From de259100a0cbea6b4300b4eb5cdd8c0489f43389 Mon Sep 17 00:00:00 2001 From: Nate Conley Date: Tue, 4 Jun 2024 15:03:37 -1000 Subject: [PATCH] Resolves phpcs errors --- README.md | 4 +- lib/mailchimp/mailchimp.php | 78 ++++- mailchimp.php | 587 +++++++++++++++++++++++------------- mailchimp_compat.php | 30 +- mailchimp_widget.php | 168 +++++++---- readme.txt | 6 +- views/css/frontend.php | 30 +- views/datepicker.php | 8 + views/setup_page.php | 82 +++-- 9 files changed, 669 insertions(+), 324 deletions(-) diff --git a/README.md b/README.md index 280be3e..c28ed4f 100644 --- a/README.md +++ b/README.md @@ -43,11 +43,11 @@ WordPress v2.8 or higher: If you are adding it inside a php code block, pop this in: -` mailchimpSF_signup_form(); ` +` mailchimp_sf_signup_form(); ` Or, if you are dropping it in between a bunch of HTML, use this: -`` +`` Where ever you want it to show up. diff --git a/lib/mailchimp/mailchimp.php b/lib/mailchimp/mailchimp.php index 50efed4..e0500b6 100644 --- a/lib/mailchimp/mailchimp.php +++ b/lib/mailchimp/mailchimp.php @@ -1,23 +1,77 @@ key = $api_key; $dc = explode( '-', $api_key ); $this->datacenter = empty( $dc[1] ) ? 'us1' : $dc[1]; $this->api_url = 'https://' . $this->datacenter . '.api.mailchimp.com/3.0/'; - return; } + /** + * Get endpoint. + * + * @param string $endpoint The Mailchimp endpoint. + * @param integer $count The count to retrieve. + * @param array $fields The fields to retrieve. + * @return mixed + */ public function get( $endpoint, $count = 10, $fields = array() ) { $query_params = ''; @@ -47,7 +101,7 @@ public function get( $endpoint, $count = 10, $fields = array() ) { $request = wp_remote_get( $url, $args ); - if ( is_array( $request ) && 200 == $request['response']['code'] ) { + if ( is_array( $request ) && 200 === $request['response']['code'] ) { return json_decode( $request['body'], true ); } elseif ( is_array( $request ) && $request['response']['code'] ) { $error = json_decode( $request['body'], true ); @@ -58,6 +112,14 @@ public function get( $endpoint, $count = 10, $fields = array() ) { } } + /** + * Sends request to Mailchimp endpoint. + * + * @param string $endpoint The endpoint to send the request. + * @param string $body The body of the request + * @param string $method The request method. + * @return mixed + */ public function post( $endpoint, $body, $method = 'POST' ) { $url = $this->api_url . $endpoint; @@ -68,11 +130,11 @@ public function post( $endpoint, $body, $method = 'POST' ) { 'httpversion' => '1.1', 'user-agent' => 'Mailchimp WordPress Plugin/' . get_bloginfo( 'url' ), 'headers' => array( 'Authorization' => 'apikey ' . $this->key ), - 'body' => json_encode( $body ), + 'body' => wp_json_encode( $body ), ); $request = wp_remote_post( $url, $args ); - if ( is_array( $request ) && 200 == $request['response']['code'] ) { + if ( is_array( $request ) && 200 === $request['response']['code'] ) { return json_decode( $request['body'], true ); } else { if ( is_wp_error( $request ) ) { @@ -86,7 +148,7 @@ public function post( $endpoint, $body, $method = 'POST' ) { // Email address doesn't come back from the API, so if something's wrong, it's that. $field_name = 'Email Address'; $body['errors'][0]['message'] = 'Please fill out a valid email address.'; - } elseif ( $merge['tag'] == $body['errors'][0]['field'] ) { + } elseif ( $merge['tag'] === $body['errors'][0]['field'] ) { $field_name = $merge['name']; } } diff --git a/mailchimp.php b/mailchimp.php index 83be5cf..268462a 100644 --- a/mailchimp.php +++ b/mailchimp.php @@ -10,6 +10,8 @@ * Author URI: https://mailchimp.com/ * License: GPL-2.0-or-later * License URI: https://spdx.org/licenses/GPL-2.0-or-later.html + * + * @package Mailchimp **/ /** @@ -37,7 +39,7 @@ define( 'MCSF_CAP_THRESHOLD', 'manage_options' ); // Define our location constants, both MCSF_DIR and MCSF_URL -mailchimpSF_where_am_i(); +mailchimp_sf_where_am_i(); // Get our Mailchimp API class in scope if ( ! class_exists( 'MailChimp_API' ) ) { @@ -46,10 +48,10 @@ } // includes the widget code so it can be easily called either normally or via ajax -include_once 'mailchimp_widget.php'; +require_once 'mailchimp_widget.php'; // includes the backwards compatibility functions -include_once 'mailchimp_compat.php'; +require_once 'mailchimp_compat.php'; /** * Do the following plugin setup steps here @@ -59,7 +61,7 @@ * * @return void */ -function mailchimpSF_plugin_init() { +function mailchimp_sf_plugin_init() { // Internationalize the plugin $textdomain = 'mailchimp_i18n'; $locale = apply_filters( 'plugin_locale', get_locale(), $textdomain ); @@ -67,15 +69,15 @@ function mailchimpSF_plugin_init() { // Remove Sopresto check. If user does not have API key, make them authenticate. - if ( get_option( 'mc_list_id' ) && get_option( 'mc_merge_field_migrate' ) != true && mailchimpSF_get_api() !== false ) { - mailchimpSF_update_merge_fields( get_option( 'mc_list_id' ) ); + if ( get_option( 'mc_list_id' ) && get_option( 'mc_merge_field_migrate' ) !== true && mailchimp_sf_get_api() !== false ) { + mailchimp_sf_update_merge_fields(); } // Bring in our appropriate JS and CSS resources - mailchimpSF_load_resources(); + mailchimp_sf_load_resources(); } -add_action( 'init', 'mailchimpSF_plugin_init' ); +add_action( 'init', 'mailchimp_sf_plugin_init' ); /** * Add the settings link to the Mailchimp plugin row @@ -83,13 +85,14 @@ function mailchimpSF_plugin_init() { * @param array $links - Links for the plugin * @return array - Links */ -function mailchimpSD_plugin_action_links( $links ) { - $settings_page = add_query_arg( array( 'page' => 'mailchimpSF_options' ), admin_url( 'options-general.php' ) ); +function mailchimp_sd_plugin_action_links( $links ) { + $settings_page = add_query_arg( array( 'page' => 'mailchimp_sf_options' ), admin_url( 'options-general.php' ) ); $settings_link = '' . __( 'Settings', 'mailchimp_i18n' ) . ''; array_unshift( $links, $settings_link ); return $links; } -add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'mailchimpSD_plugin_action_links', 10, 1 ); + +add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'mailchimp_sd_plugin_action_links', 10, 1 ); /** * Loads the appropriate JS and CSS resources depending on @@ -97,16 +100,16 @@ function mailchimpSD_plugin_action_links( $links ) { * * @return void */ -function mailchimpSF_load_resources() { +function mailchimp_sf_load_resources() { // JS - if ( get_option( 'mc_use_javascript' ) == 'on' ) { + if ( get_option( 'mc_use_javascript' ) === 'on' ) { if ( ! is_admin() ) { - wp_enqueue_script( 'jquery_scrollto', MCSF_URL . 'js/scrollTo.js', array( 'jquery' ), MCSF_VER ); - wp_enqueue_script( 'mailchimpSF_main_js', MCSF_URL . 'js/mailchimp.js', array( 'jquery', 'jquery-form' ), MCSF_VER ); + wp_enqueue_script( 'jquery_scrollto', MCSF_URL . 'js/scrollTo.js', array( 'jquery' ), MCSF_VER, true ); + wp_enqueue_script( 'mailchimp_sf_main_js', MCSF_URL . 'js/mailchimp.js', array( 'jquery', 'jquery-form' ), MCSF_VER, true ); // some javascript to get ajax version submitting to the proper location global $wp_scripts; $wp_scripts->localize( - 'mailchimpSF_main_js', + 'mailchimp_sf_main_js', 'mailchimpSF', array( 'ajax_url' => trailingslashit( home_url() ), @@ -115,19 +118,19 @@ function mailchimpSF_load_resources() { } } - if ( get_option( 'mc_use_datepicker' ) == 'on' && ! is_admin() ) { + if ( get_option( 'mc_use_datepicker' ) === 'on' && ! is_admin() ) { // Datepicker theme - wp_enqueue_style( 'flick', MCSF_URL . 'css/flick/flick.css' ); + wp_enqueue_style( 'flick', MCSF_URL . 'css/flick/flick.css', array(), MCSF_VER ); // Datepicker JS - wp_enqueue_script( 'datepicker', MCSF_URL . 'js/datepicker.js', array( 'jquery', 'jquery-ui-core' ) ); + wp_enqueue_script( 'datepicker', MCSF_URL . 'js/datepicker.js', array( 'jquery', 'jquery-ui-core' ), MCSF_VER, true ); } - if ( get_option( 'mc_nuke_all_styles' ) != true ) { - wp_enqueue_style( 'mailchimpSF_main_css', home_url( '?mcsf_action=main_css&ver=' . MCSF_VER, 'relative' ) ); - wp_enqueue_style( 'mailchimpSF_ie_css', MCSF_URL . 'css/ie.css' ); + if ( get_option( 'mc_nuke_all_styles' ) !== true ) { + wp_enqueue_style( 'mailchimp_sf_main_css', home_url( '?mcsf_action=main_css&ver=' . MCSF_VER, 'relative' ), array(), MCSF_VER ); + wp_enqueue_style( 'mailchimp_sf_ie_css', MCSF_URL . 'css/ie.css', array(), MCSF_VER ); global $wp_styles; - $wp_styles->add_data( 'mailchimpSF_ie_css', 'conditional', 'IE' ); + $wp_styles->add_data( 'mailchimp_sf_ie_css', 'conditional', 'IE' ); } } @@ -138,9 +141,10 @@ function mailchimpSF_load_resources() { * @return void */ function mc_admin_page_load_resources() { - wp_enqueue_style( 'mailchimpSF_admin_css', MCSF_URL . 'css/admin.css' ); + wp_enqueue_style( 'mailchimp_sf_admin_css', MCSF_URL . 'css/admin.css', array(), true ); } -add_action( 'load-settings_page_mailchimpSF_options', 'mc_admin_page_load_resources' ); + +add_action( 'load-settings_page_mailchimp_sf_options', 'mc_admin_page_load_resources' ); /** @@ -149,32 +153,36 @@ function mc_admin_page_load_resources() { function mc_datepicker_load() { require_once MCSF_DIR . '/views/datepicker.php'; } -if ( get_option( 'mc_use_datepicker' ) == 'on' && ! is_admin() ) { + +if ( get_option( 'mc_use_datepicker' ) === 'on' && ! is_admin() ) { add_action( 'wp_head', 'mc_datepicker_load' ); } /** * Handles requests that as light-weight a load as possible. * typically, JS or CSS - **/ -function mailchimpSF_early_request_handler() { - if ( isset( $_GET['mcsf_action'] ) ) { - switch ( $_GET['mcsf_action'] ) { + * + * @return void + */ +function mailchimp_sf_early_request_handler() { + if ( isset( $_GET['mcsf_action'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended + switch ( $_GET['mcsf_action'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended case 'main_css': header( 'Content-type: text/css' ); - mailchimpSF_main_css(); + mailchimp_sf_main_css(); exit; } } } -add_action( 'init', 'mailchimpSF_early_request_handler', 0 ); + +add_action( 'init', 'mailchimp_sf_early_request_handler', 0 ); /** * Outputs the front-end CSS. This checks several options, so it * was best to put it in a Request-handled script, as opposed to * a static file. */ -function mailchimpSF_main_css() { +function mailchimp_sf_main_css() { require_once MCSF_DIR . '/views/css/frontend.php'; } @@ -184,68 +192,84 @@ function mailchimpSF_main_css() { * * @return void */ -function mailchimpSF_add_pages() { +function mailchimp_sf_add_pages() { // Add settings page for users who can edit plugins add_options_page( __( 'Mailchimp Setup', 'mailchimp_i18n' ), __( 'Mailchimp Setup', 'mailchimp_i18n' ), MCSF_CAP_THRESHOLD, - 'mailchimpSF_options', - 'mailchimpSF_setup_page' + 'mailchimp_sf_options', + 'mailchimp_sf_setup_page' ); } -add_action( 'admin_menu', 'mailchimpSF_add_pages' ); +add_action( 'admin_menu', 'mailchimp_sf_add_pages' ); -function mailchimpSF_request_handler() { +/** + * Request handler + * + * @return void + */ +function mailchimp_sf_request_handler() { if ( isset( $_POST['mcsf_action'] ) ) { switch ( $_POST['mcsf_action'] ) { case 'login': - $key = trim( $_POST['mailchimpSF_api_key'] ); + $key = isset( $_POST['mailchimp_sf_api_key'] ) ? trim( sanitize_text_field( wp_unslash( $_POST['mailchimp_sf_api_key'] ) ) ) : ''; try { $api = new MailChimp_API( $key ); } catch ( Exception $e ) { $msg = '' . $e->getMessage() . ''; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); break; } - $key = mailchimpSF_verify_key( $api ); + $key = mailchimp_sf_verify_key( $api ); if ( is_wp_error( $key ) ) { $msg = '' . $key->get_error_message() . ''; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } break; case 'logout': // Check capability & Verify nonce - if ( ! current_user_can( MCSF_CAP_THRESHOLD ) || ! wp_verify_nonce( $_POST['_mcsf_nonce_action'], 'mc_logout' ) ) { + if ( + ! current_user_can( MCSF_CAP_THRESHOLD ) || + ! isset( $_POST['_mcsf_nonce_action'] ) || + ! wp_verify_nonce( sanitize_key( $_POST['_mcsf_nonce_action'] ), 'mc_logout' ) + ) { wp_die( 'Cheatin’ huh?' ); } // erase auth information $options = array( 'mc_api_key', 'mc_sopresto_user', 'mc_sopresto_public_key', 'mc_sopresto_secret_key' ); - mailchimpSF_delete_options( $options ); + mailchimp_sf_delete_options( $options ); break; case 'change_form_settings': - if ( ! current_user_can( MCSF_CAP_THRESHOLD ) || ! wp_verify_nonce( $_POST['_mcsf_nonce_action'], 'update_general_form_settings' ) ) { + if ( + ! current_user_can( MCSF_CAP_THRESHOLD ) || + ! isset( $_POST['_mcsf_nonce_action'] ) || + ! wp_verify_nonce( sanitize_key( $_POST['_mcsf_nonce_action'] ), 'update_general_form_settings' ) + ) { wp_die( 'Cheatin’ huh?' ); } // Update the form settings - mailchimpSF_save_general_form_settings(); + mailchimp_sf_save_general_form_settings(); break; case 'mc_submit_signup_form': // Validate nonce - if ( ! wp_verify_nonce( $_POST['_mc_submit_signup_form_nonce'], 'mc_submit_signup_form' ) ) { + if ( + ! isset( $_POST['_mc_submit_signup_form_nonce'] ) || + ! wp_verify_nonce( sanitize_key( $_POST['_mc_submit_signup_form_nonce'] ), 'mc_submit_signup_form' ) + ) { wp_die( 'Cheatin’ huh?' ); } // Attempt the signup - mailchimpSF_signup_submit(); + mailchimp_sf_signup_submit(); // Do a different action for html vs. js - switch ( $_POST['mc_submit_type'] ) { + switch ( isset( $_POST['mc_submit_type'] ) ? $_POST['mc_submit_type'] : '' ) { case 'html': /* This gets set elsewhere! */ break; @@ -253,15 +277,21 @@ function mailchimpSF_request_handler() { if ( ! headers_sent() ) { // just in case... header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT', true, 200 ); } - echo mailchimpSF_global_msg(); // Don't esc_html this, b/c we've already escaped it + // Don't esc_html this, b/c we've already escaped it + echo mailchimp_sf_global_msg(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped exit; } } } } -add_action( 'init', 'mailchimpSF_request_handler' ); +add_action( 'init', 'mailchimp_sf_request_handler' ); -function mailchimpSF_migrate_sopresto() { +/** + * Migrate Sopresto + * + * @return void + */ +function mailchimp_sf_migrate_sopresto() { $sopresto = get_option( 'mc_sopresto_secret_key' ); if ( ! $sopresto ) { return; @@ -285,17 +315,17 @@ function mailchimpSF_migrate_sopresto() { // post to sopresto $key = wp_remote_post( $url, $args ); - if ( ! is_wp_error( $key ) && 200 == $key['response']['code'] ) { + if ( ! is_wp_error( $key ) && 200 === $key['response']['code'] ) { $key = json_decode( $key['body'] ); try { $api = new MailChimp_API( $key->response ); } catch ( Exception $e ) { $msg = '' . $e->getMessage() . ''; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); return; } - $verify = mailchimpSF_verify_key( $api ); + $verify = mailchimp_sf_verify_key( $api ); // something went wrong with the key that we had if ( is_wp_error( $verify ) ) { @@ -305,29 +335,40 @@ function mailchimpSF_migrate_sopresto() { delete_option( 'mc_sopresto_public_key' ); delete_option( 'mc_sopresto_secret_key' ); delete_option( 'mc_sopresto_user' ); - - return; } - - // Nothing to do here. - return; } -function mailchimpSF_update_merge_fields( $list_id ) { - mailchimpSF_get_merge_vars( get_option( 'mc_list_id' ), true ); - mailchimpSF_get_interest_categories( get_option( 'mc_list_id' ), true ); +/** + * Update merge fields + * + * @return void + */ +function mailchimp_sf_update_merge_fields() { + mailchimp_sf_get_merge_vars( get_option( 'mc_list_id' ), true ); + mailchimp_sf_get_interest_categories( get_option( 'mc_list_id' ), true ); update_option( 'mc_merge_field_migrate', true ); } -function mailchimpSF_auth_nonce_key( $salt = null ) { +/** + * Get auth key + * + * @param mixed $salt Salt + * @return string + */ +function mailchimp_sf_auth_nonce_key( $salt = null ) { if ( is_null( $salt ) ) { - $salt = mailchimpSF_auth_nonce_salt(); + $salt = mailchimp_sf_auth_nonce_salt(); } return 'social_authentication' . md5( AUTH_KEY . $salt ); } -function mailchimpSF_auth_nonce_salt() { - return md5( microtime() . $_SERVER['SERVER_ADDR'] ); +/** + * Return auth nonce salt + * + * @return string + */ +function mailchimp_sf_auth_nonce_salt() { + return md5( microtime() . isset( $_SERVER['SERVER_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['SERVER_ADDR'] ) ) : '' ); } /** @@ -335,7 +376,7 @@ function mailchimpSF_auth_nonce_salt() { * * @return MailChimp_API | false */ -function mailchimpSF_get_api( $force = false ) { +function mailchimp_sf_get_api() { $key = get_option( 'mc_api_key' ); if ( $key ) { return new MailChimp_API( $key ); @@ -350,7 +391,7 @@ function mailchimpSF_get_api( $force = false ) { * * @return bool **/ -function mailchimpSF_needs_upgrade() { +function mailchimp_sf_needs_upgrade() { $igs = get_option( 'mc_interest_groups' ); if ( false !== $igs // we have an option @@ -368,7 +409,7 @@ function mailchimpSF_needs_upgrade() { /** * Deletes all Mailchimp options **/ -function mailchimpSF_delete_setup() { +function mailchimp_sf_delete_setup() { $options = array( 'mc_user_id', 'mc_sopresto_user', @@ -394,21 +435,22 @@ function mailchimpSF_delete_setup() { $mv = get_option( 'mc_merge_vars' ); if ( is_array( $mv ) ) { - foreach ( $mv as $var ) { - $opt = 'mc_mv_' . $var['tag']; + foreach ( $mv as $mv_var ) { + $opt = 'mc_mv_' . $mv_var['tag']; $options[] = $opt; } } - mailchimpSF_delete_options( $options ); + mailchimp_sf_delete_options( $options ); } /** * Gets or sets a global message based on parameter passed to it * + * @param mixed $msg Message * @return string/bool depending on get/set */ -function mailchimpSF_global_msg( $msg = null ) { +function mailchimp_sf_global_msg( $msg = null ) { global $mcsf_msgs; // Make sure we're formed properly @@ -428,8 +470,11 @@ function mailchimpSF_global_msg( $msg = null ) { /** * Sets the default options for the option form - **/ -function mailchimpSF_set_form_defaults( $list_name = '' ) { + * + * @param string $list_name The Mailchimp list name. + * @return void + */ +function mailchimp_sf_set_form_defaults( $list_name = '' ) { update_option( 'mc_header_content', __( 'Sign up for', 'mailchimp_i18n' ) . ' ' . $list_name ); update_option( 'mc_submit_text', __( 'Subscribe', 'mailchimp_i18n' ) ); @@ -454,90 +499,90 @@ function mailchimpSF_set_form_defaults( $list_name = '' ) { * * @return void **/ -function mailchimpSF_save_general_form_settings() { +function mailchimp_sf_save_general_form_settings() { // IF NOT DEV MODE if ( isset( $_POST['mc_rewards'] ) ) { update_option( 'mc_rewards', 'on' ); $msg = '

' . __( 'Monkey Rewards turned On!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); - } elseif ( get_option( 'mc_rewards' ) != 'off' ) { + mailchimp_sf_global_msg( $msg ); + } elseif ( get_option( 'mc_rewards' ) !== 'off' ) { update_option( 'mc_rewards', 'off' ); $msg = '

' . __( 'Monkey Rewards turned Off!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } if ( isset( $_POST['mc_use_javascript'] ) ) { update_option( 'mc_use_javascript', 'on' ); $msg = '

' . __( 'Fancy Javascript submission turned On!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); - } elseif ( get_option( 'mc_use_javascript' ) != 'off' ) { + mailchimp_sf_global_msg( $msg ); + } elseif ( get_option( 'mc_use_javascript' ) !== 'off' ) { update_option( 'mc_use_javascript', 'off' ); $msg = '

' . __( 'Fancy Javascript submission turned Off!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } if ( isset( $_POST['mc_use_datepicker'] ) ) { update_option( 'mc_use_datepicker', 'on' ); $msg = '

' . __( 'Datepicker turned On!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); - } elseif ( get_option( 'mc_use_datepicker' ) != 'off' ) { + mailchimp_sf_global_msg( $msg ); + } elseif ( get_option( 'mc_use_datepicker' ) !== 'off' ) { update_option( 'mc_use_datepicker', 'off' ); $msg = '

' . __( 'Datepicker turned Off!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } /*Enable double optin toggle*/ if ( isset( $_POST['mc_double_optin'] ) ) { update_option( 'mc_double_optin', true ); $msg = '

' . __( 'Double opt-in turned On!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); - } elseif ( get_option( 'mc_double_optin' ) != false ) { + mailchimp_sf_global_msg( $msg ); + } elseif ( get_option( 'mc_double_optin' ) !== false ) { update_option( 'mc_double_optin', false ); $msg = '

' . __( 'Double opt-in turned Off!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } /* NUKE the CSS! */ if ( isset( $_POST['mc_nuke_all_styles'] ) ) { update_option( 'mc_nuke_all_styles', true ); $msg = '

' . __( 'Mailchimp CSS turned Off!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } elseif ( get_option( 'mc_nuke_all_styles' ) !== false ) { update_option( 'mc_nuke_all_styles', false ); $msg = '

' . __( 'Mailchimp CSS turned On!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } /* Update existing */ if ( isset( $_POST['mc_update_existing'] ) ) { update_option( 'mc_update_existing', true ); $msg = '

' . __( 'Update existing subscribers turned On!' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } elseif ( get_option( 'mc_update_existing' ) !== false ) { update_option( 'mc_update_existing', false ); $msg = '

' . __( 'Update existing subscribers turned Off!' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } if ( isset( $_POST['mc_use_unsub_link'] ) ) { update_option( 'mc_use_unsub_link', 'on' ); $msg = '

' . __( 'Unsubscribe link turned On!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); - } elseif ( get_option( 'mc_use_unsub_link' ) != 'off' ) { + mailchimp_sf_global_msg( $msg ); + } elseif ( get_option( 'mc_use_unsub_link' ) !== 'off' ) { update_option( 'mc_use_unsub_link', 'off' ); $msg = '

' . __( 'Unsubscribe link turned Off!', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } - $content = stripslashes( $_POST['mc_header_content'] ); + $content = isset( $_POST['mc_header_content'] ) ? sanitize_text_field( wp_unslash( $_POST['mc_header_content'] ) ) : ''; $content = str_replace( "\r\n", '
', $content ); update_option( 'mc_header_content', $content ); - $content = stripslashes( $_POST['mc_subheader_content'] ); + $content = isset( $_POST['mc_subheader_content'] ) ? sanitize_text_field( wp_unslash( $_POST['mc_subheader_content'] ) ) : ''; $content = str_replace( "\r\n", '
', $content ); update_option( 'mc_subheader_content', $content ); - $submit_text = stripslashes( $_POST['mc_submit_text'] ); + $submit_text = isset( $_POST['mc_submit_text'] ) ? sanitize_text_field( wp_unslash( $_POST['mc_submit_text'] ) ) : ''; $submit_text = str_replace( "\r\n", '', $submit_text ); update_option( 'mc_submit_text', $submit_text ); @@ -546,23 +591,23 @@ function mailchimpSF_save_general_form_settings() { // we told them not to put these things we are replacing in, but let's just make sure they are listening... if ( isset( $_POST['mc_form_border_width'] ) ) { - update_option( 'mc_form_border_width', str_replace( 'px', '', $_POST['mc_form_border_width'] ) ); + update_option( 'mc_form_border_width', str_replace( 'px', '', absint( $_POST['mc_form_border_width'] ) ) ); } if ( isset( $_POST['mc_form_border_color'] ) ) { - update_option( 'mc_form_border_color', str_replace( '#', '', $_POST['mc_form_border_color'] ) ); + update_option( 'mc_form_border_color', str_replace( '#', '', sanitize_text_field( wp_unslash( $_POST['mc_form_border_color'] ) ) ) ); } if ( isset( $_POST['mc_form_background'] ) ) { - update_option( 'mc_form_background', str_replace( '#', '', $_POST['mc_form_background'] ) ); + update_option( 'mc_form_background', str_replace( '#', '', sanitize_text_field( wp_unslash( $_POST['mc_form_background'] ) ) ) ); } if ( isset( $_POST['mc_form_text_color'] ) ) { - update_option( 'mc_form_text_color', str_replace( '#', '', $_POST['mc_form_text_color'] ) ); + update_option( 'mc_form_text_color', str_replace( '#', '', sanitize_text_field( wp_unslash( $_POST['mc_form_text_color'] ) ) ) ); } // IF NOT DEV MODE $igs = get_option( 'mc_interest_groups' ); if ( is_array( $igs ) ) { - foreach ( $igs as $var ) { - $opt = 'mc_show_interest_groups_' . $var['id']; + foreach ( $igs as $mv_var ) { + $opt = 'mc_show_interest_groups_' . $mv_var['id']; if ( isset( $_POST[ $opt ] ) ) { update_option( $opt, 'on' ); } else { @@ -573,9 +618,9 @@ function mailchimpSF_save_general_form_settings() { $mv = get_option( 'mc_merge_vars' ); if ( is_array( $mv ) ) { - foreach ( $mv as $var ) { - $opt = 'mc_mv_' . $var['tag']; - if ( isset( $_POST[ $opt ] ) || 'Y' == $var['required'] ) { + foreach ( $mv as $mv_var ) { + $opt = 'mc_mv_' . $mv_var['tag']; + if ( isset( $_POST[ $opt ] ) || 'Y' === $mv_var['required'] ) { update_option( $opt, 'on' ); } else { update_option( $opt, 'off' ); @@ -584,17 +629,17 @@ function mailchimpSF_save_general_form_settings() { } $msg = '

' . esc_html( __( 'Successfully Updated your List Subscribe Form Settings!', 'mailchimp_i18n' ) ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } /** * Sees if the user changed the list, and updates options accordingly **/ -function mailchimpSF_change_list_if_necessary() { +function mailchimp_sf_change_list_if_necessary() { // Simple permission check before going through all this if ( ! current_user_can( MCSF_CAP_THRESHOLD ) ) { return; } - $api = mailchimpSF_get_api(); + $api = mailchimp_sf_get_api(); if ( ! $api ) { return; } // we *could* support paging, but few users have that many lists (and shouldn't) @@ -609,51 +654,60 @@ function mailchimpSF_change_list_if_necessary() { * is in our array of lists, the set it to be the active list */ foreach ( $lists as $key => $list ) { - if ( $list['id'] == $_POST['mc_list_id'] ) { - $list_id = $_POST['mc_list_id']; + if ( isset( $_POST['mc_list_id'] ) && $list['id'] === $_POST['mc_list_id'] ) { + $list_id = sanitize_text_field( wp_unslash( $_POST['mc_list_id'] ) ); $list_name = $list['name']; $list_key = $key; } } $orig_list = get_option( 'mc_list_id' ); - if ( '' != $list_id ) { + if ( '' !== $list_id ) { update_option( 'mc_list_id', $list_id ); update_option( 'mc_list_name', $list_name ); update_option( 'mc_email_type_option', $lists[ $list_key ]['email_type_option'] ); // See if the user changed the list $new_list = false; - if ( $orig_list != $list_id ) { + if ( $orig_list !== $list_id ) { // The user changed the list, Reset the Form Defaults - mailchimpSF_set_form_defaults( $list_name ); + mailchimp_sf_set_form_defaults( $list_name ); $new_list = true; } // Grab the merge vars and interest groups - $mv = mailchimpSF_get_merge_vars( $list_id, $new_list ); - $igs = mailchimpSF_get_interest_categories( $list_id, $new_list ); + $mv = mailchimp_sf_get_merge_vars( $list_id, $new_list ); + $igs = mailchimp_sf_get_interest_categories( $list_id, $new_list ); $igs_text = ' '; if ( is_array( $igs ) ) { + // translators: placeholder is a count (number) $igs_text .= sprintf( __( 'and %s Sets of Interest Groups', 'mailchimp_i18n' ), count( $igs ) ); } $msg = '

' . sprintf( + // translators: placeholder is a count (number) __( 'Success! Loaded and saved the info for %d Merge Variables', 'mailchimp_i18n' ) . $igs_text, count( $mv ) ) . ' ' . __( 'from your list' ) . ' "' . $list_name . '"

' . __( 'Now you should either Turn On the Mailchimp Widget or change your options below, then turn it on.', 'mailchimp_i18n' ) . '

'; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); } } } -function mailchimpSF_get_merge_vars( $list_id, $new_list ) { - $api = mailchimpSF_get_api(); +/** + * Get merge vars + * + * @param string $list_id List ID + * @param bool $new_list Whether this is a new list + * @return void + */ +function mailchimp_sf_get_merge_vars( $list_id, $new_list ) { + $api = mailchimp_sf_get_api(); $mv = $api->get( 'lists/' . $list_id . '/merge-fields', 80 ); // if we get an error back from the api, exit this process. @@ -661,10 +715,10 @@ function mailchimpSF_get_merge_vars( $list_id, $new_list ) { return; } - $mv['merge_fields'] = mailchimpSF_add_email_field( $mv['merge_fields'] ); + $mv['merge_fields'] = mailchimp_sf_add_email_field( $mv['merge_fields'] ); update_option( 'mc_merge_vars', $mv['merge_fields'] ); - foreach ( $mv['merge_fields'] as $var ) { - $opt = 'mc_mv_' . $var['tag']; + foreach ( $mv['merge_fields'] as $mv_var ) { + $opt = 'mc_mv_' . $mv_var['tag']; // turn them all on by default if ( $new_list ) { update_option( $opt, 'on' ); @@ -673,7 +727,13 @@ function mailchimpSF_get_merge_vars( $list_id, $new_list ) { return $mv['merge_fields']; } -function mailchimpSF_add_email_field( $merge ) { +/** + * Add email field + * + * @param array $merge Merge + * @return array + */ +function mailchimp_sf_add_email_field( $merge ) { $email = array( 'tag' => 'EMAIL', 'name' => __( 'Email Address', 'mailchimp_i18n' ), @@ -687,8 +747,15 @@ function mailchimpSF_add_email_field( $merge ) { return $merge; } -function mailchimpSF_get_interest_categories( $list_id, $new_list ) { - $api = mailchimpSF_get_api(); +/** + * Get interest categories + * + * @param string $list_id List ID + * @param bool $new_list Whether this is a new list + * @return array + */ +function mailchimp_sf_get_interest_categories( $list_id, $new_list ) { + $api = mailchimp_sf_get_api(); $igs = $api->get( 'lists/' . $list_id . '/interest-categories', 60 ); // if we get an error back from the api, exis @@ -707,7 +774,7 @@ function mailchimpSF_get_interest_categories( $list_id, $new_list ) { if ( $new_list ) { update_option( $opt, 'on' ); } - $key++; + ++$key; } } update_option( 'mc_interest_groups', $igs['categories'] ); @@ -718,26 +785,35 @@ function mailchimpSF_get_interest_categories( $list_id, $new_list ) { /** * Outputs the Settings/Options page */ -function mailchimpSF_setup_page() { +function mailchimp_sf_setup_page() { $path = plugin_dir_path( __FILE__ ); - wp_enqueue_script( 'showMe', MCSF_URL . 'js/hidecss.js', array( 'jquery' ), MCSF_VER ); + wp_enqueue_script( 'showMe', MCSF_URL . 'js/hidecss.js', array( 'jquery' ), MCSF_VER, true ); require_once $path . '/views/setup_page.php'; -} // mailchimpSF_setup_page() - +} -function mailchimpSF_register_widgets() { - if ( mailchimpSF_get_api() ) { - register_widget( 'mailchimpSF_Widget' ); +/** + * Register the widget. + * + * @return void + */ +function mailchimp_sf_register_widgets() { + if ( mailchimp_sf_get_api() ) { + register_widget( 'Mailchimp_SF_Widget' ); } } -add_action( 'widgets_init', 'mailchimpSF_register_widgets' ); +add_action( 'widgets_init', 'mailchimp_sf_register_widgets' ); -function mailchimpSF_shortcode( $atts ) { +/** + * Add shortcode + * + * @return string + */ +function mailchimp_sf_shortcode() { ob_start(); - mailchimpSF_signup_form(); + mailchimp_sf_signup_form(); return ob_get_clean(); } -add_shortcode( 'mailchimpsf_form', 'mailchimpSF_shortcode' ); +add_shortcode( 'mailchimpsf_form', 'mailchimp_sf_shortcode' ); /** * Attempts to signup a user, per the $_POST args. @@ -747,22 +823,21 @@ function mailchimpSF_shortcode( $atts ) { * * @return bool */ -function mailchimpSF_signup_submit() { +function mailchimp_sf_signup_submit() { $mv = get_option( 'mc_merge_vars', array() ); $mv_tag_keys = array(); $igs = get_option( 'mc_interest_groups', array() ); - $listId = get_option( 'mc_list_id' ); - $email = isset( $_POST['mc_mv_EMAIL'] ) ? strip_tags( stripslashes( $_POST['mc_mv_EMAIL'] ) ) : ''; - $merge = $errs = $html_errs = array(); // Set up some vars + $list_id = get_option( 'mc_list_id' ); + $email = isset( $_POST['mc_mv_EMAIL'] ) ? wp_strip_all_tags( wp_unslash( $_POST['mc_mv_EMAIL'] ) ) : ''; - $merge = mailchimpSF_merge_submit( $mv ); + $merge = mailchimp_sf_merge_submit( $mv ); // Catch errors and fail early. if ( is_wp_error( $merge ) ) { $msg = '' . $merge->get_error_message() . ''; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); return false; } @@ -771,46 +846,64 @@ function mailchimpSF_signup_submit() { reset( $mv ); // Ensure we have an array $igs = ! is_array( $igs ) ? array() : $igs; - $igs = mailchimpSF_groups_submit( $igs ); + $igs = mailchimp_sf_groups_submit( $igs ); // Clear out empty merge vars - $merge = mailchimpSF_merge_remove_empty( $merge ); - if ( isset( $_POST['email_type'] ) && in_array( $_POST['email_type'], array( 'text', 'html', 'mobile' ) ) ) { - $email_type = $_POST['email_type']; + $merge = mailchimp_sf_merge_remove_empty( $merge ); + if ( isset( $_POST['email_type'] ) && in_array( $_POST['email_type'], array( 'text', 'html', 'mobile' ), true ) ) { + $email_type = sanitize_text_field( wp_unslash( $_POST['email_type'] ) ); } else { $email_type = 'html'; } - $api = mailchimpSF_get_api(); + $api = mailchimp_sf_get_api(); if ( ! $api ) { - $url = mailchimpSF_signup_form_url(); - $error = '' . __( 'We encountered a problem adding ' . $email . ' to the list. Please sign up here.' ) . ''; - mailchimpSF_global_msg( $error ); + $url = mailchimp_sf_signup_form_url(); + $error = sprintf( + '%s', + wp_kses( + sprintf( + // translators: first placeholder is email address, second is url + __( + 'We encountered a problem adding %1$s to the list. Please sign up here.', + 'mailchimp_i18n' + ), + esc_html( $email ), + esc_url( $url ) + ), + [ + 'a' => [ + 'href', + ], + ] + ) + ); + mailchimp_sf_global_msg( $error ); return false; } - $url = 'lists/' . $listId . '/members/' . md5( strtolower( $email ) ); - $status = mailchimpSF_check_status( $url ); + $url = 'lists/' . $list_id . '/members/' . md5( strtolower( $email ) ); + $status = mailchimp_sf_check_status( $url ); // If update existing is turned off and the subscriber exists, error out. - if ( get_option( 'mc_update_existing' ) == false && 'subscribed' === $status ) { + if ( get_option( 'mc_update_existing' ) === false && 'subscribed' === $status ) { $msg = 'This email address is already subscribed to the list.'; $error = new WP_Error( 'mailchimp-update-existing', $msg ); - mailchimpSF_global_msg( '' . $msg . '' ); + mailchimp_sf_global_msg( '' . $msg . '' ); return false; } - $body = mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status, get_option( 'mc_double_optin' ) ); + $body = mailchimp_sf_subscribe_body( $merge, $igs, $email_type, $email, $status, get_option( 'mc_double_optin' ) ); $retval = $api->post( $url, $body, 'PUT' ); // If we have errors, then show them if ( is_wp_error( $retval ) ) { $msg = '' . $retval->get_error_message() . ''; - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); return false; } - if ( 'subscribed' == $retval['status'] ) { + if ( 'subscribed' === $retval['status'] ) { $esc = __( 'Success, you\'ve been signed up.', 'mailchimp_i18n' ); $msg = "{$esc}"; } else { @@ -819,17 +912,24 @@ function mailchimpSF_signup_submit() { } // Set our global message - mailchimpSF_global_msg( $msg ); + mailchimp_sf_global_msg( $msg ); return true; } - /* - Cleans up merge fields and interests to make them - API 3.0-friendly. - */ - -function mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status, $double_optin ) { +/** + * Cleans up merge fields and interests to make them + * API 3.0-friendly. + * + * @param [type] $merge Merge fields + * @param [type] $igs Interest groups + * @param string $email_type Email type + * @param string $email Email + * @param string $status Status + * @param bool $double_optin Whether this is double optin + * @return stdClass + */ +function mailchimp_sf_subscribe_body( $merge, $igs, $email_type, $email, $status, $double_optin ) { $body = new stdClass(); $body->email_address = $email; $body->email_type = $email_type; @@ -840,7 +940,7 @@ function mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status, if ( 'subscribed' !== $status ) { // single opt-in that covers new subscribers - if ( false == ! $status && $double_optin ) { + if ( false === ! $status && $double_optin ) { $body->status = 'subscribed'; } else { // anyone else @@ -850,9 +950,15 @@ function mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status, return $body; } -function mailchimpSF_check_status( $endpoint ) { +/** + * Check status. + * + * @param string $endpoint Endpoint. + * @return string + */ +function mailchimp_sf_check_status( $endpoint ) { $endpoint .= '?fields=status'; - $api = mailchimpSF_get_api(); + $api = mailchimp_sf_get_api(); $subscriber = $api->get( $endpoint, null ); if ( is_wp_error( $subscriber ) ) { return false; @@ -860,26 +966,32 @@ function mailchimpSF_check_status( $endpoint ) { return $subscriber['status']; } -function mailchimpSF_merge_submit( $mv ) { +/** + * Merge submit + * + * @param array $mv Merge Vars + * @return mixed + */ +function mailchimp_sf_merge_submit( $mv ) { // Loop through our Merge Vars, and if they're empty, but required, then print an error, and mark as failed $merge = new stdClass(); - foreach ( $mv as $var ) { + foreach ( $mv as $mv_var ) { // We also want to create an array where the keys are the tags for easier validation later - $tag = $var['tag']; - $mv_tag_keys[ $tag ] = $var; + $tag = $mv_var['tag']; + $mv_tag_keys[ $tag ] = $mv_var; $opt = 'mc_mv_' . $tag; - $opt_val = isset( $_POST[ $opt ] ) ? stripslashes_deep( $_POST[ $opt ] ) : ''; + $opt_val = isset( $_POST[ $opt ] ) ? map_deep( stripslashes_deep( $_POST[ $opt ] ), 'sanitize_text_field' ) : ''; // Handle phone number logic - if ( 'phone' === $var['type'] && 'US' === $var['options']['phone_format'] ) { - $opt_val = mailchimpSF_merge_validate_phone( $opt_val, $var ); + if ( 'phone' === $mv_var['type'] && 'US' === $mv_var['options']['phone_format'] ) { + $opt_val = mailchimp_sf_merge_validate_phone( $opt_val, $mv_var ); if ( is_wp_error( $opt_val ) ) { return $opt_val; } - } elseif ( is_array( $opt_val ) && 'address' == $var['type'] ) { // Handle address logic - $validate = mailchimpSF_merge_validate_address( $opt_val, $var ); + } elseif ( is_array( $opt_val ) && 'address' === $mv_var['type'] ) { // Handle address logic + $validate = mailchimp_sf_merge_validate_address( $opt_val, $mv_var ); if ( is_wp_error( $validate ) ) { return $validate; } @@ -898,18 +1010,26 @@ function mailchimpSF_merge_submit( $mv ) { $opt_val = $val; } - if ( 'Y' == $var['required'] && trim( $opt_val ) == '' ) { - $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $var['name'] ) ); + if ( 'Y' === $mv_var['required'] && trim( $opt_val ) === '' ) { + // translators: placeholder is field name + $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $mv_var['name'] ) ); $error = new WP_Error( 'missing_required_field', $message ); return $error; - } elseif ( 'EMAIL' != $tag ) { + } elseif ( 'EMAIL' !== $tag ) { $merge->$tag = $opt_val; } } return $merge; } -function mailchimpSF_merge_validate_phone( $opt_val, $var ) { +/** + * Validate phone + * + * @param array $opt_val Option value + * @param array $data Data + * @return void + */ +function mailchimp_sf_merge_validate_phone( $opt_val, $data ) { // This filters out all 'falsey' elements $opt_val = array_filter( $opt_val ); // If they weren't all empty @@ -923,7 +1043,8 @@ function mailchimpSF_merge_validate_phone( $opt_val, $var ) { } if ( ! preg_match( '/[0-9]{0,3}-[0-9]{0,3}-[0-9]{0,4}/A', $opt_val ) ) { - $message = sprintf( __( '%s must consist of only numbers', 'mailchimp_i18n' ), esc_html( $var['name'] ) ); + // translators: placeholder is field name + $message = sprintf( __( '%s must consist of only numbers', 'mailchimp_i18n' ), esc_html( $data['name'] ) ); $error = new WP_Error( 'mc_phone_validation', $message ); return $error; } @@ -931,10 +1052,18 @@ function mailchimpSF_merge_validate_phone( $opt_val, $var ) { return $opt_val; } -function mailchimpSF_merge_validate_address( $opt_val, $var ) { - if ( 'Y' == $var['required'] ) { +/** + * Validate address + * + * @param array $opt_val Option value + * @param array $data Data + * @return mixed + */ +function mailchimp_sf_merge_validate_address( $opt_val, $data ) { + if ( 'Y' === $data['required'] ) { if ( empty( $opt_val['addr1'] ) || empty( $opt_val['city'] ) ) { - $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $var['name'] ) ); + // translators: placeholder is field name + $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $data['name'] ) ); $error = new WP_Error( 'invalid_address_merge', $message ); return $error; } @@ -952,7 +1081,13 @@ function mailchimpSF_merge_validate_address( $opt_val, $var ) { return $merge; } -function mailchimpSF_merge_remove_empty( $merge ) { +/** + * Merge remove empty + * + * @param stdObj $merge Merge + * @return stdObj + */ +function mailchimp_sf_merge_remove_empty( $merge ) { foreach ( $merge as $k => $v ) { if ( is_object( $v ) && empty( $v ) ) { unset( $merge->$k ); @@ -964,8 +1099,14 @@ function mailchimpSF_merge_remove_empty( $merge ) { return $merge; } -function mailchimpSF_groups_submit( $igs ) { - $groups = mailchimpSF_set_all_groups_to_false(); +/** + * Groups submit + * + * @param array $igs Interest groups + * @return stdClass + */ +function mailchimp_sf_groups_submit( $igs ) { + $groups = mailchimp_sf_set_all_groups_to_false(); if ( empty( $igs ) ) { return new StdClass(); @@ -976,19 +1117,25 @@ function mailchimpSF_groups_submit( $igs ) { foreach ( $igs as $ig ) { $ig_id = $ig['id']; - if ( get_option( 'mc_show_interest_groups_' . $ig_id ) == 'on' && 'hidden' !== $ig['type'] ) { + if ( get_option( 'mc_show_interest_groups_' . $ig_id ) === 'on' && 'hidden' !== $ig['type'] ) { switch ( $ig['type'] ) { case 'dropdown': case 'radio': // there can only be one value submitted for radio/dropdowns, so use that at the group id. if ( isset( $_POST['group'][ $ig_id ] ) && ! empty( $_POST['group'][ $ig_id ] ) ) { - $value = $_POST['group'][ $ig_id ]; + $value = sanitize_text_field( wp_unslash( $_POST['group'][ $ig_id ] ) ); $groups->$value = true; } break; case 'checkboxes': if ( isset( $_POST['group'][ $ig_id ] ) ) { - foreach ( $_POST['group'][ $ig_id ] as $id => $value ) { + $ig_ids = array_map( + 'sanitize_text_field', + array_keys( + stripslashes_deep( $_POST['group'][ $ig_id ] ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + ) + ); + foreach ( $ig_ids as $id ) { $groups->$id = true; } } @@ -1002,7 +1149,12 @@ function mailchimpSF_groups_submit( $igs ) { return $groups; } -function mailchimpSF_set_all_groups_to_false() { +/** + * Set all groups to false + * + * @return StdClass + */ +function mailchimp_sf_set_all_groups_to_false() { $toreturn = new StdClass(); foreach ( get_option( 'mc_interest_groups' ) as $grouping ) { @@ -1017,7 +1169,13 @@ function mailchimpSF_set_all_groups_to_false() { return $toreturn; } -function mailchimpSF_verify_key( $api ) { +/** + * Verify key + * + * @param MailChimp_API $api API instance + * @return mixed + */ +function mailchimp_sf_verify_key( $api ) { $user = $api->get( '' ); if ( is_wp_error( $user ) ) { return $user; @@ -1025,7 +1183,7 @@ function mailchimpSF_verify_key( $api ) { // Might as well set this data if we have it already. $valid_roles = array( 'owner', 'admin', 'manager' ); - if ( in_array( $user['role'], $valid_roles ) ) { + if ( in_array( $user['role'], $valid_roles, true ) ) { update_option( 'mc_api_key', $api->key ); update_option( 'mc_user', $user ); update_option( 'mc_datacenter', $api->datacenter ); @@ -1034,19 +1192,30 @@ function mailchimpSF_verify_key( $api ) { $msg = __( 'API Key must belong to "Owner", "Admin", or "Manager."', 'mailchimp_i18n' ); return new WP_Error( 'mc-invalid-role', $msg ); } - return; } -function mailchimpSF_update_profile_url( $email ) { - $dc = get_option( 'mc_datacenter' ); - $eid = base64_encode( $email ); +/** + * Update profile URL. + * + * @param string $email Email + * @return string + */ +function mailchimp_sf_update_profile_url( $email ) { + $dc = get_option( 'mc_datacenter' ); + // This is the expected encoding for emails. + $eid = base64_encode( $email ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode $user = get_option( 'mc_user' ); $list_id = get_option( 'mc_list_id' ); $url = 'http://' . $dc . '.list-manage.com/subscribe/send-email?u=' . $user['account_id'] . '&id=' . $list_id . '&e=' . $eid; return $url; } -function mailchimpSF_signup_form_url() { +/** + * Get signup form URL. + * + * @return string + */ +function mailchimp_sf_signup_form_url() { $dc = get_option( 'mc_datacenter' ); $user = get_option( 'mc_user' ); $list_id = get_option( 'mc_list_id' ); @@ -1054,7 +1223,13 @@ function mailchimpSF_signup_form_url() { return $url; } -function mailchimpSF_delete_options( $options = array() ) { +/** + * Delete options + * + * @param array $options Options + * @return void + */ +function mailchimp_sf_delete_options( $options = array() ) { foreach ( $options as $option ) { delete_option( $option ); } @@ -1068,7 +1243,7 @@ function mailchimpSF_delete_options( $options = array() ) { * * This function must be ran _very early_ in the load process, as it sets up important constants for the rest of the plugin */ -function mailchimpSF_where_am_i() { +function mailchimp_sf_where_am_i() { $locations = array( 'plugins' => array( 'dir' => plugin_dir_path( __FILE__ ), @@ -1089,7 +1264,7 @@ function mailchimpSF_where_am_i() { ); // Set defaults - $mscf_dirbase = trailingslashit( basename( dirname( __FILE__ ) ) ); // Typically wp-mailchimp/ or mailchimp/ + $mscf_dirbase = trailingslashit( basename( __DIR__ ) ); // Typically wp-mailchimp/ or mailchimp/ $mscf_dir = trailingslashit( plugin_dir_path( __FILE__ ) ); $mscf_url = trailingslashit( plugins_url( null, __FILE__ ) ); @@ -1131,7 +1306,7 @@ function mailchimpSF_where_am_i() { * @param string|int $action Should give context to what is taking place and be the same when nonce was created. * @return bool Whether the nonce check passed or failed. */ -function mailchimpSF_verify_nonce( $nonce, $action = -1 ) { +function mailchimp_sf_verify_nonce( $nonce, $action = -1 ) { $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { @@ -1171,7 +1346,7 @@ function mailchimpSF_verify_nonce( $nonce, $action = -1 ) { * @param string $action Scalar value to add context to the nonce. * @return string The token. */ -function mailchimpSF_create_nonce( $action = -1 ) { +function mailchimp_sf_create_nonce( $action = -1 ) { $user = wp_get_current_user(); $uid = (int) $user->ID; if ( ! $uid ) { diff --git a/mailchimp_compat.php b/mailchimp_compat.php index b6f5ae4..f1ec5c1 100644 --- a/mailchimp_compat.php +++ b/mailchimp_compat.php @@ -1,23 +1,39 @@
- Settings and click Mailchimp Setup to try again.', 'mailchimp_i18n' ); ?> + Settings and click Mailchimp Setup to try again.', + 'mailchimp_i18n', + ), + [ + 'strong' => [], + ] + ); + ?>
'; - echo $header; // don't escape $header b/c it may have HTML allowed - echo ! empty( $after_title ) ? $after_title : ''; + if ( strlen( $header ) === strlen( wp_strip_all_tags( $header ) ) ) { + echo ! empty( $before_title ) ? wp_kses_post( $before_title ) : '
'; + echo wp_kses_post( $header ); // don't escape $header b/c it may have HTML allowed + echo ! empty( $after_title ) ? wp_kses_post( $after_title ) : '
'; } else { - echo $header; // don't escape $header b/c it may have HTML allowed + echo wp_kses_post( $header ); // don't escape $header b/c it may have HTML allowed } } $sub_heading = trim( get_option( 'mc_subheader_content' ) ); - if ( get_option( 'mc_nuke_all_styles' ) != true ) { + if ( get_option( 'mc_nuke_all_styles' ) !== true ) { ?>