Escaping improved even more

kkMatt · kkMatt · commit a10741d0ff1d · 2019-07-22T21:21:33.000+03:00
diff --git a/Controllers/Admin/NetworkMenuController.php b/Controllers/Admin/NetworkMenuController.php
@@ -81,11 +81,11 @@ private function processError($paramName, $paramErrorMessage)
             // 'add_action('admin_notices', ...)' doesn't work here (maybe due to fact, that 'admin_notices' has to be registered not later than X point in code)
 
             // Works
-            $sanitizedErrorMessage = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';
+            $errorMessageHTML = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';
 
-            // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
-            // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341
-            _doing_it_wrong(esc_html($sanitizedName), esc_br_html($sanitizedErrorMessage), $this->conf->getPluginSemver());
+            // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
+            // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340
+            _doing_it_wrong(esc_html($sanitizedName), $errorMessageHTML, $this->conf->getPluginSemver());
         }
     }
 }
diff --git a/Controllers/Admin/SingleMenuController.php b/Controllers/Admin/SingleMenuController.php
@@ -257,11 +257,11 @@ private function processError($paramName, $paramErrorMessage)
             // 'add_action('admin_notices', ...)' doesn't work here (maybe due to fact, that 'admin_notices' has to be registered not later than X point in code)
 
             // Works
-            $sanitizedErrorMessage = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';
+            $errorMessageHTML = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';
 
-            // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
-            // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341
-            _doing_it_wrong(esc_html($sanitizedName), esc_br_html($sanitizedErrorMessage), $this->conf->getPluginSemver());
+            // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
+            // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340
+            _doing_it_wrong(esc_html($sanitizedName), $errorMessageHTML, $this->conf->getPluginSemver());
         }
     }
 }
diff --git a/Controllers/MainController.php b/Controllers/MainController.php
@@ -1380,24 +1380,26 @@ private function processError($paramMethodName, $paramErrorMessage)
     {
         if(StaticValidator::inWP_Debug())
         {
+            // Load errors only in local or global debug mode
+
             // NOTE: add_action('admin_notices', ...); doesn't always work - maybe due to fact, that 'admin_notices'
             //       has to be registered not later than X point in code. So we use '_doing_it_wrong' instead
             // Works
             if(!is_null($this->confWithoutRouting))
             {
-                $validErrorMessage = '<div class="'.$this->confWithoutRouting->getPluginCSS_Prefix().'error"><div id="message" class="error"><p>'.esc_html($paramMethodName).'</p></div></div>';
+                $errorMessageHTML = '<div class="'.$this->confWithoutRouting->getPluginCSS_Prefix().'error"><div id="message" class="error"><p>'.esc_html($paramMethodName).'</p></div></div>';
 
-                // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
-                // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341
-                _doing_it_wrong(esc_html($paramMethodName), esc_br_html($validErrorMessage), $this->confWithoutRouting->getPluginSemver());
+                // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
+                // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340
+                _doing_it_wrong(esc_html($paramMethodName), $errorMessageHTML, $this->confWithoutRouting->getPluginSemver());
             } else
             {
                 // $confWithoutRouting is NULL
-                $validErrorMessage = '<div id="message" class="error"><p>'.esc_br_html($paramErrorMessage).'</p></div>';
+                $errorMessageHTML = '<div id="message" class="error"><p>'.esc_br_html($paramErrorMessage).'</p></div>';
 
-                // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
-                // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341
-                _doing_it_wrong(esc_html($paramMethodName), esc_br_html($validErrorMessage), 0.0);
+                // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,
+                // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340
+                _doing_it_wrong(esc_html($paramMethodName), $errorMessageHTML, 0.0);
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -81,11 +81,11 @@ private function processError($paramName, $paramErrorMessage)`
`81`	`81`	`// 'add_action('admin_notices', ...)' doesn't work here (maybe due to fact, that 'admin_notices' has to be registered not later than X point in code)`
`82`	`82`
`83`	`83`	`// Works`
`84`		`- $sanitizedErrorMessage = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';`
	`84`	`+ $errorMessageHTML = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';`
`85`	`85`
`86`		`- // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
`87`		`- // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341`
`88`		`- _doing_it_wrong(esc_html($sanitizedName), esc_br_html($sanitizedErrorMessage), $this->conf->getPluginSemver());`
	`86`	`+ // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
	`87`	`+ // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340`
	`88`	`+ _doing_it_wrong(esc_html($sanitizedName), $errorMessageHTML, $this->conf->getPluginSemver());`
`89`	`89`	`}`
`90`	`90`	`}`
`91`	`91`	`}`
Original file line number	Diff line number	Diff line change
`@@ -257,11 +257,11 @@ private function processError($paramName, $paramErrorMessage)`
`257`	`257`	`// 'add_action('admin_notices', ...)' doesn't work here (maybe due to fact, that 'admin_notices' has to be registered not later than X point in code)`
`258`	`258`
`259`	`259`	`// Works`
`260`		`- $sanitizedErrorMessage = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';`
	`260`	`+ $errorMessageHTML = '<div id="message" class="error"><p>'.esc_br_html($sanitizedErrorMessage).'</p></div>';`
`261`	`261`
`262`		`- // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
`263`		`- // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341`
`264`		`- _doing_it_wrong(esc_html($sanitizedName), esc_br_html($sanitizedErrorMessage), $this->conf->getPluginSemver());`
	`262`	`+ // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
	`263`	`+ // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340`
	`264`	`+ _doing_it_wrong(esc_html($sanitizedName), $errorMessageHTML, $this->conf->getPluginSemver());`
`265`	`265`	`}`
`266`	`266`	`}`
`267`	`267`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1380,24 +1380,26 @@ private function processError($paramMethodName, $paramErrorMessage)`
`1380`	`1380`	`{`
`1381`	`1381`	`if(StaticValidator::inWP_Debug())`
`1382`	`1382`	`{`
	`1383`	`+ // Load errors only in local or global debug mode`
	`1384`	`+`
`1383`	`1385`	`// NOTE: add_action('admin_notices', ...); doesn't always work - maybe due to fact, that 'admin_notices'`
`1384`	`1386`	`// has to be registered not later than X point in code. So we use '_doing_it_wrong' instead`
`1385`	`1387`	`// Works`
`1386`	`1388`	`if(!is_null($this->confWithoutRouting))`
`1387`	`1389`	`{`
`1388`		`- $validErrorMessage = '<div class="'.$this->confWithoutRouting->getPluginCSS_Prefix().'error"><div id="message" class="error"><p>'.esc_html($paramMethodName).'</p></div></div>';`
	`1390`	`+ $errorMessageHTML = '<div class="'.$this->confWithoutRouting->getPluginCSS_Prefix().'error"><div id="message" class="error"><p>'.esc_html($paramMethodName).'</p></div></div>';`
`1389`	`1391`
`1390`		`- // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
`1391`		`- // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341`
`1392`		`- _doing_it_wrong(esc_html($paramMethodName), esc_br_html($validErrorMessage), $this->confWithoutRouting->getPluginSemver());`
	`1392`	`+ // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
	`1393`	`+ // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340`
	`1394`	`+ _doing_it_wrong(esc_html($paramMethodName), $errorMessageHTML, $this->confWithoutRouting->getPluginSemver());`
`1393`	`1395`	`} else`
`1394`	`1396`	`{`
`1395`	`1397`	`// $confWithoutRouting is NULL`
`1396`		`- $validErrorMessage = '<div id="message" class="error"><p>'.esc_br_html($paramErrorMessage).'</p></div>';`
	`1398`	`+ $errorMessageHTML = '<div id="message" class="error"><p>'.esc_br_html($paramErrorMessage).'</p></div>';`
`1397`	`1399`
`1398`		`- // Based on WP Coding Standards ticket #341, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
`1399`		`- // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/341`
`1400`		`- _doing_it_wrong(esc_html($paramMethodName), esc_br_html($validErrorMessage), 0.0);`
	`1400`	`+ // Based on WP Coding Standards ticket #340, the WordPress '_doing_it_wrong' method does not escapes the HTML by default,`
	`1401`	`+ // so this has to be done by us. Read more: https://github.com/WordPress/WordPress-Coding-Standards/pull/340`
	`1402`	`+ _doing_it_wrong(esc_html($paramMethodName), $errorMessageHTML, 0.0);`
`1401`	`1403`	`}`
`1402`	`1404`	`}`
`1403`	`1405`	`}`