AN-179 v2 deploy prep (#661)

* AN-179 Release version 2.0.0

* AN-179 phpcs cleanup

admin/apple-actions/index/class-push.php

@@ -214,7 +214,7 @@ private function push( $user_id = null ) {
 			}
 
 			// Get the isPreview setting.
-			$is_paid                   = (bool) get_post_meta( $this->id, 'apple_news_is_paid', true );
+			$is_paid                = (bool) get_post_meta( $this->id, 'apple_news_is_paid', true );
 			$meta['data']['isPaid'] = $is_paid;
 
 			// Get the isPreview setting.

admin/class-admin-apple-bulk-export-page.php

@@ -83,7 +83,7 @@ public function set_title( $admin_title ) {
 	 * @access public
 	 */
 	public function build_page() {
-		$ids = isset( $_GET['ids'] ) ? sanitize_text_field( wp_unslash( $_GET['ids'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		$ids = isset( $_GET['ids'] ) ? sanitize_text_field( wp_unslash( $_GET['ids'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 		if ( ! $ids ) {
 			wp_safe_redirect( esc_url_raw( menu_page_url( $this->plugin_slug . '_index', false ) ) );
 			if ( ! defined( 'APPLE_NEWS_UNIT_TESTS' ) || ! APPLE_NEWS_UNIT_TESTS ) {

admin/class-admin-apple-index-page.php

@@ -92,8 +92,8 @@ public function setup_admin_page() {
 	 * @access public
 	 */
 	public function admin_page() {
-		$id     = isset( $_GET['post_id'] ) ? absint( $_GET['post_id'] ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-		$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		$id     = isset( $_GET['post_id'] ) ? absint( $_GET['post_id'] ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+		$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 
 		switch ( $action ) {
 			case self::namespace_action( 'push' ):
@@ -127,9 +127,9 @@ public function admin_page() {
 	 * @return mixed The result of the requested action.
 	 */
 	public function page_router() {
-		$id      = isset( $_GET['post_id'] ) ? absint( $_GET['post_id'] ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-		$action  = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-		$action2 = isset( $_GET['action2'] ) ? sanitize_text_field( wp_unslash( $_GET['action2'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		$id      = isset( $_GET['post_id'] ) ? absint( $_GET['post_id'] ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+		$action  = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+		$action2 = isset( $_GET['action2'] ) ? sanitize_text_field( wp_unslash( $_GET['action2'] ) ) : null; // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 
 		// Allow for bulk actions from top or bottom.
 		if ( ( empty( $action ) || '-1' === $action ) && ! empty( $action2 ) ) {
@@ -145,8 +145,8 @@ public function page_router() {
 			case self::namespace_action( 'push' ): // phpcs:ignore PSR2.ControlStructures.SwitchDeclaration.TerminatingComment
 				if ( ! $id ) {
 					$url = menu_page_url( $this->plugin_slug . '_bulk_export', false );
-					if ( isset( $_GET['article'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-						$ids  = is_array( $_GET['article'] ) ? array_map( 'absint', $_GET['article'] ) : absint( $_GET['article'] ); //  phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+					if ( isset( $_GET['article'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+						$ids  = is_array( $_GET['article'] ) ? array_map( 'absint', $_GET['article'] ) : absint( $_GET['article'] ); //  phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 						$url .= '&ids=' . implode( '.', $ids );
 					}
 					wp_safe_redirect( esc_url_raw( $url ) );
@@ -233,8 +233,8 @@ public static function action_query_params( $action, $url ) {
 
 		// Add the other params.
 		foreach ( $keys as $key ) {
-			if ( ! empty( $_GET[ $key ] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-				$params[ $key ] = rawurlencode( sanitize_text_field( wp_unslash( $_GET[ $key ] ) ) ); //  phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+			if ( ! empty( $_GET[ $key ] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+				$params[ $key ] = rawurlencode( sanitize_text_field( wp_unslash( $_GET[ $key ] ) ) ); //  phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 			}
 		}
 

admin/class-admin-apple-json.php

@@ -425,8 +425,8 @@ public function get_selected_theme() {
 		}
 
 		// Next, check for a theme loaded in from the query string.
-		if ( ! empty( $_GET['theme'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-			return sanitize_text_field( wp_unslash( $_GET['theme'] ) ); // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		if ( ! empty( $_GET['theme'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+			return sanitize_text_field( wp_unslash( $_GET['theme'] ) ); // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 		}
 
 		return '';

admin/class-admin-apple-meta-boxes.php

@@ -314,7 +314,7 @@ public static function build_sections_field( $post_id ) {
 		foreach ( $sections as $section ) {
 			?>
 			<div class="section">
-				<input id="apple-news-section-<?php echo esc_attr( $section->id ); ?>" name="apple_news_sections[]" type="checkbox" value="<?php echo esc_attr( $section->links->self ); ?>" <?php checked( self::section_is_checked( $apple_news_sections, $section->links->self, $section->isDefault ) ); ?>> <?php /* phpcs:ignore WordPress.NamingConventions.ValidVariableName.NotSnakeCaseMemberVar */ ?>
+				<input id="apple-news-section-<?php echo esc_attr( $section->id ); ?>" name="apple_news_sections[]" type="checkbox" value="<?php echo esc_attr( $section->links->self ); ?>" <?php checked( self::section_is_checked( $apple_news_sections, $section->links->self, $section->isDefault ) ); ?>>
 				<label for="apple-news-section-<?php echo esc_attr( $section->id ); ?>"><?php echo esc_html( $section->name ); ?></label>
 			</div>
 			<?php

admin/class-admin-apple-news-list-table.php

@@ -453,8 +453,8 @@ protected function extra_tablenav( $which ) {
 	 * @access protected
 	 */
 	protected function get_publish_status_filter() {
-		return ( ! empty( $_GET['apple_news_publish_status'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-			? sanitize_text_field( wp_unslash( $_GET['apple_news_publish_status'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		return ( ! empty( $_GET['apple_news_publish_status'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+			? sanitize_text_field( wp_unslash( $_GET['apple_news_publish_status'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 			: '';
 	}
 
@@ -465,8 +465,8 @@ protected function get_publish_status_filter() {
 	 * @access protected
 	 */
 	protected function get_date_from_filter() {
-		return ( ! empty( $_GET['apple_news_date_from'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-			? sanitize_text_field( wp_unslash( $_GET['apple_news_date_from'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		return ( ! empty( $_GET['apple_news_date_from'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+			? sanitize_text_field( wp_unslash( $_GET['apple_news_date_from'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 			: '';
 	}
 
@@ -477,8 +477,8 @@ protected function get_date_from_filter() {
 	 * @access protected
 	 */
 	protected function get_date_to_filter() {
-		return ( ! empty( $_GET['apple_news_date_to'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-			? sanitize_text_field( wp_unslash( $_GET['apple_news_date_to'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		return ( ! empty( $_GET['apple_news_date_to'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+			? sanitize_text_field( wp_unslash( $_GET['apple_news_date_to'] ) ) // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 			: '';
 	}
 
@@ -489,8 +489,8 @@ protected function get_date_to_filter() {
 	 * @access protected
 	 */
 	protected function get_search_filter() {
-		return ( ! empty( $_GET['s'] ) )
-			? sanitize_text_field( wp_unslash( $_GET['s'] ) )
+		return ( ! empty( $_GET['s'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			? sanitize_text_field( wp_unslash( $_GET['s'] ) ) // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 			: '';
 	}
 

admin/class-admin-apple-news.php

@@ -20,7 +20,7 @@
 require_once plugin_dir_path( __FILE__ ) . 'class-admin-apple-themes.php';
 require_once plugin_dir_path( __FILE__ ) . 'class-admin-apple-preview.php';
 require_once plugin_dir_path( __FILE__ ) . 'class-admin-apple-json.php';
-// REST Includes
+// REST Includes.
 require_once plugin_dir_path( __FILE__ ) . '../includes/REST/apple-news-clear-notifications.php';
 require_once plugin_dir_path( __FILE__ ) . '../includes/REST/apple-news-delete.php';
 require_once plugin_dir_path( __FILE__ ) . '../includes/REST/apple-news-get-notifications.php';

admin/class-admin-apple-post-sync.php

@@ -48,8 +48,8 @@ public function __construct( $settings = null ) {
 			|| 'yes' === $this->settings->get( 'api_autosync_update' )
 		) {
 			// This needs to happen after meta boxes save.
-			if ( apple_news_block_editor_is_active() ) { // check if GB is active
-				add_action( 'rest_after_insert_post', [ $this, 'do_publish_from_rest' ]);
+			if ( apple_news_block_editor_is_active() ) {
+				add_action( 'rest_after_insert_post', [ $this, 'do_publish_from_rest' ] );
 			} else {
 				add_action( 'save_post', [ $this, 'do_publish' ], 99, 2 );
 			}
@@ -61,6 +61,12 @@ public function __construct( $settings = null ) {
 		}
 	}
 
+	/**
+	 * An action callback for rest_after_insert_post. Handles the publish action.
+	 *
+	 * @since 2.0.0
+	 * @param WP_Post $post The post object to publish.
+	 */
 	public function do_publish_from_rest( $post ) {
 		$this->do_publish( $post->ID, $post );
 	}

admin/class-admin-apple-sections.php

@@ -258,7 +258,7 @@ public function action_router() {
 	public function ajax_apple_news_section_taxonomy_autocomplete() {
 
 		// Determine if we have anything to search for.
-		if ( empty( $_GET['term'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		if ( empty( $_GET['term'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 			echo wp_json_encode( array() );
 			exit;
 		}
@@ -276,7 +276,7 @@ public function ajax_apple_news_section_taxonomy_autocomplete() {
 				'fields'     => 'names',
 				'hide_empty' => false,
 				'number'     => 10,
-				'search'     => sanitize_text_field( wp_unslash( $_GET['term'] ) ), // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+				'search'     => sanitize_text_field( wp_unslash( $_GET['term'] ) ), // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 				'taxonomy'   => $taxonomy->name,
 			)
 		);

admin/class-admin-apple-themes.php

@@ -34,7 +34,7 @@ class Admin_Apple_Themes extends Apple_News {
 	 * @var array
 	 * @access private
 	 */
-	private $_valid_actions;
+	private $valid_actions;
 
 	/**
 	 * Renders a theme option field for use in a form.
@@ -158,7 +158,7 @@ public function __construct() {
 		$this->theme_page_name      = $this->plugin_domain . '-themes';
 		$this->theme_edit_page_name = $this->plugin_domain . '-theme-edit';
 
-		$this->_valid_actions = array(
+		$this->valid_actions = array(
 			'apple_news_upload_theme'        => array(
 				'callback' => array( $this, 'upload_theme' ),
 				'nonce'    => 'apple_news_themes',
@@ -203,18 +203,18 @@ public function action_router() {
 		$action = isset( $_REQUEST['action'] )
 			? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) )
 			: null;
-		if ( ( empty( $action ) || ! array_key_exists( $action, $this->_valid_actions ) ) ) {
+		if ( ( empty( $action ) || ! array_key_exists( $action, $this->valid_actions ) ) ) {
 			return;
 		}
 
 		// Check the nonce.
-		check_admin_referer( $this->_valid_actions[ $action ]['nonce'] );
+		check_admin_referer( $this->valid_actions[ $action ]['nonce'] );
 
 		// Call the callback for the action for further processing.
-		if ( isset( $this->_valid_actions[ $action ]['callback'] )
-			&& is_callable( $this->_valid_actions[ $action ]['callback'] )
+		if ( isset( $this->valid_actions[ $action ]['callback'] )
+			&& is_callable( $this->valid_actions[ $action ]['callback'] )
 		) {
-			call_user_func( $this->_valid_actions[ $action ]['callback'] );
+			call_user_func( $this->valid_actions[ $action ]['callback'] );
 		}
 	}
 
@@ -269,8 +269,8 @@ public function page_theme_edit_render() {
 		// Negotiate theme object.
 		$error = '';
 		$theme = new \Apple_Exporter\Theme();
-		if ( isset( $_GET['theme'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
-			$theme_name = sanitize_text_field( wp_unslash( $_GET['theme'] ) ); // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected
+		if ( isset( $_GET['theme'] ) ) { // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
+			$theme_name = sanitize_text_field( wp_unslash( $_GET['theme'] ) ); // phpcs:ignore WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.Security.NonceVerification.Recommended
 			$theme->set_name( $theme_name );
 			if ( false === $theme->load() ) {
 				$error = sprintf(
@@ -566,7 +566,7 @@ private function delete_theme() {
 		$action = isset( $_REQUEST['action'] )
 			? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) )
 			: null;
-		check_admin_referer( $this->_valid_actions[ $action ]['nonce'] );
+		check_admin_referer( $this->valid_actions[ $action ]['nonce'] );
 
 		// Attempt to get the name of the theme from postdata.
 		if ( empty( $name ) && ! empty( $_POST['apple_news_theme'] ) ) {
@@ -607,7 +607,7 @@ private function export_theme() {
 		$action = isset( $_REQUEST['action'] )
 			? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) )
 			: null;
-		check_admin_referer( $this->_valid_actions[ $action ]['nonce'] );
+		check_admin_referer( $this->valid_actions[ $action ]['nonce'] );
 
 		// Get the theme name from POST data.
 		if ( ! empty( $_POST['apple_news_theme'] ) ) {
@@ -671,7 +671,7 @@ private function save_edit_theme() {
 		$action = isset( $_REQUEST['action'] )
 			? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) )
 			: null;
-		check_admin_referer( $this->_valid_actions[ $action ]['nonce'] );
+		check_admin_referer( $this->valid_actions[ $action ]['nonce'] );
 
 		// Create a theme object.
 		$theme = new \Apple_Exporter\Theme();
@@ -776,7 +776,7 @@ private function set_theme() {
 		$action = isset( $_REQUEST['action'] )
 			? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) )
 			: null;
-		check_admin_referer( $this->_valid_actions[ $action ]['nonce'] );
+		check_admin_referer( $this->valid_actions[ $action ]['nonce'] );
 
 		// Get the theme name from postdata.
 		if ( ! empty( $_POST['apple_news_active_theme'] ) ) {

apple-news.php

@@ -8,13 +8,15 @@
  * @link    http://github.com/alleyinteractive/apple-news
  * @since   0.2.0
  * @package WP_Plugin
- *
+ */
+
+/*
  * Plugin Name: Publish to Apple News
  * Plugin URI:  http://github.com/alleyinteractive/apple-news
  * Description: Export and sync posts to Apple format.
- * Version:     1.4.4
- * Author:      Alley Interactive
- * Author URI:  https://www.alleyinteractive.com
+ * Version:     2.0.0
+ * Author:      Alley
+ * Author URI:  https://alley.co
  * Text Domain: apple-news
  * Domain Path: lang/
  */
@@ -104,22 +106,22 @@ function apple_news_is_exporting() {
 function apple_news_block_editor_is_active() {
 	$active = true;
 
-    // Gutenberg plugin is installed and activated.
-    $gutenberg = ! ( false === has_filter( 'replace_editor', 'gutenberg_init' ) );
+	// Gutenberg plugin is installed and activated.
+	$gutenberg = ! ( false === has_filter( 'replace_editor', 'gutenberg_init' ) );
 
-    // Block editor since 5.0.
-    $block_editor = version_compare( $GLOBALS['wp_version'], '5.0-beta', '>' );
+	// Block editor since 5.0.
+	$block_editor = version_compare( $GLOBALS['wp_version'], '5.0-beta', '>' );
 
-    if ( ! $gutenberg && ! $block_editor ) {
-        $active = false;
-    }
+	if ( ! $gutenberg && ! $block_editor ) {
+		$active = false;
+	}
 
-    if ( $active && apple_news_is_classic_editor_plugin_active() ) {
-        $editor_option       = get_option( 'classic-editor-replace' );
-        $block_editor_active = array( 'no-replace', 'block' );
+	if ( $active && apple_news_is_classic_editor_plugin_active() ) {
+		$editor_option       = get_option( 'classic-editor-replace' );
+		$block_editor_active = array( 'no-replace', 'block' );
 
-        $active = in_array( $editor_option, $block_editor_active, true );
-    }
+		$active = in_array( $editor_option, $block_editor_active, true );
+	}
 
 	/**
 	 * Overrides whether Apple News thinks the block editor is active or not.
@@ -169,15 +171,15 @@ function apple_news_block_editor_is_active_for_post( $post_id = 0 ) {
  * @return bool
  */
 function apple_news_is_classic_editor_plugin_active() {
-    if ( ! function_exists( 'is_plugin_active' ) ) {
-        include_once ABSPATH . 'wp-admin/includes/plugin.php';
-    }
+	if ( ! function_exists( 'is_plugin_active' ) ) {
+		include_once ABSPATH . 'wp-admin/includes/plugin.php';
+	}
 
-    if ( is_plugin_active( 'classic-editor/classic-editor.php' ) ) {
-        return true;
-    }
+	if ( is_plugin_active( 'classic-editor/classic-editor.php' ) ) {
+		return true;
+	}
 
-    return false;
+	return false;
 }
 
 /**
@@ -189,4 +191,4 @@ function apple_news_is_classic_editor_plugin_active() {
  * @param int    $user_id The user ID to check.
  *
  * @return bool True if the user can perform the action, false otherwise.
- */
+ */

assets/js/pluginsidebar/components/notifications/index.js

@@ -51,6 +51,7 @@ export default class Notifications extends React.PureComponent {
             status={notification.type}
           >
             <p
+              // phpcs:ignore WordPressVIPMinimum.JS.DangerouslySetInnerHTML.Found
               dangerouslySetInnerHTML={{ // eslint-disable-line react/no-danger
                 __html: dompurify.sanitize(notification.message),
               }}

includes/REST/apple-news-clear-notifications.php

@@ -19,7 +19,7 @@ function () {
 			[
 				'methods'  => 'POST',
 				'callback' => function( $data ) {
-					$body = json_decode( $data->get_body(), true );
+					$body          = json_decode( $data->get_body(), true );
 					$notifications = ! empty( $body['toClear'] ) && is_array( $body['toClear'] )
 						? $body['toClear']
 						: [];

includes/REST/apple-news-delete.php

@@ -4,6 +4,7 @@
  *
  * @package Apple_News
  */
+
 namespace Apple_News\REST;
 
 use \WP_Error;