Merge pull request #25 from TukuToi/develop

### 1.26.1
* [Fixed] Missing Text Domains and some Comments for CPCS Review.

README.md

@@ -265,7 +265,10 @@ function my_shortcodes( $shortcodes ) {
 
 ## Changelog 
 
-= 1.26.0  =
+### 1.26.1
+* [Fixed] Missing Text Domains and some Comments for CPCS Review.
+
+### 1.26.0
 * [Added] Added a JS method to show/hide items in the GUI conditionally
 
 ### 1.25.0

README.txt

@@ -4,7 +4,7 @@ Donate link: https://www.tukutoi.com/
 Tags: shortcodes, classicpress
 Requires at least: 1.0.0
 Tested up to: 4.9.99
-Stable tag: 1.26.0
+Stable tag: 1.26.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -273,6 +273,9 @@ function my_shortcodes( $shortcodes ) {
 
 == Changelog ==
 
+= 1.26.1 =
+* [Fixed] Missing Text Domains and some Comments for CPCS Review.
+
 = 1.26.0  =
 * [Added] Added a JS method to show/hide elements in GUI conditionally
 

admin/class-tkt-shortcodes-gui.php

@@ -206,7 +206,7 @@ private function sanitize_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'How to sanitize the data' );
+				$explanation = __( 'How to sanitize the data', 'tkt-shortcodes' );
 				return $explanation;
 
 			}
@@ -234,7 +234,7 @@ private function postshow_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What Post Information to show. <strong>Careful, when inserting the Post Content in a Post, always make sure to pass an OTHER ID than the current!</strong>' );
+				$explanation = __( 'What Post Information to show. <strong>Careful, when inserting the Post Content in a Post, always make sure to pass an OTHER ID than the current!</strong>', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -260,7 +260,7 @@ private function termshow_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What Term Information to show' );
+				$explanation = __( 'What Term Information to show', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -285,7 +285,7 @@ private function taxonomy_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'Get Term from this Taxonomy' );
+				$explanation = __( 'Get Term from this Taxonomy', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -310,7 +310,7 @@ private function posttypes_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'The Post Type to which to link when Editing Terms' );
+				$explanation = __( 'The Post Type to which to link when Editing Terms', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -339,7 +339,7 @@ private function usershow_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What User Information to show' );
+				$explanation = __( 'What User Information to show', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -368,7 +368,7 @@ private function usergetby_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'By what field to the the User' );
+				$explanation = __( 'By what field to the the User', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -392,7 +392,7 @@ private function math_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What Operator to use' );
+				$explanation = __( 'What Operator to use', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -416,7 +416,7 @@ private function conditional_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What Comparison Operator to use' );
+				$explanation = __( 'What Comparison Operator to use', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -441,7 +441,7 @@ private function siteshow_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What Site Information to show' );
+				$explanation = __( 'What Site Information to show', 'tkt-shortcodes' );
 				return $explanation;
 
 			}
@@ -470,7 +470,7 @@ private function alltypes_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'The content type of wich to get the edit link' );
+				$explanation = __( 'The content type of wich to get the edit link', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -497,7 +497,7 @@ private function attachment_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'Whether to show a Featured Image or any Image' );
+				$explanation = __( 'Whether to show a Featured Image or any Image', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -521,7 +521,7 @@ private function imagesize_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'What registered Image size to use' );
+				$explanation = __( 'What registered Image size to use', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);
@@ -545,7 +545,7 @@ private function roundconstants_options() {
 		add_filter(
 			'tkt_scs_shortcodes_fieldset_explanation',
 			function( $explanation ) {
-				$explanation = __( 'How to round the Float Value' );
+				$explanation = __( 'How to round the Float Value', 'tkt-shortcodes' );
 				return $explanation;
 			}
 		);

common/class-tkt-shortcodes-processor.php

@@ -234,9 +234,24 @@ private function encode_iterators( $content ) {
 		$counts = preg_match_all( $expression, $content, $matches );
 
 		foreach ( $matches[0] as $index => $match ) {
-			// Encode the data to stop WP from trying to fix or parse it.
-			// The iterator shortcode will manage this on render.
-			$match_encoded = str_replace( $matches[1][ $index ], $this->base64_prefix . base64_encode( $matches[1][ $index ] ), $match );
+			/**
+			 * Encode the data to stop WP from trying to fix or parse it.
+			 * The iterator shortcode will manage this on render.
+			 *
+			 * Reviewers:
+			 * This usage of base64_encode() is safe. We do not encode anything unknown.
+			 * All data we encode here is basically the content of (or a) shortcode added by
+			 * someone with manage_options rights in the CP Admin > TukuToi Template or else editors.
+			 *
+			 * No external data, no computed data, no obfuscated data is passed here.
+			 * The reason we need to encode this is, WP has a nack of messing around with nested shortcodes.
+			 * Like [shortcode attr="[shortcode]"] will result in a lot of stripped content.
+			 * Or even [shortcode]<html>[shortcodes]<more html attr="[shortcode]">[shortcodes]</more html></html>[/shortcode] will result in the first level of shortcodes expanded and
+			 * the rest stripped out either by do_shortcode() or the_content(). To avoid this, we base64 encode the parts we do want to expand/process only _later_.
+			 *
+			 * Note that this approach is battle tested by Toolset since at least 6 years.
+			 */
+			$match_encoded = str_replace( $matches[1][ $index ], $this->base64_prefix . base64_encode( $matches[1][ $index ] ), $match );// @codingStandardsIgnoreLine
 			$content = str_replace( $match, $match_encoded, $content );
 		}
 
@@ -299,7 +314,15 @@ private function decode_iterators( $content ) {
 		if ( 0 === strpos( $content, $this->base64_prefix ) ) {
 
 			$content = substr( $content, strlen( $this->base64_prefix ) );
-			$content = base64_decode( $content );
+			/**
+			 * Decode the encoded content
+			 *
+			 * Reviewers:
+			 * This is safe and intended.
+			 *
+			 * @see $this->encode_iterators() for comments.
+			 */
+			$content = base64_decode( $content );// @codingStandardsIgnoreLine
 
 		}
 

includes/class-tkt-shortcodes-sanitizer.php

@@ -363,13 +363,18 @@ public function get_errors( $result, $location, $backtrace ) {
 		}
 
 		if ( true === $this->debug ) {
+			/**
+			 * Reviewers:
+			 * All debug logs are expected here.
+			 * They are only active if debug is enabled in this class, which by default is false.
+			 */
 			if ( true === $this->debug_log ) {
-				error_log( $errors['debug'] . ' This is the full backlog: ' . print_r( $backtrace, true ) );
+				error_log( $errors['debug'] . ' This is the full backlog: ' . print_r( $backtrace, true ) );// @codingStandardsIgnoreLine
 			}
 			return $errors['debug'];
 		}
 		if ( true === $this->debug_log ) {
-			error_log( $errors['debug'] . ' This is the full backlog: ' . print_r( $backtrace, true ) );
+			error_log( $errors['debug'] . ' This is the full backlog: ' . print_r( $backtrace, true ) );// @codingStandardsIgnoreLine
 		}
 
 		return $errors['display'];

public/class-tkt-shortcodes-shortcodes.php

@@ -195,9 +195,16 @@ public function postinfo( $atts, $content = null, $tag ) {
 		// Get our data.
 		$out = get_post( $atts['item'], OBJECT, $atts['filter'] );
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
-			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
+			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );// @codingStandardsIgnoreLine
 		} else {
 			$out = $this->sanitizer->validate( 'object', $out, $atts['show'] );
 		}
@@ -292,7 +299,14 @@ public function userinfo( $atts, $content = null, $tag ) {
 		$value = ! empty( $atts['value'] ) ? $atts['value'] : $atts['item'];
 		$out = get_user_by( $atts['field'], $value );
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		} else {
@@ -374,7 +388,7 @@ public function terminfo( $atts, $content = null, $tag ) {
 		) {
 			$atts['item'] = get_queried_object_id();
 		} elseif ( empty( $atts['item'] ) ) {
-			return esc_html__( 'This is not a Taxonomy Archive, and you specified no Taxonomy Term ID' );
+			return esc_html__( 'This is not a Taxonomy Archive, and you specified no Taxonomy Term ID', 'tkt-shortcodes' );
 		}
 
 		// Sanitize the User input atts.
@@ -389,7 +403,14 @@ public function terminfo( $atts, $content = null, $tag ) {
 		// Get our data.
 		$out = get_term( $atts['item'], $atts['taxonomy'], OBJECT, $atts['filter'] );
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		} else {
@@ -463,7 +484,14 @@ public function post_termsinfo( $atts, $content = null, $tag ) {
 		// Get our data.
 		$out = get_the_terms( $atts['item'], $atts['taxonomy'] );
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		} else {
@@ -554,7 +582,14 @@ public function postmeta( $atts, $content = null, $tag ) {
 			$out = get_post_meta( $atts['item'], $atts['key'], $atts['single'] );
 		}
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		} elseif ( ! is_array( $out ) ) {
@@ -621,7 +656,7 @@ public function termmeta( $atts, $content = null, $tag ) {
 		) {
 			$atts['item'] = get_queried_object_id();
 		} elseif ( empty( $atts['item'] ) ) {
-			return esc_html__( 'This is not a Taxonomy Archive, and you specified no Taxonomy Term ID' );
+			return esc_html__( 'This is not a Taxonomy Archive, and you specified no Taxonomy Term ID', 'tkt-shortcodes' );
 		}
 
 		/**
@@ -1055,7 +1090,14 @@ public function editlinks( $atts, $content = null, $tag ) {
 
 		}
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		}
@@ -1139,7 +1181,14 @@ public function archivelinks( $atts, $content = null, $tag ) {
 			$out = join( $atts['delimiter'], $out );
 		}
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		}
@@ -1250,7 +1299,14 @@ public function attachmentimage( $atts, $content = null, $tag ) {
 			$out = wp_get_attachment_image_url( $atts['item'], $atts['size'], $atts['icon'] );
 		}
 
-		// Validate our data.
+		/**
+		 * Validate our data.
+		 *
+		 * Reviewers:
+		 * The debug_backtrace() is intended here and never shown to the user.
+		 * In fact, here maximally a string with value `Something wrong. Enable Debug mode and check again.` would be returned.
+		 * Only if the sanitizer class has debug log true, then a log is written with the backtrace.
+		 */
 		if ( $this->sanitizer->invalid_or_error( $out ) ) {
 			$out = $this->sanitizer->get_errors( $out, __METHOD__, debug_backtrace() );
 		}

tkt-shortcodes.php

@@ -15,7 +15,7 @@
  * Plugin Name:       TKT ShortCodes
  * Plugin URI:        https://www.tukutoi.com/program/tukutoi-shortcodes
  * Description:       A library of indispensable ShortCodes for ClassicPress (and WordPress without Blocks) Websites.
- * Version:           1.26.0
+ * Version:           1.26.1
  * Author:            TukuToi
  * Author URI:        https://www.tukutoi.com//
  * License:           GPL-2.0+
@@ -34,7 +34,7 @@
  * Start at version 1.0.0 and use SemVer - https://semver.org
  * Rename this for your plugin and update it as you release new versions.
  */
-define( 'TKT_SHORTCODES_VERSION', '1.26.0' );
+define( 'TKT_SHORTCODES_VERSION', '1.26.1' );
 
 /**
  * The code that runs during plugin activation.