Commit 99a4ca3e authored by Erick Hitter's avatar Erick Hitter

Nonce the message display, because we can.

parent 43628c1f
Pipeline #1065 passed with stages
in 3 minutes and 9 seconds
...@@ -81,8 +81,15 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -81,8 +81,15 @@ class WP_Revisions_Control_Bulk_Actions {
protected function register_actions() { protected function register_actions() {
$actions = array(); $actions = array();
$actions[ $this->action_base . 'purge_excess' ] = __( 'Purge excess revisions', 'wp_revisions_control' ); $actions[ $this->action_base . 'purge_excess' ] = __(
$actions[ $this->action_base . 'purge_all' ] = __( 'Purge ALL revisions', 'wp_revisions_control' ); 'Purge excess revisions',
'wp_revisions_control'
);
$actions[ $this->action_base . 'purge_all' ] = __(
'Purge ALL revisions',
'wp_revisions_control'
);
$this->actions = $actions; $this->actions = $actions;
} }
...@@ -104,9 +111,11 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -104,9 +111,11 @@ class WP_Revisions_Control_Bulk_Actions {
} }
$post_type_caps = get_post_type_object( $screen->post_type )->cap; $post_type_caps = get_post_type_object( $screen->post_type )->cap;
$user_can = current_user_can( $post_type_caps->edit_posts ) && $user_can = (
current_user_can( $post_type_caps->edit_posts ) &&
current_user_can( $post_type_caps->edit_published_posts ) && current_user_can( $post_type_caps->edit_published_posts ) &&
current_user_can( $post_type_caps->edit_others_posts ); current_user_can( $post_type_caps->edit_others_posts )
);
$user_can = apply_filters( $user_can = apply_filters(
'wp_revisions_control_current_user_can_bulk_actions', 'wp_revisions_control_current_user_can_bulk_actions',
$user_can, $user_can,
...@@ -144,6 +153,7 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -144,6 +153,7 @@ class WP_Revisions_Control_Bulk_Actions {
protected function get_message_query_args() { protected function get_message_query_args() {
$args = array_keys( $this->actions ); $args = array_keys( $this->actions );
$args[] = $this->action_base . 'missing'; $args[] = $this->action_base . 'missing';
$args[] = $this->action_base . 'nonce';
return $args; return $args;
} }
...@@ -184,12 +194,16 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -184,12 +194,16 @@ class WP_Revisions_Control_Bulk_Actions {
$response[ $action ] = 1; $response[ $action ] = 1;
break; break;
case 'nonce':
break;
default: default:
$response[ $this->action_base . 'missing' ] = 1; $response[ $this->action_base . 'missing' ] = 1;
break; break;
} }
if ( is_array( $response ) ) { if ( is_array( $response ) ) {
$response[ $this->action_base . 'nonce' ] = wp_create_nonce( $this->action_base );
$redirect_to = add_query_arg( $response, $redirect_to ); $redirect_to = add_query_arg( $response, $redirect_to );
} }
...@@ -202,8 +216,10 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -202,8 +216,10 @@ class WP_Revisions_Control_Bulk_Actions {
* @param array $ids Object IDs. * @param array $ids Object IDs.
*/ */
protected function purge_all( $ids ) { protected function purge_all( $ids ) {
$plugin = WP_Revisions_Control::get_instance();
foreach ( $ids as $id ) { foreach ( $ids as $id ) {
WP_Revisions_Control::get_instance()->do_purge_all( $id ); $plugin->do_purge_all( $id );
} }
} }
...@@ -213,8 +229,10 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -213,8 +229,10 @@ class WP_Revisions_Control_Bulk_Actions {
* @param array $ids Object IDs. * @param array $ids Object IDs.
*/ */
protected function purge_excess( $ids ) { protected function purge_excess( $ids ) {
$plugin = WP_Revisions_Control::get_instance();
foreach ( $ids as $id ) { foreach ( $ids as $id ) {
WP_Revisions_Control::get_instance()->do_purge_excess( $id ); $plugin->do_purge_excess( $id );
} }
} }
...@@ -224,8 +242,16 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -224,8 +242,16 @@ class WP_Revisions_Control_Bulk_Actions {
public function admin_notices() { public function admin_notices() {
$message = null; $message = null;
$nonce_key = $this->action_base . 'nonce';
if (
! isset( $_GET[ $nonce_key ] ) ||
! wp_verify_nonce( sanitize_text_field( $_GET[ $nonce_key ] ), $this->action_base )
) {
return;
}
foreach ( $this->get_message_query_args() as $arg ) { foreach ( $this->get_message_query_args() as $arg ) {
// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
if ( isset( $_GET[ $arg ] ) && 1 === (int) $_GET[ $arg ] ) { if ( isset( $_GET[ $arg ] ) && 1 === (int) $_GET[ $arg ] ) {
$message = $arg; $message = $arg;
break; break;
...@@ -253,6 +279,9 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -253,6 +279,9 @@ class WP_Revisions_Control_Bulk_Actions {
); );
break; break;
case 'nonce':
break;
default: default:
case 'missing': case 'missing':
$message = __( $message = __(
...@@ -263,6 +292,10 @@ class WP_Revisions_Control_Bulk_Actions { ...@@ -263,6 +292,10 @@ class WP_Revisions_Control_Bulk_Actions {
break; break;
} }
if ( ! isset( $message, $type ) ) {
return;
}
?> ?>
<div class="notice is-dismissible <?php echo esc_attr( $type ); ?>"> <div class="notice is-dismissible <?php echo esc_attr( $type ); ?>">
<p><?php echo esc_html( $message ); ?></p> <p><?php echo esc_html( $message ); ?></p>
......
...@@ -5,7 +5,7 @@ msgstr "" ...@@ -5,7 +5,7 @@ msgstr ""
"Project-Id-Version: WP Revisions Control 1.3\n" "Project-Id-Version: WP Revisions Control 1.3\n"
"Report-Msgid-Bugs-To: " "Report-Msgid-Bugs-To: "
"https://wordpress.org/support/plugin/wp-revisions-control\n" "https://wordpress.org/support/plugin/wp-revisions-control\n"
"POT-Creation-Date: 2019-05-26 23:14:32+00:00\n" "POT-Creation-Date: 2019-05-26 23:37:00+00:00\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n" "Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
...@@ -29,19 +29,19 @@ msgstr "" ...@@ -29,19 +29,19 @@ msgstr ""
msgid "Purge excess revisions" msgid "Purge excess revisions"
msgstr "" msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:85 #: inc/class-wp-revisions-control-bulk-actions.php:89
msgid "Purge ALL revisions" msgid "Purge ALL revisions"
msgstr "" msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:243 #: inc/class-wp-revisions-control-bulk-actions.php:269
msgid "Purged all revisions." msgid "Purged all revisions."
msgstr "" msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:250 #: inc/class-wp-revisions-control-bulk-actions.php:276
msgid "Purged excess revisions." msgid "Purged excess revisions."
msgstr "" msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:258 #: inc/class-wp-revisions-control-bulk-actions.php:287
msgid "WP Revisions Control encountered an unspecified error." msgid "WP Revisions Control encountered an unspecified error."
msgstr "" msgstr ""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment