Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve PHPCS WordPress compliance #330

Merged
merged 6 commits into from
Jun 26, 2024
Merged

Improve PHPCS WordPress compliance #330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
da8fd2c
use filter_input
akirk Jun 22, 2024
3a13c4c
Remove some phpcs:disables by being more explicit and verbose
akirk Jun 22, 2024
1cf366e
Stronger condition
akirk Jun 22, 2024
540a85a
Re-add phpcs:ignore
akirk Jun 22, 2024
0740ea3
Re-add phpcs:ignore
akirk Jun 22, 2024
37f8a98
Add missing cache time
akirk Jun 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 22 additions & 20 deletions feed-parsers/class-feed-parser-activitypub.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -823,7 +823,11 @@ public function handle_received_activity( $activity, $user_id, $type ) {
if ( is_wp_error( $user_feed ) || ! Friends::check_url( $actor_url ) ) {
$meta = $this->get_metadata( $actor_url );
if ( ! $meta || is_wp_error( $meta ) || ! isset( $meta['url'] ) ) {
$error = is_wp_error( $meta ) ? $meta->get_error_message() . ' ' . print_r( $meta->get_error_data(), true ) : 'No URL found'; // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
$error = 'No URL found';
if ( is_wp_error( $meta ) ) {
$error = $meta->get_error_message();
$error .= ' ' . print_r( $meta->get_error_data(), true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
}
$this->log( 'Received invalid meta for ' . $actor_url . ' ' . $error, $meta );
return false;
}
Expand Down Expand Up @@ -1447,20 +1451,17 @@ function () use ( $message, $error ) {
public function cache_reply_to_boost() {
$url = false;
$append_to_redirect = '';
// phpcs:disable WordPress.Security.NonceVerification.Recommended
if ( isset( $_GET['in_reply_to'] ) ) {
$url = sanitize_text_field( wp_unslash( $_GET['in_reply_to'] ) );
if ( ! wp_parse_url( $url ) ) {
return;
}

// The ignores are not necessary now but when https://github.com/WordPress/WordPress-Coding-Standards/issues/2299 comes into effect.
$in_reply_to = filter_input( INPUT_GET, 'in_reply_to', FILTER_SANITIZE_URL ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$boost = filter_input( INPUT_GET, 'boost', FILTER_SANITIZE_URL ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( $in_reply_to ) {
$url = $in_reply_to;
$append_to_redirect .= '#comment';
} elseif ( isset( $_GET['boost'] ) ) {
$url = sanitize_text_field( wp_unslash( $_GET['boost'] ) );
if ( ! wp_parse_url( $url ) ) {
return;
}
} elseif ( $boost ) {
$url = $boost;
}
// phpcs:enable WordPress.Security.NonceVerification.Recommended

if ( ! $url ) {
return;
}
Expand Down Expand Up @@ -1572,13 +1573,14 @@ public function replace_with_links( array $result ) {
}

public function activitypub_save_settings( User $friend ) {
if ( isset( $_POST['_wpnonce'] ) && wp_verify_nonce( sanitize_key( $_POST['_wpnonce'] ), 'edit-friend-feeds-' . $friend->user_login ) ) {
if ( ! isset( $_POST['_wpnonce'] ) || wp_verify_nonce( sanitize_key( $_POST['_wpnonce'] ), 'edit-friend-feeds-' . $friend->user_login ) ) {
return;
}

if ( isset( $_POST['friends_show_replies'] ) && intval( $_POST['friends_show_replies'] ) ) {
$friend->update_user_option( 'activitypub_friends_show_replies', '1' );
} else {
$friend->delete_user_option( 'activitypub_friends_show_replies' );
}
if ( isset( $_POST['friends_show_replies'] ) && boolval( $_POST['friends_show_replies'] ) ) {
$friend->update_user_option( 'activitypub_friends_show_replies', '1' );
} else {
$friend->delete_user_option( 'activitypub_friends_show_replies' );
}
}

Expand Down Expand Up @@ -2141,7 +2143,7 @@ public function activitypub_unannounce( $url, $user_id ) {
* @return bool Whether the comment is approved.
*/
public function pre_comment_approved( $approved, $commentdata ) {
if ( ! $approved || ( is_string( $approved ) && 'activitypub' === $commentdata['comment_meta']['protocol'] ) ) {
if ( is_string( $approved ) && 'activitypub' === $commentdata['comment_meta']['protocol'] ) {
// If the author is someone we already follow.
$user_feed = User_Feed::get_by_url( $commentdata['comment_author_url'] );
if ( $user_feed instanceof User_Feed ) {
Expand Down
2 changes: 1 addition & 1 deletion includes/class-access-control.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public function get_authenticated_feed_user() {
* @return bool The authentication status of the feed.
*/
public static function private_rss_is_authenticated() {
if ( isset( $_GET['auth'] ) && get_option( 'friends_private_rss_key' ) === $_GET['auth'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
if ( filter_input( INPUT_GET, 'auth' ) === get_option( 'friends_private_rss_key' ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
return true;
}

Expand Down
8 changes: 4 additions & 4 deletions includes/class-admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1328,11 +1328,11 @@ public function process_admin_edit_friend_feeds() {
update_user_option( get_current_user_id(), 'friends_hide_from_friends_page', $hide_from_friends_page );
}

if ( $friend->set_retention_number_enabled( isset( $_POST['friends_enable_retention_number'] ) && intval( $_POST['friends_enable_retention_number'] ) ) && isset( $_POST['friends_retention_number'] ) ) {
$friend->set_retention_number( intval( $_POST['friends_retention_number'] ) );
if ( $friend->set_retention_number_enabled( filter_input( INPUT_POST, 'friends_enable_retention_number', FILTER_VALIDATE_BOOL ) ) && isset( $_POST['friends_retention_number'] ) ) {
$friend->set_retention_number( filter_input( INPUT_POST, 'friends_retention_number', FILTER_SANITIZE_NUMBER_INT ) );
}
if ( $friend->set_retention_days_enabled( isset( $_POST['friends_enable_retention_days'] ) && intval( $_POST['friends_enable_retention_days'] ) ) && isset( $_POST['friends_retention_days'] ) ) {
$friend->set_retention_days( intval( $_POST['friends_retention_days'] ) );
if ( $friend->set_retention_days_enabled( filter_input( INPUT_POST, 'friends_enable_retention_days', FILTER_VALIDATE_BOOL ) ) && isset( $_POST['friends_retention_days'] ) ) {
$friend->set_retention_days( filter_input( INPUT_POST, 'friends_retention_days', FILTER_SANITIZE_NUMBER_INT ) );
}

$hide_from_friends_page = get_user_option( 'friends_hide_from_friends_page' );
Expand Down
2 changes: 1 addition & 1 deletion includes/class-automatic-status-list-table.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ protected function get_post_status_counts( $post_type ) {
$counts[ $row->post_status ] = $row->count;
}
$counts = (object) $counts;
wp_cache_set( $cache_key, $counts, 'friends' );
wp_cache_set( $cache_key, $counts, 'friends', HOUR_IN_SECONDS );

return $counts;
}
Expand Down
141 changes: 104 additions & 37 deletions includes/class-subscription.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,8 @@ public function get_post_stats() {
$post_types = apply_filters( 'friends_frontend_post_types', array() );
$post_stats = $wpdb->get_row( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
$wpdb->prepare(
'SELECT SUM(
sprintf(
'SELECT SUM(
LENGTH( ID ) +
LENGTH( post_author ) +
LENGTH( post_date ) +
Expand All @@ -222,7 +223,16 @@ public function get_post_stats() {
LENGTH( comment_count )
) AS total_size,
COUNT(*) as post_count
FROM ' . $wpdb->posts . ' p, ' . $wpdb->term_taxonomy . ' t, ' . $wpdb->term_relationships . ' r WHERE r.object_id = p.ID AND r.term_taxonomy_id = t.term_taxonomy_id AND t.term_id = %d AND p.post_type IN ( ' . implode( ', ', array_fill( 0, count( $post_types ), '%s' ) ) . ' )',
FROM %s p, %s t, %s r
WHERE r.object_id = p.ID
AND r.term_taxonomy_id = t.term_taxonomy_id
AND t.term_id = %%d
AND p.post_type IN ( %s )',
$wpdb->posts,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
implode( ', ', array_fill( 0, count( $post_types ), '%s' ) )
),
array_merge( array( $this->get_term_id() ), $post_types )
),
ARRAY_A
Expand All @@ -232,7 +242,19 @@ public function get_post_stats() {
'U',
$wpdb->get_var( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
$wpdb->prepare(
"SELECT MIN(post_date) FROM $wpdb->posts p, $wpdb->term_taxonomy t, $wpdb->term_relationships r WHERE r.object_id = p.ID AND r.term_taxonomy_id = t.term_taxonomy_id AND t.term_id = %d AND p.post_status = 'publish' AND p.post_type IN ( " . implode( ', ', array_fill( 0, count( $post_types ), '%s' ) ) . ' )',
sprintf(
'SELECT MIN(post_date)
FROM %s p, %s t, %s r
WHERE r.object_id = p.ID
AND r.term_taxonomy_id = t.term_taxonomy_id
AND t.term_id = %%d
AND p.post_status = "publish"
AND p.post_type IN ( %s )',
$wpdb->posts,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
implode( ', ', array_fill( 0, count( $post_types ), '%s' ) )
),
array_merge( array( $this->get_term_id() ), $post_types )
)
)
Expand All @@ -244,18 +266,32 @@ public function get_post_stats() {

public function get_all_post_ids() {
global $wpdb;
$post_types_to_delete = implode( "', '", apply_filters( 'friends_frontend_post_types', array() ) );
$post_types = apply_filters( 'friends_frontend_post_types', array() );

$cache_key = 'get_all_post_ids_' . $this->ID . '_' . $post_types_to_delete;
$cache_key = 'get_all_post_ids_' . $this->ID . '_' . implode( '_', $post_types );
$post_ids = wp_cache_get( $cache_key, 'friends' );
if ( false !== $post_ids ) {
return $post_ids;
}
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT p.ID FROM $wpdb->posts p, $wpdb->term_relationships r WHERE r.object_id = p.ID AND r.term_taxonomy_id = %d AND p.post_type IN ('$post_types_to_delete')", $this->get_term_id() ) );
// phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared

$post_ids = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
$wpdb->prepare(
sprintf(
'SELECT p.ID
FROM %s p, %s r
WHERE r.object_id = p.ID
AND r.term_taxonomy_id = %%d
AND p.post_type IN ( %s )',
$wpdb->posts,
$wpdb->term_relationships,
implode( ', ', array_fill( 0, count( $post_types ), '%s' ) )
),
array_merge(
array( $this->get_term_id() ),
$post_types
)
)
);

wp_cache_set( $cache_key, $post_ids, 'friends', HOUR_IN_SECONDS - 60 );

Expand Down Expand Up @@ -291,8 +327,7 @@ public function get_post_count_by_post_format() {
global $wpdb;

$counts = array();
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery
$counts['standard'] = $wpdb->get_var(
$counts['standard'] = $wpdb->get_var( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
$wpdb->prepare(
sprintf(
"SELECT COUNT(DISTINCT posts.ID)
Expand All @@ -306,13 +341,12 @@ public function get_post_count_by_post_format() {
AND relationships_post_format.object_id = posts.ID
AND relationships_author.object_id = posts.ID
AND taxonomy_author.term_taxonomy_id = relationships_author.term_taxonomy_id
AND taxonomy_author.term_id = %s",
AND taxonomy_author.term_id = %%d",
$wpdb->posts,
$wpdb->term_relationships,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
implode( ',', array_fill( 0, count( $post_types ), '%s' ) ),
'%d'
implode( ',', array_fill( 0, count( $post_types ), '%s' ) )
),
array_merge(
$post_types,
Expand All @@ -322,7 +356,7 @@ public function get_post_count_by_post_format() {
);

if ( ! empty( $post_formats_term_ids ) ) {
$post_format_counts = $wpdb->get_results(
$post_format_counts = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
$wpdb->prepare(
sprintf(
"SELECT relationships_post_format.term_taxonomy_id AS post_format_id, COUNT(relationships_post_format.term_taxonomy_id) AS count
Expand All @@ -337,15 +371,14 @@ public function get_post_count_by_post_format() {
AND relationships_post_format.term_taxonomy_id IN ( %s )
AND relationships_author.object_id = posts.ID
AND taxonomy_author.term_taxonomy_id = relationships_author.term_taxonomy_id
AND taxonomy_author.term_id = %s
AND taxonomy_author.term_id = %%d
GROUP BY relationships_post_format.term_taxonomy_id",
$wpdb->posts,
$wpdb->term_relationships,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
implode( ',', array_fill( 0, count( $post_types ), '%s' ) ),
implode( ',', array_fill( 0, count( $post_formats_term_ids ), '%d' ) ),
'%d'
implode( ',', array_fill( 0, count( $post_formats_term_ids ), '%d' ) )
),
array_merge(
$post_types,
Expand All @@ -354,7 +387,7 @@ public function get_post_count_by_post_format() {
)
)
);
// phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery

foreach ( $post_format_counts as $row ) {
$counts[ $post_formats_term_ids[ $row->post_format_id ] ] = $row->count;
$counts['standard'] -= $row->count;
Expand Down Expand Up @@ -382,16 +415,25 @@ public function get_post_in_trash_count() {
if ( false !== wp_cache_get( $cache_key, 'friends' ) ) {
return wp_cache_get( $cache_key, 'friends' );
}
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
$count = $wpdb->get_var(

$count = $wpdb->get_var( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
$wpdb->prepare(
"SELECT COUNT(*) FROM $wpdb->posts p, $wpdb->term_taxonomy t, $wpdb->term_relationships r WHERE r.object_id = p.ID AND r.term_taxonomy_id = t.term_taxonomy_id AND t.term_id = %d AND post_type IN ( " . implode( ', ', array_fill( 0, count( $post_types ), '%s' ) ) . ' ) AND post_status = "trash"',
sprintf(
'SELECT COUNT(*)
FROM %s p, %s t, %s r
WHERE r.object_id = p.ID
AND r.term_taxonomy_id = t.term_taxonomy_id
AND t.term_id = %%d
AND post_type IN ( %s )
AND post_status = "trash"',
$wpdb->posts,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
implode( ', ', array_fill( 0, count( $post_types ), '%s' ) )
),
array_merge( array( $this->get_term_id() ), $post_types )
)
);
// phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared

wp_cache_set( $cache_key, intval( $count ), 'friends', HOUR_IN_SECONDS - 60 );
return intval( $count );
Expand Down Expand Up @@ -484,12 +526,24 @@ public static function convert_from_user( User $user ) {

global $wpdb;
// Convert feeds.

// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:disable WordPress.DB.DirectDatabaseQuery.NoCaching
$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->term_relationships JOIN $wpdb->term_taxonomy ON $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id SET object_id = %d WHERE object_id = %d AND $wpdb->term_taxonomy.taxonomy = %s", $subscription->get_term_id(), $user->ID, User_Feed::TAXONOMY ) );
// phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:enable WordPress.DB.DirectDatabaseQuery.NoCaching
$wpdb->query( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$wpdb->prepare(
'UPDATE %s
JOIN %s
ON %s.term_taxonomy_id = %s.term_taxonomy_id
SET object_id = %d
WHERE object_id = %d
AND %s.taxonomy = %s',
$wpdb->term_relationships,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
$wpdb->term_taxonomy,
$subscription->get_term_id(),
$user->ID,
$wpdb->term_taxonomy,
User_Feed::TAXONOMY
)
);

foreach ( self::MIGRATE_USER_OPTIONS as $option_name ) {
$subscription->update_user_option( $option_name, $user->get_user_option( $option_name ) );
Expand Down Expand Up @@ -521,11 +575,24 @@ public static function convert_to_user( Subscription $subscription ) {

global $wpdb;
// Convert feeds.
// phpcs:disable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:disable WordPress.DB.DirectDatabaseQuery.NoCaching
$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->term_relationships JOIN $wpdb->term_taxonomy ON $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id SET object_id = %d WHERE object_id = %d AND $wpdb->term_taxonomy.taxonomy = %s", $user->ID, $subscription->get_term_id(), User_Feed::TAXONOMY ) );
// phpcs:enable WordPress.DB.DirectDatabaseQuery.DirectQuery
// phpcs:enable WordPress.DB.DirectDatabaseQuery.NoCaching
$wpdb->query( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
$wpdb->prepare(
'UPDATE %s
JOIN %s
ON %s.term_taxonomy_id = %s.term_taxonomy_id
SET object_id = %d
WHERE object_id = %d
AND %s.taxonomy = %s',
$wpdb->term_relationships,
$wpdb->term_taxonomy,
$wpdb->term_relationships,
$wpdb->term_taxonomy,
$user->ID,
$subscription->get_term_id(),
$wpdb->term_taxonomy,
User_Feed::TAXONOMY
)
);

foreach ( self::MIGRATE_USER_OPTIONS as $option_name ) {
$user->update_user_option( $option_name, $subscription->get_user_option( $option_name ) );
Expand Down
Loading
Loading