From e7f53fabdf540800a3418d5a76001243bb28e3a7 Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Thu, 1 Jun 2023 10:43:43 -0300 Subject: [PATCH 1/3] composer update + requiring composer installers --- composer.json | 3 +- composer.lock | 289 +++++++++++++++++++++++++------------------------- 2 files changed, 147 insertions(+), 145 deletions(-) diff --git a/composer.json b/composer.json index dcd67c5671..fa7c47e825 100644 --- a/composer.json +++ b/composer.json @@ -28,7 +28,8 @@ } ], "require": { - "php": ">=7.0" + "php": ">=7.0", + "composer/installers": "^1.0 || ^2.0" }, "require-dev": { "10up/phpcs-composer": "dev-master", diff --git a/composer.lock b/composer.lock index e850e22919..369da8a481 100644 --- a/composer.lock +++ b/composer.lock @@ -4,100 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "1d1b53568a0f92fe5377981a1c639fa0", - "packages": [], - "packages-dev": [ - { - "name": "10up/phpcs-composer", - "version": "dev-master", - "source": { - "type": "git", - "url": "https://github.com/10up/phpcs-composer.git", - "reference": "e05d9007b332c76066ef309febea960c6dece271" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/10up/phpcs-composer/zipball/e05d9007b332c76066ef309febea960c6dece271", - "reference": "e05d9007b332c76066ef309febea960c6dece271", - "shasum": "" - }, - "require": { - "automattic/vipwpcs": "^2.3", - "dealerdirect/phpcodesniffer-composer-installer": "*", - "phpcompatibility/phpcompatibility-wp": "^2", - "squizlabs/php_codesniffer": "3.7.1", - "wp-coding-standards/wpcs": "*" - }, - "default-branch": true, - "type": "phpcodesniffer-standard", - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Ephraim Gregor", - "email": "ephraim.gregor@10up.com" - } - ], - "support": { - "issues": "https://github.com/10up/phpcs-composer/issues", - "source": "https://github.com/10up/phpcs-composer/tree/master" - }, - "time": "2023-02-24T01:59:32+00:00" - }, - { - "name": "automattic/vipwpcs", - "version": "2.3.3", - "source": { - "type": "git", - "url": "https://github.com/Automattic/VIP-Coding-Standards.git", - "reference": "6cd0a6a82bc0ac988dbf9d6a7c2e293dc8ac640b" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/Automattic/VIP-Coding-Standards/zipball/6cd0a6a82bc0ac988dbf9d6a7c2e293dc8ac640b", - "reference": "6cd0a6a82bc0ac988dbf9d6a7c2e293dc8ac640b", - "shasum": "" - }, - "require": { - "dealerdirect/phpcodesniffer-composer-installer": "^0.4.1 || ^0.5 || ^0.6.2 || ^0.7", - "php": ">=5.4", - "sirbrillig/phpcs-variable-analysis": "^2.11.1", - "squizlabs/php_codesniffer": "^3.5.5", - "wp-coding-standards/wpcs": "^2.3" - }, - "require-dev": { - "php-parallel-lint/php-console-highlighter": "^0.5", - "php-parallel-lint/php-parallel-lint": "^1.0", - "phpcompatibility/php-compatibility": "^9", - "phpcsstandards/phpcsdevtools": "^1.0", - "phpunit/phpunit": "^4 || ^5 || ^6 || ^7" - }, - "type": "phpcodesniffer-standard", - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Contributors", - "homepage": "https://github.com/Automattic/VIP-Coding-Standards/graphs/contributors" - } - ], - "description": "PHP_CodeSniffer rules (sniffs) to enforce WordPress VIP minimum coding conventions", - "keywords": [ - "phpcs", - "standards", - "wordpress" - ], - "support": { - "issues": "https://github.com/Automattic/VIP-Coding-Standards/issues", - "source": "https://github.com/Automattic/VIP-Coding-Standards", - "wiki": "https://github.com/Automattic/VIP-Coding-Standards/wiki" - }, - "time": "2021-09-29T16:20:23+00:00" - }, + "content-hash": "ff870c75078541fd7f71487b281ddd46", + "packages": [ { "name": "composer/installers", "version": "v2.2.0", @@ -242,6 +150,99 @@ } ], "time": "2022-08-20T06:45:11+00:00" + } + ], + "packages-dev": [ + { + "name": "10up/phpcs-composer", + "version": "dev-master", + "source": { + "type": "git", + "url": "https://github.com/10up/phpcs-composer.git", + "reference": "9c085cf0554a0b5311623548663aa9e4d8f52587" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/10up/phpcs-composer/zipball/9c085cf0554a0b5311623548663aa9e4d8f52587", + "reference": "9c085cf0554a0b5311623548663aa9e4d8f52587", + "shasum": "" + }, + "require": { + "automattic/vipwpcs": "^2.3", + "dealerdirect/phpcodesniffer-composer-installer": "*", + "phpcompatibility/phpcompatibility-wp": "^2", + "squizlabs/php_codesniffer": "3.7.1", + "wp-coding-standards/wpcs": "*" + }, + "default-branch": true, + "type": "phpcodesniffer-standard", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ephraim Gregor", + "email": "ephraim.gregor@10up.com" + } + ], + "support": { + "issues": "https://github.com/10up/phpcs-composer/issues", + "source": "https://github.com/10up/phpcs-composer/tree/master" + }, + "time": "2023-05-10T22:44:49+00:00" + }, + { + "name": "automattic/vipwpcs", + "version": "2.3.3", + "source": { + "type": "git", + "url": "https://github.com/Automattic/VIP-Coding-Standards.git", + "reference": "6cd0a6a82bc0ac988dbf9d6a7c2e293dc8ac640b" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/Automattic/VIP-Coding-Standards/zipball/6cd0a6a82bc0ac988dbf9d6a7c2e293dc8ac640b", + "reference": "6cd0a6a82bc0ac988dbf9d6a7c2e293dc8ac640b", + "shasum": "" + }, + "require": { + "dealerdirect/phpcodesniffer-composer-installer": "^0.4.1 || ^0.5 || ^0.6.2 || ^0.7", + "php": ">=5.4", + "sirbrillig/phpcs-variable-analysis": "^2.11.1", + "squizlabs/php_codesniffer": "^3.5.5", + "wp-coding-standards/wpcs": "^2.3" + }, + "require-dev": { + "php-parallel-lint/php-console-highlighter": "^0.5", + "php-parallel-lint/php-parallel-lint": "^1.0", + "phpcompatibility/php-compatibility": "^9", + "phpcsstandards/phpcsdevtools": "^1.0", + "phpunit/phpunit": "^4 || ^5 || ^6 || ^7" + }, + "type": "phpcodesniffer-standard", + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Contributors", + "homepage": "https://github.com/Automattic/VIP-Coding-Standards/graphs/contributors" + } + ], + "description": "PHP_CodeSniffer rules (sniffs) to enforce WordPress VIP minimum coding conventions", + "keywords": [ + "phpcs", + "standards", + "wordpress" + ], + "support": { + "issues": "https://github.com/Automattic/VIP-Coding-Standards/issues", + "source": "https://github.com/Automattic/VIP-Coding-Standards", + "wiki": "https://github.com/Automattic/VIP-Coding-Standards/wiki" + }, + "time": "2021-09-29T16:20:23+00:00" }, { "name": "dealerdirect/phpcodesniffer-composer-installer", @@ -390,16 +391,16 @@ }, { "name": "myclabs/deep-copy", - "version": "1.11.0", + "version": "1.11.1", "source": { "type": "git", "url": "https://github.com/myclabs/DeepCopy.git", - "reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614" + "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/14daed4296fae74d9e3201d2c4925d1acb7aa614", - "reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614", + "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", + "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c", "shasum": "" }, "require": { @@ -437,7 +438,7 @@ ], "support": { "issues": "https://github.com/myclabs/DeepCopy/issues", - "source": "https://github.com/myclabs/DeepCopy/tree/1.11.0" + "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1" }, "funding": [ { @@ -445,20 +446,20 @@ "type": "tidelift" } ], - "time": "2022-03-03T13:19:32+00:00" + "time": "2023-03-08T13:26:56+00:00" }, { "name": "nikic/php-parser", - "version": "v4.15.3", + "version": "v4.15.5", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "570e980a201d8ed0236b0a62ddf2c9cbb2034039" + "reference": "11e2663a5bc9db5d714eedb4277ee300403b4a9e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/570e980a201d8ed0236b0a62ddf2c9cbb2034039", - "reference": "570e980a201d8ed0236b0a62ddf2c9cbb2034039", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/11e2663a5bc9db5d714eedb4277ee300403b4a9e", + "reference": "11e2663a5bc9db5d714eedb4277ee300403b4a9e", "shasum": "" }, "require": { @@ -499,9 +500,9 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v4.15.3" + "source": "https://github.com/nikic/PHP-Parser/tree/v4.15.5" }, - "time": "2023-01-16T22:05:37+00:00" + "time": "2023-05-19T20:20:00+00:00" }, { "name": "phar-io/manifest", @@ -790,16 +791,16 @@ }, { "name": "phpunit/php-code-coverage", - "version": "9.2.25", + "version": "9.2.26", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "0e2b40518197a8c0d4b08bc34dfff1c99c508954" + "reference": "443bc6912c9bd5b409254a40f4b0f4ced7c80ea1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/0e2b40518197a8c0d4b08bc34dfff1c99c508954", - "reference": "0e2b40518197a8c0d4b08bc34dfff1c99c508954", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/443bc6912c9bd5b409254a40f4b0f4ced7c80ea1", + "reference": "443bc6912c9bd5b409254a40f4b0f4ced7c80ea1", "shasum": "" }, "require": { @@ -821,8 +822,8 @@ "phpunit/phpunit": "^9.3" }, "suggest": { - "ext-pcov": "*", - "ext-xdebug": "*" + "ext-pcov": "PHP extension that provides line coverage", + "ext-xdebug": "PHP extension that provides line coverage as well as branch and path coverage" }, "type": "library", "extra": { @@ -855,7 +856,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", - "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.25" + "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.26" }, "funding": [ { @@ -863,7 +864,7 @@ "type": "github" } ], - "time": "2023-02-25T05:32:00+00:00" + "time": "2023-03-06T12:58:08+00:00" }, { "name": "phpunit/php-file-iterator", @@ -1108,16 +1109,16 @@ }, { "name": "phpunit/phpunit", - "version": "9.6.4", + "version": "9.6.8", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "9125ee085b6d95e78277dc07aa1f46f9e0607b8d" + "reference": "17d621b3aff84d0c8b62539e269e87d8d5baa76e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/9125ee085b6d95e78277dc07aa1f46f9e0607b8d", - "reference": "9125ee085b6d95e78277dc07aa1f46f9e0607b8d", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/17d621b3aff84d0c8b62539e269e87d8d5baa76e", + "reference": "17d621b3aff84d0c8b62539e269e87d8d5baa76e", "shasum": "" }, "require": { @@ -1150,8 +1151,8 @@ "sebastian/version": "^3.0.2" }, "suggest": { - "ext-soap": "*", - "ext-xdebug": "*" + "ext-soap": "To be able to generate mocks based on WSDL files", + "ext-xdebug": "PHP extension that provides line coverage as well as branch and path coverage" }, "bin": [ "phpunit" @@ -1190,7 +1191,8 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", - "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.4" + "security": "https://github.com/sebastianbergmann/phpunit/security/policy", + "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.8" }, "funding": [ { @@ -1206,7 +1208,7 @@ "type": "tidelift" } ], - "time": "2023-02-27T13:06:37+00:00" + "time": "2023-05-11T05:14:45+00:00" }, { "name": "sebastian/cli-parser", @@ -1508,16 +1510,16 @@ }, { "name": "sebastian/diff", - "version": "4.0.4", + "version": "4.0.5", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/diff.git", - "reference": "3461e3fccc7cfdfc2720be910d3bd73c69be590d" + "reference": "74be17022044ebaaecfdf0c5cd504fc9cd5a7131" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/3461e3fccc7cfdfc2720be910d3bd73c69be590d", - "reference": "3461e3fccc7cfdfc2720be910d3bd73c69be590d", + "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/74be17022044ebaaecfdf0c5cd504fc9cd5a7131", + "reference": "74be17022044ebaaecfdf0c5cd504fc9cd5a7131", "shasum": "" }, "require": { @@ -1562,7 +1564,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/diff/issues", - "source": "https://github.com/sebastianbergmann/diff/tree/4.0.4" + "source": "https://github.com/sebastianbergmann/diff/tree/4.0.5" }, "funding": [ { @@ -1570,7 +1572,7 @@ "type": "github" } ], - "time": "2020-10-26T13:10:38+00:00" + "time": "2023-05-07T05:35:17+00:00" }, { "name": "sebastian/environment", @@ -2174,16 +2176,16 @@ }, { "name": "sirbrillig/phpcs-variable-analysis", - "version": "v2.11.10", + "version": "v2.11.16", "source": { "type": "git", "url": "https://github.com/sirbrillig/phpcs-variable-analysis.git", - "reference": "0f25a3766f26df91d6bdda0c8931303fc85499d7" + "reference": "dc5582dc5a93a235557af73e523c389aac9a8e88" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sirbrillig/phpcs-variable-analysis/zipball/0f25a3766f26df91d6bdda0c8931303fc85499d7", - "reference": "0f25a3766f26df91d6bdda0c8931303fc85499d7", + "url": "https://api.github.com/repos/sirbrillig/phpcs-variable-analysis/zipball/dc5582dc5a93a235557af73e523c389aac9a8e88", + "reference": "dc5582dc5a93a235557af73e523c389aac9a8e88", "shasum": "" }, "require": { @@ -2228,7 +2230,7 @@ "source": "https://github.com/sirbrillig/phpcs-variable-analysis", "wiki": "https://github.com/sirbrillig/phpcs-variable-analysis/wiki" }, - "time": "2023-01-05T18:45:16+00:00" + "time": "2023-03-31T16:46:32+00:00" }, { "name": "squizlabs/php_codesniffer", @@ -2389,15 +2391,15 @@ }, { "name": "wpackagist-plugin/woocommerce", - "version": "7.4.0", + "version": "7.7.2", "source": { "type": "svn", "url": "https://plugins.svn.wordpress.org/woocommerce/", - "reference": "tags/7.4.0" + "reference": "tags/7.7.2" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/woocommerce.7.4.0.zip" + "url": "https://downloads.wordpress.org/plugin/woocommerce.7.7.2.zip" }, "require": { "composer/installers": "^1.0 || ^2.0" @@ -2407,16 +2409,16 @@ }, { "name": "yoast/phpunit-polyfills", - "version": "1.0.4", + "version": "1.0.5", "source": { "type": "git", "url": "https://github.com/Yoast/PHPUnit-Polyfills.git", - "reference": "3c621ff5429d2b1ff96dc5808ad6cde99d31ea4c" + "reference": "3b59adeef77fb1c03ff5381dbb9d68b0aaff3171" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Yoast/PHPUnit-Polyfills/zipball/3c621ff5429d2b1ff96dc5808ad6cde99d31ea4c", - "reference": "3c621ff5429d2b1ff96dc5808ad6cde99d31ea4c", + "url": "https://api.github.com/repos/Yoast/PHPUnit-Polyfills/zipball/3b59adeef77fb1c03ff5381dbb9d68b0aaff3171", + "reference": "3b59adeef77fb1c03ff5381dbb9d68b0aaff3171", "shasum": "" }, "require": { @@ -2424,13 +2426,12 @@ "phpunit/phpunit": "^4.8.36 || ^5.7.21 || ^6.0 || ^7.0 || ^8.0 || ^9.0" }, "require-dev": { - "yoast/yoastcs": "^2.2.1" + "yoast/yoastcs": "^2.3.0" }, "type": "library", "extra": { "branch-alias": { - "dev-main": "1.x-dev", - "dev-develop": "1.x-dev" + "dev-main": "2.x-dev" } }, "autoload": { @@ -2464,7 +2465,7 @@ "issues": "https://github.com/Yoast/PHPUnit-Polyfills/issues", "source": "https://github.com/Yoast/PHPUnit-Polyfills" }, - "time": "2022-11-16T09:07:52+00:00" + "time": "2023-03-30T23:39:05+00:00" } ], "aliases": [], From 356e8f480cf4c847c22601f608a2d68b8c875c8f Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Thu, 1 Jun 2023 13:15:13 -0300 Subject: [PATCH 2/3] Update sanitization and code standards --- includes/classes/Command/Utility.php | 4 +- .../Feature/Autosuggest/Autosuggest.php | 2 +- includes/classes/Feature/Facets/Facets.php | 2 +- includes/classes/Feature/Search/Search.php | 2 +- includes/classes/Feature/Search/Weighting.php | 6 +-- .../Feature/SearchOrdering/SearchOrdering.php | 7 ++-- .../Feature/WooCommerce/WooCommerce.php | 41 +++++++++++-------- includes/classes/Indexable/Post/Post.php | 20 +++++---- .../classes/Indexable/Post/SyncManager.php | 11 ++++- includes/classes/Indexable/User/User.php | 11 ++++- includes/classes/Installer.php | 2 +- includes/classes/Screen.php | 2 +- includes/classes/Screen/StatusReport.php | 7 +++- .../classes/StatusReport/FailedQueries.php | 2 +- includes/classes/Upgrades.php | 2 + includes/dashboard.php | 29 ++++++------- phpcs.xml | 4 ++ uninstall.php | 8 +++- 18 files changed, 102 insertions(+), 60 deletions(-) diff --git a/includes/classes/Command/Utility.php b/includes/classes/Command/Utility.php index ccc5dfc09f..4370b59898 100644 --- a/includes/classes/Command/Utility.php +++ b/includes/classes/Command/Utility.php @@ -160,8 +160,8 @@ public static function custom_get_transient( $pre_transient, $transient ) { } else { $options = $wpdb->options; + // phpcs:disable $should_interrupt_sync = $wpdb->get_var( - // phpcs:disable $wpdb->prepare( " SELECT option_value @@ -171,8 +171,8 @@ public static function custom_get_transient( $pre_transient, $transient ) { ", "_transient_{$transient}" ) - // phpcs:enable ); + // phpcs:enable } return $should_interrupt_sync ? (bool) $should_interrupt_sync : null; diff --git a/includes/classes/Feature/Autosuggest/Autosuggest.php b/includes/classes/Feature/Autosuggest/Autosuggest.php index 354b7f1add..7a474c213d 100644 --- a/includes/classes/Feature/Autosuggest/Autosuggest.php +++ b/includes/classes/Feature/Autosuggest/Autosuggest.php @@ -740,7 +740,7 @@ public function epio_send_autosuggest_public_request( $blocking = false ) { * Send the allowed parameters for autosuggest to ElasticPress.io. */ public function epio_send_autosuggest_allowed() { - if ( empty( $_REQUEST['ep_epio_nonce'] ) || ! wp_verify_nonce( $_REQUEST['ep_epio_nonce'], 'ep-epio-set-autosuggest' ) ) { + if ( empty( $_REQUEST['ep_epio_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['ep_epio_nonce'] ), 'ep-epio-set-autosuggest' ) ) { return; } if ( empty( $_GET['ep_epio_set_autosuggest'] ) ) { diff --git a/includes/classes/Feature/Facets/Facets.php b/includes/classes/Feature/Facets/Facets.php index 7abfe5d94b..e86c697bd7 100644 --- a/includes/classes/Feature/Facets/Facets.php +++ b/includes/classes/Feature/Facets/Facets.php @@ -454,7 +454,7 @@ public function build_query_url( $filters ) { */ $query_string = apply_filters( 'ep_facet_query_string', $query_string, $query_params ); - $url = $_SERVER['REQUEST_URI']; + $url = isset( $_SERVER['REQUEST_URI'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : ''; $pagination = strpos( $url, '/page' ); if ( false !== $pagination ) { $url = substr( $url, 0, $pagination ); diff --git a/includes/classes/Feature/Search/Search.php b/includes/classes/Feature/Search/Search.php index 986a3b8066..e871072083 100644 --- a/includes/classes/Feature/Search/Search.php +++ b/includes/classes/Feature/Search/Search.php @@ -775,7 +775,7 @@ public function save_exclude_from_search_meta( $post_id, $post ) { return; } - if ( ! isset( $_POST['ep-exclude-from-search-nonce'] ) || ! wp_verify_nonce( $_POST['ep-exclude-from-search-nonce'], 'save-exclude-from-search' ) ) { + if ( ! isset( $_POST['ep-exclude-from-search-nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['ep-exclude-from-search-nonce'] ), 'save-exclude-from-search' ) ) { return; } diff --git a/includes/classes/Feature/Search/Weighting.php b/includes/classes/Feature/Search/Weighting.php index 764000ef0d..3e86257784 100644 --- a/includes/classes/Feature/Search/Weighting.php +++ b/includes/classes/Feature/Search/Weighting.php @@ -220,8 +220,8 @@ public function render_settings_page() {

@@ -335,7 +335,7 @@ public function render_settings_section( $post_type, $field, $current_values ) { * Handles processing the new weighting values and saving them to the elasticpress.io service */ public function handle_save() { - if ( ! isset( $_POST['ep-weighting-nonce'] ) || ! wp_verify_nonce( $_POST['ep-weighting-nonce'], 'save-weighting' ) ) { + if ( ! isset( $_POST['ep-weighting-nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['ep-weighting-nonce'] ), 'save-weighting' ) ) { return; } diff --git a/includes/classes/Feature/SearchOrdering/SearchOrdering.php b/includes/classes/Feature/SearchOrdering/SearchOrdering.php index 8321f9454a..33529ed924 100644 --- a/includes/classes/Feature/SearchOrdering/SearchOrdering.php +++ b/includes/classes/Feature/SearchOrdering/SearchOrdering.php @@ -462,7 +462,7 @@ public function save_post( $post_id, $post ) { /** Post Indexable @var Post $post_indexable */ $post_indexable = Indexables::factory()->get( 'post' ); - if ( ! isset( $_POST['search-ordering-nonce'] ) || ! wp_verify_nonce( $_POST['search-ordering-nonce'], 'save-search-ordering' ) ) { + if ( ! isset( $_POST['search-ordering-nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['search-ordering-nonce'] ), 'save-search-ordering' ) ) { return; } @@ -476,7 +476,8 @@ public function save_post( $post_id, $post ) { $previous_order_data = get_post_meta( $post_id, 'pointers', true ); $previous_post_ids = ! empty( $previous_order_data ) ? array_flip( wp_list_pluck( $previous_order_data, 'ID' ) ) : []; - $ordered_posts = json_decode( wp_unslash( $_POST['ordered_posts'] ), true ); + $ordered_posts = isset( $_POST['ordered_posts'] ) ? wp_unslash( $_POST['ordered_posts'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized + $ordered_posts = json_decode( $ordered_posts, true ); $posts_per_page = (int) get_option( 'posts_per_page', 10 ); @@ -857,7 +858,7 @@ public function handle_post_untrash( $post_id ) { protected function assign_term_to_post( $post_id, $term_taxonomy_id, $order ) { global $wpdb; - $result = $wpdb->query( + $result = $wpdb->query( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery $wpdb->prepare( "INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES ( %d, %d, %d ) ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)", $post_id, diff --git a/includes/classes/Feature/WooCommerce/WooCommerce.php b/includes/classes/Feature/WooCommerce/WooCommerce.php index bbca976891..19f17d831b 100644 --- a/includes/classes/Feature/WooCommerce/WooCommerce.php +++ b/includes/classes/Feature/WooCommerce/WooCommerce.php @@ -523,7 +523,7 @@ public function translate_args( $query ) { * Also make sure the orderby param affects only the main query */ if ( ! empty( $_GET['orderby'] ) && $query->is_main_query() ) { // phpcs:ignore WordPress.Security.NonceVerification - $orderby = sanitize_text_field( $_GET['orderby'] ); // phpcs:ignore WordPress.Security.NonceVerification + $orderby = sanitize_text_field( wp_unslash( $_GET['orderby'] ) ); // phpcs:ignore WordPress.Security.NonceVerification switch ( $orderby ) { // phpcs:ignore WordPress.Security.NonceVerification case 'popularity': $query->set( 'orderby', $this->get_orderby_meta_mapping( 'total_sales' ) ); @@ -706,9 +706,13 @@ public function search_order( $wp ) { return; } - $search_key_safe = str_replace( array( 'Order #', '#' ), '', wc_clean( $_GET['s'] ) ); // phpcs:ignore WordPress.Security.NonceVerification - unset( $wp->query_vars['post__in'] ); - $wp->query_vars['s'] = $search_key_safe; + // phpcs:disable WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput + if ( isset( $_GET['s'] ) ) { + $search_key_safe = str_replace( array( 'Order #', '#' ), '', wc_clean( $_GET['s'] ) ); + unset( $wp->query_vars['post__in'] ); + $wp->query_vars['s'] = $search_key_safe; + } + // phpcs:enable WordPress.Security.NonceVerification, WordPress.Security.ValidatedSanitizedInput } /** @@ -996,6 +1000,10 @@ public function price_filter( $args, $query_args, $query ) { return $args; } + $min_price = ! empty( $_GET['min_price'] ) ? sanitize_text_field( wp_unslash( $_GET['min_price'] ) ) : null; + $max_price = ! empty( $_GET['max_price'] ) ? sanitize_text_field( wp_unslash( $_GET['max_price'] ) ) : null; + // phpcs:enable WordPress.Security.NonceVerification + if ( $query->is_search() ) { /** * This logic is iffy but the WC price filter widget is not intended for use with search anyway @@ -1003,12 +1011,12 @@ public function price_filter( $args, $query_args, $query ) { $old_query = $args['query']['bool']; unset( $args['query']['bool']['should'] ); - if ( ! empty( $_GET['min_price'] ) ) { - $args['query']['bool']['must'][0]['range']['meta._price.long']['gte'] = $_GET['min_price']; + if ( ! empty( $min_price ) ) { + $args['query']['bool']['must'][0]['range']['meta._price.long']['gte'] = $min_price; } - if ( ! empty( $_GET['max_price'] ) ) { - $args['query']['bool']['must'][0]['range']['meta._price.long']['lte'] = $_GET['max_price']; + if ( ! empty( $max_price ) ) { + $args['query']['bool']['must'][0]['range']['meta._price.long']['lte'] = $max_price; } $args['query']['bool']['must'][0]['range']['meta._price.long']['boost'] = 2.0; @@ -1016,19 +1024,18 @@ public function price_filter( $args, $query_args, $query ) { } else { unset( $args['query']['match_all'] ); - $args['query']['range']['meta._price.long']['gte'] = ! empty( $_GET['min_price'] ) ? $_GET['min_price'] : 0; + $args['query']['range']['meta._price.long']['gte'] = ! empty( $min_price ) ? $min_price : 0; - if ( ! empty( $_GET['min_price'] ) ) { - $args['query']['range']['meta._price.long']['gte'] = $_GET['min_price']; + if ( ! empty( $min_price ) ) { + $args['query']['range']['meta._price.long']['gte'] = $min_price; } - if ( ! empty( $_GET['max_price'] ) ) { - $args['query']['range']['meta._price.long']['lte'] = $_GET['max_price']; + if ( ! empty( $max_price ) ) { + $args['query']['range']['meta._price.long']['lte'] = $max_price; } $args['query']['range']['meta._price.long']['boost'] = 2.0; } - // phpcs:enable WordPress.Security.NonceVerification return $args; } @@ -1155,7 +1162,7 @@ public function translate_args_admin_products_list( $query ) { } // WooCommerce unsets the search term right after using it to fetch product IDs. Here we add it back. - $search_term = ! empty( $_GET['s'] ) ? sanitize_text_field( $_GET['s'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification + $search_term = ! empty( $_GET['s'] ) ? sanitize_text_field( wp_unslash( $_GET['s'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification if ( ! empty( $search_term ) ) { $query->set( 's', sanitize_text_field( $search_term ) ); // phpcs:ignore WordPress.Security.NonceVerification @@ -1195,7 +1202,7 @@ public function translate_args_admin_products_list( $query ) { // Sets the meta query for `product_type` if needed. Also removed from the WP_Query by WC in `WC_Admin_List_Table_Products::query_filters()`. $product_type_query = $query->get( 'product_type', '' ); - $product_type_url = ! empty( $_GET['product_type'] ) ? sanitize_text_field( $_GET['product_type'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification + $product_type_url = ! empty( $_GET['product_type'] ) ? sanitize_text_field( wp_unslash( $_GET['product_type'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification $allowed_prod_types = [ 'virtual', 'downloadable' ]; if ( empty( $product_type_query ) && ! empty( $product_type_url ) && in_array( $product_type_url, $allowed_prod_types, true ) ) { $meta_query = $query->get( 'meta_query', [] ); @@ -1208,7 +1215,7 @@ public function translate_args_admin_products_list( $query ) { // Sets the meta query for `stock_status` if needed. $stock_status_query = $query->get( 'stock_status', '' ); - $stock_status_url = ! empty( $_GET['stock_status'] ) ? sanitize_text_field( $_GET['stock_status'] ) : ''; // phpcs:ignore WordPress.Security.NonceVerification + $stock_status_url = ! empty( $_GET['stock_status'] ) ? sanitize_text_field( wp_unslash( $_GET['stock_status'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification $allowed_stock_status = [ 'instock', 'outofstock', 'onbackorder' ]; if ( empty( $stock_status_query ) && ! empty( $stock_status_url ) && in_array( $stock_status_url, $allowed_stock_status, true ) ) { $meta_query = $query->get( 'meta_query', [] ); diff --git a/includes/classes/Indexable/Post/Post.php b/includes/classes/Indexable/Post/Post.php index 4ab48e1076..e3116739fa 100644 --- a/includes/classes/Indexable/Post/Post.php +++ b/includes/classes/Indexable/Post/Post.php @@ -245,7 +245,7 @@ protected function get_total_objects_for_query_from_db( $query_args ) { * The if below will pass if `has_password` is false but not null. */ if ( isset( $query_args['has_password'] ) && ! $query_args['has_password'] ) { - $posts_with_password = (int) $wpdb->get_var( "SELECT COUNT(1) AS posts_with_password FROM {$wpdb->posts} WHERE post_password != ''" ); + $posts_with_password = (int) $wpdb->get_var( "SELECT COUNT(1) AS posts_with_password FROM {$wpdb->posts} WHERE post_password != ''" ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery $post_count -= $posts_with_password; } @@ -797,7 +797,7 @@ protected function get_term_order( $term_taxonomy_id, $object_id ) { $term_orders = wp_cache_get( $cache_key ); if ( false === $term_orders ) { - $results = $wpdb->get_results( + $results = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery $wpdb->prepare( "SELECT term_taxonomy_id, term_order from $wpdb->term_relationships where object_id=%d;", $object_id @@ -2562,8 +2562,8 @@ public function get_distinct_meta_field_keys_db( bool $force_refresh = false ) : $allowed_protected_keys_sql = " OR meta_key IN ( {$placeholders} ) "; } + // phpcs:disable WordPress.DB.DirectDatabaseQuery, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber $meta_keys = $wpdb->get_col( - // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber $wpdb->prepare( "SELECT DISTINCT meta_key FROM {$wpdb->postmeta} @@ -2572,8 +2572,9 @@ public function get_distinct_meta_field_keys_db( bool $force_refresh = false ) : '\_%', ...$allowed_protected_keys ) - // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber ); + // phpcs:enable WordPress.DB.DirectDatabaseQuery, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber + sort( $meta_keys ); // Make sure the size of the transient will not be bigger than 1MB @@ -2753,7 +2754,12 @@ function( $meta_key ) use ( $empty_post ) { protected function get_lazy_post_type_ids( string $post_type ) { global $wpdb; - $total = $wpdb->get_var( $wpdb->prepare( "SELECT count(*) FROM {$wpdb->posts} WHERE post_type = %s", $post_type ) ); + $total = $wpdb->get_var( // phpcs:ignore WordPress.DB.DirectDatabaseQuery + $wpdb->prepare( + "SELECT count(*) FROM {$wpdb->posts} WHERE post_type = %s", + $post_type + ) + ); if ( ! $total ) { return []; @@ -2786,7 +2792,7 @@ protected function get_lazy_post_type_ids( string $post_type ) { for ( $page = 0; $page < $pages; $page++ ) { $start = $per_page * $page; - $ids = $wpdb->get_col( + $ids = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery $wpdb->prepare( "SELECT ID FROM {$wpdb->posts} WHERE post_type = %s LIMIT %d, %d", $post_type, @@ -2813,7 +2819,7 @@ protected function get_meta_keys_from_post_ids( array $post_ids ) : array { } $placeholders = implode( ',', array_fill( 0, count( $post_ids ), '%d' ) ); - $meta_keys = $wpdb->get_col( + $meta_keys = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery $wpdb->prepare( // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare "SELECT DISTINCT meta_key FROM {$wpdb->postmeta} WHERE post_id IN ( {$placeholders} )", diff --git a/includes/classes/Indexable/Post/SyncManager.php b/includes/classes/Indexable/Post/SyncManager.php index dcd17fc46b..bfd9468b25 100644 --- a/includes/classes/Indexable/Post/SyncManager.php +++ b/includes/classes/Indexable/Post/SyncManager.php @@ -579,14 +579,21 @@ public function action_edited_term( $term_id, $tt_id, $taxonomy ) { } // Find ID of all attached posts (query lifted from wp_delete_term()) - $object_ids = (array) $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id = %d", $tt_id ) ); + $object_ids = (array) $wpdb->get_col( // phpcs:disable WordPress.DB.DirectDatabaseQuery + $wpdb->prepare( "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id = %d", $tt_id ) + ); // If the current term is not attached, check if the child terms are attached to the post if ( empty( $object_ids ) ) { $child_terms = get_term_children( $term_id, $taxonomy ); if ( ! empty( $child_terms ) ) { $in_id = join( ',', array_fill( 0, count( $child_terms ), '%d' ) ); - $object_ids = (array) $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id IN ( {$in_id} )", $child_terms ) ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare + $object_ids = (array) $wpdb->get_col( // phpcs:disable WordPress.DB.DirectDatabaseQuery + $wpdb->prepare( + "SELECT object_id FROM {$wpdb->term_relationships} WHERE term_taxonomy_id IN ( {$in_id} )", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare + $child_terms + ) + ); } } if ( ! count( $object_ids ) ) { diff --git a/includes/classes/Indexable/User/User.php b/includes/classes/Indexable/User/User.php index 779d316bdf..29cddb32e5 100644 --- a/includes/classes/Indexable/User/User.php +++ b/includes/classes/Indexable/User/User.php @@ -664,13 +664,20 @@ public function query_db( $args ) { * WP_User_Query doesn't let us get users across all blogs easily. This is the best * way to do that. */ - // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared - $objects = $wpdb->get_results( $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS ID FROM {$wpdb->users} {$orderby} LIMIT %d, %d", (int) $args['offset'], (int) $args['number'] ) ); + // phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery + $objects = $wpdb->get_results( + $wpdb->prepare( + "SELECT SQL_CALC_FOUND_ROWS ID FROM {$wpdb->users} {$orderby} LIMIT %d, %d", + (int) $args['offset'], + (int) $args['number'] + ) + ); return [ 'objects' => $objects, 'total_objects' => ( 0 === count( $objects ) ) ? 0 : (int) $wpdb->get_var( 'SELECT FOUND_ROWS()' ), ]; + // phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery } /** diff --git a/includes/classes/Installer.php b/includes/classes/Installer.php index e4216fa53f..0b17e475bc 100644 --- a/includes/classes/Installer.php +++ b/includes/classes/Installer.php @@ -113,7 +113,7 @@ public function get_install_status() { * Check if it should use the features selected during the install to update the settings. */ public function maybe_set_features() { - if ( empty( $_POST['ep_install_page_nonce'] ) || ! wp_verify_nonce( $_POST['ep_install_page_nonce'], 'ep_install_page' ) ) { + if ( empty( $_POST['ep_install_page_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['ep_install_page_nonce'] ), 'ep_install_page' ) ) { return; } diff --git a/includes/classes/Screen.php b/includes/classes/Screen.php index 93b8df0c61..7db8f397a3 100644 --- a/includes/classes/Screen.php +++ b/includes/classes/Screen.php @@ -86,7 +86,7 @@ public function determine_screen() { } // phpcs:disable WordPress.Security.NonceVerification - if ( ! empty( $_GET['page'] ) && false !== strpos( $_GET['page'], 'elasticpress' ) ) { + if ( ! empty( $_GET['page'] ) && false !== strpos( sanitize_key( $_GET['page'] ), 'elasticpress' ) ) { $install_status = Installer::factory()->get_install_status(); $this->screen = 'install'; diff --git a/includes/classes/Screen/StatusReport.php b/includes/classes/Screen/StatusReport.php index ed391dd51b..649c330b16 100644 --- a/includes/classes/Screen/StatusReport.php +++ b/includes/classes/Screen/StatusReport.php @@ -106,8 +106,11 @@ public function get_reports() : array { */ $filtered_reports = apply_filters( 'ep_status_report_reports', $reports ); - $skipped_reports = ! empty( $_GET['ep-skip-reports'] ) ? (array) $_GET['ep-skip-reports'] : []; // phpcs:ignore WordPress.Security.NonceVerification - $skipped_reports = array_map( 'sanitize_text_field', $skipped_reports ); + // phpcs:disable WordPress.Security.NonceVerification + $skipped_reports = isset( $_GET['ep-skip-reports'] ) ? + array_map( 'sanitize_text_field', (array) wp_unslash( $_GET['ep-skip-reports'] ) ) : + []; + // phpcs:enable WordPress.Security.NonceVerification $filtered_reports = array_filter( $filtered_reports, diff --git a/includes/classes/StatusReport/FailedQueries.php b/includes/classes/StatusReport/FailedQueries.php index 0a6868b255..f118918592 100644 --- a/includes/classes/StatusReport/FailedQueries.php +++ b/includes/classes/StatusReport/FailedQueries.php @@ -132,7 +132,7 @@ public function get_actions() : array { * If a nonce is present, clear the logs */ protected function maybe_clear_logs() { - if ( empty( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], 'ep-clear-logged-queries' ) ) { // phpcs:ignore WordPress.Security.NonceVerification + if ( empty( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_GET['_wpnonce'] ), 'ep-clear-logged-queries' ) ) { // phpcs:ignore WordPress.Security.NonceVerification return; } diff --git a/includes/classes/Upgrades.php b/includes/classes/Upgrades.php index 01fdc9fedc..b396fdef15 100644 --- a/includes/classes/Upgrades.php +++ b/includes/classes/Upgrades.php @@ -148,6 +148,7 @@ public function upgrade_3_6_6() { return; } + // phpcs:disable WordPress.DB.DirectDatabaseQuery $synonyms_example_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM {$wpdb->posts} WHERE post_type = %s AND post_content = %s LIMIT 100", @@ -155,6 +156,7 @@ public function upgrade_3_6_6() { $synonyms->example_synonym_list() ) ); + // phpcs:enable WordPress.DB.DirectDatabaseQuery if ( ! $synonyms_example_ids ) { return; diff --git a/includes/dashboard.php b/includes/dashboard.php index 179e2d0494..044bda8501 100644 --- a/includes/dashboard.php +++ b/includes/dashboard.php @@ -192,7 +192,7 @@ function maybe_skip_install() { return; } - if ( empty( $_GET['ep-skip-install'] ) || empty( $_GET['nonce'] ) || ! wp_verify_nonce( $_GET['nonce'], 'ep-skip-install' ) || ! in_array( Screen::factory()->get_current_screen(), [ 'install' ], true ) ) { // phpcs:ignore WordPress.Security.NonceVerification + if ( empty( $_GET['ep-skip-install'] ) || empty( $_GET['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_GET['nonce'] ), 'ep-skip-install' ) || ! in_array( Screen::factory()->get_current_screen(), [ 'install' ], true ) ) { // phpcs:ignore WordPress.Security.NonceVerification return; } @@ -375,7 +375,7 @@ function action_wp_ajax_ep_notice_dismiss() { exit; } - AdminNotices::factory()->dismiss_notice( $_POST['notice'] ); + AdminNotices::factory()->dismiss_notice( sanitize_key( $_POST['notice'] ) ); wp_send_json_success(); } @@ -413,9 +413,9 @@ function action_wp_ajax_ep_cancel_index() { * @since 2.2 */ function action_wp_ajax_ep_save_feature() { - $_POST = wp_unslash( $_POST ); + $post = wp_unslash( $_POST ); - if ( empty( $_POST['feature'] ) || empty( $_POST['settings'] ) || ! check_ajax_referer( 'ep_dashboard_nonce', 'nonce', false ) ) { + if ( empty( $post['feature'] ) || empty( $post['settings'] ) || ! check_ajax_referer( 'ep_dashboard_nonce', 'nonce', false ) ) { wp_send_json_error(); exit; } @@ -427,10 +427,10 @@ function action_wp_ajax_ep_save_feature() { exit; } - $data = Features::factory()->update_feature( $_POST['feature'], $_POST['settings'] ); + $data = Features::factory()->update_feature( $post['feature'], $post['settings'] ); // Since we deactivated, delete auto activate notice. - if ( empty( $_POST['settings']['active'] ) ) { + if ( empty( $post['settings']['active'] ) ) { Utils\delete_option( 'ep_feature_auto_activated_sync' ); } @@ -586,21 +586,22 @@ function action_admin_enqueue_dashboard_scripts() { * @return void */ function action_admin_init() { + $post = wp_unslash( $_POST ); // Save options for multisite. - if ( defined( 'EP_IS_NETWORK' ) && EP_IS_NETWORK && isset( $_POST['ep_language'] ) ) { + if ( defined( 'EP_IS_NETWORK' ) && EP_IS_NETWORK && isset( $post['ep_language'] ) ) { check_admin_referer( 'elasticpress-options' ); - $language = sanitize_text_field( $_POST['ep_language'] ); + $language = sanitize_text_field( $post['ep_language'] ); Utils\update_option( 'ep_language', $language ); - if ( isset( $_POST['ep_host'] ) ) { - $host = esc_url_raw( trim( $_POST['ep_host'] ) ); + if ( isset( $post['ep_host'] ) ) { + $host = esc_url_raw( trim( $post['ep_host'] ) ); Utils\update_option( 'ep_host', $host ); } - if ( isset( $_POST['ep_credentials'] ) ) { - $credentials = ( isset( $_POST['ep_credentials'] ) ) ? Utils\sanitize_credentials( $_POST['ep_credentials'] ) : [ + if ( isset( $post['ep_credentials'] ) ) { + $credentials = ( isset( $post['ep_credentials'] ) ) ? Utils\sanitize_credentials( $post['ep_credentials'] ) : [ 'username' => '', 'token' => '', ]; @@ -608,8 +609,8 @@ function action_admin_init() { Utils\update_option( 'ep_credentials', $credentials ); } - if ( isset( $_POST['ep_bulk_setting'] ) ) { - Utils\update_option( 'ep_bulk_setting', intval( $_POST['ep_bulk_setting'] ) ); + if ( isset( $post['ep_bulk_setting'] ) ) { + Utils\update_option( 'ep_bulk_setting', intval( $post['ep_bulk_setting'] ) ); } } else { register_setting( 'elasticpress', 'ep_host', 'esc_url_raw' ); diff --git a/phpcs.xml b/phpcs.xml index 283c99a169..67e5e907ed 100644 --- a/phpcs.xml +++ b/phpcs.xml @@ -4,6 +4,7 @@ + @@ -19,4 +20,7 @@ /tests/*.php + + /tests/*.php + diff --git a/uninstall.php b/uninstall.php index d6a23c8d0e..42fad27a1f 100644 --- a/uninstall.php +++ b/uninstall.php @@ -129,7 +129,9 @@ protected function delete_transients() { protected function delete_related_posts_transients() { global $wpdb; - $related_posts_transients = $wpdb->get_col( "SELECT option_name FROM {$wpdb->prefix}options WHERE option_name LIKE '_transient_ep_related_posts_%'" ); + $related_posts_transients = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery + "SELECT option_name FROM {$wpdb->prefix}options WHERE option_name LIKE '_transient_ep_related_posts_%'" + ); foreach ( $related_posts_transients as $related_posts_transient ) { $related_posts_transient = str_replace( '_transient_', '', $related_posts_transient ); @@ -144,7 +146,9 @@ protected function delete_related_posts_transients() { protected function delete_total_fields_limit_transients() { global $wpdb; - $related_posts_transients = $wpdb->get_col( "SELECT option_name FROM {$wpdb->prefix}options WHERE option_name LIKE '_transient_ep_total_fields_limit_%'" ); + $related_posts_transients = $wpdb->get_col( // phpcs:ignore WordPress.DB.DirectDatabaseQuery + "SELECT option_name FROM {$wpdb->prefix}options WHERE option_name LIKE '_transient_ep_total_fields_limit_%'" + ); foreach ( $related_posts_transients as $related_posts_transient ) { $related_posts_transient = str_replace( '_transient_', '', $related_posts_transient ); From bbc71be4d98f0da8b79ec548d148969812593775 Mon Sep 17 00:00:00 2001 From: Felipe Elia Date: Fri, 2 Jun 2023 09:42:50 -0300 Subject: [PATCH 3/3] More restrict phpcs:disable Co-authored-by: Burhan Nasir --- includes/classes/Command/Utility.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/includes/classes/Command/Utility.php b/includes/classes/Command/Utility.php index 4370b59898..1cd8ae6421 100644 --- a/includes/classes/Command/Utility.php +++ b/includes/classes/Command/Utility.php @@ -158,21 +158,19 @@ public static function custom_get_transient( $pre_transient, $transient ) { */ $should_interrupt_sync = wp_cache_get( $transient, 'transient', true ); } else { - $options = $wpdb->options; - - // phpcs:disable + // phpcs:disable WordPress.DB.DirectDatabaseQuery $should_interrupt_sync = $wpdb->get_var( $wpdb->prepare( " SELECT option_value - FROM $options + FROM $wpdb->options WHERE option_name = %s LIMIT 1 ", "_transient_{$transient}" ) ); - // phpcs:enable + // phpcs:enable WordPress.DB.DirectDatabaseQuery } return $should_interrupt_sync ? (bool) $should_interrupt_sync : null;