Simplify phpcs:disable comments
Additionally this commit contains a conversion from %d to %s in a query [MAILPOET-4219]
This commit is contained in:
David Remer
Veljko V
@@ -81,12 +81,9 @@ class PageRenderer {
|
|||||||
$this->subscribersCountCacheRecalculation->schedule();
|
$this->subscribersCountCacheRecalculation->schedule();
|
||||||
}
|
}
|
||||||
|
|
||||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// We are in control of the template and the data can be considered safe at this point
|
// We are in control of the template and the data can be considered safe at this point
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->renderer->render($template, $data + $defaults);
|
echo $this->renderer->render($template, $data + $defaults);
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$notice = new WPNotice(WPNotice::TYPE_ERROR, $e->getMessage());
|
$notice = new WPNotice(WPNotice::TYPE_ERROR, $e->getMessage());
|
||||||
$notice->displayWPNotice();
|
$notice->displayWPNotice();
|
||||||
|
|||||||
@@ -73,10 +73,9 @@ class Migrator {
|
|||||||
|
|
||||||
private function runQuery(string $query): int {
|
private function runQuery(string $query): int {
|
||||||
$this->wpdb->hide_errors();
|
$this->wpdb->hide_errors();
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
|
||||||
// It's a private method and all Queries in this class are safe
|
// It's a private method and all Queries in this class are safe
|
||||||
|
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||||
$result = $this->wpdb->query($query);
|
$result = $this->wpdb->query($query);
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
|
||||||
|
|
||||||
if ($result === false) {
|
if ($result === false) {
|
||||||
throw Exceptions::migrationFailed($this->wpdb->last_error ?: 'Unknown error');
|
throw Exceptions::migrationFailed($this->wpdb->last_error ?: 'Unknown error');
|
||||||
|
|||||||
@@ -610,7 +610,7 @@ class MP2Migrator {
|
|||||||
$sql = $wpdb->prepare("
|
$sql = $wpdb->prepare("
|
||||||
SELECT u.*
|
SELECT u.*
|
||||||
FROM `$table` u
|
FROM `$table` u
|
||||||
WHERE u.user_id > %d
|
WHERE u.user_id > %s
|
||||||
ORDER BY u.user_id
|
ORDER BY u.user_id
|
||||||
LIMIT %d
|
LIMIT %d
|
||||||
", $lastId, $limit);
|
", $lastId, $limit);
|
||||||
|
|||||||
@@ -538,12 +538,11 @@ class Populator {
|
|||||||
}, array_keys($columns), $columns);
|
}, array_keys($columns), $columns);
|
||||||
|
|
||||||
$table = esc_sql($tableName);
|
$table = esc_sql($tableName);
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
|
||||||
// $conditions is escaped
|
// $conditions is escaped
|
||||||
|
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||||
return $wpdb->get_var(
|
return $wpdb->get_var(
|
||||||
"SELECT COUNT(*) FROM $table WHERE " . implode(' AND ', $conditions)
|
"SELECT COUNT(*) FROM $table WHERE " . implode(' AND ', $conditions)
|
||||||
) > 0;
|
) > 0;
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function insertRow($table, $row) {
|
private function insertRow($table, $row) {
|
||||||
|
|||||||
@@ -136,8 +136,8 @@ class Migration extends SimpleWorker {
|
|||||||
foreach ($queueBatch as $queue) {
|
foreach ($queueBatch as $queue) {
|
||||||
// create a new scheduled task of type "sending"
|
// create a new scheduled task of type "sending"
|
||||||
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
// Constants are safe, queue ID is cast to int.
|
||||||
// The only moving part is casted. $columnList and MP_SCHEDULED_TASKS_TABLE are fixed.
|
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||||
$wpdb->query(sprintf(
|
$wpdb->query(sprintf(
|
||||||
'INSERT IGNORE INTO %1$s (`type`, %2$s) ' .
|
'INSERT IGNORE INTO %1$s (`type`, %2$s) ' .
|
||||||
'SELECT "sending", %2$s FROM %3$s WHERE `id` = %4$s',
|
'SELECT "sending", %2$s FROM %3$s WHERE `id` = %4$s',
|
||||||
@@ -146,7 +146,6 @@ class Migration extends SimpleWorker {
|
|||||||
MP_SENDING_QUEUES_TABLE,
|
MP_SENDING_QUEUES_TABLE,
|
||||||
(int)$queue['id']
|
(int)$queue['id']
|
||||||
));
|
));
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
|
||||||
|
|
||||||
// link the queue with the task via task_id
|
// link the queue with the task via task_id
|
||||||
$newTaskId = $wpdb->insert_id; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
|
$newTaskId = $wpdb->insert_id; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
|
||||||
|
|||||||
@@ -22,11 +22,8 @@ class PreviewWidget extends \WP_Widget {
|
|||||||
* Output the widget itself.
|
* Output the widget itself.
|
||||||
*/
|
*/
|
||||||
public function widget($args, $instance = null) {
|
public function widget($args, $instance = null) {
|
||||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// We control the html
|
// We control the html
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->formHtml;
|
echo $this->formHtml;
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -93,12 +93,9 @@ class Widget extends \WP_Widget {
|
|||||||
];
|
];
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// We control the template and the data is sanitized
|
// We control the template and the data is sanitized
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->renderer->render('form/iframe.html', $data);
|
echo $this->renderer->render('form/iframe.html', $data);
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
echo esc_html($e->getMessage());
|
echo esc_html($e->getMessage());
|
||||||
}
|
}
|
||||||
@@ -269,12 +266,9 @@ class Widget extends \WP_Widget {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($formType === 'widget') {
|
if ($formType === 'widget') {
|
||||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// We control the template and the data is sanitized
|
// We control the template and the data is sanitized
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $output;
|
echo $output;
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
} else {
|
} else {
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -35,7 +35,8 @@ class ViewInBrowser {
|
|||||||
|
|
||||||
private function displayNewsletter($result) {
|
private function displayNewsletter($result) {
|
||||||
header('Content-Type: text/html; charset=utf-8');
|
header('Content-Type: text/html; charset=utf-8');
|
||||||
echo $result; //phpcs:ignore
|
// phpcs:ignore WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter,WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||||
|
echo $result;
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -86,7 +86,8 @@ class Opens {
|
|||||||
header('Content-Type: image/gif');
|
header('Content-Type: image/gif');
|
||||||
|
|
||||||
// Output of base64_decode is predetermined and safe in this case
|
// Output of base64_decode is predetermined and safe in this case
|
||||||
echo base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw=='); // phpcs:ignore
|
// phpcs:ignore WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter, WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||||
|
echo base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw==');
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -89,10 +89,9 @@ class Manage {
|
|||||||
return sanitize_text_field($value);
|
return sanitize_text_field($value);
|
||||||
};
|
};
|
||||||
|
|
||||||
//phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
|
||||||
// custom sanitization via $sanitize
|
// custom sanitization via $sanitize
|
||||||
|
//phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||||
$subscriberData = array_map($sanitize, wp_unslash((array)$_POST['data']));
|
$subscriberData = array_map($sanitize, wp_unslash((array)$_POST['data']));
|
||||||
//phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
|
||||||
$subscriberData = $this->fieldNameObfuscator->deobfuscateFormPayload($subscriberData);
|
$subscriberData = $this->fieldNameObfuscator->deobfuscateFormPayload($subscriberData);
|
||||||
|
|
||||||
$result = [];
|
$result = [];
|
||||||
|
|||||||
@@ -57,10 +57,14 @@ class Functions {
|
|||||||
return __($text, $domain);
|
return __($text, $domain);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function _e($text, $domain = 'default') { //phpcs:ignore
|
// phpcs:disable WordPress.Security.EscapeOutput.UnsafePrintingFunction, WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||||
return _e($text, $domain); //phpcs:ignore
|
public function _e($text, $domain = 'default') {
|
||||||
|
return _e($text, $domain);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// phpcs:enable WordPress.Security.EscapeOutput.UnsafePrintingFunction, WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||||
|
|
||||||
|
|
||||||
public function _n($single, $plural, $number, $domain = 'default') {
|
public function _n($single, $plural, $number, $domain = 'default') {
|
||||||
return _n($single, $plural, $number, $domain);
|
return _n($single, $plural, $number, $domain);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -30,19 +30,18 @@ class Settings {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
//phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
//phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
//The templates are in our control and the inputs are sanitized.
|
//The templates are in our control and the inputs are sanitized.
|
||||||
|
//phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->renderer->render('woocommerce/settings_button.html', [
|
echo $this->renderer->render('woocommerce/settings_button.html', [
|
||||||
'woocommerce_template_id' => (int)$this->settings->get(TransactionalEmails::SETTING_EMAIL_ID),
|
'woocommerce_template_id' => (int)$this->settings->get(TransactionalEmails::SETTING_EMAIL_ID),
|
||||||
]);
|
]);
|
||||||
if (!(bool)$this->settings->get('woocommerce.use_mailpoet_editor')) {
|
if (!(bool)$this->settings->get('woocommerce.use_mailpoet_editor')) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
// The templates are in our control and the inputs are sanitized.
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped,WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->renderer->render('woocommerce/settings_overlay.html', [
|
echo $this->renderer->render('woocommerce/settings_overlay.html', [
|
||||||
'woocommerce_template_id' => (int)$this->settings->get(TransactionalEmails::SETTING_EMAIL_ID),
|
'woocommerce_template_id' => (int)$this->settings->get(TransactionalEmails::SETTING_EMAIL_ID),
|
||||||
]);
|
]);
|
||||||
//phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
//phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -57,21 +57,15 @@ class TransactionalEmailHooks {
|
|||||||
throw new InvalidStateException('WooCommerce email template is missing!');
|
throw new InvalidStateException('WooCommerce email template is missing!');
|
||||||
}
|
}
|
||||||
$this->renderer->render($newsletterModel, $emailHeading);
|
$this->renderer->render($newsletterModel, $emailHeading);
|
||||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// The HTML is generated from a $newsletter entity and can be considered safe
|
// The HTML is generated from a $newsletter entity and can be considered safe
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->renderer->getHTMLBeforeContent();
|
echo $this->renderer->getHTMLBeforeContent();
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
$this->wp->addAction('woocommerce_email_footer', function() {
|
$this->wp->addAction('woocommerce_email_footer', function() {
|
||||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// The HTML is generated from a $newsletter entity and can be considered safe
|
// The HTML is generated from a $newsletter entity and can be considered safe
|
||||||
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
echo $this->renderer->getHTMLAfterContent();
|
echo $this->renderer->getHTMLAfterContent();
|
||||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
|
||||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
|
||||||
});
|
});
|
||||||
$this->wp->addAction('woocommerce_email_styles', [$this->renderer, 'prefixCss']);
|
$this->wp->addAction('woocommerce_email_styles', [$this->renderer, 'prefixCss']);
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -45,7 +45,8 @@ if (WP_DEBUG && PHP_VERSION_ID >= 70100 && file_exists($tracyPath)) {
|
|||||||
$tracyScriptHtml .= "<script>window.TracyMaxAjaxRows = $maxAjaxRows;</script>\n";
|
$tracyScriptHtml .= "<script>window.TracyMaxAjaxRows = $maxAjaxRows;</script>\n";
|
||||||
|
|
||||||
// just minor adjustments to Debugger::renderLoader() output
|
// just minor adjustments to Debugger::renderLoader() output
|
||||||
echo $tracyScriptHtml; // phpcs:ignore
|
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||||
|
echo $tracyScriptHtml;
|
||||||
}
|
}
|
||||||
|
|
||||||
add_action('admin_enqueue_scripts', 'render_tracy', PHP_INT_MAX, 0);
|
add_action('admin_enqueue_scripts', 'render_tracy', PHP_INT_MAX, 0);
|
||||||
|
|||||||
Reference in New Issue
Block a user