Address the feedback related to linting

Automattic · Jun 27, 2024 · b8e68c1 · b8e68c1
1 parent edae485
commit b8e68c1
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 90 deletions.
diff --git a/modules/calendar/calendar.php b/modules/calendar/calendar.php
@@ -1005,11 +1005,8 @@ public function get_inner_information( $ef_calendar_item_information_fields, $po
 						<th class="label"><?php echo esc_html( $values['label'] ); ?>:</th>
 						<?php if ( $values['value'] && isset( $values['type'] ) ) : ?>
 							<?php if ( isset( $values['editable'] ) && $this->current_user_can_modify_post( $post ) ) : ?>
-								<td class="value
-								<?php
-								if ( $values['editable'] ) {
-									?>
-									editable-value<?php } ?>"><?php echo esc_html( $values['value'] ); ?></td>
+								<?php $editable_class = $values['editable'] ? 'editable-value' : ''; ?>
+								<td class="value <?php echo esc_attr( $editable_class ); ?>"><?php echo esc_html( $values['value'] ); ?></td>
 								<?php if ( $values['editable'] ) : ?>
 									<td class="editable-html hidden" data-type="<?php echo esc_attr( $values['type'] ); ?>" data-metadataterm="<?php echo esc_attr( str_replace( 'editorial-metadata-', '', str_replace( 'tax_', '', $field ) ) ); ?>"><?php echo $this->get_editable_html( $values['type'], $values['value'] ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?></td>
 								<?php endif; ?>

diff --git a/modules/custom-status/custom-status.php b/modules/custom-status/custom-status.php
@@ -844,7 +844,8 @@ public function handle_add_custom_status() {
 			);
 			$return = $this->add_custom_status( $status_name, $status_args );
 			if ( is_wp_error( $return ) ) {
-				wp_die( esc_textarea( __( 'Could not add status: ', 'edit-flow' ) . $return->get_error_message() ) );
+				/* translators: %s: error message */
+				wp_die( esc_html( sprintf( __( 'Could not add status: %s', 'edit-flow' ), $return->get_error_message() ) ) );
 			}
 			// Redirect if successful
 			$redirect_url = $this->get_link( array( 'message' => 'status-added' ) );
@@ -929,7 +930,7 @@ public function handle_edit_custom_status() {
 			);
 			$return = $this->update_custom_status( $existing_status->term_id, $args );
 			if ( is_wp_error( $return ) ) {
-				wp_die( esc_textarea( __( 'Error updating post status.', 'edit-flow' ) ) );
+				wp_die( esc_html__( 'Error updating post status.', 'edit-flow' ) );
 			}
 
 			$redirect_url = $this->get_link( array( 'message' => 'status-updated' ) );
@@ -1151,8 +1152,8 @@ public function ajax_inline_save_status() {
 				die();
 			} else {
 				/* translators: 1: the status's name */
-				$change_error = new WP_Error( 'invalid', wp_kses( sprintf( __( 'Could not update the status: <strong>%s</strong>', 'edit-flow' ), $status_name ), 'strong' ) );
-				die( esc_html( $change_error->get_error_message() ) );
+				$change_error = new WP_Error( 'invalid', sprintf( __( 'Could not update the status: <strong>%s</strong>', 'edit-flow' ), $status_name ) );
+				die( wp_kses( $change_error->get_error_message(), 'strong' ) );
 			}
 		}
 
@@ -1260,12 +1261,8 @@ public function print_configure_view() {
 		<table class="form-table">
 			<tr class="form-field form-required">
 				<th scope="row" valign="top"><label for="name"><?php _e( 'Custom Status', 'edit-flow' ); ?></label></th>
-				<td><input name="name" id="name" type="text" value="<?php echo esc_attr( $name ); ?>" size="40" aria-required="true"
-																			   <?php
-																				if ( 'draft' === $status->slug ) {
-																					echo 'readonly="readonly"';}
-																				?>
-				/>
+				<?php $readonly_attr = 'draft' === $status->slug ? 'readonly="readonly"' : ''; ?>
+				<td><input name="name" id="name" type="text" value="<?php echo esc_attr( $name ); ?>" size="40" aria-required="true" <?php echo esc_attr( $readonly_attr ); ?> />
 				<?php $edit_flow->settings->helper_print_error_or_description( 'name', __( 'The name is used to identify the status. (Max: 20 characters)', 'edit-flow' ) ); ?>
 				</td>
 			</tr>
@@ -1309,18 +1306,10 @@ public function print_configure_view() {
 				<div class="col-wrap">
 				<div class="form-wrap">
 				<h3 class="nav-tab-wrapper">
-					<a href="<?php echo esc_url( $this->get_link() ); ?>" class="nav-tab
-										<?php
-										if ( ! isset( $_GET['action'] ) || 'change-options' != $_GET['action'] ) {
-											echo ' nav-tab-active';}
-										?>
-					"><?php _e( 'Add New', 'edit-flow' ); ?></a>
-					<a href="<?php echo esc_url( $this->get_link( array( 'action' => 'change-options' ) ) ); ?>" class="nav-tab
-										<?php
-										if ( isset( $_GET['action'] ) && 'change-options' == $_GET['action'] ) {
-											echo ' nav-tab-active';}
-										?>
-					"><?php _e( 'Options', 'edit-flow' ); ?></a>
+					<?php $add_new_nav_class = ! isset( $_GET['action'] ) || 'change-options' != $_GET['action'] ? 'nav-tab-active' : ''; ?>
+					<a href="<?php echo esc_url( $this->get_link() ); ?>" class="nav-tab <?php echo esc_attr( $add_new_nav_class ); ?>"><?php esc_html_e( 'Add New', 'edit-flow' ); ?></a>
+					<?php $options_nav_class = isset( $_GET['action'] ) && 'change-options' == $_GET['action'] ? 'nav-tab-active' : ''; ?>
+					<a href="<?php echo esc_url( $this->get_link( array( 'action' => 'change-options' ) ) ); ?>" class="nav-tab <?php echo esc_attr( $options_nav_class ); ?>"><?php esc_html_e( 'Options', 'edit-flow' ); ?></a>
 				</h3>
 				<?php if ( isset( $_GET['action'] ) && 'change-options' == $_GET['action'] ) : ?>
 				<form class="basic-settings" action="<?php echo esc_url( $this->get_link( array( 'action' => 'change-options' ) ) ); ?>" method="post">
@@ -1334,12 +1323,12 @@ public function print_configure_view() {
 					<form class="add:the-list:" action="<?php echo esc_url( $this->get_link() ); ?>" method="post" id="addstatus" name="addstatus">
 					<div class="form-field form-required">
 						<label for="status_name"><?php _e( 'Name', 'edit-flow' ); ?></label>
-						<input type="text" aria-required="true" size="20" maxlength="20" id="status_name" name="status_name" value="<?php /* phpcs:ignore Generic.ControlStructures.InlineControlStructure.NotAllowed */ if ( ! empty( $_POST['status_name'] ) ) echo esc_attr( $_POST['status_name'] ); ?>" />
+						<input type="text" aria-required="true" size="20" maxlength="20" id="status_name" name="status_name" value="<?php echo ( empty( $_POST['status_name'] ) ? '' : esc_attr( $_POST['status_name'] ) ); ?>" />
 						<?php $edit_flow->settings->helper_print_error_or_description( 'name', __( 'The name is used to identify the status. (Max: 20 characters)', 'edit-flow' ) ); ?>
 					</div>
 					<div class="form-field">
 						<label for="status_description"><?php _e( 'Description', 'edit-flow' ); ?></label>
-						<textarea cols="40" rows="5" id="status_description" name="status_description"><?php /* phpcs:ignore Generic.ControlStructures.InlineControlStructure.NotAllowed */ if ( ! empty( $_POST['status_description'] ) ) echo esc_textarea( $_POST['status_description'] ); ?></textarea>
+						<textarea cols="40" rows="5" id="status_description" name="status_description"><?php echo ( empty( $_POST['status_description'] ) ? '' : esc_textarea( $_POST['status_description'] ) ); ?></textarea>
 						<?php $edit_flow->settings->helper_print_error_or_description( 'description', __( 'The description is primarily for administrative use, to give you some context on what the custom status is to be used for.', 'edit-flow' ) ); ?>
 					</div>
 					<?php wp_nonce_field( 'custom-status-add-nonce' ); ?>

diff --git a/modules/dashboard/dashboard.php b/modules/dashboard/dashboard.php
@@ -239,12 +239,12 @@ public function myposts_widget() {
 					$title = esc_html( $post->post_title );
 					?>
 					<li>
-						<h4><a href="<?php echo esc_url( $url ); ?>" title="<?php _e( 'Edit this post', 'edit-flow' ); ?>"><?php echo esc_html( $title ); ?></a></h4>
-						<span class="ef-myposts-timestamp"><?php _e( 'This post was last updated on', 'edit-flow' ); ?> <?php echo esc_html( get_the_time( 'F j, Y \\a\\t g:i a', $post ) ); ?></span>
+						<h4><a href="<?php echo esc_url( $url ); ?>" title="<?php esc_attr_e( 'Edit this post', 'edit-flow' ); ?>"><?php echo esc_html( $title ); ?></a></h4>
+						<span class="ef-myposts-timestamp"><?php esc_html_e( 'This post was last updated on', 'edit-flow' ); ?> <?php echo esc_html( get_the_time( 'F j, Y \\a\\t g:i a', $post ) ); ?></span>
 					</li>
 				<?php endforeach; ?>
 			<?php else : ?>
-				<p><?php _e( 'Sorry! You\'re not subscribed to any posts!', 'edit-flow' ); ?></p>
+				<p><?php esc_html_e( 'Sorry! You\'re not subscribed to any posts!', 'edit-flow' ); ?></p>
 			<?php endif; ?>
 		</div>
 			<?php

diff --git a/modules/editorial-comments/editorial-comments.php b/modules/editorial-comments/editorial-comments.php
@@ -97,7 +97,7 @@ public function add_admin_scripts() {
 			$thread_comments = (int) get_option( 'thread_comments' );
 			?>
 		<script type="text/javascript">
-			var ef_thread_comments = <?php echo esc_html( ( $thread_comments ) ? $thread_comments : 0 ); ?>;
+			var ef_thread_comments = <?php echo $thread_comments ? intval( $thread_comments ) : 0; ?>;
 		</script>
 			<?php
 		}
@@ -190,7 +190,7 @@ public function the_comment_form() {
 
 			<p id="ef-replysubmit">
 				<a class="ef-replysave button-primary alignright" href="#comments-form">
-					<span id="ef-replybtn"><?php _e( 'Submit Response', 'edit-flow' ); ?></span>
+					<span id="ef-replybtn"><?php esc_html_e( 'Submit Response', 'edit-flow' ); ?></span>
 				</a>
 				<a class="ef-replycancel button-secondary alignright" href="#comments-form"><?php _e( 'Cancel', 'edit-flow' ); ?></a>
 				<img alt="Sending comment..." src="<?php echo esc_url( admin_url( '/images/wpspin_light.gif' ) ); ?>" class="alignright" style="display: none;" id="ef-comment_loading" />
@@ -228,8 +228,7 @@ public function maybe_output_comment_meta( $comment_id ) {
 				$message = '<strong>' . esc_html__( 'Notified', 'edit-flow' ) . ':</strong> ' . esc_html( $notification );
 			}
 
-			// It's already been escaped above.
-			// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+			// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- It's already been escaped above
 			echo '<p class="ef-notification-meta">' . $message . '</p>';
 		}
 
@@ -242,9 +241,8 @@ public function the_comment( $comment, $args, $depth ) {
 			// Get current user
 			wp_get_current_user();
 
-			// Without this, the comment will not appear.
 			// ToDo: Find an alternative so we don't override global variables
-			// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
+			// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited -- Without this, the comment will not appear.
 			$GLOBALS['comment'] = $comment;
 
 			$actions = array();

diff --git a/modules/editorial-metadata/editorial-metadata.php b/modules/editorial-metadata/editorial-metadata.php
@@ -293,7 +293,8 @@ public function add_admin_scripts() {
 					$css_rules = apply_filters( 'ef_editorial_metadata_manage_posts_css_rules', $css_rules );
 					echo "<style type=\"text/css\">\n";
 					foreach ( (array) $css_rules as $css_property => $rules ) {
-						echo wp_kses_post( $css_property . ' {' . implode( ' ', $rules ) . "}\n " );
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- This is for the escaping of the CSS property and rules.
+						echo $css_property . ' {' . implode( ' ', $rules ) . "}\n ";
 					}
 					echo '</style>';
 				}
@@ -357,7 +358,7 @@ public function handle_post_metaboxes() {
 		public function display_meta_box( $post ) {
 			echo "<div id='" . esc_attr( self::metadata_taxonomy ) . "_meta_box'>";
 			// Add nonce for verification upon save
-			echo "<input type='hidden' name='" . esc_attr( self::metadata_taxonomy ) . "_nonce' value='" . esc_js( wp_create_nonce( 'ef-save-metabox' ) ) . "' />";
+			echo "<input type='hidden' name='" . esc_attr( self::metadata_taxonomy ) . "_nonce' value='" . esc_attr( wp_create_nonce( 'ef-save-metabox' ) ) . "' />";
 
 			if ( current_user_can( 'manage_options' ) ) {
 				// Make the metabox title include a link to edit the Editorial Metadata terms. Logic similar to how Core dashboard widgets work.
@@ -386,8 +387,7 @@ public function display_meta_box( $post ) {
 					} else {
 						$description_span = '';
 					}
-					// This is for the escaping of type.
-					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- This is for the escaping of type.
 					echo "<div class='" . esc_attr( self::metadata_taxonomy ) . ' ' . esc_attr( self::metadata_taxonomy ) . "_$type'>";
 					switch ( $type ) {
 						case 'date':
@@ -425,8 +425,7 @@ public function display_meta_box( $post ) {
 							break;
 						case 'checkbox':
 							echo '<label for="' . esc_attr( $postmeta_key ) . '">' . esc_html( $term->name ) . wp_kses_post( $description_span ) . '</label>';
-							$checked = checked( $current_metadata, 1, false );
-							echo '<input id="' . esc_attr( $postmeta_key ) . '" name="' . esc_attr( $postmeta_key ) . '" type=checkbox value=1 "' . wp_kses_post( $checked ) . '" />';
+							echo '<input id="' . esc_attr( $postmeta_key ) . '" name="' . esc_attr( $postmeta_key ) . '" type=checkbox value=1 "' . checked( $current_metadata, 1, false ) . '" />';
 							break;
 						case 'user':
 							echo '<label for="' . esc_attr( $postmeta_key ) . '">' . esc_html( $term->name ) . wp_kses_post( $description_span ) . '</label>';
@@ -1347,8 +1346,8 @@ public function handle_ajax_inline_save_term() {
 				die();
 			} else {
 				/* Translators: 1: the name of the term that could not be found */
-				$change_error = new WP_Error( 'invalid', wp_kses( sprintf( __( 'Could not update the term: <strong>%s</strong>', 'edit-flow' ), $metadata_name ), 'strong' ) );
-				die( esc_html( $change_error->get_error_message() ) );
+				$change_error = new WP_Error( 'invalid', sprintf( __( 'Could not update the term: <strong>%s</strong>', 'edit-flow' ), $metadata_name ) );
+				die( wp_kses( $change_error->get_error_message() ) );
 			}
 		}
 
@@ -1583,27 +1582,18 @@ public function print_configure_view() {
 			<div class="col-wrap">
 			<div class="form-wrap">
 			<h3 class="nav-tab-wrapper">
-				<a href="<?php echo esc_url( add_query_arg( array( 'page' => $this->module->settings_slug ), get_admin_url( null, 'admin.php' ) ) ); ?>" class="nav-tab
-									<?php
-									if ( ! isset( $_GET['action'] ) || 'change-options' != $_GET['action'] ) {
-										echo ' nav-tab-active';}
-									?>
-				"><?php _e( 'Add New', 'edit-flow' ); ?></a>
-				<a href="
-				<?php
-				echo esc_url( add_query_arg( array(
-					'page' => $this->module->settings_slug,
-					'action' => 'change-options',
-				), get_admin_url( null, 'admin.php' ) ) );
-				?>
-							" class="nav-tab
-							<?php
-							if ( isset( $_GET['action'] ) && 'change-options' == $_GET['action'] ) {
-														echo ' nav-tab-active';}
-							?>
-"><?php _e( 'Options', 'edit-flow' ); ?></a>
+					<?php $add_new_nav_class = ! isset( $_GET['action'] ) || 'change-options' != $_GET['action'] ? 'nav-tab-active' : ''; ?>
+					<a href="<?php echo esc_url( add_query_arg( array( 'page' => $this->module->settings_slug ), get_admin_url( null, 'admin.php' ) ) ); ?>" class="nav-tab <?php echo esc_attr( $add_new_nav_class ); ?>"><?php esc_html_e( 'Add New', 'edit-flow' ); ?></a>
+					<?php $options_nav_class = isset( $_GET['action'] ) && 'change-options' == $_GET['action'] ? 'nav-tab-active' : ''; ?>
+					<a href="
+					<?php
+					echo esc_url( add_query_arg( array(
+						'page' => $this->module->settings_slug,
+						'action' => 'change-options',
+					), get_admin_url( null, 'admin.php' ) ) );
+					?>
+								" class="nav-tab <?php echo esc_attr( $options_nav_class ); ?>"><?php esc_html_e( 'Options', 'edit-flow' ); ?></a>
 			</h3>
-
 			<?php if ( isset( $_GET['action'] ) && 'change-options' == $_GET['action'] ) : ?>
 				<?php /** Basic form built on WP Settings API for outputting Editorial Metadata options **/ ?>
 		<form class="basic-settings" action="
@@ -1624,17 +1614,17 @@ public function print_configure_view() {
 			<form class="add:the-list:" action="<?php echo esc_url( add_query_arg( array( 'page' => $this->module->settings_slug ), get_admin_url( null, 'admin.php' ) ) ); ?>" method="post" id="addmetadata" name="addmetadata">
 			<div class="form-field form-required">
 				<label for="metadata_name"><?php _e( 'Name', 'edit-flow' ); ?></label>
-				<input type="text" aria-required="true" size="20" maxlength="200" id="metadata_name" name="metadata_name" value="<?php /* phpcs:ignore Generic.ControlStructures.InlineControlStructure.NotAllowed */ if ( ! empty( $_POST['metadata_name'] ) ) echo esc_attr( $_POST['metadata_name'] ); ?>" />
+				<input type="text" aria-required="true" size="20" maxlength="200" id="metadata_name" name="metadata_name" value="<?php echo ( empty( $_POST['metadata_name'] ) ? '' : esc_attr( $_POST['metadata_name'] ) ); ?>" />
 				<?php $edit_flow->settings->helper_print_error_or_description( 'name', __( 'The name is for labeling the metadata field.', 'edit-flow' ) ); ?>
 			</div>
 			<div class="form-field form-required">
 				<label for="metadata_slug"><?php _e( 'Slug', 'edit-flow' ); ?></label>
-				<input type="text" aria-required="true" size="20" maxlength="200" id="metadata_slug" name="metadata_slug" value="<?php /* phpcs:ignore Generic.ControlStructures.InlineControlStructure.NotAllowed */ if ( ! empty( $_POST['metadata_slug'] ) ) echo esc_attr( $_POST['metadata_slug'] ); ?>" />
+				<input type="text" aria-required="true" size="20" maxlength="200" id="metadata_slug" name="metadata_slug" value="<?php echo ( empty( $_POST['metadata_slug'] ) ? '' : esc_attr( $_POST['metadata_slug'] ) ); ?>" />
 				<?php $edit_flow->settings->helper_print_error_or_description( 'slug', __( 'The "slug" is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.', 'edit-flow' ) ); ?>
 			</div>
 			<div class="form-field">
 				<label for="metadata_description"><?php _e( 'Description', 'edit-flow' ); ?></label>
-				<textarea cols="40" rows="5" id="metadata_description" name="metadata_description"><?php /* phpcs:ignore Generic.ControlStructures.InlineControlStructure.NotAllowed */ if ( ! empty( $_POST['metadata_description'] ) ) echo esc_textarea( $_POST['metadata_description'] ); ?></textarea>
+				<textarea cols="40" rows="5" id="metadata_description" name="metadata_description"><?php echo ( empty( $_POST['metadata_description'] ) ? '' : esc_attr( $_POST['metadata_description'] ) ); ?></textarea>
 				<?php $edit_flow->settings->helper_print_error_or_description( 'description', __( 'The description can be used to communicate with your team about what the metadata is for.', 'edit-flow' ) ); ?>
 			</div>
 			<div class="form-field form-required">

diff --git a/modules/story-budget/story-budget.php b/modules/story-budget/story-budget.php
@@ -345,7 +345,7 @@ public function story_budget() {
 					for ( $i = 1; $i <= $this->max_num_columns; ++$i ) {
 						?>
 					.columns-number-<?php echo (int) $i; ?> .postbox {
-						flex-basis: <?php echo 99 / /* phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped */ $i; ?>%;
+						flex-basis: <?php echo floatval( 99 / $i ); ?>%;
 					}
 						<?php
 					}