Allow some HTML tags in notices, show error if nonce failed and lites…

…peed plugin is active
stellarwp · Jun 24, 2024 · d8b9855 · d8b9855
1 parent 775b54f
commit d8b9855
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 5 deletions.
diff --git a/src/Uplink/Auth/Admin/Connect_Controller.php b/src/Uplink/Auth/Admin/Connect_Controller.php
@@ -94,6 +94,21 @@ public function maybe_store_token_data(): void {
 		}
 
 		if ( ! Nonce::verify( $args[ self::NONCE ] ?? '' ) ) {
+			if ( ! function_exists( 'is_plugin_active' ) ) {
+				require_once( ABSPATH . 'wp-admin/includes/plugin.php' );
+			}
+
+			// The Litespeed plugin allows completely disabling transients for some reason...
+			if ( is_plugin_active( 'litespeed-cache/litespeed-cache.php' ) ) {
+				$this->notice->add( new Notice( Notice::ERROR,
+					sprintf(
+						__( 'The Litespeed plugin was detected, ensure "Store Transients" is set to ON and try again. See the <a href="%s" target="_blank">Litespeed documentation</a> for more information.', '%TEXTDOMAIN%' ),
+						esc_url( 'https://docs.litespeedtech.com/lscache/lscwp/cache/#store-transients' )
+					),
+					true
+				) );
+			}
+
 			$this->notice->add( new Notice( Notice::ERROR,
 				__( 'Unable to save token data: nonce verification failed.', '%TEXTDOMAIN%' ),
 				true

diff --git a/src/Uplink/Notice/Notice_Controller.php b/src/Uplink/Notice/Notice_Controller.php
@@ -3,6 +3,7 @@
 namespace StellarWP\Uplink\Notice;
 
 use StellarWP\Uplink\Components\Controller;
+use StellarWP\Uplink\View\Exceptions\FileNotFoundException;
 
 /**
  * Renders a notice.
@@ -22,6 +23,8 @@ final class Notice_Controller extends Controller {
 	 *
 	 * @param  array{type?: string, message?: string, dismissible?: bool, alt?: bool, large?: bool}  $args The notice.
 	 *
+	 * @throws FileNotFoundException If the view is not found.
+	 *
 	 * @return void
 	 */
 	public function render( array $args = [] ): void {
@@ -34,8 +37,27 @@ public function render( array $args = [] ): void {
 		];
 
 		echo $this->view->render( self::VIEW, [
-			'message' => $args['message'],
-			'classes' => $this->classes( $classes )
+			'message'           => $args['message'],
+			'classes'           => $this->classes( $classes ),
+			'allowed_tags'      => [
+				'a'      => [
+					'href',
+					'title',
+					'target',
+					'rel',
+				],
+				'br'     => [],
+				'code'   => [],
+				'em'     => [],
+				'pre'    => [],
+				'span'   => [],
+				'strong' => [],
+			],
+			'allowed_protocols' => [
+				'http',
+				'https',
+				'mailto',
+			],
 		] );
 	}
 

diff --git a/src/views/admin/notice.php b/src/views/admin/notice.php
@@ -4,12 +4,14 @@
  *
  * @see \StellarWP\Uplink\Notice\Notice_Controller
  *
- * @var string $message The message to display.
- * @var string $classes The CSS classes for the notice.
+ * @var string               $message           The message to display.
+ * @var string               $classes           The CSS classes for the notice.
+ * @var array<string, mixed> $allowed_tags      The allowed HTML tags for wp_kses().
+ * @var string[]             $allowed_protocols The allowed protocols for wp_kses().
  */
 
 defined( 'ABSPATH' ) || exit;
 ?>
 <div class="<?php echo esc_attr( $classes ) ?>">
-	<p><?php echo esc_html( $message ) ?></p>
+	<p><?php echo wp_kses( $message, $allowed_tags, $allowed_protocols ) ?></p>
 </div>