diff --git a/README.md b/README.md
index 280be3e..58b531e 100644
--- a/README.md
+++ b/README.md
@@ -43,11 +43,11 @@ WordPress v2.8 or higher:
If you are adding it inside a php code block, pop this in:
-` mailchimpSF_signup_form(); `
+` mailchimp_sf_signup_form(); `
Or, if you are dropping it in between a bunch of HTML, use this:
-``
+``
Where ever you want it to show up.
@@ -55,6 +55,8 @@ Where ever you want it to show up.
If you are upgrading to version 1.2.1 and you used the widget in your sidebar previously, all you need to do is drag the `Mailchimp Widget` back into the sidebar, visit the Mailchimp settings page (which will have maintained your prior settings), click the "Update List" button, and you're done!
+If you are upgrading to version 1.6.0, you will need to updated any references to display function `mailchimpSF_signup_form` to `mailchimp_sf_signup_form`.
+
## Internationalization (i18n)
Currently we have the plugin configured so it can be translated and the following languages supported:
diff --git a/lib/mailchimp/mailchimp.php b/lib/mailchimp/mailchimp.php
index 50efed4..478572e 100644
--- a/lib/mailchimp/mailchimp.php
+++ b/lib/mailchimp/mailchimp.php
@@ -1,23 +1,77 @@
key = $api_key;
$dc = explode( '-', $api_key );
$this->datacenter = empty( $dc[1] ) ? 'us1' : $dc[1];
$this->api_url = 'https://' . $this->datacenter . '.api.mailchimp.com/3.0/';
- return;
}
+ /**
+ * Get endpoint.
+ *
+ * @param string $endpoint The Mailchimp endpoint.
+ * @param integer $count The count to retrieve.
+ * @param array $fields The fields to retrieve.
+ * @return mixed
+ */
public function get( $endpoint, $count = 10, $fields = array() ) {
$query_params = '';
@@ -47,7 +101,7 @@ public function get( $endpoint, $count = 10, $fields = array() ) {
$request = wp_remote_get( $url, $args );
- if ( is_array( $request ) && 200 == $request['response']['code'] ) {
+ if ( is_array( $request ) && 200 === $request['response']['code'] ) {
return json_decode( $request['body'], true );
} elseif ( is_array( $request ) && $request['response']['code'] ) {
$error = json_decode( $request['body'], true );
@@ -58,6 +112,14 @@ public function get( $endpoint, $count = 10, $fields = array() ) {
}
}
+ /**
+ * Sends request to Mailchimp endpoint.
+ *
+ * @param string $endpoint The endpoint to send the request.
+ * @param string $body The body of the request
+ * @param string $method The request method.
+ * @return mixed
+ */
public function post( $endpoint, $body, $method = 'POST' ) {
$url = $this->api_url . $endpoint;
@@ -68,11 +130,11 @@ public function post( $endpoint, $body, $method = 'POST' ) {
'httpversion' => '1.1',
'user-agent' => 'Mailchimp WordPress Plugin/' . get_bloginfo( 'url' ),
'headers' => array( 'Authorization' => 'apikey ' . $this->key ),
- 'body' => json_encode( $body ),
+ 'body' => wp_json_encode( $body ),
);
$request = wp_remote_post( $url, $args );
- if ( is_array( $request ) && 200 == $request['response']['code'] ) {
+ if ( is_array( $request ) && 200 === $request['response']['code'] ) {
return json_decode( $request['body'], true );
} else {
if ( is_wp_error( $request ) ) {
@@ -86,7 +148,7 @@ public function post( $endpoint, $body, $method = 'POST' ) {
// Email address doesn't come back from the API, so if something's wrong, it's that.
$field_name = 'Email Address';
$body['errors'][0]['message'] = 'Please fill out a valid email address.';
- } elseif ( $merge['tag'] == $body['errors'][0]['field'] ) {
+ } elseif ( $merge['tag'] === $body['errors'][0]['field'] ) {
$field_name = $merge['name'];
}
}
diff --git a/mailchimp.php b/mailchimp.php
index 83be5cf..7ce2b23 100644
--- a/mailchimp.php
+++ b/mailchimp.php
@@ -10,6 +10,8 @@
* Author URI: https://mailchimp.com/
* License: GPL-2.0-or-later
* License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
+ *
+ * @package Mailchimp
**/
/**
@@ -37,7 +39,7 @@
define( 'MCSF_CAP_THRESHOLD', 'manage_options' );
// Define our location constants, both MCSF_DIR and MCSF_URL
-mailchimpSF_where_am_i();
+mailchimp_sf_where_am_i();
// Get our Mailchimp API class in scope
if ( ! class_exists( 'MailChimp_API' ) ) {
@@ -46,10 +48,10 @@
}
// includes the widget code so it can be easily called either normally or via ajax
-include_once 'mailchimp_widget.php';
+require_once 'mailchimp_widget.php';
// includes the backwards compatibility functions
-include_once 'mailchimp_compat.php';
+require_once 'mailchimp_compat.php';
/**
* Do the following plugin setup steps here
@@ -59,7 +61,7 @@
*
* @return void
*/
-function mailchimpSF_plugin_init() {
+function mailchimp_sf_plugin_init() {
// Internationalize the plugin
$textdomain = 'mailchimp_i18n';
$locale = apply_filters( 'plugin_locale', get_locale(), $textdomain );
@@ -67,15 +69,15 @@ function mailchimpSF_plugin_init() {
// Remove Sopresto check. If user does not have API key, make them authenticate.
- if ( get_option( 'mc_list_id' ) && get_option( 'mc_merge_field_migrate' ) != true && mailchimpSF_get_api() !== false ) {
- mailchimpSF_update_merge_fields( get_option( 'mc_list_id' ) );
+ if ( get_option( 'mc_list_id' ) && get_option( 'mc_merge_field_migrate' ) !== true && mailchimp_sf_get_api() !== false ) {
+ mailchimp_sf_update_merge_fields();
}
// Bring in our appropriate JS and CSS resources
- mailchimpSF_load_resources();
+ mailchimp_sf_load_resources();
}
-add_action( 'init', 'mailchimpSF_plugin_init' );
+add_action( 'init', 'mailchimp_sf_plugin_init' );
/**
* Add the settings link to the Mailchimp plugin row
@@ -83,13 +85,14 @@ function mailchimpSF_plugin_init() {
* @param array $links - Links for the plugin
* @return array - Links
*/
-function mailchimpSD_plugin_action_links( $links ) {
- $settings_page = add_query_arg( array( 'page' => 'mailchimpSF_options' ), admin_url( 'options-general.php' ) );
+function mailchimp_sf_plugin_action_links( $links ) {
+ $settings_page = add_query_arg( array( 'page' => 'mailchimp_sf_options' ), admin_url( 'options-general.php' ) );
$settings_link = '' . __( 'Settings', 'mailchimp_i18n' ) . '';
array_unshift( $links, $settings_link );
return $links;
}
-add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'mailchimpSD_plugin_action_links', 10, 1 );
+
+add_filter( 'plugin_action_links_' . plugin_basename( __FILE__ ), 'mailchimp_sf_plugin_action_links', 10, 1 );
/**
* Loads the appropriate JS and CSS resources depending on
@@ -97,16 +100,16 @@ function mailchimpSD_plugin_action_links( $links ) {
*
* @return void
*/
-function mailchimpSF_load_resources() {
+function mailchimp_sf_load_resources() {
// JS
- if ( get_option( 'mc_use_javascript' ) == 'on' ) {
+ if ( get_option( 'mc_use_javascript' ) === 'on' ) {
if ( ! is_admin() ) {
- wp_enqueue_script( 'jquery_scrollto', MCSF_URL . 'js/scrollTo.js', array( 'jquery' ), MCSF_VER );
- wp_enqueue_script( 'mailchimpSF_main_js', MCSF_URL . 'js/mailchimp.js', array( 'jquery', 'jquery-form' ), MCSF_VER );
+ wp_enqueue_script( 'jquery_scrollto', MCSF_URL . 'js/scrollTo.js', array( 'jquery' ), MCSF_VER, true );
+ wp_enqueue_script( 'mailchimp_sf_main_js', MCSF_URL . 'js/mailchimp.js', array( 'jquery', 'jquery-form' ), MCSF_VER, true );
// some javascript to get ajax version submitting to the proper location
global $wp_scripts;
$wp_scripts->localize(
- 'mailchimpSF_main_js',
+ 'mailchimp_sf_main_js',
'mailchimpSF',
array(
'ajax_url' => trailingslashit( home_url() ),
@@ -115,19 +118,19 @@ function mailchimpSF_load_resources() {
}
}
- if ( get_option( 'mc_use_datepicker' ) == 'on' && ! is_admin() ) {
+ if ( get_option( 'mc_use_datepicker' ) === 'on' && ! is_admin() ) {
// Datepicker theme
- wp_enqueue_style( 'flick', MCSF_URL . 'css/flick/flick.css' );
+ wp_enqueue_style( 'flick', MCSF_URL . 'css/flick/flick.css', array(), MCSF_VER );
// Datepicker JS
- wp_enqueue_script( 'datepicker', MCSF_URL . 'js/datepicker.js', array( 'jquery', 'jquery-ui-core' ) );
+ wp_enqueue_script( 'datepicker', MCSF_URL . 'js/datepicker.js', array( 'jquery', 'jquery-ui-core' ), MCSF_VER, true );
}
- if ( get_option( 'mc_nuke_all_styles' ) != true ) {
- wp_enqueue_style( 'mailchimpSF_main_css', home_url( '?mcsf_action=main_css&ver=' . MCSF_VER, 'relative' ) );
- wp_enqueue_style( 'mailchimpSF_ie_css', MCSF_URL . 'css/ie.css' );
+ if ( get_option( 'mc_nuke_all_styles' ) !== true ) {
+ wp_enqueue_style( 'mailchimp_sf_main_css', home_url( '?mcsf_action=main_css&ver=' . MCSF_VER, 'relative' ), array(), MCSF_VER );
+ wp_enqueue_style( 'mailchimp_sf_ie_css', MCSF_URL . 'css/ie.css', array(), MCSF_VER );
global $wp_styles;
- $wp_styles->add_data( 'mailchimpSF_ie_css', 'conditional', 'IE' );
+ $wp_styles->add_data( 'mailchimp_sf_ie_css', 'conditional', 'IE' );
}
}
@@ -138,9 +141,10 @@ function mailchimpSF_load_resources() {
* @return void
*/
function mc_admin_page_load_resources() {
- wp_enqueue_style( 'mailchimpSF_admin_css', MCSF_URL . 'css/admin.css' );
+ wp_enqueue_style( 'mailchimp_sf_admin_css', MCSF_URL . 'css/admin.css', array(), true );
}
-add_action( 'load-settings_page_mailchimpSF_options', 'mc_admin_page_load_resources' );
+
+add_action( 'load-settings_page_mailchimp_sf_options', 'mc_admin_page_load_resources' );
/**
@@ -149,32 +153,36 @@ function mc_admin_page_load_resources() {
function mc_datepicker_load() {
require_once MCSF_DIR . '/views/datepicker.php';
}
-if ( get_option( 'mc_use_datepicker' ) == 'on' && ! is_admin() ) {
+
+if ( get_option( 'mc_use_datepicker' ) === 'on' && ! is_admin() ) {
add_action( 'wp_head', 'mc_datepicker_load' );
}
/**
* Handles requests that as light-weight a load as possible.
* typically, JS or CSS
- **/
-function mailchimpSF_early_request_handler() {
- if ( isset( $_GET['mcsf_action'] ) ) {
- switch ( $_GET['mcsf_action'] ) {
+ *
+ * @return void
+ */
+function mailchimp_sf_early_request_handler() {
+ if ( isset( $_GET['mcsf_action'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- ignoring because this is only adding CSS
+ switch ( $_GET['mcsf_action'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- ignoring because this is only adding CSS
case 'main_css':
header( 'Content-type: text/css' );
- mailchimpSF_main_css();
+ mailchimp_sf_main_css();
exit;
}
}
}
-add_action( 'init', 'mailchimpSF_early_request_handler', 0 );
+
+add_action( 'init', 'mailchimp_sf_early_request_handler', 0 );
/**
* Outputs the front-end CSS. This checks several options, so it
* was best to put it in a Request-handled script, as opposed to
* a static file.
*/
-function mailchimpSF_main_css() {
+function mailchimp_sf_main_css() {
require_once MCSF_DIR . '/views/css/frontend.php';
}
@@ -184,68 +192,84 @@ function mailchimpSF_main_css() {
*
* @return void
*/
-function mailchimpSF_add_pages() {
+function mailchimp_sf_add_pages() {
// Add settings page for users who can edit plugins
add_options_page(
__( 'Mailchimp Setup', 'mailchimp_i18n' ),
__( 'Mailchimp Setup', 'mailchimp_i18n' ),
MCSF_CAP_THRESHOLD,
- 'mailchimpSF_options',
- 'mailchimpSF_setup_page'
+ 'mailchimp_sf_options',
+ 'mailchimp_sf_setup_page'
);
}
-add_action( 'admin_menu', 'mailchimpSF_add_pages' );
+add_action( 'admin_menu', 'mailchimp_sf_add_pages' );
-function mailchimpSF_request_handler() {
+/**
+ * Request handler
+ *
+ * @return void
+ */
+function mailchimp_sf_request_handler() {
if ( isset( $_POST['mcsf_action'] ) ) {
switch ( $_POST['mcsf_action'] ) {
case 'login':
- $key = trim( $_POST['mailchimpSF_api_key'] );
+ $key = isset( $_POST['mailchimp_sf_api_key'] ) ? trim( sanitize_text_field( wp_unslash( $_POST['mailchimp_sf_api_key'] ) ) ) : '';
try {
$api = new MailChimp_API( $key );
} catch ( Exception $e ) {
$msg = '' . $e->getMessage() . '';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
break;
}
- $key = mailchimpSF_verify_key( $api );
+ $key = mailchimp_sf_verify_key( $api );
if ( is_wp_error( $key ) ) {
$msg = '' . $key->get_error_message() . '';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
break;
case 'logout':
// Check capability & Verify nonce
- if ( ! current_user_can( MCSF_CAP_THRESHOLD ) || ! wp_verify_nonce( $_POST['_mcsf_nonce_action'], 'mc_logout' ) ) {
+ if (
+ ! current_user_can( MCSF_CAP_THRESHOLD ) ||
+ ! isset( $_POST['_mcsf_nonce_action'] ) ||
+ ! wp_verify_nonce( sanitize_key( $_POST['_mcsf_nonce_action'] ), 'mc_logout' )
+ ) {
wp_die( 'Cheatin’ huh?' );
}
// erase auth information
$options = array( 'mc_api_key', 'mc_sopresto_user', 'mc_sopresto_public_key', 'mc_sopresto_secret_key' );
- mailchimpSF_delete_options( $options );
+ mailchimp_sf_delete_options( $options );
break;
case 'change_form_settings':
- if ( ! current_user_can( MCSF_CAP_THRESHOLD ) || ! wp_verify_nonce( $_POST['_mcsf_nonce_action'], 'update_general_form_settings' ) ) {
+ if (
+ ! current_user_can( MCSF_CAP_THRESHOLD ) ||
+ ! isset( $_POST['_mcsf_nonce_action'] ) ||
+ ! wp_verify_nonce( sanitize_key( $_POST['_mcsf_nonce_action'] ), 'update_general_form_settings' )
+ ) {
wp_die( 'Cheatin’ huh?' );
}
// Update the form settings
- mailchimpSF_save_general_form_settings();
+ mailchimp_sf_save_general_form_settings();
break;
case 'mc_submit_signup_form':
// Validate nonce
- if ( ! wp_verify_nonce( $_POST['_mc_submit_signup_form_nonce'], 'mc_submit_signup_form' ) ) {
+ if (
+ ! isset( $_POST['_mc_submit_signup_form_nonce'] ) ||
+ ! wp_verify_nonce( sanitize_key( $_POST['_mc_submit_signup_form_nonce'] ), 'mc_submit_signup_form' )
+ ) {
wp_die( 'Cheatin’ huh?' );
}
// Attempt the signup
- mailchimpSF_signup_submit();
+ mailchimp_sf_signup_submit();
// Do a different action for html vs. js
- switch ( $_POST['mc_submit_type'] ) {
+ switch ( isset( $_POST['mc_submit_type'] ) ? $_POST['mc_submit_type'] : '' ) {
case 'html':
/* This gets set elsewhere! */
break;
@@ -253,15 +277,20 @@ function mailchimpSF_request_handler() {
if ( ! headers_sent() ) { // just in case...
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT', true, 200 );
}
- echo mailchimpSF_global_msg(); // Don't esc_html this, b/c we've already escaped it
+ echo wp_kses_post( mailchimp_sf_global_msg() );
exit;
}
}
}
}
-add_action( 'init', 'mailchimpSF_request_handler' );
+add_action( 'init', 'mailchimp_sf_request_handler' );
-function mailchimpSF_migrate_sopresto() {
+/**
+ * Migrate Sopresto
+ *
+ * @return void
+ */
+function mailchimp_sf_migrate_sopresto() {
$sopresto = get_option( 'mc_sopresto_secret_key' );
if ( ! $sopresto ) {
return;
@@ -285,17 +314,17 @@ function mailchimpSF_migrate_sopresto() {
// post to sopresto
$key = wp_remote_post( $url, $args );
- if ( ! is_wp_error( $key ) && 200 == $key['response']['code'] ) {
+ if ( ! is_wp_error( $key ) && 200 === $key['response']['code'] ) {
$key = json_decode( $key['body'] );
try {
$api = new MailChimp_API( $key->response );
} catch ( Exception $e ) {
$msg = '' . $e->getMessage() . '';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
return;
}
- $verify = mailchimpSF_verify_key( $api );
+ $verify = mailchimp_sf_verify_key( $api );
// something went wrong with the key that we had
if ( is_wp_error( $verify ) ) {
@@ -305,29 +334,40 @@ function mailchimpSF_migrate_sopresto() {
delete_option( 'mc_sopresto_public_key' );
delete_option( 'mc_sopresto_secret_key' );
delete_option( 'mc_sopresto_user' );
-
- return;
}
-
- // Nothing to do here.
- return;
}
-function mailchimpSF_update_merge_fields( $list_id ) {
- mailchimpSF_get_merge_vars( get_option( 'mc_list_id' ), true );
- mailchimpSF_get_interest_categories( get_option( 'mc_list_id' ), true );
+/**
+ * Update merge fields
+ *
+ * @return void
+ */
+function mailchimp_sf_update_merge_fields() {
+ mailchimp_sf_get_merge_vars( get_option( 'mc_list_id' ), true );
+ mailchimp_sf_get_interest_categories( get_option( 'mc_list_id' ), true );
update_option( 'mc_merge_field_migrate', true );
}
-function mailchimpSF_auth_nonce_key( $salt = null ) {
+/**
+ * Get auth key
+ *
+ * @param mixed $salt Salt
+ * @return string
+ */
+function mailchimp_sf_auth_nonce_key( $salt = null ) {
if ( is_null( $salt ) ) {
- $salt = mailchimpSF_auth_nonce_salt();
+ $salt = mailchimp_sf_auth_nonce_salt();
}
return 'social_authentication' . md5( AUTH_KEY . $salt );
}
-function mailchimpSF_auth_nonce_salt() {
- return md5( microtime() . $_SERVER['SERVER_ADDR'] );
+/**
+ * Return auth nonce salt
+ *
+ * @return string
+ */
+function mailchimp_sf_auth_nonce_salt() {
+ return md5( microtime() . isset( $_SERVER['SERVER_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['SERVER_ADDR'] ) ) : '' );
}
/**
@@ -335,7 +375,7 @@ function mailchimpSF_auth_nonce_salt() {
*
* @return MailChimp_API | false
*/
-function mailchimpSF_get_api( $force = false ) {
+function mailchimp_sf_get_api() {
$key = get_option( 'mc_api_key' );
if ( $key ) {
return new MailChimp_API( $key );
@@ -350,7 +390,7 @@ function mailchimpSF_get_api( $force = false ) {
*
* @return bool
**/
-function mailchimpSF_needs_upgrade() {
+function mailchimp_sf_needs_upgrade() {
$igs = get_option( 'mc_interest_groups' );
if ( false !== $igs // we have an option
@@ -368,7 +408,7 @@ function mailchimpSF_needs_upgrade() {
/**
* Deletes all Mailchimp options
**/
-function mailchimpSF_delete_setup() {
+function mailchimp_sf_delete_setup() {
$options = array(
'mc_user_id',
'mc_sopresto_user',
@@ -394,21 +434,22 @@ function mailchimpSF_delete_setup() {
$mv = get_option( 'mc_merge_vars' );
if ( is_array( $mv ) ) {
- foreach ( $mv as $var ) {
- $opt = 'mc_mv_' . $var['tag'];
+ foreach ( $mv as $mv_var ) {
+ $opt = 'mc_mv_' . $mv_var['tag'];
$options[] = $opt;
}
}
- mailchimpSF_delete_options( $options );
+ mailchimp_sf_delete_options( $options );
}
/**
* Gets or sets a global message based on parameter passed to it
*
+ * @param mixed $msg Message
* @return string/bool depending on get/set
*/
-function mailchimpSF_global_msg( $msg = null ) {
+function mailchimp_sf_global_msg( $msg = null ) {
global $mcsf_msgs;
// Make sure we're formed properly
@@ -428,8 +469,11 @@ function mailchimpSF_global_msg( $msg = null ) {
/**
* Sets the default options for the option form
- **/
-function mailchimpSF_set_form_defaults( $list_name = '' ) {
+ *
+ * @param string $list_name The Mailchimp list name.
+ * @return void
+ */
+function mailchimp_sf_set_form_defaults( $list_name = '' ) {
update_option( 'mc_header_content', __( 'Sign up for', 'mailchimp_i18n' ) . ' ' . $list_name );
update_option( 'mc_submit_text', __( 'Subscribe', 'mailchimp_i18n' ) );
@@ -454,90 +498,90 @@ function mailchimpSF_set_form_defaults( $list_name = '' ) {
*
* @return void
**/
-function mailchimpSF_save_general_form_settings() {
+function mailchimp_sf_save_general_form_settings() {
// IF NOT DEV MODE
if ( isset( $_POST['mc_rewards'] ) ) {
update_option( 'mc_rewards', 'on' );
$msg = '' . __( 'Monkey Rewards turned On!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
- } elseif ( get_option( 'mc_rewards' ) != 'off' ) {
+ mailchimp_sf_global_msg( $msg );
+ } elseif ( get_option( 'mc_rewards' ) !== 'off' ) {
update_option( 'mc_rewards', 'off' );
$msg = '' . __( 'Monkey Rewards turned Off!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
if ( isset( $_POST['mc_use_javascript'] ) ) {
update_option( 'mc_use_javascript', 'on' );
$msg = '' . __( 'Fancy Javascript submission turned On!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
- } elseif ( get_option( 'mc_use_javascript' ) != 'off' ) {
+ mailchimp_sf_global_msg( $msg );
+ } elseif ( get_option( 'mc_use_javascript' ) !== 'off' ) {
update_option( 'mc_use_javascript', 'off' );
$msg = '' . __( 'Fancy Javascript submission turned Off!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
if ( isset( $_POST['mc_use_datepicker'] ) ) {
update_option( 'mc_use_datepicker', 'on' );
$msg = '' . __( 'Datepicker turned On!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
- } elseif ( get_option( 'mc_use_datepicker' ) != 'off' ) {
+ mailchimp_sf_global_msg( $msg );
+ } elseif ( get_option( 'mc_use_datepicker' ) !== 'off' ) {
update_option( 'mc_use_datepicker', 'off' );
$msg = '' . __( 'Datepicker turned Off!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
/*Enable double optin toggle*/
if ( isset( $_POST['mc_double_optin'] ) ) {
update_option( 'mc_double_optin', true );
$msg = '' . __( 'Double opt-in turned On!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
- } elseif ( get_option( 'mc_double_optin' ) != false ) {
+ mailchimp_sf_global_msg( $msg );
+ } elseif ( get_option( 'mc_double_optin' ) !== false ) {
update_option( 'mc_double_optin', false );
$msg = '' . __( 'Double opt-in turned Off!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
/* NUKE the CSS! */
if ( isset( $_POST['mc_nuke_all_styles'] ) ) {
update_option( 'mc_nuke_all_styles', true );
$msg = '' . __( 'Mailchimp CSS turned Off!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
} elseif ( get_option( 'mc_nuke_all_styles' ) !== false ) {
update_option( 'mc_nuke_all_styles', false );
$msg = '' . __( 'Mailchimp CSS turned On!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
/* Update existing */
if ( isset( $_POST['mc_update_existing'] ) ) {
update_option( 'mc_update_existing', true );
$msg = '' . __( 'Update existing subscribers turned On!' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
} elseif ( get_option( 'mc_update_existing' ) !== false ) {
update_option( 'mc_update_existing', false );
$msg = '' . __( 'Update existing subscribers turned Off!' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
if ( isset( $_POST['mc_use_unsub_link'] ) ) {
update_option( 'mc_use_unsub_link', 'on' );
$msg = '' . __( 'Unsubscribe link turned On!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
- } elseif ( get_option( 'mc_use_unsub_link' ) != 'off' ) {
+ mailchimp_sf_global_msg( $msg );
+ } elseif ( get_option( 'mc_use_unsub_link' ) !== 'off' ) {
update_option( 'mc_use_unsub_link', 'off' );
$msg = '' . __( 'Unsubscribe link turned Off!', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
- $content = stripslashes( $_POST['mc_header_content'] );
+ $content = isset( $_POST['mc_header_content'] ) ? wp_kses_post( wp_unslash( $_POST['mc_header_content'] ) ) : '';
$content = str_replace( "\r\n", '
', $content );
update_option( 'mc_header_content', $content );
- $content = stripslashes( $_POST['mc_subheader_content'] );
+ $content = isset( $_POST['mc_subheader_content'] ) ? wp_kses_post( wp_unslash( $_POST['mc_subheader_content'] ) ) : '';
$content = str_replace( "\r\n", '
', $content );
update_option( 'mc_subheader_content', $content );
- $submit_text = stripslashes( $_POST['mc_submit_text'] );
+ $submit_text = isset( $_POST['mc_submit_text'] ) ? sanitize_text_field( wp_unslash( $_POST['mc_submit_text'] ) ) : '';
$submit_text = str_replace( "\r\n", '', $submit_text );
update_option( 'mc_submit_text', $submit_text );
@@ -546,23 +590,23 @@ function mailchimpSF_save_general_form_settings() {
// we told them not to put these things we are replacing in, but let's just make sure they are listening...
if ( isset( $_POST['mc_form_border_width'] ) ) {
- update_option( 'mc_form_border_width', str_replace( 'px', '', $_POST['mc_form_border_width'] ) );
+ update_option( 'mc_form_border_width', str_replace( 'px', '', absint( $_POST['mc_form_border_width'] ) ) );
}
if ( isset( $_POST['mc_form_border_color'] ) ) {
- update_option( 'mc_form_border_color', str_replace( '#', '', $_POST['mc_form_border_color'] ) );
+ update_option( 'mc_form_border_color', str_replace( '#', '', sanitize_text_field( wp_unslash( $_POST['mc_form_border_color'] ) ) ) );
}
if ( isset( $_POST['mc_form_background'] ) ) {
- update_option( 'mc_form_background', str_replace( '#', '', $_POST['mc_form_background'] ) );
+ update_option( 'mc_form_background', str_replace( '#', '', sanitize_text_field( wp_unslash( $_POST['mc_form_background'] ) ) ) );
}
if ( isset( $_POST['mc_form_text_color'] ) ) {
- update_option( 'mc_form_text_color', str_replace( '#', '', $_POST['mc_form_text_color'] ) );
+ update_option( 'mc_form_text_color', str_replace( '#', '', sanitize_text_field( wp_unslash( $_POST['mc_form_text_color'] ) ) ) );
}
// IF NOT DEV MODE
$igs = get_option( 'mc_interest_groups' );
if ( is_array( $igs ) ) {
- foreach ( $igs as $var ) {
- $opt = 'mc_show_interest_groups_' . $var['id'];
+ foreach ( $igs as $mv_var ) {
+ $opt = 'mc_show_interest_groups_' . $mv_var['id'];
if ( isset( $_POST[ $opt ] ) ) {
update_option( $opt, 'on' );
} else {
@@ -573,9 +617,9 @@ function mailchimpSF_save_general_form_settings() {
$mv = get_option( 'mc_merge_vars' );
if ( is_array( $mv ) ) {
- foreach ( $mv as $var ) {
- $opt = 'mc_mv_' . $var['tag'];
- if ( isset( $_POST[ $opt ] ) || 'Y' == $var['required'] ) {
+ foreach ( $mv as $mv_var ) {
+ $opt = 'mc_mv_' . $mv_var['tag'];
+ if ( isset( $_POST[ $opt ] ) || 'Y' === $mv_var['required'] ) {
update_option( $opt, 'on' );
} else {
update_option( $opt, 'off' );
@@ -584,17 +628,17 @@ function mailchimpSF_save_general_form_settings() {
}
$msg = '' . esc_html( __( 'Successfully Updated your List Subscribe Form Settings!', 'mailchimp_i18n' ) ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
/**
* Sees if the user changed the list, and updates options accordingly
**/
-function mailchimpSF_change_list_if_necessary() {
+function mailchimp_sf_change_list_if_necessary() {
// Simple permission check before going through all this
if ( ! current_user_can( MCSF_CAP_THRESHOLD ) ) { return; }
- $api = mailchimpSF_get_api();
+ $api = mailchimp_sf_get_api();
if ( ! $api ) { return; }
// we *could* support paging, but few users have that many lists (and shouldn't)
@@ -609,51 +653,60 @@ function mailchimpSF_change_list_if_necessary() {
* is in our array of lists, the set it to be the active list
*/
foreach ( $lists as $key => $list ) {
- if ( $list['id'] == $_POST['mc_list_id'] ) {
- $list_id = $_POST['mc_list_id'];
+ if ( isset( $_POST['mc_list_id'] ) && $list['id'] === $_POST['mc_list_id'] ) {
+ $list_id = sanitize_text_field( wp_unslash( $_POST['mc_list_id'] ) );
$list_name = $list['name'];
$list_key = $key;
}
}
$orig_list = get_option( 'mc_list_id' );
- if ( '' != $list_id ) {
+ if ( '' !== $list_id ) {
update_option( 'mc_list_id', $list_id );
update_option( 'mc_list_name', $list_name );
update_option( 'mc_email_type_option', $lists[ $list_key ]['email_type_option'] );
// See if the user changed the list
$new_list = false;
- if ( $orig_list != $list_id ) {
+ if ( $orig_list !== $list_id ) {
// The user changed the list, Reset the Form Defaults
- mailchimpSF_set_form_defaults( $list_name );
+ mailchimp_sf_set_form_defaults( $list_name );
$new_list = true;
}
// Grab the merge vars and interest groups
- $mv = mailchimpSF_get_merge_vars( $list_id, $new_list );
- $igs = mailchimpSF_get_interest_categories( $list_id, $new_list );
+ $mv = mailchimp_sf_get_merge_vars( $list_id, $new_list );
+ $igs = mailchimp_sf_get_interest_categories( $list_id, $new_list );
$igs_text = ' ';
if ( is_array( $igs ) ) {
+ // translators: placeholder is a count (number)
$igs_text .= sprintf( __( 'and %s Sets of Interest Groups', 'mailchimp_i18n' ), count( $igs ) );
}
$msg = '' .
sprintf(
+ // translators: placeholder is a count (number)
__( 'Success! Loaded and saved the info for %d Merge Variables', 'mailchimp_i18n' ) . $igs_text,
count( $mv )
) . ' ' .
__( 'from your list' ) . ' "' . $list_name . '"
' .
__( 'Now you should either Turn On the Mailchimp Widget or change your options below, then turn it on.', 'mailchimp_i18n' ) . '
';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
}
}
}
-function mailchimpSF_get_merge_vars( $list_id, $new_list ) {
- $api = mailchimpSF_get_api();
+/**
+ * Get merge vars
+ *
+ * @param string $list_id List ID
+ * @param bool $new_list Whether this is a new list
+ * @return void
+ */
+function mailchimp_sf_get_merge_vars( $list_id, $new_list ) {
+ $api = mailchimp_sf_get_api();
$mv = $api->get( 'lists/' . $list_id . '/merge-fields', 80 );
// if we get an error back from the api, exit this process.
@@ -661,10 +714,10 @@ function mailchimpSF_get_merge_vars( $list_id, $new_list ) {
return;
}
- $mv['merge_fields'] = mailchimpSF_add_email_field( $mv['merge_fields'] );
+ $mv['merge_fields'] = mailchimp_sf_add_email_field( $mv['merge_fields'] );
update_option( 'mc_merge_vars', $mv['merge_fields'] );
- foreach ( $mv['merge_fields'] as $var ) {
- $opt = 'mc_mv_' . $var['tag'];
+ foreach ( $mv['merge_fields'] as $mv_var ) {
+ $opt = 'mc_mv_' . $mv_var['tag'];
// turn them all on by default
if ( $new_list ) {
update_option( $opt, 'on' );
@@ -673,7 +726,13 @@ function mailchimpSF_get_merge_vars( $list_id, $new_list ) {
return $mv['merge_fields'];
}
-function mailchimpSF_add_email_field( $merge ) {
+/**
+ * Add email field
+ *
+ * @param array $merge Merge
+ * @return array
+ */
+function mailchimp_sf_add_email_field( $merge ) {
$email = array(
'tag' => 'EMAIL',
'name' => __( 'Email Address', 'mailchimp_i18n' ),
@@ -687,8 +746,15 @@ function mailchimpSF_add_email_field( $merge ) {
return $merge;
}
-function mailchimpSF_get_interest_categories( $list_id, $new_list ) {
- $api = mailchimpSF_get_api();
+/**
+ * Get interest categories
+ *
+ * @param string $list_id List ID
+ * @param bool $new_list Whether this is a new list
+ * @return array
+ */
+function mailchimp_sf_get_interest_categories( $list_id, $new_list ) {
+ $api = mailchimp_sf_get_api();
$igs = $api->get( 'lists/' . $list_id . '/interest-categories', 60 );
// if we get an error back from the api, exis
@@ -707,7 +773,7 @@ function mailchimpSF_get_interest_categories( $list_id, $new_list ) {
if ( $new_list ) {
update_option( $opt, 'on' );
}
- $key++;
+ ++$key;
}
}
update_option( 'mc_interest_groups', $igs['categories'] );
@@ -718,26 +784,35 @@ function mailchimpSF_get_interest_categories( $list_id, $new_list ) {
/**
* Outputs the Settings/Options page
*/
-function mailchimpSF_setup_page() {
+function mailchimp_sf_setup_page() {
$path = plugin_dir_path( __FILE__ );
- wp_enqueue_script( 'showMe', MCSF_URL . 'js/hidecss.js', array( 'jquery' ), MCSF_VER );
+ wp_enqueue_script( 'showMe', MCSF_URL . 'js/hidecss.js', array( 'jquery' ), MCSF_VER, true );
require_once $path . '/views/setup_page.php';
-} // mailchimpSF_setup_page()
-
+}
-function mailchimpSF_register_widgets() {
- if ( mailchimpSF_get_api() ) {
- register_widget( 'mailchimpSF_Widget' );
+/**
+ * Register the widget.
+ *
+ * @return void
+ */
+function mailchimp_sf_register_widgets() {
+ if ( mailchimp_sf_get_api() ) {
+ register_widget( 'Mailchimp_SF_Widget' );
}
}
-add_action( 'widgets_init', 'mailchimpSF_register_widgets' );
+add_action( 'widgets_init', 'mailchimp_sf_register_widgets' );
-function mailchimpSF_shortcode( $atts ) {
+/**
+ * Add shortcode
+ *
+ * @return string
+ */
+function mailchimp_sf_shortcode() {
ob_start();
- mailchimpSF_signup_form();
+ mailchimp_sf_signup_form();
return ob_get_clean();
}
-add_shortcode( 'mailchimpsf_form', 'mailchimpSF_shortcode' );
+add_shortcode( 'mailchimpsf_form', 'mailchimp_sf_shortcode' );
/**
* Attempts to signup a user, per the $_POST args.
@@ -747,22 +822,21 @@ function mailchimpSF_shortcode( $atts ) {
*
* @return bool
*/
-function mailchimpSF_signup_submit() {
+function mailchimp_sf_signup_submit() {
$mv = get_option( 'mc_merge_vars', array() );
$mv_tag_keys = array();
$igs = get_option( 'mc_interest_groups', array() );
- $listId = get_option( 'mc_list_id' );
- $email = isset( $_POST['mc_mv_EMAIL'] ) ? strip_tags( stripslashes( $_POST['mc_mv_EMAIL'] ) ) : '';
- $merge = $errs = $html_errs = array(); // Set up some vars
+ $list_id = get_option( 'mc_list_id' );
+ $email = isset( $_POST['mc_mv_EMAIL'] ) ? wp_strip_all_tags( wp_unslash( $_POST['mc_mv_EMAIL'] ) ) : '';
- $merge = mailchimpSF_merge_submit( $mv );
+ $merge = mailchimp_sf_merge_submit( $mv );
// Catch errors and fail early.
if ( is_wp_error( $merge ) ) {
$msg = '' . $merge->get_error_message() . '';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
return false;
}
@@ -771,46 +845,64 @@ function mailchimpSF_signup_submit() {
reset( $mv );
// Ensure we have an array
$igs = ! is_array( $igs ) ? array() : $igs;
- $igs = mailchimpSF_groups_submit( $igs );
+ $igs = mailchimp_sf_groups_submit( $igs );
// Clear out empty merge vars
- $merge = mailchimpSF_merge_remove_empty( $merge );
- if ( isset( $_POST['email_type'] ) && in_array( $_POST['email_type'], array( 'text', 'html', 'mobile' ) ) ) {
- $email_type = $_POST['email_type'];
+ $merge = mailchimp_sf_merge_remove_empty( $merge );
+ if ( isset( $_POST['email_type'] ) && in_array( $_POST['email_type'], array( 'text', 'html', 'mobile' ), true ) ) {
+ $email_type = sanitize_text_field( wp_unslash( $_POST['email_type'] ) );
} else {
$email_type = 'html';
}
- $api = mailchimpSF_get_api();
+ $api = mailchimp_sf_get_api();
if ( ! $api ) {
- $url = mailchimpSF_signup_form_url();
- $error = '' . __( 'We encountered a problem adding ' . $email . ' to the list. Please sign up here.' ) . '';
- mailchimpSF_global_msg( $error );
+ $url = mailchimp_sf_signup_form_url();
+ $error = sprintf(
+ '%s',
+ wp_kses(
+ sprintf(
+ // translators: first placeholder is email address, second is url
+ __(
+ 'We encountered a problem adding %1$s to the list. Please sign up here.',
+ 'mailchimp_i18n'
+ ),
+ esc_html( $email ),
+ esc_url( $url )
+ ),
+ [
+ 'a' => [
+ 'href',
+ ],
+ ]
+ )
+ );
+ mailchimp_sf_global_msg( $error );
return false;
}
- $url = 'lists/' . $listId . '/members/' . md5( strtolower( $email ) );
- $status = mailchimpSF_check_status( $url );
+ $url = 'lists/' . $list_id . '/members/' . md5( strtolower( $email ) );
+ $status = mailchimp_sf_check_status( $url );
// If update existing is turned off and the subscriber exists, error out.
- if ( get_option( 'mc_update_existing' ) == false && 'subscribed' === $status ) {
+ if ( get_option( 'mc_update_existing' ) === false && 'subscribed' === $status ) {
$msg = 'This email address is already subscribed to the list.';
$error = new WP_Error( 'mailchimp-update-existing', $msg );
- mailchimpSF_global_msg( '' . $msg . '' );
+ mailchimp_sf_global_msg( '' . $msg . '' );
return false;
}
- $body = mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status, get_option( 'mc_double_optin' ) );
+ $body = mailchimp_sf_subscribe_body( $merge, $igs, $email_type, $email, $status, get_option( 'mc_double_optin' ) );
$retval = $api->post( $url, $body, 'PUT' );
// If we have errors, then show them
if ( is_wp_error( $retval ) ) {
$msg = '' . $retval->get_error_message() . '';
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
return false;
}
- if ( 'subscribed' == $retval['status'] ) {
+ if ( 'subscribed' === $retval['status'] ) {
$esc = __( 'Success, you\'ve been signed up.', 'mailchimp_i18n' );
$msg = "{$esc}";
} else {
@@ -819,17 +911,24 @@ function mailchimpSF_signup_submit() {
}
// Set our global message
- mailchimpSF_global_msg( $msg );
+ mailchimp_sf_global_msg( $msg );
return true;
}
- /*
- Cleans up merge fields and interests to make them
- API 3.0-friendly.
- */
-
-function mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status, $double_optin ) {
+/**
+ * Cleans up merge fields and interests to make them
+ * API 3.0-friendly.
+ *
+ * @param [type] $merge Merge fields
+ * @param [type] $igs Interest groups
+ * @param string $email_type Email type
+ * @param string $email Email
+ * @param string $status Status
+ * @param bool $double_optin Whether this is double optin
+ * @return stdClass
+ */
+function mailchimp_sf_subscribe_body( $merge, $igs, $email_type, $email, $status, $double_optin ) {
$body = new stdClass();
$body->email_address = $email;
$body->email_type = $email_type;
@@ -840,7 +939,7 @@ function mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status,
if ( 'subscribed' !== $status ) {
// single opt-in that covers new subscribers
- if ( false == ! $status && $double_optin ) {
+ if ( false === ! $status && $double_optin ) {
$body->status = 'subscribed';
} else {
// anyone else
@@ -850,9 +949,15 @@ function mailchimpSF_subscribe_body( $merge, $igs, $email_type, $email, $status,
return $body;
}
-function mailchimpSF_check_status( $endpoint ) {
+/**
+ * Check status.
+ *
+ * @param string $endpoint Endpoint.
+ * @return string
+ */
+function mailchimp_sf_check_status( $endpoint ) {
$endpoint .= '?fields=status';
- $api = mailchimpSF_get_api();
+ $api = mailchimp_sf_get_api();
$subscriber = $api->get( $endpoint, null );
if ( is_wp_error( $subscriber ) ) {
return false;
@@ -860,26 +965,32 @@ function mailchimpSF_check_status( $endpoint ) {
return $subscriber['status'];
}
-function mailchimpSF_merge_submit( $mv ) {
+/**
+ * Merge submit
+ *
+ * @param array $mv Merge Vars
+ * @return mixed
+ */
+function mailchimp_sf_merge_submit( $mv ) {
// Loop through our Merge Vars, and if they're empty, but required, then print an error, and mark as failed
$merge = new stdClass();
- foreach ( $mv as $var ) {
+ foreach ( $mv as $mv_var ) {
// We also want to create an array where the keys are the tags for easier validation later
- $tag = $var['tag'];
- $mv_tag_keys[ $tag ] = $var;
+ $tag = $mv_var['tag'];
+ $mv_tag_keys[ $tag ] = $mv_var;
$opt = 'mc_mv_' . $tag;
- $opt_val = isset( $_POST[ $opt ] ) ? stripslashes_deep( $_POST[ $opt ] ) : '';
+ $opt_val = isset( $_POST[ $opt ] ) ? map_deep( stripslashes_deep( $_POST[ $opt ] ), 'sanitize_text_field' ) : '';
// Handle phone number logic
- if ( 'phone' === $var['type'] && 'US' === $var['options']['phone_format'] ) {
- $opt_val = mailchimpSF_merge_validate_phone( $opt_val, $var );
+ if ( 'phone' === $mv_var['type'] && 'US' === $mv_var['options']['phone_format'] ) {
+ $opt_val = mailchimp_sf_merge_validate_phone( $opt_val, $mv_var );
if ( is_wp_error( $opt_val ) ) {
return $opt_val;
}
- } elseif ( is_array( $opt_val ) && 'address' == $var['type'] ) { // Handle address logic
- $validate = mailchimpSF_merge_validate_address( $opt_val, $var );
+ } elseif ( is_array( $opt_val ) && 'address' === $mv_var['type'] ) { // Handle address logic
+ $validate = mailchimp_sf_merge_validate_address( $opt_val, $mv_var );
if ( is_wp_error( $validate ) ) {
return $validate;
}
@@ -898,18 +1009,26 @@ function mailchimpSF_merge_submit( $mv ) {
$opt_val = $val;
}
- if ( 'Y' == $var['required'] && trim( $opt_val ) == '' ) {
- $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $var['name'] ) );
+ if ( 'Y' === $mv_var['required'] && trim( $opt_val ) === '' ) {
+ // translators: placeholder is field name
+ $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $mv_var['name'] ) );
$error = new WP_Error( 'missing_required_field', $message );
return $error;
- } elseif ( 'EMAIL' != $tag ) {
+ } elseif ( 'EMAIL' !== $tag ) {
$merge->$tag = $opt_val;
}
}
return $merge;
}
-function mailchimpSF_merge_validate_phone( $opt_val, $var ) {
+/**
+ * Validate phone
+ *
+ * @param array $opt_val Option value
+ * @param array $data Data
+ * @return void
+ */
+function mailchimp_sf_merge_validate_phone( $opt_val, $data ) {
// This filters out all 'falsey' elements
$opt_val = array_filter( $opt_val );
// If they weren't all empty
@@ -923,7 +1042,8 @@ function mailchimpSF_merge_validate_phone( $opt_val, $var ) {
}
if ( ! preg_match( '/[0-9]{0,3}-[0-9]{0,3}-[0-9]{0,4}/A', $opt_val ) ) {
- $message = sprintf( __( '%s must consist of only numbers', 'mailchimp_i18n' ), esc_html( $var['name'] ) );
+ // translators: placeholder is field name
+ $message = sprintf( __( '%s must consist of only numbers', 'mailchimp_i18n' ), esc_html( $data['name'] ) );
$error = new WP_Error( 'mc_phone_validation', $message );
return $error;
}
@@ -931,10 +1051,18 @@ function mailchimpSF_merge_validate_phone( $opt_val, $var ) {
return $opt_val;
}
-function mailchimpSF_merge_validate_address( $opt_val, $var ) {
- if ( 'Y' == $var['required'] ) {
+/**
+ * Validate address
+ *
+ * @param array $opt_val Option value
+ * @param array $data Data
+ * @return mixed
+ */
+function mailchimp_sf_merge_validate_address( $opt_val, $data ) {
+ if ( 'Y' === $data['required'] ) {
if ( empty( $opt_val['addr1'] ) || empty( $opt_val['city'] ) ) {
- $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $var['name'] ) );
+ // translators: placeholder is field name
+ $message = sprintf( __( 'You must fill in %s.', 'mailchimp_i18n' ), esc_html( $data['name'] ) );
$error = new WP_Error( 'invalid_address_merge', $message );
return $error;
}
@@ -952,7 +1080,13 @@ function mailchimpSF_merge_validate_address( $opt_val, $var ) {
return $merge;
}
-function mailchimpSF_merge_remove_empty( $merge ) {
+/**
+ * Merge remove empty
+ *
+ * @param stdObj $merge Merge
+ * @return stdObj
+ */
+function mailchimp_sf_merge_remove_empty( $merge ) {
foreach ( $merge as $k => $v ) {
if ( is_object( $v ) && empty( $v ) ) {
unset( $merge->$k );
@@ -964,8 +1098,14 @@ function mailchimpSF_merge_remove_empty( $merge ) {
return $merge;
}
-function mailchimpSF_groups_submit( $igs ) {
- $groups = mailchimpSF_set_all_groups_to_false();
+/**
+ * Groups submit
+ *
+ * @param array $igs Interest groups
+ * @return stdClass
+ */
+function mailchimp_sf_groups_submit( $igs ) {
+ $groups = mailchimp_sf_set_all_groups_to_false();
if ( empty( $igs ) ) {
return new StdClass();
@@ -976,19 +1116,25 @@ function mailchimpSF_groups_submit( $igs ) {
foreach ( $igs as $ig ) {
$ig_id = $ig['id'];
- if ( get_option( 'mc_show_interest_groups_' . $ig_id ) == 'on' && 'hidden' !== $ig['type'] ) {
+ if ( get_option( 'mc_show_interest_groups_' . $ig_id ) === 'on' && 'hidden' !== $ig['type'] ) {
switch ( $ig['type'] ) {
case 'dropdown':
case 'radio':
// there can only be one value submitted for radio/dropdowns, so use that at the group id.
if ( isset( $_POST['group'][ $ig_id ] ) && ! empty( $_POST['group'][ $ig_id ] ) ) {
- $value = $_POST['group'][ $ig_id ];
+ $value = sanitize_text_field( wp_unslash( $_POST['group'][ $ig_id ] ) );
$groups->$value = true;
}
break;
case 'checkboxes':
if ( isset( $_POST['group'][ $ig_id ] ) ) {
- foreach ( $_POST['group'][ $ig_id ] as $id => $value ) {
+ $ig_ids = array_map(
+ 'sanitize_text_field',
+ array_keys(
+ stripslashes_deep( $_POST['group'][ $ig_id ] ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- ignoring becuase this is sanitized through array_map above
+ )
+ );
+ foreach ( $ig_ids as $id ) {
$groups->$id = true;
}
}
@@ -1002,7 +1148,12 @@ function mailchimpSF_groups_submit( $igs ) {
return $groups;
}
-function mailchimpSF_set_all_groups_to_false() {
+/**
+ * Set all groups to false
+ *
+ * @return StdClass
+ */
+function mailchimp_sf_set_all_groups_to_false() {
$toreturn = new StdClass();
foreach ( get_option( 'mc_interest_groups' ) as $grouping ) {
@@ -1017,7 +1168,13 @@ function mailchimpSF_set_all_groups_to_false() {
return $toreturn;
}
-function mailchimpSF_verify_key( $api ) {
+/**
+ * Verify key
+ *
+ * @param MailChimp_API $api API instance
+ * @return mixed
+ */
+function mailchimp_sf_verify_key( $api ) {
$user = $api->get( '' );
if ( is_wp_error( $user ) ) {
return $user;
@@ -1025,7 +1182,7 @@ function mailchimpSF_verify_key( $api ) {
// Might as well set this data if we have it already.
$valid_roles = array( 'owner', 'admin', 'manager' );
- if ( in_array( $user['role'], $valid_roles ) ) {
+ if ( in_array( $user['role'], $valid_roles, true ) ) {
update_option( 'mc_api_key', $api->key );
update_option( 'mc_user', $user );
update_option( 'mc_datacenter', $api->datacenter );
@@ -1034,19 +1191,30 @@ function mailchimpSF_verify_key( $api ) {
$msg = __( 'API Key must belong to "Owner", "Admin", or "Manager."', 'mailchimp_i18n' );
return new WP_Error( 'mc-invalid-role', $msg );
}
- return;
}
-function mailchimpSF_update_profile_url( $email ) {
- $dc = get_option( 'mc_datacenter' );
- $eid = base64_encode( $email );
+/**
+ * Update profile URL.
+ *
+ * @param string $email Email
+ * @return string
+ */
+function mailchimp_sf_update_profile_url( $email ) {
+ $dc = get_option( 'mc_datacenter' );
+ // This is the expected encoding for emails.
+ $eid = base64_encode( $email ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.obfuscation_base64_encode -- ignoring because this is the expected data for the endpoint
$user = get_option( 'mc_user' );
$list_id = get_option( 'mc_list_id' );
$url = 'http://' . $dc . '.list-manage.com/subscribe/send-email?u=' . $user['account_id'] . '&id=' . $list_id . '&e=' . $eid;
return $url;
}
-function mailchimpSF_signup_form_url() {
+/**
+ * Get signup form URL.
+ *
+ * @return string
+ */
+function mailchimp_sf_signup_form_url() {
$dc = get_option( 'mc_datacenter' );
$user = get_option( 'mc_user' );
$list_id = get_option( 'mc_list_id' );
@@ -1054,7 +1222,13 @@ function mailchimpSF_signup_form_url() {
return $url;
}
-function mailchimpSF_delete_options( $options = array() ) {
+/**
+ * Delete options
+ *
+ * @param array $options Options
+ * @return void
+ */
+function mailchimp_sf_delete_options( $options = array() ) {
foreach ( $options as $option ) {
delete_option( $option );
}
@@ -1068,7 +1242,7 @@ function mailchimpSF_delete_options( $options = array() ) {
*
* This function must be ran _very early_ in the load process, as it sets up important constants for the rest of the plugin
*/
-function mailchimpSF_where_am_i() {
+function mailchimp_sf_where_am_i() {
$locations = array(
'plugins' => array(
'dir' => plugin_dir_path( __FILE__ ),
@@ -1089,7 +1263,7 @@ function mailchimpSF_where_am_i() {
);
// Set defaults
- $mscf_dirbase = trailingslashit( basename( dirname( __FILE__ ) ) ); // Typically wp-mailchimp/ or mailchimp/
+ $mscf_dirbase = trailingslashit( basename( __DIR__ ) ); // Typically wp-mailchimp/ or mailchimp/
$mscf_dir = trailingslashit( plugin_dir_path( __FILE__ ) );
$mscf_url = trailingslashit( plugins_url( null, __FILE__ ) );
@@ -1131,7 +1305,7 @@ function mailchimpSF_where_am_i() {
* @param string|int $action Should give context to what is taking place and be the same when nonce was created.
* @return bool Whether the nonce check passed or failed.
*/
-function mailchimpSF_verify_nonce( $nonce, $action = -1 ) {
+function mailchimp_sf_verify_nonce( $nonce, $action = -1 ) {
$user = wp_get_current_user();
$uid = (int) $user->ID;
if ( ! $uid ) {
@@ -1171,7 +1345,7 @@ function mailchimpSF_verify_nonce( $nonce, $action = -1 ) {
* @param string $action Scalar value to add context to the nonce.
* @return string The token.
*/
-function mailchimpSF_create_nonce( $action = -1 ) {
+function mailchimp_sf_create_nonce( $action = -1 ) {
$user = wp_get_current_user();
$uid = (int) $user->ID;
if ( ! $uid ) {
diff --git a/mailchimp_compat.php b/mailchimp_compat.php
index b6f5ae4..ca27b53 100644
--- a/mailchimp_compat.php
+++ b/mailchimp_compat.php
@@ -1,23 +1,39 @@
- Settings and click Mailchimp Setup to try again.', 'mailchimp_i18n' ); ?>
+ Settings and click Mailchimp Setup to try again.',
+ 'mailchimp_i18n'
+ ),
+ [
+ 'strong' => [],
+ ]
+ );
+ ?>
';
- echo $header; // don't escape $header b/c it may have HTML allowed
- echo ! empty( $after_title ) ? $after_title : '';
+ if ( strlen( $header ) === strlen( wp_strip_all_tags( $header ) ) ) {
+ echo ! empty( $before_title ) ? wp_kses_post( $before_title ) : '';
+ echo wp_kses_post( $header );
+ echo ! empty( $after_title ) ? wp_kses_post( $after_title ) : '
';
} else {
- echo $header; // don't escape $header b/c it may have HTML allowed
+ echo wp_kses_post( $header );
}
}
$sub_heading = trim( get_option( 'mc_subheader_content' ) );
- if ( get_option( 'mc_nuke_all_styles' ) != true ) {
+ if ( get_option( 'mc_nuke_all_styles' ) !== true ) {
?>