code changes for wp.org review (#183)

* Use enqueue style for invoice preview

* Fix replacing active button for themes that are not allowed on current plan

* Use proper inline styles

* Cleanup unused legacy code

* more better processing of post

* Add more comments related to nonce

* ignore more dirs

* only support WP 6.2

* more comments

* add missing text domain

* remove tranlation files for review on wp.org

* Move invoice css to external sheet

* add ABSPATH checks

* use inline styles instead of inline stylesheets

* Update Readme with more third party information

* remove unused support widget

* Avoid ignoring the escape errors

* Escape more things

* Add more used attributes to allowed html

* avoid warnings with null strings

Author: superdav42

assets/css/invoice.css

@@ -0,0 +1,115 @@
+.invoice-box {
+	width: 100%;
+	margin: auto;
+	font-size: 16px;
+	line-height: 24px;
+	color: #555;
+}
+
+.invoice-box table {
+	width: 100%;
+	line-height: inherit;
+	text-align: left;
+}
+
+.invoice-box table td {
+	padding: 5px;
+	vertical-align: top;
+}
+
+.invoice-box table tr td:nth-child(2) {
+	text-align: right;
+}
+
+.invoice-box table tr.top table td {
+	padding-bottom: 20px;
+}
+
+.invoice-box table tr.top table td.title {
+	font-size: 45px;
+	line-height: 45px;
+	color: #333;
+}
+
+.invoice-box table tr.information table td {
+	padding-bottom: 40px;
+}
+
+.invoice-box table tr.heading td {
+	background: #eee;
+	border-bottom: 1px solid #ddd;
+	font-weight: 500;
+}
+
+.invoice-box table {
+	border-collapse: 1px;
+}
+
+.invoice-box table tr.heading th {
+	border-left: 1px solid #ddd;
+	border-right: 1px solid #ddd;
+}
+
+.invoice-box table tr.item td {
+	vertical-align: middle;
+}
+
+.invoice-box table tr.heading th {
+	background: #eee;
+	border-top: 1px solid #ddd;
+	border-bottom: 1px solid #ddd;
+	padding: 10px;
+	text-align: right;
+	font-weight: bold;
+	text-transform: uppercase;
+	font-size: 80%;
+}
+
+.invoice-box table tr.details td {
+	padding: 10px;
+}
+
+.invoice-box table tr.item td{
+	border-bottom: 1px solid #eee;
+	padding: 10px;
+}
+
+.invoice-box table tr.item.last td {
+	border-bottom: none;
+}
+
+.invoice-box table tr.total td {
+	border-top: 2px solid #eee;
+	font-weight: bold;
+	padding-bottom: 60px;
+	padding-top: 10px;
+	text-align: right;
+}
+
+@media only screen and (max-width: 600px) {
+	.invoice-box table tr.top table td {
+		width: 100%;
+		display: block;
+		text-align: center;
+	}
+
+	.invoice-box table tr.information table td {
+		width: 100%;
+		display: block;
+		text-align: center;
+	}
+}
+
+/** RTL **/
+.rtl {
+	direction: rtl;
+
+}
+
+.rtl table {
+	text-align: right;
+}
+
+.rtl table tr td:nth-child(2) {
+	text-align: left;
+}

assets/css/invoice.min.css

@@ -134,7 +134,9 @@
             "vendor/delight-im/cookie/.travis-ci-apache",
             "vendor/doctrine",
             ".distignore",
-            "encrypt-sectrets.php"
+            "encrypt-sectrets.php",
+            "scripts",
+            "mu-plugins"
         ]
     },
     "extra": {

assets/js/support.js

@@ -205,17 +205,6 @@ public function output_default_widget_customer_targets(): void {
 
 				$customer_link = wu_network_admin_url('wp-ultimo-edit-customer', $url_atts);
 
-				$avatar = get_avatar(
-					$customer->get_user_id(),
-					32,
-					'identicon',
-					'',
-					[
-						'force_display' => true,
-						'class'         => 'wu-rounded-full wu-border-solid wu-border-1 wu-border-white hover:wu-border-gray-400',
-					]
-				);
-
 				$display_name = $customer->get_display_name();
 
 				$id = $customer->get_id();
@@ -232,7 +221,16 @@ public function output_default_widget_customer_targets(): void {
 								</a>',
 					esc_attr($customer_link),
 					esc_html($display_name),
-					$avatar, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+					get_avatar(
+						$customer->get_user_id(),
+						32,
+						'identicon',
+						'',
+						[
+							'force_display' => true,
+							'class'         => 'wu-rounded-full wu-border-solid wu-border-1 wu-border-white hover:wu-border-gray-400',
+						]
+					),
 					esc_html($id),
 					esc_html($email)
 				);
@@ -245,16 +243,6 @@ public function output_default_widget_customer_targets(): void {
 
 					$email = $customer->get_email_address();
 
-					$avatar = get_avatar(
-						$email,
-						32,
-						'identicon',
-						'',
-						[
-							'class' => 'wu-rounded-full wu-border-solid wu-border-1 wu-border-white hover:wu-border-gray-400',
-						]
-					);
-
 					$url_atts = [
 						'id' => $customer->get_id(),
 					];
@@ -265,7 +253,15 @@ public function output_default_widget_customer_targets(): void {
 						"<div class='wu-flex wu--mr-4'><a role='tooltip' aria-label='%s' href='%s'>%s</a></div>",
 						esc_attr($tooltip_name),
 						esc_attr($customer_link),
-						$avatar // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+						get_avatar(
+							$email,
+							32,
+							'identicon',
+							'',
+							[
+								'class' => 'wu-rounded-full wu-border-solid wu-border-1 wu-border-white hover:wu-border-gray-400',
+							]
+						)
 					);
 				}
 
@@ -459,6 +455,7 @@ public function query_filter($args) {
 	 */
 	public function get_object() {
 
+		// Data is only being fetch, nothing is being modified, no need for nonce check.
 		if (isset($_GET['id'])) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 			$query = new \WP_Ultimo\Database\Broadcasts\Broadcast_Query();
 

assets/js/support.min.js

@@ -91,7 +91,7 @@ public function init(): void {
 
 		parent::init();
 
-		add_action('init', [$this, 'generate_checkout_form_preview'], 9);
+		$this->generate_checkout_form_preview();
 
 		add_action('wp_ajax_wu_save_editor_session', [$this, 'save_editor_session']);
 
@@ -171,8 +171,6 @@ public function content_checkout_form_by_settings(): void {
 			return;
 		}
 
-		$content = '';
-
 		$key = wp_get_session_token();
 
 		$session = \WP_Session_Tokens::get_instance(get_current_user_id());
@@ -193,12 +191,20 @@ public function content_checkout_form_by_settings(): void {
 			$current_user = wp_set_current_user(0);
 		}
 
+		wp_enqueue_scripts();
+
+		wp_print_head_scripts();
+
+		printf('<body %s>', 'class="' . esc_attr(implode(' ', get_body_class('wu-styling'))) . '"');
+
+		echo '<div class="wu-p-6">';
+
 		$count = count($settings);
 
 		foreach ($settings as $index => $step) {
 			$final_fields = wu_create_checkout_fields($step['fields']);
 
-			$content .= wu_get_template_contents(
+			wu_get_template(
 				'checkout/form',
 				[
 					'step'               => $step,
@@ -212,20 +218,10 @@ public function content_checkout_form_by_settings(): void {
 			);
 
 			if ($index < $count - 1) {
-				$content .= sprintf('<hr class="sm:wu-bg-transparent wu-hr-text wu-font-semibold wu-my-4 wu-mt-6 wu-text-gray-600 wu-text-sm" data-content="%s">', esc_attr__('Step Separator', 'multisite-ultimate'));
+				printf('<hr class="sm:wu-bg-transparent wu-hr-text wu-font-semibold wu-my-4 wu-mt-6 wu-text-gray-600 wu-text-sm" data-content="%s">', esc_attr__('Step Separator', 'multisite-ultimate'));
 			}
 		}
 
-		wp_enqueue_scripts();
-
-		wp_print_head_scripts();
-
-		printf('<body %s>', 'class="' . esc_attr(implode(' ', get_body_class('wu-styling'))) . '"');
-
-		echo '<div class="wu-p-6">';
-
-		echo $content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
-
 		wp_print_footer_scripts();
 
 		echo '</div></body>';

composer.json

@@ -997,9 +997,9 @@ public function render_country() {
 
 		if ($country_code) {
 			$html = sprintf(
-				'<span>%s</span><span class="wu-flag-icon wu-w-5 wu-ml-1" %s>%s</span>',
+				'<span>%s</span><span class="wu-flag-icon wu-w-5 wu-ml-1" role="tooltip" aria-label="%s">%s</span>',
 				$country_name,
-				wu_tooltip_text($country_name),
+				esc_attr($country_name),
 				wu_get_flag_emoji((string) $country_code)
 			);
 		} else {

inc/admin-pages/class-broadcast-edit-admin-page.php

@@ -608,20 +608,16 @@ public function render_csv_button($args): void {
 
 		$data_strings = wp_json_encode($args['data']);
 
-		$html = '<div class="wu-bg-gray-100 wu-p-2 wu-text-right wu-border-0 wu-border-b wu-border-solid wu-border-gray-400">
+		printf(
+			'<div class="wu-bg-gray-100 wu-p-2 wu-text-right wu-border-0 wu-border-b wu-border-solid wu-border-gray-400">
 			<a href="#" attr-slug-csv="%2$s" class="wu-export-button wu-no-underline wu-text-gray-800 wu-text-xs">
 				<span class="dashicons-wu-download wu-mr-1"></span> %1$s
 			</a>
 			<input type="hidden" id="csv_headers_%2$s" value="%3$s" />
 			<input type="hidden" id="csv_data_%2$s" value="%4$s" />
 			<input type="hidden" id="csv_action_%2$s" value="%5$s" />
-		</div>';
-
-		$html = apply_filters('wu_export_html_render', $html, $html);
-
-		printf(
-			$html, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
-			apply_filters('wu_export_data_table_label', esc_html__('CSV', 'multisite-ultimate')), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+		</div>',
+			esc_html__('CSV', 'multisite-ultimate'),
 			esc_attr($slug),
 			esc_attr($header_strings),
 			esc_attr($data_strings),

inc/admin-pages/class-checkout-form-edit-admin-page.php

@@ -401,8 +401,8 @@ protected function add_list_table_widget($id, $atts = []) {
 			$atts,
 			[
 				'widget_id'    => $id,
-				'before'       => '',
-				'after'        => '',
+				'before'       => fn() => null,
+				'after'        => fn() => null,
 				'title'        => __('List Table', 'multisite-ultimate'),
 				'position'     => 'advanced',
 				'screen'       => get_current_screen(),