fix: phpcs validation fixes

getdokan · Dec 18, 2019 · affe11c · affe11c
1 parent 092d6a8
commit affe11c
Show file tree

Hide file tree

Showing 23 changed files with 57 additions and 50 deletions.
diff --git a/includes/class-vendor.php b/includes/class-vendor.php
@@ -626,9 +626,9 @@ public function get_balance( $formatted = true, $on_date= '' ) {
             if ( ! $installed_version || version_compare( $installed_version, '2.8.2', '>' ) ) {
                 $result = $wpdb->get_row( $wpdb->prepare(
                         "SELECT SUM(debit) as earnings,
-                        ( SELECT SUM(credit) FROM {$wpdb->prefix}dokan_vendor_balance WHERE vendor_id = %d AND DATE(balance_date) <= '%s' ) as withdraw
+                        ( SELECT SUM(credit) FROM {$wpdb->prefix}dokan_vendor_balance WHERE vendor_id = %d AND DATE(balance_date) <= %s ) as withdraw
                         from {$wpdb->prefix}dokan_vendor_balance
-                        WHERE vendor_id = '%d' AND DATE(balance_date) <= '%s' AND status IN($status)",
+                        WHERE vendor_id = %d AND DATE(balance_date) <= %s AND status IN($status)",
                     $this->id, $on_date, $this->id, $on_date ) );
             } else {
                 $result = $wpdb->get_row( $wpdb->prepare(

diff --git a/includes/upgrades/dokan-upgrade-2.9.13.php b/includes/upgrades/dokan-upgrade-2.9.13.php
@@ -14,15 +14,15 @@ function dokan_update_spmv_product_map_table_2_9_13() {
         return;
     }
 
-    $columns = $wpdb->get_results( "describe {$map_table}" );
+    $columns = $wpdb->get_results( $wpdb->prepare( "describe `{$wpdb->prefix}dokan_product_map`" );
 
     $columns = array_filter( $columns, function ( $column ) {
         return 'visibility' === $column->Field;
     } );
 
     if ( empty( $columns ) ) {
         $wpdb->query(
-            "alter table {$map_table} add column visibility tinyint(1) default 1"
+            $wpdb->prepare( "alter table `{$wpdb->prefix}dokan_product_map` add column visibility tinyint(1) default %d", 1 );
         );
     }
 }

diff --git a/phpcs.xml.dist b/phpcs.xml.dist
@@ -2,9 +2,9 @@
 <ruleset name="WordPress Coding Standards for Plugins">
     <description>Generally-applicable sniffs for WordPress plugins</description>
 
-    <rule ref="WordPress-Core">
+    <!-- <rule ref="WordPress-Core">
         <exclude name="Generic.WhiteSpace.DisallowSpaceIndent"/>
-    </rule>
+    </rule> -->
 
     <exclude-pattern>*/assets/*</exclude-pattern>
     <exclude-pattern>*/src/*</exclude-pattern>
@@ -21,7 +21,11 @@
 
     <!-- Check all PHP files in directory tree by default. -->
     <arg name="extensions" value="php" />
+    <arg name="extensions" value="html" />
     <file>.</file>
 
-    <rule ref="WordPress.Security.ValidatedSanitizedInput" />
+    <rule ref="WordPress.DB" />
+    <rule ref="WordPress.Security" />
+    <rule ref="WordPress.XSS" />
+    <rule ref="WordPress.CSRF" />
 </ruleset>
diff --git a/templates/admin-setup-wizard/run-wizard-notice.php b/templates/admin-setup-wizard/run-wizard-notice.php
@@ -1,4 +1,4 @@
 <div id="message" class="updated dokan-message">
-    <p><?php _e( '<strong>Welcome to Dokan</strong> &#8211; You&lsquo;re almost ready to start selling :)', 'dokan-lite' ); ?></p>
-    <p class="submit"><a href="<?php echo esc_url( admin_url( 'admin.php?page=dokan-setup' ) ); ?>" class="button-primary"><?php _e( 'Run the Setup Wizard', 'dokan-lite' ); ?></a></p>
+    <p><?php wp_kses_post( _e( '<strong>Welcome to Dokan</strong> &#8211; You&lsquo;re almost ready to start selling :)', 'dokan-lite' ) ); ?></p>
+    <p class="submit"><a href="<?php echo esc_url( admin_url( 'admin.php?page=dokan-setup' ) ); ?>" class="button-primary"><?php esc_html_e( 'Run the Setup Wizard', 'dokan-lite' ); ?></a></p>
 </div>
diff --git a/templates/dashboard/big-counter-widget.php b/templates/dashboard/big-counter-widget.php
@@ -15,15 +15,15 @@
     <ul class="list-inline">
          <li>
             <div class="title"><?php esc_html_e( 'Sales', 'dokan-lite' ); ?></div>
-            <div class="count"><?php echo wc_price( $earning ); ?></div>
+            <div class="count"><?php echo wp_kses_post( wc_price( $earning ) ); ?></div>
         </li>
         <li>
             <div class="title"><?php esc_html_e( 'Earning', 'dokan-lite' ); ?></div>
-            <div class="count"><?php echo dokan_get_seller_earnings( dokan_get_current_user_id() ); ?></div>
+            <div class="count"><?php echo wp_kses_post( dokan_get_seller_earnings( dokan_get_current_user_id() ) ); ?></div>
         </li>
         <li>
             <div class="title"><?php esc_html_e( 'Pageview', 'dokan-lite' ); ?></div>
-            <div class="count"><?php echo dokan_number_format( esc_attr( $pageviews ) ); ?></div>
+            <div class="count"><?php echo esc_html( dokan_number_format( esc_attr( $pageviews ) ) ); ?></div>
         </li>
         <li>
             <div class="title"><?php esc_html_e( 'Order', 'dokan-lite' ); ?></div>

diff --git a/templates/global/dashboard-nav.php b/templates/global/dashboard-nav.php
@@ -4,5 +4,5 @@
 ?>
 
 <div class="dokan-dash-sidebar">
-    <?php echo dokan_dashboard_nav( $active_menu ); ?>
-</div>
+    <?php echo wp_kses_post( dokan_dashboard_nav( $active_menu ) ); ?>
+</div>
diff --git a/templates/global/dokan-error.php b/templates/global/dokan-error.php
@@ -11,5 +11,5 @@
     <?php if ( $deleted ): ?>
         <button type="button" class="dokan-close" data-dismiss="alert">&times;</button>
     <?php endif ?>
-    <strong><?php echo $message; ?></strong>
+    <strong><?php echo wp_kses_post( $message ); ?></strong>
 </div>
diff --git a/templates/global/dokan-help.php b/templates/global/dokan-help.php
@@ -9,5 +9,5 @@
 ?>
 
 <div class="dokan-page-help">
-    <?php echo $help_text; ?>
+    <?php echo wp_kses_post( $help_text ); ?>
 </div>
diff --git a/templates/global/dokan-message.php b/templates/global/dokan-message.php
@@ -9,5 +9,5 @@
 ?>
 <div class="dokan-message">
     <button type="button" class="dokan-close" data-dismiss="alert">&times;</button>
-    <strong><?php echo $message; ?></strong>
+    <strong><?php echo wp_kses_post( $message ); ?></strong>
 </div>
diff --git a/templates/global/dokan-success.php b/templates/global/dokan-success.php
@@ -11,5 +11,5 @@
     <?php if ( $deleted ): ?>
         <button type="button" class="dokan-close" data-dismiss="alert">&times;</button>
     <?php endif ?>
-    <strong><?php echo $message; ?></strong>
+    <strong><?php echo wp_kses_post( $message ); ?></strong>
 </div>
diff --git a/templates/global/dokan-warning.php b/templates/global/dokan-warning.php
@@ -11,5 +11,5 @@
     <?php if ( $deleted ): ?>
         <button type="button" class="dokan-close" data-dismiss="alert">&times;</button>
     <?php endif ?>
-    <strong><?php echo $message; ?></strong>
+    <strong><?php echo wp_kses_post( $message ); ?></strong>
 </div>
diff --git a/templates/global/header-menu.php b/templates/global/header-menu.php
@@ -10,7 +10,7 @@
 
 <ul class="nav navbar-nav navbar-right">
     <li>
-        <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php printf( __( 'Cart %s', 'dokan-lite' ), '<span class="dokan-cart-amount-top">(' . WC()->cart->get_cart_total() . ')</span>' ); ?> <b class="caret"></b></a>
+        <a href="#" class="dropdown-toggle" data-toggle="dropdown"><?php echo wp_kses_post( sprintf( __( 'Cart %s', 'dokan-lite' ), '<span class="dokan-cart-amount-top">(' . WC()->cart->get_cart_total() . ')</span>' ) ); ?> <b class="caret"></b></a>
 
         <ul class="dropdown-menu">
             <li>
@@ -33,7 +33,7 @@
                     <li class="divider"></li>
                     <?php
                     foreach ( $nav_urls as $key => $item ) {
-                        printf( '<li><a href="%s">%s &nbsp;%s</a></li>', esc_url( $item['url'] ), $item['icon'], $item['title'] );
+                        echo wp_kses_post( sprintf( '<li><a href="%s">%s &nbsp;%s</a></li>', esc_url( $item['url'] ), $item['icon'], $item['title'] ) );
                     }
                     ?>
                 </ul>

diff --git a/templates/global/seller-registration-form.php b/templates/global/seller-registration-form.php
@@ -46,7 +46,7 @@
     if ( 'on' === $show_terms_condition && $terms_condition_url ) { ?>
         <p class="form-row form-group form-row-wide">
             <input class="tc_check_box" type="checkbox" id="tc_agree" name="tc_agree" required="required">
-            <label style="display: inline" for="tc_agree"><?php echo sprintf( __( 'I have read and agree to the <a target="_blank" href="%s">Terms &amp; Conditions</a>.', 'dokan-lite' ), esc_url( $terms_condition_url ) ); ?></label>
+            <label style="display: inline" for="tc_agree"><?php echo wp_kses_post( sprintf( __( 'I have read and agree to the <a target="_blank" href="%s">Terms &amp; Conditions</a>.', 'dokan-lite' ), esc_url( $terms_condition_url ) ) ); ?></label>
         </p>
     <?php }
 

diff --git a/templates/orders/details.php b/templates/orders/details.php
@@ -49,7 +49,6 @@
                                                 switch ( $item['type'] ) {
                                                     case 'line_item' :
                                                         $_product   = $order->get_product_from_item( $item );
-
                                                         dokan_get_template_part( 'orders/order-item-html', '', array(
                                                             'order'    => $order,
                                                             'item_id'  => $item_id,
@@ -128,7 +127,7 @@
                             if ( $order->get_formatted_billing_address() ) {
                                 echo wp_kses_post( $order->get_formatted_billing_address() );
                             } else {
-                                _e( 'No billing address set.', 'dokan-lite' );
+                                esc_html_e( 'No billing address set.', 'dokan-lite' );
                             }
                         ?>
                     </div>
@@ -143,7 +142,7 @@
                             if ( $order->get_formatted_shipping_address() ) {
                                 echo wp_kses_post( $order->get_formatted_shipping_address() );
                             } else {
-                                _e( 'No shipping address set.', 'dokan-lite' );
+                                esc_html_e( 'No shipping address set.', 'dokan-lite' );
                             }
                         ?>
                     </div>

diff --git a/templates/orders/listing.php b/templates/orders/listing.php
@@ -67,19 +67,19 @@
                         </td>
                         <td class="dokan-order-id" data-title="<?php esc_attr_e( 'Order', 'dokan-lite' ); ?>" >
                             <?php if ( current_user_can( 'dokan_view_order' ) ): ?>
-                                <?php echo '<a href="' . esc_url( wp_nonce_url( add_query_arg( array( 'order_id' => dokan_get_prop( $the_order, 'id' ) ), dokan_get_navigation_url( 'orders' ) ), 'dokan_view_order' ) ) . '"><strong>' . sprintf( __( 'Order %s', 'dokan-lite' ), esc_attr( $the_order->get_order_number() ) ) . '</strong></a>'; ?>
+                                <?php echo wp_kses_post( '<a href="' . esc_url( wp_nonce_url( add_query_arg( array( 'order_id' => dokan_get_prop( $the_order, 'id' ) ), dokan_get_navigation_url( 'orders' ) ), 'dokan_view_order' ) ) . '"><strong>' . sprintf( __( 'Order %s', 'dokan-lite' ), esc_attr( $the_order->get_order_number() ) ) . '</strong></a>' ); ?>
                             <?php else: ?>
-                                <?php echo '<strong>' . sprintf( __( 'Order %s', 'dokan-lite' ), esc_attr( $the_order->get_order_number() ) ) . '</strong>'; ?>
+                                <?php echo wp_kses_post( '<strong>' . sprintf( __( 'Order %s', 'dokan-lite' ), esc_attr( $the_order->get_order_number() ) ) . '</strong>' ); ?>
                             <?php endif ?>
                         </td>
                         <td class="dokan-order-total" data-title="<?php esc_attr_e( 'Order Total', 'dokan-lite' ); ?>" >
-                            <?php echo $the_order->get_formatted_order_total(); ?>
+                            <?php echo wp_kses_post( $the_order->get_formatted_order_total() ); ?>
                         </td>
                         <td class="dokan-order-earning" data-title="<?php esc_attr_e( 'Earning', 'dokan-lite' ); ?>" >
-                            <?php echo wc_price( dokan()->commission->get_earning_by_order( $the_order ) ); ?>
+                            <?php echo wp_kses_post( wc_price( dokan()->commission->get_earning_by_order( $the_order ) ) ); ?>
                         </td>
                         <td class="dokan-order-status" data-title="<?php esc_attr_e( 'Status', 'dokan-lite' ); ?>" >
-                            <?php echo '<span class="dokan-label dokan-label-' . dokan_get_order_status_class( dokan_get_prop( $the_order, 'status' ) ) . '">' . dokan_get_order_status_translated( dokan_get_prop( $the_order, 'status' ) ) . '</span>'; ?>
+                            <?php echo wp_kses_post( '<span class="dokan-label dokan-label-' . dokan_get_order_status_class( dokan_get_prop( $the_order, 'status' ) ) . '">' . dokan_get_order_status_translated( dokan_get_prop( $the_order, 'status' ) ) . '</span>' ); ?>
                         </td>
                         <td class="dokan-order-customer" data-title="<?php esc_attr_e( 'Customer', 'dokan-lite' ); ?>" >
                             <?php
@@ -166,7 +166,7 @@
 
                                 foreach ($actions as $action) {
                                     $icon = ( isset( $action['icon'] ) ) ? $action['icon'] : '';
-                                    printf( '<a class="dokan-btn dokan-btn-default dokan-btn-sm tips" href="%s" data-toggle="tooltip" data-placement="top" title="%s">%s</a> ', esc_url( $action['url'] ), esc_attr( $action['name'] ), $icon );
+                                    echo wp_kses_post( sprintf( '<a class="dokan-btn dokan-btn-default dokan-btn-sm tips" href="%s" data-toggle="tooltip" data-placement="top" title="%s">%s</a> ', esc_url( $action['url'] ), esc_attr( $action['name'] ), $icon ) );
                                 }
 
                                 do_action( 'woocommerce_admin_order_actions_end', $the_order );
@@ -201,7 +201,7 @@
     $base_url  = dokan_get_navigation_url( 'orders' );
 
     if ( $num_of_pages > 1 ) {
-        echo '<div class="pagination-wrap">';
+        $pagination = '<div class="pagination-wrap">';
         $page_links = paginate_links( array(
             'current'   => $paged,
             'total'     => $num_of_pages,
@@ -211,10 +211,12 @@
             'type'      => 'array',
         ) );
 
-        echo "<ul class='pagination'>\n\t<li>";
-        echo join("</li>\n\t<li>", $page_links);
-        echo "</li>\n</ul>\n";
-        echo '</div>';
+        $pagination .= "<ul class='pagination'>\n\t<li>";
+        $pagination .= join("</li>\n\t<li>", $page_links);
+        $pagination .= "</li>\n</ul>\n";
+        $pagination .= '</div>';
+
+        echo wp_kses_post( $pagination );
     }
     ?>
 

diff --git a/templates/orders/order-download-permission-html.php b/templates/orders/order-download-permission-html.php
@@ -4,10 +4,10 @@
 <div class="dokan-panel dokan-panel-default">
 	<div class="dokan-panel-heading" style="overflow: hidden;">
 		<a class="title" data-toggle="collapse" data-parent="#accordion" href="#collapse-<?php echo esc_attr( $download->download_id ); ?>">
-			<?php echo '#' . esc_attr( absint( dokan_get_prop( $product, 'id' ) ) ) . ' &mdash; ' . apply_filters( 'woocommerce_admin_download_permissions_title', $product->get_title(), $download->product_id, $download->order_id, $download->order_key, $download->download_id ) . ' &mdash; ' . sprintf( __( 'File %d: %s', 'dokan-lite' ), $file_count, wc_get_filename_from_url( $product->get_file_download_path( $download->download_id ) ) ); ?>
+			<?php echo wp_kses_post( '#' . esc_attr( absint( dokan_get_prop( $product, 'id' ) ) ) . ' &mdash; ' . apply_filters( 'woocommerce_admin_download_permissions_title', $product->get_title(), $download->product_id, $download->order_id, $download->order_key, $download->download_id ) . ' &mdash; ' . sprintf( __( 'File %d: %s', 'dokan-lite' ), $file_count, wc_get_filename_from_url( $product->get_file_download_path( $download->download_id ) ) ) ); ?>
 		</a>
 
-		<button rel="<?php echo esc_attr( absint( $download->product_id ) ) . ',' . esc_attr( $download->download_id ); ?>" class="revoke_access btn btn-danger btn-sm pull-right" data-order-id="<?php echo esc_attr( $download->order_id ); ?>" data-nonce="<?php echo esc_attr( wp_create_nonce( 'revoke-access' ) ); ?>"><?php _e( 'Revoke Access', 'dokan-lite' ); ?></button>
+		<button rel="<?php echo esc_attr( absint( $download->product_id ) ) . ',' . esc_attr( $download->download_id ); ?>" class="revoke_access btn btn-danger btn-sm pull-right" data-order-id="<?php echo esc_attr( $download->order_id ); ?>" data-nonce="<?php echo esc_attr( wp_create_nonce( 'revoke-access' ) ); ?>"><?php esc_html_e( 'Revoke Access', 'dokan-lite' ); ?></button>
 	</div>
 
 	<div id="collapse-<?php echo esc_attr( $download->download_id ); ?>" class="panel-collapse collapse">
@@ -19,7 +19,7 @@
 						<td width="20%">
 							<label><?php esc_html_e( 'Downloaded', 'dokan-lite' ); ?></label><br>
 
-							<?php printf( _n('%s time', '%s times', absint( $download->download_count ), 'dokan-lite'), absint( $download->download_count ) ); ?>
+							<?php echo wp_kses_post( sprintf( _n('%s time', '%s times', absint( $download->download_count ), 'dokan-lite'), absint( $download->download_count ) ) ); ?>
 						</td>
 						<td width="30%">
 							<label><?php esc_html_e( 'Downloads Remaining', 'dokan-lite' ); ?>:</label>

diff --git a/templates/orders/order-item-html.php b/templates/orders/order-item-html.php
@@ -19,7 +19,7 @@
 				<?php echo wp_kses( $_product->get_image( 'shop_thumbnail', array( 'title' => '' ) ), $img_kses ); ?>
 			</a>
 		<?php else : ?>
-			<?php echo woocommerce_placeholder_img( 'shop_thumbnail' ); ?>
+			<?php echo wp_kses_post( woocommerce_placeholder_img( 'shop_thumbnail' ) ); ?>
 		<?php endif; ?>
 	</td>
 
@@ -85,9 +85,11 @@
     <td class="line_cost" width="1%">
         <?php
             if ( isset( $item['line_total'] ) ) {
-                if ( isset( $item['line_subtotal'] ) && $item['line_subtotal'] != $item['line_total'] ) echo '<del>' . wc_price( $item['line_subtotal'] ) . '</del> ';
+                if ( isset( $item['line_subtotal'] ) && $item['line_subtotal'] != $item['line_total'] ) {
+                    echo wp_kses_post( '<del>' . wc_price( $item['line_subtotal'] ) . '</del> ' );
+                }
 
-                echo wc_price( $item['line_total'], array( 'currency' => dokan_replace_func( 'get_order_currency', 'get_currency', $order ) ) );
+                echo wp_kses_post( wc_price( $item['line_total'], array( 'currency' => dokan_replace_func( 'get_order_currency', 'get_currency', $order ) ) ) );
             }
         ?>
     </td>

diff --git a/templates/seller-search-form.php b/templates/seller-search-form.php
@@ -1,5 +1,5 @@
 <?php if ( ! empty( $search_query ) ): ?>
-    <h2><?php printf( __( 'Search Results for: %s', 'dokan-lite' ), esc_attr( $search_query ) ); ?></h2>
+    <h2><?php echo wp_kses_post( sprintf( __( 'Search Results for: %s', 'dokan-lite' ), esc_attr( $search_query ) ) ); ?></h2>
 <?php endif; ?>
 
 <form role="search" method="get" class="dokan-seller-search-form" action="">
@@ -12,7 +12,7 @@
     </div>
 
     <input type="hidden" id="pagination_base" name="pagination_base" value="<?php echo esc_attr( $pagination_base ) ?>" />
-    <input type="hidden" id="nonce" name="nonce" value="<?php echo wp_create_nonce( 'dokan-seller-listing-search' ); ?>" />
+    <input type="hidden" id="nonce" name="nonce" value="<?php echo esc_attr( wp_create_nonce( 'dokan-seller-listing-search' ) ); ?>" />
     <div class="dokan-overlay" style="display: none;"><span class="dokan-ajax-loader"></span></div>
 </form>
 

diff --git a/templates/store-header.php b/templates/store-header.php
@@ -68,7 +68,7 @@ class="profile-info-img">
                     <ul class="dokan-store-info">
                         <?php if ( isset( $store_address ) && !empty( $store_address ) ) { ?>
                             <li class="dokan-store-address"><i class="fa fa-map-marker"></i>
-                                <?php echo $store_address; ?>
+                                <?php echo wp_kses_post( $store_address ); ?>
                             </li>
                         <?php } ?>
 
@@ -88,7 +88,7 @@ class="profile-info-img">
 
                         <li class="dokan-store-rating">
                             <i class="fa fa-star"></i>
-                            <?php echo dokan_get_readable_seller_rating( $store_user->get_id() ); ?>
+                            <?php echo wp_kses_post( dokan_get_readable_seller_rating( $store_user->get_id() ) ); ?>
                         </li>
 
                         <?php if ( $show_store_open_close == 'on' && $dokan_store_time_enabled == 'yes') : ?>