diff --git a/includes/admin/templates/create-account-page.php b/includes/admin/templates/create-account-page.php index 01ecedf..2edd99e 100644 --- a/includes/admin/templates/create-account-page.php +++ b/includes/admin/templates/create-account-page.php @@ -1,13 +1,15 @@ get(''); + $profile = $api->get( '' ); $email = isset( $profile['email'] ) ? $profile['email'] : $email; } ?>
- +
@@ -48,21 +50,21 @@
-

+

-
+
-
+
-
+
@@ -70,11 +72,11 @@
@@ -119,7 +121,7 @@ - +

@@ -138,7 +140,7 @@
-
+
@@ -212,7 +214,7 @@ - esc_html__( 'You do not have permission to perform this action.', 'mailchimp' ) ) ); } - $data = isset( $_POST['data'] ) ? $this->sanitize_data( wp_unslash( $_POST['data'] ) ) : array(); + $data = isset( $_POST['data'] ) ? $this->sanitize_data( wp_unslash( $_POST['data'] ) ) : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Data is sanitized in the sanitize_data method. if ( empty( $data ) ) { wp_send_json_error( array( 'message' => esc_html__( 'No data provided.', 'mailchimp' ) ) ); } // Get the IP address. - if ( $_SERVER['REMOTE_ADDR'] == '::1' || $_SERVER['REMOTE_ADDR'] == '127.0.0.1' ) { + if ( isset( $_SERVER['REMOTE_ADDR'] ) && ( '::1' === $_SERVER['REMOTE_ADDR'] || '127.0.0.1' === $_SERVER['REMOTE_ADDR'] ) ) { $data['ip_address'] = '127.0.0.1'; + } elseif ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) { + $data['ip_address'] = sanitize_text_field( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ) ); + } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { + $data['ip_address'] = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ); } else { - $data['ip_address'] = isset( $_SERVER['HTTP_CLIENT_IP'] ) ? $_SERVER['HTTP_CLIENT_IP'] : ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'] ); + $data['ip_address'] = sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); } - $request_data = array( - 'headers' => array( - 'Content-type' => 'application/json', - 'Accept' => 'application/json' - ), - 'body' => json_encode( $data ), - 'timeout' => 30, - ); + $request_data = array( + 'headers' => array( + 'Content-type' => 'application/json', + 'Accept' => 'application/json', + ), + 'body' => wp_json_encode( $data ), + 'timeout' => 30, + ); $response = wp_remote_post( $this->oauth_url . '/api/signup/', $request_data ); // Return the error if there is one. @@ -198,7 +202,7 @@ public function mailchimp_create_account() { $response_body = json_decode( $response['body'] ); if ( 200 === $response['response']['code'] && true === $response_body->success ) { - $result = json_decode( $response['body'], true ); + $result = json_decode( $response['body'], true ); // Verify and save the token. $verify = $this->verify_and_save_oauth_token( $result['data']['oauth_token'], $result['data']['dc'] ); @@ -210,21 +214,22 @@ public function mailchimp_create_account() { update_option( 'mailchimp_sf_waiting_for_login', 'waiting' ); wp_send_json_success( true ); - } elseif ( $response['response']['code'] == 404 ) { + } elseif ( 404 === $response['response']['code'] ) { wp_send_json_error( array( 'success' => false ) ); - } else { - $username = preg_replace( '/[^A-Za-z0-9\-\@\.]/', '', $_POST['data']['username'] ); - $suggestion = wp_remote_get( $this->oauth_url . '/api/usernames/suggestions/' . $username ); - $suggested_username = json_decode( $suggestion['body'] )->data; - wp_send_json_error( - array( - 'success' => false, - 'suggest_login' => true, - 'suggested_username' => $suggested_username, - ) - ); - } + } else { + $username = isset( $_POST['data']['username'] ) ? sanitize_email( wp_unslash( $_POST['data']['username'] ) ) : ''; + $username = preg_replace( '/[^A-Za-z0-9\-\@\.]/', '', $username ); + $suggestion = wp_remote_get( $this->oauth_url . '/api/usernames/suggestions/' . $username ); + $suggested_username = json_decode( $suggestion['body'] )->data; + wp_send_json_error( + array( + 'success' => false, + 'suggest_login' => true, + 'suggested_username' => $suggested_username, + ) + ); + } } /** @@ -252,14 +257,16 @@ public function check_login_session() { } $logged_in = ( ! empty( $profile['last_login'] ) ); - if ( $logged_in ) { + if ( $logged_in ) { delete_option( 'mailchimp_sf_waiting_for_login' ); - } - wp_send_json_success(array( - 'success' => true, - 'logged_in' => $logged_in, - 'redirect' => admin_url('admin.php?page=mailchimp_sf_options') - )); + } + wp_send_json_success( + array( + 'success' => true, + 'logged_in' => $logged_in, + 'redirect' => admin_url( 'admin.php?page=mailchimp_sf_options' ), + ) + ); } else { wp_send_json_error( array( 'success' => false ) ); } @@ -411,10 +418,11 @@ public function enqueue_admin_page_scripts( $hook_suffix ) { $data['create_account_nonce'] = wp_create_nonce( 'mailchimp_sf_create_account_nonce' ); $data['check_login_session_nonce'] = wp_create_nonce( 'mailchimp_sf_check_login_session_nonce' ); - $data['required_error'] = esc_html__( '%s can\'t be blank.', 'mailchimp' ); - $data['invalid_email_error'] = esc_html__( 'Insert correct email.', 'mailchimp' ); - $data['confirm_email_match'] = esc_html__( 'Email confirmation must match confirmation email.', 'mailchimp' ); - $data['confirm_email_match2'] = esc_html__( 'Email confirmation must match the field above.', 'mailchimp' ); + /* translators: %s is field name. */ + $data['required_error'] = esc_html__( '%s can\'t be blank.', 'mailchimp' ); + $data['invalid_email_error'] = esc_html__( 'Insert correct email.', 'mailchimp' ); + $data['confirm_email_match'] = esc_html__( 'Email confirmation must match confirmation email.', 'mailchimp' ); + $data['confirm_email_match2'] = esc_html__( 'Email confirmation must match the field above.', 'mailchimp' ); } wp_localize_script( @@ -470,37 +478,37 @@ public function create_account_page() { * * @return array */ - function get_timezones() { + private function get_timezones() { $zones_array = array(); $timestamp = time(); $current = date_default_timezone_get(); - foreach( timezone_identifiers_list() as $key => $zone ) { - date_default_timezone_set( $zone ); - $zones_array[$key]['zone'] = $zone; - $zones_array[$key]['diff_from_GMT'] = 'UTC/GMT ' . date( 'P', $timestamp ); + foreach ( timezone_identifiers_list() as $key => $zone ) { + date_default_timezone_set( $zone ); // phpcs:ignore WordPress.DateTime.RestrictedFunctions.timezone_change_date_default_timezone_set + $zones_array[ $key ]['zone'] = $zone; + $zones_array[ $key ]['diff_from_GMT'] = 'UTC/GMT ' . date( 'P', $timestamp ); // phpcs:ignore WordPress.DateTime.RestrictedFunctions.date_date } - date_default_timezone_set( $current ); + date_default_timezone_set( $current ); // phpcs:ignore WordPress.DateTime.RestrictedFunctions.timezone_change_date_default_timezone_set return $zones_array; } /** - * Get the current timezone from wordpress settings. + * Get the current timezone from WordPress settings. * * @return mixed|string|void */ - function get_current_timezone() { + private function get_current_timezone() { // Get timezone data from options. $timezone_string = get_option( 'timezone_string' ); $offset = get_option( 'gmt_offset' ); - $signal = ($offset <=> 0 ) < 0 ? "-" : "+"; - $offset = sprintf('%1s%02d:%02d', $signal, abs((int) $offset), abs(fmod($offset, 1) * 60)); + $signal = ( $offset <=> 0 ) < 0 ? '-' : '+'; + $offset = sprintf( '%1s%02d:%02d', $signal, abs( (int) $offset ), abs( fmod( $offset, 1 ) * 60 ) ); $timezone = $offset; - if ($timezone_string) { + if ( $timezone_string ) { $timezone = $timezone_string; } diff --git a/views/setup_page.php b/views/setup_page.php index 7219bf7..6fca358 100644 --- a/views/setup_page.php +++ b/views/setup_page.php @@ -67,7 +67,7 @@
- +