Simplify phpcs:disable comments
Additionally this commit contains a conversion from %d to %s in a query [MAILPOET-4219]
This commit is contained in:
David Remer
Veljko V
@@ -81,12 +81,9 @@ class PageRenderer {
|
||||
$this->subscribersCountCacheRecalculation->schedule();
|
||||
}
|
||||
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// We are in control of the template and the data can be considered safe at this point
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->renderer->render($template, $data + $defaults);
|
||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
} catch (\Exception $e) {
|
||||
$notice = new WPNotice(WPNotice::TYPE_ERROR, $e->getMessage());
|
||||
$notice->displayWPNotice();
|
||||
|
||||
@@ -73,10 +73,9 @@ class Migrator {
|
||||
|
||||
private function runQuery(string $query): int {
|
||||
$this->wpdb->hide_errors();
|
||||
// phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
// It's a private method and all Queries in this class are safe
|
||||
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
$result = $this->wpdb->query($query);
|
||||
// phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
|
||||
if ($result === false) {
|
||||
throw Exceptions::migrationFailed($this->wpdb->last_error ?: 'Unknown error');
|
||||
|
||||
@@ -610,7 +610,7 @@ class MP2Migrator {
|
||||
$sql = $wpdb->prepare("
|
||||
SELECT u.*
|
||||
FROM `$table` u
|
||||
WHERE u.user_id > %d
|
||||
WHERE u.user_id > %s
|
||||
ORDER BY u.user_id
|
||||
LIMIT %d
|
||||
", $lastId, $limit);
|
||||
|
||||
@@ -538,12 +538,11 @@ class Populator {
|
||||
}, array_keys($columns), $columns);
|
||||
|
||||
$table = esc_sql($tableName);
|
||||
// phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
// $conditions is escaped
|
||||
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
return $wpdb->get_var(
|
||||
"SELECT COUNT(*) FROM $table WHERE " . implode(' AND ', $conditions)
|
||||
) > 0;
|
||||
// phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
}
|
||||
|
||||
private function insertRow($table, $row) {
|
||||
|
||||
@@ -136,8 +136,8 @@ class Migration extends SimpleWorker {
|
||||
foreach ($queueBatch as $queue) {
|
||||
// create a new scheduled task of type "sending"
|
||||
|
||||
// phpcs:disable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
// The only moving part is casted. $columnList and MP_SCHEDULED_TASKS_TABLE are fixed.
|
||||
// Constants are safe, queue ID is cast to int.
|
||||
// phpcs:ignore WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
$wpdb->query(sprintf(
|
||||
'INSERT IGNORE INTO %1$s (`type`, %2$s) ' .
|
||||
'SELECT "sending", %2$s FROM %3$s WHERE `id` = %4$s',
|
||||
@@ -146,7 +146,6 @@ class Migration extends SimpleWorker {
|
||||
MP_SENDING_QUEUES_TABLE,
|
||||
(int)$queue['id']
|
||||
));
|
||||
// phpcs:enable WordPressDotOrg.sniffs.DirectDB.UnescapedDBParameter
|
||||
|
||||
// link the queue with the task via task_id
|
||||
$newTaskId = $wpdb->insert_id; // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps
|
||||
|
||||
@@ -22,11 +22,8 @@ class PreviewWidget extends \WP_Widget {
|
||||
* Output the widget itself.
|
||||
*/
|
||||
public function widget($args, $instance = null) {
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// We control the html
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->formHtml;
|
||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
}
|
||||
}
|
||||
|
||||
@@ -93,12 +93,9 @@ class Widget extends \WP_Widget {
|
||||
];
|
||||
|
||||
try {
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// We control the template and the data is sanitized
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->renderer->render('form/iframe.html', $data);
|
||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
} catch (\Exception $e) {
|
||||
echo esc_html($e->getMessage());
|
||||
}
|
||||
@@ -269,12 +266,9 @@ class Widget extends \WP_Widget {
|
||||
}
|
||||
|
||||
if ($formType === 'widget') {
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// We control the template and the data is sanitized
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $output;
|
||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
} else {
|
||||
return $output;
|
||||
}
|
||||
|
||||
@@ -35,7 +35,8 @@ class ViewInBrowser {
|
||||
|
||||
private function displayNewsletter($result) {
|
||||
header('Content-Type: text/html; charset=utf-8');
|
||||
echo $result; //phpcs:ignore
|
||||
// phpcs:ignore WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter,WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
echo $result;
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
@@ -86,7 +86,8 @@ class Opens {
|
||||
header('Content-Type: image/gif');
|
||||
|
||||
// Output of base64_decode is predetermined and safe in this case
|
||||
echo base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw=='); // phpcs:ignore
|
||||
// phpcs:ignore WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter, WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
echo base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw==');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -89,10 +89,9 @@ class Manage {
|
||||
return sanitize_text_field($value);
|
||||
};
|
||||
|
||||
//phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
// custom sanitization via $sanitize
|
||||
//phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
$subscriberData = array_map($sanitize, wp_unslash((array)$_POST['data']));
|
||||
//phpcs:enable WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
$subscriberData = $this->fieldNameObfuscator->deobfuscateFormPayload($subscriberData);
|
||||
|
||||
$result = [];
|
||||
|
||||
@@ -57,10 +57,14 @@ class Functions {
|
||||
return __($text, $domain);
|
||||
}
|
||||
|
||||
public function _e($text, $domain = 'default') { //phpcs:ignore
|
||||
return _e($text, $domain); //phpcs:ignore
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.UnsafePrintingFunction, WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
public function _e($text, $domain = 'default') {
|
||||
return _e($text, $domain);
|
||||
}
|
||||
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.UnsafePrintingFunction, WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
|
||||
|
||||
public function _n($single, $plural, $number, $domain = 'default') {
|
||||
return _n($single, $plural, $number, $domain);
|
||||
}
|
||||
|
||||
@@ -30,19 +30,18 @@ class Settings {
|
||||
return;
|
||||
}
|
||||
|
||||
//phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
//phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
//The templates are in our control and the inputs are sanitized.
|
||||
//phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->renderer->render('woocommerce/settings_button.html', [
|
||||
'woocommerce_template_id' => (int)$this->settings->get(TransactionalEmails::SETTING_EMAIL_ID),
|
||||
]);
|
||||
if (!(bool)$this->settings->get('woocommerce.use_mailpoet_editor')) {
|
||||
return;
|
||||
}
|
||||
// The templates are in our control and the inputs are sanitized.
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped,WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->renderer->render('woocommerce/settings_overlay.html', [
|
||||
'woocommerce_template_id' => (int)$this->settings->get(TransactionalEmails::SETTING_EMAIL_ID),
|
||||
]);
|
||||
//phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
//phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
}
|
||||
}
|
||||
|
||||
@@ -57,21 +57,15 @@ class TransactionalEmailHooks {
|
||||
throw new InvalidStateException('WooCommerce email template is missing!');
|
||||
}
|
||||
$this->renderer->render($newsletterModel, $emailHeading);
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// The HTML is generated from a $newsletter entity and can be considered safe
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->renderer->getHTMLBeforeContent();
|
||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
}
|
||||
});
|
||||
$this->wp->addAction('woocommerce_email_footer', function() {
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// phpcs:disable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// The HTML is generated from a $newsletter entity and can be considered safe
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $this->renderer->getHTMLAfterContent();
|
||||
// phpcs:enable WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
});
|
||||
$this->wp->addAction('woocommerce_email_styles', [$this->renderer, 'prefixCss']);
|
||||
});
|
||||
|
||||
@@ -45,7 +45,8 @@ if (WP_DEBUG && PHP_VERSION_ID >= 70100 && file_exists($tracyPath)) {
|
||||
$tracyScriptHtml .= "<script>window.TracyMaxAjaxRows = $maxAjaxRows;</script>\n";
|
||||
|
||||
// just minor adjustments to Debugger::renderLoader() output
|
||||
echo $tracyScriptHtml; // phpcs:ignore
|
||||
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped, WordPressDotOrg.sniffs.OutputEscaping.UnescapedOutputParameter
|
||||
echo $tracyScriptHtml;
|
||||
}
|
||||
|
||||
add_action('admin_enqueue_scripts', 'render_tracy', PHP_INT_MAX, 0);
|
||||
|
||||
Reference in New Issue
Block a user