Merge branch 'trunk' into 552-add-error-descriptions-to-url-fields

Author: afercia

admin/views/licenses.php

@@ -107,7 +107,10 @@
 
 /* translators: %1$s expands to Yoast SEO. */
 $wpseo_extensions_header = sprintf( __( '%1$s Extensions', 'wordpress-seo' ), 'Yoast SEO' );
-$new_tab_message         = '<span class="screen-reader-text">' . esc_html__( '(Opens in a new browser tab)', 'wordpress-seo' ) . '</span>'
+$new_tab_message         = sprintf(
+	'<span class="screen-reader-text">%1$s</span>',
+	esc_html__( '(Opens in a new browser tab)', 'wordpress-seo' )
+);
 
 ?>
 
@@ -120,8 +123,9 @@
 			<h2>
 				<?php
 				printf(
-					/* translators: %1$s expands to Yoast SEO Premium */
+					/* translators: 1: expands to Yoast SEO Premium */
 					esc_html__( '%1$s, take your optimization to the next level!', 'wordpress-seo' ),
+					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
 					'<span class="yoast-heading-highlight">' . $premium_extension->get_title() . '</span>'
 				);
 				?>
@@ -157,8 +161,13 @@
 					<a target="_blank" href="<?php WPSEO_Shortlinker::show( 'https://yoa.st/13k' ); ?>"
 						class="yoast-link--license">
 						<?php
-						/* translators: %s expands to the extension title */
-						printf( esc_html__( 'Manage your %s subscription on MyYoast', 'wordpress-seo' ), $premium_extension->get_title() );
+						printf(
+							/* translators: %s expands to the extension title */
+							esc_html__( 'Manage your %s subscription on MyYoast', 'wordpress-seo' ),
+							// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
+							$premium_extension->get_title()
+						);
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 						echo $new_tab_message;
 						?>
 					</a>
@@ -167,8 +176,13 @@ class="yoast-link--license">
 					<a target="_blank" href="<?php WPSEO_Shortlinker::show( 'https://yoa.st/13i' ); ?>"
 						class="yoast-link--license">
 						<?php
-						/* translators: %s expands to the extension title */
-						printf( esc_html__( 'Activate %s for your site on MyYoast', 'wordpress-seo' ), $premium_extension->get_title() );
+						printf(
+							/* translators: %s expands to the extension title */
+							esc_html__( 'Activate %s for your site on MyYoast', 'wordpress-seo' ),
+							// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
+							$premium_extension->get_title()
+						);
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 						echo $new_tab_message;
 						?>
 					</a>
@@ -179,8 +193,13 @@ class="yoast-link--license">
 				<a target="_blank" href="<?php echo esc_url( $premium_extension->get_buy_url() ); ?>"
 					class="yoast-button-upsell">
 					<?php
-					/* translators: $s expands to Yoast SEO Premium */
-					printf( esc_html__( 'Buy %s', 'wordpress-seo' ), $premium_extension->get_title() );
+					printf(
+						/* translators: $s expands to Yoast SEO Premium */
+						esc_html__( 'Buy %s', 'wordpress-seo' ),
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
+						$premium_extension->get_title()
+					);
+					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 					echo $new_tab_message;
 					echo '<span aria-hidden="true" class="yoast-button-upsell__caret"></span>';
 					?>
@@ -190,12 +209,14 @@ class="yoast-button-upsell">
 					class="yoast-link--more-info">
 					<?php
 					printf(
-						/* translators: Text between %1$s and %2$s will only be shown to screen readers. %3$s expands to the product name. */
+						/* translators: Text between 1: and 2: will only be shown to screen readers. 3: expands to the product name. */
 						esc_html__( 'More information %1$sabout %3$s%2$s', 'wordpress-seo' ),
 						'<span class="screen-reader-text">',
 						'</span>',
+						// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
 						$premium_extension->get_title()
 					);
+					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 					echo $new_tab_message;
 					?>
 				</a>
@@ -212,12 +233,16 @@ class="yoast-link--more-info">
 		<section class="yoast-promo-extensions">
 			<h2>
 				<?php
-				/* translators: %1$s expands to Yoast SEO */
-				$yoast_seo_extensions = sprintf( __( '%1$s extensions', 'wordpress-seo' ), 'Yoast SEO' );
+				/* translators: 1: expands to Yoast SEO */
+				$yoast_seo_extensions = sprintf( esc_html__( '%1$s extensions', 'wordpress-seo' ), 'Yoast SEO' );
 				$yoast_seo_extensions = '<span class="yoast-heading-highlight">' . $yoast_seo_extensions . '</span>';
 
-				/* translators: %1$s expands to Yoast SEO extensions */
-				printf( esc_html__( '%1$s to optimize your site even further', 'wordpress-seo' ), $yoast_seo_extensions );
+				printf(
+					/* translators: 1: expands to Yoast SEO extensions */
+					esc_html__( '%1$s to optimize your site even further', 'wordpress-seo' ),
+					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $yoast_seo_extensions is properly escaped.
+					$yoast_seo_extensions
+				);
 				?>
 			</h2>
 
@@ -241,8 +266,13 @@ class="yoast-link--more-info">
 								<a target="_blank" href="<?php WPSEO_Shortlinker::show( 'https://yoa.st/13k' ); ?>"
 									class="yoast-link--license">
 									<?php
-									/* translators: %s expands to the extension title */
-									printf( esc_html__( 'Manage your %s subscription on MyYoast', 'wordpress-seo' ), $extension->get_title() );
+									printf(
+										/* translators: %s expands to the extension title */
+										esc_html__( 'Manage your %s subscription on MyYoast', 'wordpress-seo' ),
+										// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
+										$extension->get_title()
+									);
+									// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 									echo $new_tab_message;
 									?>
 								</a>
@@ -251,8 +281,13 @@ class="yoast-link--license">
 								<a target="_blank" href="<?php WPSEO_Shortlinker::show( 'https://yoa.st/13i' ); ?>"
 									class="yoast-link--license">
 									<?php
-									/* translators: %s expands to the extension title */
-									printf( esc_html__( 'Activate %s for your site on MyYoast', 'wordpress-seo' ), $extension->get_title() );
+									printf(
+										/* translators: %s expands to the extension title */
+										esc_html__( 'Activate %s for your site on MyYoast', 'wordpress-seo' ),
+										// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
+										$extension->get_title()
+									);
+									// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 									echo $new_tab_message;
 									?>
 								</a>
@@ -261,8 +296,13 @@ class="yoast-link--license">
 							<a target="_blank" class="yoast-button-upsell"
 								href="<?php echo esc_url( $extension->get_buy_url() ); ?>">
 								<?php
-								/* translators: %s expands to the product name */
-								printf( esc_html__( 'Buy %s', 'wordpress-seo' ), $extension->get_buy_button() );
+								printf(
+									/* translators: %s expands to the product name */
+									esc_html__( 'Buy %s', 'wordpress-seo' ),
+									// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The possible `get_buy_button` values are hardcoded (buy_button or title); only passed through the WPSEO_Extensions class.
+									$extension->get_buy_button()
+								);
+								// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 								echo $new_tab_message;
 								echo '<span aria-hidden="true" class="yoast-button-upsell__caret"></span>';
 								?>
@@ -272,12 +312,14 @@ class="yoast-link--license">
 								href="<?php echo esc_url( $extension->get_info_url() ); ?>">
 								<?php
 								printf(
-									/* translators: Text between %1$s and %2$s will only be shown to screen readers. %3$s expands to the product name. */
+									/* translators: Text between 1: and 2: will only be shown to screen readers. 3: expands to the product name. */
 									esc_html__( 'More information %1$sabout %3$s%2$s', 'wordpress-seo' ),
 									'<span class="screen-reader-text">',
 									'</span>',
+									// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: The `get_title` value is hardcoded; only passed through the WPSEO_Extensions class.
 									$extension->get_title()
 								);
+								// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Reason: $new_tab_message is properly escaped.
 								echo $new_tab_message;
 								?>
 							</a>

admin/views/tool-bulk-editor.php

@@ -119,6 +119,7 @@ function wpseo_get_rendered_tab( $table, $id ) {
 
 ?>
 <script>
+	// phpcs:ignore WordPress.Security.OutputEscaping -- WPSEO_Utils::format_json_encode is safe.
 	var wpseoBulkEditorNonce = <?php echo WPSEO_Utils::format_json_encode( wp_create_nonce( 'wpseo-bulk-editor' ) ); ?>;
 
 	// eslint-disable-next-line

admin/views/tool-import-export.php

@@ -74,7 +74,9 @@
 			$status = 'updated';
 		}
 
-		echo '<div id="message" class="message ', $status, '"><p>', esc_html( $msg ), '</p></div>';
+		$class = 'message ' . $status;
+
+		echo '<div id="message" class="', esc_attr( $status ), '"><p>', esc_html( $msg ), '</p></div>';
 	}
 }
 

inc/class-wpseo-utils.php

@@ -1364,6 +1364,22 @@ public static function extend_kses_post_with_forms( $allowed_post_tags ) {
 		return array_merge_recursive( $allowed_post_tags, $input_tags );
 	}
 
+	/**
+	 * Gets an array of enabled features.
+	 *
+	 * @return string[] The array of enabled features.
+	 */
+	public static function retrieve_enabled_features() {
+		$enabled_features = array();
+		if ( defined( 'YOAST_SEO_ENABLED_FEATURES' ) ) {
+			$enabled_features = preg_split( '/,\W*/', YOAST_SEO_ENABLED_FEATURES );
+		}
+		// Make the array of enabled features filterable, so features can be enabled at will.
+		$enabled_features = apply_filters( 'wpseo_enable_feature', $enabled_features );
+
+		return $enabled_features;
+	}
+
 	/* ********************* DEPRECATED METHODS ********************* */
 
 	/**
@@ -1404,20 +1420,4 @@ public static function get_user_locale() {
 
 		return WPSEO_Language_Utils::get_user_locale();
 	}
-
-	/**
-	 * Gets an array of enabled features.
-	 *
-	 * @return string[] The array of enabled features.
-	 */
-	public static function retrieve_enabled_features() {
-		$enabled_features = array();
-		if ( defined( 'YOAST_SEO_ENABLED_FEATURES' ) ) {
-			$enabled_features = preg_split( '/,\W*/', YOAST_SEO_ENABLED_FEATURES );
-		}
-		// Make the array of enabled features filterable, so features can be enabled at will.
-		$enabled_features = apply_filters( 'wpseo_enable_feature', $enabled_features );
-
-		return $enabled_features;
-	}
 }

inc/options/class-wpseo-option.php

@@ -305,13 +305,16 @@ public function validate_verification_string( $key, $dirty, $old, &$clean ) {
 					if ( isset( $old[ $key ] ) && preg_match( $regex, $old[ $key ] ) ) {
 						$clean[ $key ] = $old[ $key ];
 					}
-					add_settings_error(
-						$this->group_name, // Slug title of the setting.
-						$key, // Suffix-ID for the error message box. WordPress prepends `setting-error-`.
-						/* translators: 1: Verification string from user input; 2: Service name. */
-						sprintf( __( '%1$s does not seem to be a valid %2$s verification string. Please correct.', 'wordpress-seo' ), '<strong>' . esc_html( $meta ) . '</strong>', $service ), // The error message.
-						'notice-error' // CSS class for the WP notice, either the legacy 'error' / 'updated' or the new `notice-*` ones.
-					);
+
+					if ( function_exists( 'add_settings_error' ) ) {
+						add_settings_error(
+							$this->group_name, // Slug title of the setting.
+							$key, // Suffix-ID for the error message box. WordPress prepends `setting-error-`.
+							/* translators: 1: Verification string from user input; 2: Service name. */
+							sprintf( __( '%1$s does not seem to be a valid %2$s verification string. Please correct.', 'wordpress-seo' ), '<strong>' . esc_html( $meta ) . '</strong>', $service ), // The error message.
+							'notice-error' // CSS class for the WP notice, either the legacy 'error' / 'updated' or the new `notice-*` ones.
+						);
+					}
 
 					Yoast_Input_Validation::add_dirty_value_to_settings_errors( $key, $meta );
 				}
@@ -414,16 +417,19 @@ public function validate_facebook_app_id( $key, $dirty, $old, &$clean ) {
 			if ( isset( $old[ $key ] ) && $old[ $key ] !== '' ) {
 				$clean[ $key ] = $old[ $key ];
 			}
-			add_settings_error(
-				$this->group_name, // Slug title of the setting.
-				$key, // Suffix-ID for the error message box. WordPress prepends `setting-error-`.
-				sprintf(
+
+			if ( function_exists( 'add_settings_error' ) ) {
+				add_settings_error(
+					$this->group_name, // Slug title of the setting.
+					$key, // Suffix-ID for the error message box. WordPress prepends `setting-error-`.
+					sprintf(
 					/* translators: %s expands to an invalid Facebook App ID. */
-					__( '%s does not seem to be a valid Facebook App ID. Please correct.', 'wordpress-seo' ),
-					'<strong>' . esc_html( $dirty[ $key ] ) . '</strong>'
-				), // The error message.
-				'notice-error' // CSS class for the WP notice, either the legacy 'error' / 'updated' or the new `notice-*` ones.
-			);
+						__( '%s does not seem to be a valid Facebook App ID. Please correct.', 'wordpress-seo' ),
+						'<strong>' . esc_html( $dirty[ $key ] ) . '</strong>'
+					), // The error message.
+					'notice-error' // CSS class for the WP notice, either the legacy 'error' / 'updated' or the new `notice-*` ones.
+				);
+			}
 
 			Yoast_Input_Validation::add_dirty_value_to_settings_errors( $key, $dirty[ $key ] );
 		}

package.json

@@ -103,13 +103,13 @@
     "@wordpress/is-shallow-equal": "^1.2.0",
     "@wordpress/rich-text": "^3.2.2",
     "@wordpress/url": "^2.5.0",
-    "@yoast/algolia-search-box": "^1.5.0-rc.0",
-    "@yoast/analysis-report": "^0.6.0-rc.0",
-    "@yoast/components": "^0.6.0-rc.0",
-    "@yoast/configuration-wizard": "^1.5.0-rc.0",
-    "@yoast/helpers": "^0.4.0-rc.2",
-    "@yoast/search-metadata-previews": "^1.8.0-rc.0",
-    "@yoast/style-guide": "^0.4.0-rc.1",
+    "@yoast/algolia-search-box": "^1.6.0-rc.0",
+    "@yoast/analysis-report": "^0.7.0-rc.0",
+    "@yoast/components": "^0.7.0-rc.0",
+    "@yoast/configuration-wizard": "^1.6.0-rc.0",
+    "@yoast/helpers": "^0.5.0-rc.0",
+    "@yoast/search-metadata-previews": "^1.9.0-rc.0",
+    "@yoast/style-guide": "^0.5.0-rc.0",
     "a11y-speak": "git+https://github.com/Yoast/a11y-speak.git#master",
     "babel-polyfill": "^6.26.0",
     "draft-js": "^0.10.5",
@@ -132,10 +132,10 @@
     "redux-thunk": "^2.2.0",
     "select2": "^4.0.5",
     "styled-components": "^4.2.0",
-    "yoast-components": "^4.32.0-rc.0",
-    "yoastseo": "^1.59.0-rc.0"
+    "yoast-components": "^4.33.0-rc.0",
+    "yoastseo": "^1.60.0-rc.0"
   },
   "yoast": {
-    "pluginVersion": "12.1-RC4"
+    "pluginVersion": "12.2-RC1"
   }
 }