wp_unslash( $_POST['dlm_licensed_product_licenses_source'] ) ) : 'stock';
 		$product->update_meta_data( 'dlm_licensed_product_licenses_source', $licensesSource );
 
 		// Update the max activations behavor, according to field
-		$maxActivationsBehavior = ! empty( $_POST['dlm_licensed_product_activations_behavior'] ) ? sanitize_text_field( $_POST['dlm_licensed_product_activations_behavior'] ) : 'standard';
+		$maxActivationsBehavior = ! empty( $_POST['dlm_licensed_product_activations_behavior'] ) ? sanitize_text_field( wp_unslash( $_POST['dlm_licensed_product_activations_behavior'] ) ) : 'standard';
 		$product->update_meta_data( 'dlm_licensed_product_activations_behavior', $maxActivationsBehavior );
 
 
@@ -269,7 +269,7 @@ public function variableProductSave( $variationId, $i ) {
 		$variation->update_meta_data( 'dlm_licensed_product_delivered_quantity', $deliveredQuantity ? $deliveredQuantity : 1 );
 
 		// Update the licenses source, according to field.
-		$licensesSource = ! empty( $_POST['dlm_licensed_product_licenses_source'][ $i ] ) ? sanitize_text_field( $_POST['dlm_licensed_product_licenses_source'][ $i ] ) : 'stock';
+		$licensesSource = ! empty( $_POST['dlm_licensed_product_licenses_source'][ $i ] ) ? sanitize_text_field( wp_unslash( $_POST['dlm_licensed_product_licenses_source'][ $i ] ) ) : 'stock';
 		$variation->update_meta_data( 'dlm_licensed_product_licenses_source', $licensesSource );
 
 		// Update the assigned generator id, according to select field.

includes/ListTables/Activations.php

@@ -119,9 +119,9 @@ private function getRecordsQuery( $status = '', $count = false ) {
 
 		// Applies the view filter
 		if ( ! empty( $status ) || $this->isViewFilterActive() ) {
-			if ( empty( $status ) ) {
-				$status = sanitize_text_field( $_GET['status'] );
-			}
+
+			$status = empty( $status ) && ! empty( $_GET['status'] ) ? sanitize_text_field( wp_unslash( $_GET['status'] ) ) : '';
+
 			if ( 'inactive' === $status ) {
 				$where['deactivated_at'] = [
 					'operator' => "IS",