Commit 99a4ca3e authored by Erick Hitter's avatar Erick Hitter

Nonce the message display, because we can.

parent 43628c1f
Pipeline #1065 passed with stages
in 3 minutes and 9 seconds
......@@ -81,8 +81,15 @@ class WP_Revisions_Control_Bulk_Actions {
protected function register_actions() {
$actions = array();
$actions[ $this->action_base . 'purge_excess' ] = __( 'Purge excess revisions', 'wp_revisions_control' );
$actions[ $this->action_base . 'purge_all' ] = __( 'Purge ALL revisions', 'wp_revisions_control' );
$actions[ $this->action_base . 'purge_excess' ] = __(
'Purge excess revisions',
'wp_revisions_control'
);
$actions[ $this->action_base . 'purge_all' ] = __(
'Purge ALL revisions',
'wp_revisions_control'
);
$this->actions = $actions;
}
......@@ -104,9 +111,11 @@ class WP_Revisions_Control_Bulk_Actions {
}
$post_type_caps = get_post_type_object( $screen->post_type )->cap;
$user_can = current_user_can( $post_type_caps->edit_posts ) &&
current_user_can( $post_type_caps->edit_published_posts ) &&
current_user_can( $post_type_caps->edit_others_posts );
$user_can = (
current_user_can( $post_type_caps->edit_posts ) &&
current_user_can( $post_type_caps->edit_published_posts ) &&
current_user_can( $post_type_caps->edit_others_posts )
);
$user_can = apply_filters(
'wp_revisions_control_current_user_can_bulk_actions',
$user_can,
......@@ -144,6 +153,7 @@ class WP_Revisions_Control_Bulk_Actions {
protected function get_message_query_args() {
$args = array_keys( $this->actions );
$args[] = $this->action_base . 'missing';
$args[] = $this->action_base . 'nonce';
return $args;
}
......@@ -184,13 +194,17 @@ class WP_Revisions_Control_Bulk_Actions {
$response[ $action ] = 1;
break;
case 'nonce':
break;
default:
$response[ $this->action_base . 'missing' ] = 1;
break;
}
if ( is_array( $response ) ) {
$redirect_to = add_query_arg( $response, $redirect_to );
$response[ $this->action_base . 'nonce' ] = wp_create_nonce( $this->action_base );
$redirect_to = add_query_arg( $response, $redirect_to );
}
return $redirect_to;
......@@ -202,8 +216,10 @@ class WP_Revisions_Control_Bulk_Actions {
* @param array $ids Object IDs.
*/
protected function purge_all( $ids ) {
$plugin = WP_Revisions_Control::get_instance();
foreach ( $ids as $id ) {
WP_Revisions_Control::get_instance()->do_purge_all( $id );
$plugin->do_purge_all( $id );
}
}
......@@ -213,8 +229,10 @@ class WP_Revisions_Control_Bulk_Actions {
* @param array $ids Object IDs.
*/
protected function purge_excess( $ids ) {
$plugin = WP_Revisions_Control::get_instance();
foreach ( $ids as $id ) {
WP_Revisions_Control::get_instance()->do_purge_excess( $id );
$plugin->do_purge_excess( $id );
}
}
......@@ -224,8 +242,16 @@ class WP_Revisions_Control_Bulk_Actions {
public function admin_notices() {
$message = null;
$nonce_key = $this->action_base . 'nonce';
if (
! isset( $_GET[ $nonce_key ] ) ||
! wp_verify_nonce( sanitize_text_field( $_GET[ $nonce_key ] ), $this->action_base )
) {
return;
}
foreach ( $this->get_message_query_args() as $arg ) {
// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
if ( isset( $_GET[ $arg ] ) && 1 === (int) $_GET[ $arg ] ) {
$message = $arg;
break;
......@@ -253,6 +279,9 @@ class WP_Revisions_Control_Bulk_Actions {
);
break;
case 'nonce':
break;
default:
case 'missing':
$message = __(
......@@ -263,6 +292,10 @@ class WP_Revisions_Control_Bulk_Actions {
break;
}
if ( ! isset( $message, $type ) ) {
return;
}
?>
<div class="notice is-dismissible <?php echo esc_attr( $type ); ?>">
<p><?php echo esc_html( $message ); ?></p>
......
......@@ -5,7 +5,7 @@ msgstr ""
"Project-Id-Version: WP Revisions Control 1.3\n"
"Report-Msgid-Bugs-To: "
"https://wordpress.org/support/plugin/wp-revisions-control\n"
"POT-Creation-Date: 2019-05-26 23:14:32+00:00\n"
"POT-Creation-Date: 2019-05-26 23:37:00+00:00\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
......@@ -29,19 +29,19 @@ msgstr ""
msgid "Purge excess revisions"
msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:85
#: inc/class-wp-revisions-control-bulk-actions.php:89
msgid "Purge ALL revisions"
msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:243
#: inc/class-wp-revisions-control-bulk-actions.php:269
msgid "Purged all revisions."
msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:250
#: inc/class-wp-revisions-control-bulk-actions.php:276
msgid "Purged excess revisions."
msgstr ""
#: inc/class-wp-revisions-control-bulk-actions.php:258
#: inc/class-wp-revisions-control-bulk-actions.php:287
msgid "WP Revisions Control encountered an unspecified error."
msgstr ""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment