From c6d87fb57300e7e4bc8df4c260354c25ed231425 Mon Sep 17 00:00:00 2001 From: Sander van Dragt Date: Thu, 5 Dec 2019 15:35:40 +0000 Subject: [PATCH 1/5] VIP linter fixes. --- inc/fields/class-shortcode-ui-field-post-select.php | 11 ++++++++--- inc/fields/class-shortcode-ui-field-term-select.php | 11 ++++++++--- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/inc/fields/class-shortcode-ui-field-post-select.php b/inc/fields/class-shortcode-ui-field-post-select.php index d2b95797..78f16959 100644 --- a/inc/fields/class-shortcode-ui-field-post-select.php +++ b/inc/fields/class-shortcode-ui-field-post-select.php @@ -93,6 +93,8 @@ public function action_wp_ajax_shortcode_ui_post_field() { $nonce = isset( $_GET['nonce'] ) ? sanitize_text_field( $_GET['nonce'] ) : null; $requested_shortcode = isset( $_GET['shortcode'] ) ? sanitize_text_field( $_GET['shortcode'] ) : null; $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; + $include = isset( $_GET['include']) ? $_GET['input'] : array(); + $response = array( 'items' => array(), @@ -136,9 +138,12 @@ public function action_wp_ajax_shortcode_ui_post_field() { $query_args['s'] = sanitize_text_field( $_GET['s'] ); } - if ( ! empty( $_GET['include'] ) ) { - $post__in = is_array( $_GET['include'] ) ? $_GET['include'] : explode( ',', $_GET['include'] ); - $query_args['post__in'] = array_map( 'intval', $post__in ); + if ( ! empty( $include ) ) { + $post__in = is_array( $include ) ? $include : (array) explode( ',', sanitize_text_field( $include ) ); + $post__in = array_map( 'intval', $post__in ); + unset( $include ); + + $query_args['post__in'] = $post__in; $query_args['orderby'] = 'post__in'; $query_args['ignore_sticky_posts'] = true; } diff --git a/inc/fields/class-shortcode-ui-field-term-select.php b/inc/fields/class-shortcode-ui-field-term-select.php index 075cb85c..f21eab49 100644 --- a/inc/fields/class-shortcode-ui-field-term-select.php +++ b/inc/fields/class-shortcode-ui-field-term-select.php @@ -99,11 +99,13 @@ public function output_templates() { */ public function action_wp_ajax_shortcode_ui_term_field() { + $args = array(); $nonce = isset( $_GET['nonce'] ) ? sanitize_text_field( $_GET['nonce'] ) : null; $requested_shortcode = isset( $_GET['shortcode'] ) ? sanitize_text_field( $_GET['shortcode'] ) : null; $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; $page = isset( $_GET['page'] ) ? absint( $_GET['page'] ) : null; $search = isset( $_GET['s'] ) ? sanitize_text_field( $_GET['s'] ) : ''; + $include = isset( $_GET['include']) ? $_GET['input'] : array(); $response = array( 'items' => array(), @@ -142,10 +144,13 @@ public function action_wp_ajax_shortcode_ui_term_field() { $args['hide_empty'] = false; $args['number'] = 10; - if ( ! empty( $_GET['include'] ) ) { - $term__in = is_array( $_GET['include'] ) ? $_GET['include'] : explode( ',', $_GET['include'] ); + if ( ! empty( $include ) ) { + $term__in = is_array( $include ) ? $include : (array) explode( ',', sanitize_text_field( $include ) ); + $term__in = array_map( 'intval', $term__in ); + unset( $include ); + $args['number'] = count( $term__in ); - $args['include'] = array_map( 'intval', $term__in ); + $args['include'] = $term__in; $args['orderby'] = 'tag__in'; } From 9ac4bd04082080d8cef671394fa2bddc82257dbe Mon Sep 17 00:00:00 2001 From: Sander van Dragt Date: Thu, 5 Dec 2019 16:06:44 +0000 Subject: [PATCH 2/5] correct variable. --- inc/fields/class-shortcode-ui-field-post-select.php | 2 +- inc/fields/class-shortcode-ui-field-term-select.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/fields/class-shortcode-ui-field-post-select.php b/inc/fields/class-shortcode-ui-field-post-select.php index 78f16959..ecfbce60 100644 --- a/inc/fields/class-shortcode-ui-field-post-select.php +++ b/inc/fields/class-shortcode-ui-field-post-select.php @@ -93,7 +93,7 @@ public function action_wp_ajax_shortcode_ui_post_field() { $nonce = isset( $_GET['nonce'] ) ? sanitize_text_field( $_GET['nonce'] ) : null; $requested_shortcode = isset( $_GET['shortcode'] ) ? sanitize_text_field( $_GET['shortcode'] ) : null; $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; - $include = isset( $_GET['include']) ? $_GET['input'] : array(); + $include = isset( $_GET['include'] ) ? $_GET['include'] : array(); $response = array( diff --git a/inc/fields/class-shortcode-ui-field-term-select.php b/inc/fields/class-shortcode-ui-field-term-select.php index f21eab49..768862bd 100644 --- a/inc/fields/class-shortcode-ui-field-term-select.php +++ b/inc/fields/class-shortcode-ui-field-term-select.php @@ -105,7 +105,7 @@ public function action_wp_ajax_shortcode_ui_term_field() { $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; $page = isset( $_GET['page'] ) ? absint( $_GET['page'] ) : null; $search = isset( $_GET['s'] ) ? sanitize_text_field( $_GET['s'] ) : ''; - $include = isset( $_GET['include']) ? $_GET['input'] : array(); + $include = isset( $_GET['include'] ) ? $_GET['include'] : array(); $response = array( 'items' => array(), From e4627f855cc3538272b1f4387d76d36d33e20e3c Mon Sep 17 00:00:00 2001 From: Sander van Dragt Date: Fri, 6 Dec 2019 11:15:26 +0000 Subject: [PATCH 3/5] VIP Refix --- .../class-shortcode-ui-field-post-select.php | 13 +++++++------ .../class-shortcode-ui-field-term-select.php | 15 ++++++++------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/inc/fields/class-shortcode-ui-field-post-select.php b/inc/fields/class-shortcode-ui-field-post-select.php index ecfbce60..5d7a5cdb 100644 --- a/inc/fields/class-shortcode-ui-field-post-select.php +++ b/inc/fields/class-shortcode-ui-field-post-select.php @@ -93,8 +93,13 @@ public function action_wp_ajax_shortcode_ui_post_field() { $nonce = isset( $_GET['nonce'] ) ? sanitize_text_field( $_GET['nonce'] ) : null; $requested_shortcode = isset( $_GET['shortcode'] ) ? sanitize_text_field( $_GET['shortcode'] ) : null; $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; - $include = isset( $_GET['include'] ) ? $_GET['include'] : array(); + + $include = filter_input( INPUT_GET, 'include', FILTER_SANITIZE_NUMBER_INT, FILTER_REQUIRE_ARRAY ); + if ( ! is_array( $include ) ) { + $include = (array) explode( ',', filter_input( INPUT_GET, 'include', FILTER_SANITIZE_STRING ) ); + } + $include = array_map( 'intval', $include ); $response = array( 'items' => array(), @@ -139,11 +144,7 @@ public function action_wp_ajax_shortcode_ui_post_field() { } if ( ! empty( $include ) ) { - $post__in = is_array( $include ) ? $include : (array) explode( ',', sanitize_text_field( $include ) ); - $post__in = array_map( 'intval', $post__in ); - unset( $include ); - - $query_args['post__in'] = $post__in; + $query_args['post__in'] = $include; $query_args['orderby'] = 'post__in'; $query_args['ignore_sticky_posts'] = true; } diff --git a/inc/fields/class-shortcode-ui-field-term-select.php b/inc/fields/class-shortcode-ui-field-term-select.php index 768862bd..80b0831a 100644 --- a/inc/fields/class-shortcode-ui-field-term-select.php +++ b/inc/fields/class-shortcode-ui-field-term-select.php @@ -105,7 +105,12 @@ public function action_wp_ajax_shortcode_ui_term_field() { $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; $page = isset( $_GET['page'] ) ? absint( $_GET['page'] ) : null; $search = isset( $_GET['s'] ) ? sanitize_text_field( $_GET['s'] ) : ''; - $include = isset( $_GET['include'] ) ? $_GET['include'] : array(); + + $include = filter_input( INPUT_GET, 'include', FILTER_SANITIZE_NUMBER_INT, FILTER_REQUIRE_ARRAY ); + if ( ! is_array( $include ) ) { + $include = (array) explode( ',', filter_input( INPUT_GET, 'include', FILTER_SANITIZE_STRING ) ); + } + $include = array_map( 'intval', $include ); $response = array( 'items' => array(), @@ -145,12 +150,8 @@ public function action_wp_ajax_shortcode_ui_term_field() { $args['number'] = 10; if ( ! empty( $include ) ) { - $term__in = is_array( $include ) ? $include : (array) explode( ',', sanitize_text_field( $include ) ); - $term__in = array_map( 'intval', $term__in ); - unset( $include ); - - $args['number'] = count( $term__in ); - $args['include'] = $term__in; + $args['number'] = count( $include ); + $args['include'] = $include; $args['orderby'] = 'tag__in'; } From 13242363789e6eb1c84932756f686c21d44cc6fc Mon Sep 17 00:00:00 2001 From: Sander van Dragt Date: Fri, 6 Dec 2019 11:18:12 +0000 Subject: [PATCH 4/5] Remove extra blank lines --- inc/fields/class-shortcode-ui-field-post-select.php | 1 - 1 file changed, 1 deletion(-) diff --git a/inc/fields/class-shortcode-ui-field-post-select.php b/inc/fields/class-shortcode-ui-field-post-select.php index 5d7a5cdb..7cd1f769 100644 --- a/inc/fields/class-shortcode-ui-field-post-select.php +++ b/inc/fields/class-shortcode-ui-field-post-select.php @@ -93,7 +93,6 @@ public function action_wp_ajax_shortcode_ui_post_field() { $nonce = isset( $_GET['nonce'] ) ? sanitize_text_field( $_GET['nonce'] ) : null; $requested_shortcode = isset( $_GET['shortcode'] ) ? sanitize_text_field( $_GET['shortcode'] ) : null; $requested_attr = isset( $_GET['attr'] ) ? sanitize_text_field( $_GET['attr'] ) : null; - $include = filter_input( INPUT_GET, 'include', FILTER_SANITIZE_NUMBER_INT, FILTER_REQUIRE_ARRAY ); if ( ! is_array( $include ) ) { From 2a67c3a5c3d384254ce017498333aa0a4a920ceb Mon Sep 17 00:00:00 2001 From: Sander van Dragt Date: Fri, 6 Dec 2019 11:23:33 +0000 Subject: [PATCH 5/5] Compatibility with missing param --- inc/fields/class-shortcode-ui-field-post-select.php | 2 +- inc/fields/class-shortcode-ui-field-term-select.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/fields/class-shortcode-ui-field-post-select.php b/inc/fields/class-shortcode-ui-field-post-select.php index 7cd1f769..284b963b 100644 --- a/inc/fields/class-shortcode-ui-field-post-select.php +++ b/inc/fields/class-shortcode-ui-field-post-select.php @@ -98,7 +98,7 @@ public function action_wp_ajax_shortcode_ui_post_field() { if ( ! is_array( $include ) ) { $include = (array) explode( ',', filter_input( INPUT_GET, 'include', FILTER_SANITIZE_STRING ) ); } - $include = array_map( 'intval', $include ); + $include = array_filter( array_map( 'intval', $include ) ); $response = array( 'items' => array(), diff --git a/inc/fields/class-shortcode-ui-field-term-select.php b/inc/fields/class-shortcode-ui-field-term-select.php index 80b0831a..d43decd3 100644 --- a/inc/fields/class-shortcode-ui-field-term-select.php +++ b/inc/fields/class-shortcode-ui-field-term-select.php @@ -110,7 +110,7 @@ public function action_wp_ajax_shortcode_ui_term_field() { if ( ! is_array( $include ) ) { $include = (array) explode( ',', filter_input( INPUT_GET, 'include', FILTER_SANITIZE_STRING ) ); } - $include = array_map( 'intval', $include ); + $include = array_filter( array_map( 'intval', $include ) ); $response = array( 'items' => array(),