16891662173

Committed 11 Aug 2025 08:43PM UTC coverage: 57.156% (+0.007%) from 57.149%

Build # 16891662173

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #1189 from equalizedigital/codex/fix-missing-unslash-for-_get-page-]

Sanitize page parameter before admin enqueues

Run Details

2 of 3 new or added lines in 1 file covered. (66.67%)

3858 of 6750 relevant lines covered (57.16%)

3.23 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

85.19

/admin/class-enqueue-admin.php

<?php
/**
 * Class file for Admin enqueueing styles and scripts.
 *
 * @package Accessibility_Checker
 */

namespace EDAC\Admin;

use EDAC\Admin\OptIn\Email_Opt_In;

/**
 * Class that initializes and handles enqueueing styles and scripts for the admin.
 */
class Enqueue_Admin {


        /**
         * Constructor
         */
        public function __construct() {
        }


        /**
         * Enqueue the scripts and styles.
         */
        public static function enqueue() {
                self::enqueue_styles();
                self::maybe_enqueue_admin_and_editor_app_scripts();
                self::maybe_enqueue_email_opt_in_script();
        }

        /**
         * Enqueue the admin styles.
         *
         * @return void
         */
        public static function enqueue_styles() {
                wp_enqueue_style( 'edac', plugin_dir_url( EDAC_PLUGIN_FILE ) . 'build/css/admin.css', [], EDAC_VERSION, 'all' );
        }

        /**
         * Enqueue the admin and editorApp scripts.
         *
         * @return void
         */
        public static function maybe_enqueue_admin_and_editor_app_scripts() {

                global $pagenow;
                $post_types        = get_option( 'edac_post_types' );
                $current_post_type = get_post_type();
                $page              = self::get_current_page_slug();
                $enabled_pages     = apply_filters(
                        'edac_filter_admin_scripts_slugs',
                        [
                                'accessibility_checker',
                                'accessibility_checker_settings',
                                'accessibility_checker_issues',
                                'accessibility_checker_ignored',
                        ]
                );

                if (
                        (
                                is_array( $post_types ) &&
                                count( $post_types ) &&
                                (
                                        in_array( $current_post_type, $post_types, true ) ||
                                        in_array( $page, $enabled_pages, true )
                                )
                        ) ||
                        'site-editor.php' !== $pagenow
                ) {

                        global $post;
                        $post_id = is_object( $post ) ? $post->ID : null;
                        wp_enqueue_script( 'edac', plugin_dir_url( EDAC_PLUGIN_FILE ) . 'build/admin.bundle.js', [ 'jquery' ], EDAC_VERSION, false );
                        wp_set_script_translations( 'edac', 'accessibility-checker', plugin_dir_path( EDAC_PLUGIN_FILE ) . 'languages' );

                        wp_localize_script(
                                'edac',
                                'edac_script_vars',
                                [
                                        'postID'      => $post_id,
                                        'nonce'       => wp_create_nonce( 'ajax-nonce' ),
                                        'edacApiUrl'  => esc_url_raw( rest_url() . 'accessibility-checker/v1' ),
                                        'restNonce'   => wp_create_nonce( 'wp_rest' ),
                                        'fixesProUrl' => esc_url_raw( edac_generate_link_type( [ 'utm-content', '__fix__' ] ) ),
                                ]
                        );

                        if ( 'post.php' === $pagenow || 'post-new.php' === $pagenow ) {

                                // Is this posttype setup to be checked?
                                $post_types        = get_option( 'edac_post_types' );
                                $current_post_type = get_post_type();
                                $active            = ( is_array( $post_types ) && in_array( $current_post_type, $post_types, true ) );

                                $pro = defined( 'EDACP_VERSION' ) && EDAC_KEY_VALID;

                                if ( EDAC_DEBUG || strpos( EDAC_VERSION, '-beta' ) !== false ) {
                                        $debug = true; // @codeCoverageIgnore
                                } else {
                                        $debug = false;
                                }

                                wp_enqueue_script( 'edac-editor-app', plugin_dir_url( EDAC_PLUGIN_FILE ) . 'build/editorApp.bundle.js', false, EDAC_VERSION, false );
                                wp_set_script_translations( 'edac-editor-app', 'accessibility-checker', plugin_dir_path( EDAC_PLUGIN_FILE ) . 'languages' );

                                // If this is the frontpage or homepage, preview URLs won't work. Use the live URL.
                                if ( (int) get_option( 'page_on_front' ) === $post_id || (int) get_option( 'page_for_posts' ) === $post_id ) {
                                        $scan_url = add_query_arg( 'edac_pageScanner', 1, get_permalink( $post_id ) );
                                } else {
                                        $scan_url = get_preview_post_link(
                                                $post_id,
                                                [ 'edac_pageScanner' => 1 ]
                                        );
                                }

                                wp_localize_script(
                                        'edac-editor-app',
                                        'edac_editor_app',
                                        [
                                                'postID'       => $post_id,
                                                'edacUrl'      => esc_url_raw( get_site_url() ),
                                                'edacApiUrl'   => esc_url_raw( rest_url() . 'accessibility-checker/v1' ),
                                                'baseurl'      => plugin_dir_url( __DIR__ ),
                                                'active'       => $active,
                                                'pro'          => $pro,
                                                'debug'        => $debug,
                                                'scanUrl'      => $scan_url,
                                                'maxAltLength' => max( 1, absint( apply_filters( 'edac_max_alt_length', 300 ) ) ),
                                                'version'      => EDAC_VERSION,
                                                'restNonce'    => wp_create_nonce( 'wp_rest' ),
                                        ]
                                );

                        }
                }
        }

        /**
         * Enqueue the email opt-in script on the welcome page.
         *
         * @return void
         */
        public static function maybe_enqueue_email_opt_in_script() {

                $page = self::get_current_page_slug();
                if ( 'accessibility_checker' !== $page ) {
                        return;
                }

                $user_already_opted_in = (bool) get_user_meta( get_current_user_id(), Email_Opt_In::EDAC_USER_OPTIN_META_KEY, true );
                if ( $user_already_opted_in ) {
                        return;
                }

                $email_opt_in = new Email_Opt_In();
                $email_opt_in->enqueue_scripts();
        }

        /**
         * Gets the current admin page slug.
         *
         * @since 1.31.0
         * @return string|null The current page slug or null if not set.
         */
        private static function get_current_page_slug(): ?string {
                return isset( $_GET['page'] ) ? sanitize_key( wp_unslash( $_GET['page'] ) ) : null; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- display only.
        }
}

1	<?php
2	/**
3	* Class file for Admin enqueueing styles and scripts.
4	*
5	* @package Accessibility_Checker
6	*/
7
8	namespace EDAC\Admin;
9
10	use EDAC\Admin\OptIn\Email_Opt_In;
11
12	/**
13	* Class that initializes and handles enqueueing styles and scripts for the admin.
14	*/
15	class Enqueue_Admin {
16
17
18	/**
19	* Constructor
20	*/
21	public function __construct() {
22	}	12✔
23
24
25	/**
26	* Enqueue the scripts and styles.
27	*/
28	public static function enqueue() {
29	self::enqueue_styles();	×
30	self::maybe_enqueue_admin_and_editor_app_scripts();	×
31	self::maybe_enqueue_email_opt_in_script();	×
32	}
33
34	/**
35	* Enqueue the admin styles.
36	*
37	* @return void
38	*/
39	public static function enqueue_styles() {
40	wp_enqueue_style( 'edac', plugin_dir_url( EDAC_PLUGIN_FILE ) . 'build/css/admin.css', [], EDAC_VERSION, 'all' );	×
41	}
42
43	/**
44	* Enqueue the admin and editorApp scripts.
45	*
46	* @return void
47	*/
48	public static function maybe_enqueue_admin_and_editor_app_scripts() {
49
50	global $pagenow;	12✔
51	$post_types = get_option( 'edac_post_types' );	12✔
52	$current_post_type = get_post_type();	12✔
53	$page = self::get_current_page_slug();	12✔
54	$enabled_pages = apply_filters(	12✔
55	'edac_filter_admin_scripts_slugs',	12✔
56	[	12✔
57	'accessibility_checker',	12✔
58	'accessibility_checker_settings',	12✔
59	'accessibility_checker_issues',	12✔
60	'accessibility_checker_ignored',	12✔
61	]	12✔
62	);	12✔
63
64	if (
65	(
66	is_array( $post_types ) &&	12✔
67	count( $post_types ) &&	12✔
68	(	12✔
69	in_array( $current_post_type, $post_types, true ) \|\|	12✔
70	in_array( $page, $enabled_pages, true )	12✔
71	)	12✔
72	) \|\|
73	'site-editor.php' !== $pagenow	12✔
74	) {
75
76	global $post;	12✔
77	$post_id = is_object( $post ) ? $post->ID : null;	12✔
78	wp_enqueue_script( 'edac', plugin_dir_url( EDAC_PLUGIN_FILE ) . 'build/admin.bundle.js', [ 'jquery' ], EDAC_VERSION, false );	12✔
79	wp_set_script_translations( 'edac', 'accessibility-checker', plugin_dir_path( EDAC_PLUGIN_FILE ) . 'languages' );	12✔
80
81	wp_localize_script(	12✔
82	'edac',	12✔
83	'edac_script_vars',	12✔
84	[	12✔
85	'postID' => $post_id,	12✔
86	'nonce' => wp_create_nonce( 'ajax-nonce' ),	12✔
87	'edacApiUrl' => esc_url_raw( rest_url() . 'accessibility-checker/v1' ),	12✔
88	'restNonce' => wp_create_nonce( 'wp_rest' ),	12✔
89	'fixesProUrl' => esc_url_raw( edac_generate_link_type( [ 'utm-content', '__fix__' ] ) ),	12✔
90	]	12✔
91	);	12✔
92
93	if ( 'post.php' === $pagenow \|\| 'post-new.php' === $pagenow ) {	12✔
94
95	// Is this posttype setup to be checked?
96	$post_types = get_option( 'edac_post_types' );	10✔
97	$current_post_type = get_post_type();	10✔
98	$active = ( is_array( $post_types ) && in_array( $current_post_type, $post_types, true ) );	10✔
99
100	$pro = defined( 'EDACP_VERSION' ) && EDAC_KEY_VALID;	10✔
101
102	if ( EDAC_DEBUG \|\| strpos( EDAC_VERSION, '-beta' ) !== false ) {	10✔
103	$debug = true; // @codeCoverageIgnore
104	} else {
105	$debug = false;	10✔
106	}
107
108	wp_enqueue_script( 'edac-editor-app', plugin_dir_url( EDAC_PLUGIN_FILE ) . 'build/editorApp.bundle.js', false, EDAC_VERSION, false );	10✔
109	wp_set_script_translations( 'edac-editor-app', 'accessibility-checker', plugin_dir_path( EDAC_PLUGIN_FILE ) . 'languages' );	10✔
110
111	// If this is the frontpage or homepage, preview URLs won't work. Use the live URL.
112	if ( (int) get_option( 'page_on_front' ) === $post_id \|\| (int) get_option( 'page_for_posts' ) === $post_id ) {	10✔
113	$scan_url = add_query_arg( 'edac_pageScanner', 1, get_permalink( $post_id ) );	4✔
114	} else {
115	$scan_url = get_preview_post_link(	6✔
116	$post_id,	6✔
117	[ 'edac_pageScanner' => 1 ]	6✔
118	);	6✔
119	}
120
121	wp_localize_script(	10✔
122	'edac-editor-app',	10✔
123	'edac_editor_app',	10✔
124	[	10✔
125	'postID' => $post_id,	10✔
126	'edacUrl' => esc_url_raw( get_site_url() ),	10✔
127	'edacApiUrl' => esc_url_raw( rest_url() . 'accessibility-checker/v1' ),	10✔
128	'baseurl' => plugin_dir_url( __DIR__ ),	10✔
129	'active' => $active,	10✔
130	'pro' => $pro,	10✔
131	'debug' => $debug,	10✔
132	'scanUrl' => $scan_url,	10✔
133	'maxAltLength' => max( 1, absint( apply_filters( 'edac_max_alt_length', 300 ) ) ),	10✔
134	'version' => EDAC_VERSION,	10✔
135	'restNonce' => wp_create_nonce( 'wp_rest' ),	10✔
136	]	10✔
137	);	10✔
138
139	}
140	}
141	}
142
143	/**
144	* Enqueue the email opt-in script on the welcome page.
145	*
146	* @return void
147	*/
148	public static function maybe_enqueue_email_opt_in_script() {
149
NEW 150	$page = self::get_current_page_slug();	×
151	if ( 'accessibility_checker' !== $page ) {	×
152	return;	×
153	}
154
155	$user_already_opted_in = (bool) get_user_meta( get_current_user_id(), Email_Opt_In::EDAC_USER_OPTIN_META_KEY, true );	×
156	if ( $user_already_opted_in ) {	×
157	return;	×
158	}
159
160	$email_opt_in = new Email_Opt_In();	×
161	$email_opt_in->enqueue_scripts();	×
162	}
163
164	/**
165	* Gets the current admin page slug.
166	*
167	* @since 1.31.0
168	* @return string\|null The current page slug or null if not set.
169	*/
170	private static function get_current_page_slug(): ?string {
171	return isset( $_GET['page'] ) ? sanitize_key( wp_unslash( $_GET['page'] ) ) : null; // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- display only.	12✔
172	}
173	}

equalizedigital / accessibility-checker / 16891662173

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous