Yoast / wordpress-seo / 5066322038

5066322038

push

github

GitHub 
Merge pull request #20316 from Yoast/JRF/ghactions-run-more-selectively

2550 of 29012 relevant lines covered (8.79%)

0.32 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/admin/ajax/class-shortcode-filter.php
1 
<?php
2 
/**
3 
 * WPSEO plugin file.
4 
 *
5 
 * @package WPSEO\Admin\Ajax
6 
 */
7 









8



/**










9



 * Class WPSEO_Shortcode_Filter.










10



 *










11



 * Used for parsing WP shortcodes with AJAX.










12



 */










13



class WPSEO_Shortcode_Filter {










14












15



        /**










16



         * Initialize the AJAX hooks.










17



         */










18



        public function __construct() {










19



                add_action( 'wp_ajax_wpseo_filter_shortcodes', [ $this, 'do_filter' ] );




×







20



        }










21












22



        /**










23



         * Parse the shortcodes.










24



         */










25



        public function do_filter() {










26



                check_ajax_referer( 'wpseo-filter-shortcodes', 'nonce' );




×







27












28



                if ( ! isset( $_POST['data'] ) || ! is_array( $_POST['data'] ) ) {




×







29



                        // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: WPSEO_Utils::format_json_encode is considered safe.










30



                        wp_die( WPSEO_Utils::format_json_encode( [] ) );




×







31



                }










32












33



                // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: $shortcodes is getting sanitized later, before it's used.










34



                $shortcodes        = wp_unslash( $_POST['data'] );




×







35



                $parsed_shortcodes = [];




×







36












37



                foreach ( $shortcodes as $shortcode ) {




×







38



                        if ( $shortcode !== sanitize_text_field( $shortcode ) ) {




×







39



                                // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: WPSEO_Utils::format_json_encode is considered safe.










40



                                wp_die( WPSEO_Utils::format_json_encode( [] ) );




×







41



                        }










42












43



                        $parsed_shortcodes[] = [




×







44



                                'shortcode' => $shortcode,




×







45



                                'output'    => do_shortcode( $shortcode ),




×







46



                        ];




×







47



                }










48












49



                // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: WPSEO_Utils::format_json_encode is considered safe.










50



                wp_die( WPSEO_Utils::format_json_encode( $parsed_shortcodes ) );




×







51



        }










52



}
























    

  • 

    •