Avoid inline sort

2019-01-25 19:51:45 +00:00 · 2019-01-25 19:51:45 +00:00 · 8675f3195d
parent 9fc78634f9
commit 8675f3195d
1 changed files with 24 additions and 29 deletions
--- a/includes/admin/class-wc-admin-attributes.php
+++ b/includes/admin/class-wc-admin-attributes.php
@ -26,9 +26,9 @@ class WC_Admin_Attributes {
 		$action = '';
 		// Action to perform: add, edit, delete or none.
-		if ( ! empty( $_POST['add_new_attribute'] ) ) {
+		if ( ! empty( $_POST['add_new_attribute'] ) ) { // WPCS: CSRF ok.
 			$action = 'add';
-		} elseif ( ! empty( $_POST['save_attribute'] ) && ! empty( $_GET['edit'] ) ) {
+		} elseif ( ! empty( $_POST['save_attribute'] ) && ! empty( $_GET['edit'] ) ) { // WPCS: CSRF ok.
 			$action = 'edit';
 		} elseif ( ! empty( $_GET['delete'] ) ) {
 			$action = 'delete';
@ -65,11 +65,11 @@ class WC_Admin_Attributes {
 	 */
 	private static function get_posted_attribute() {
 		$attribute = array(
-			'attribute_label'   => isset( $_POST['attribute_label'] ) ? wc_clean( stripslashes( $_POST['attribute_label'] ) ) : '',
+			'attribute_label'   => isset( $_POST['attribute_label'] ) ? wc_clean( wp_unslash( $_POST['attribute_label'] ) ) : '', // WPCS: input var ok, CSRF ok.
-			'attribute_name'    => isset( $_POST['attribute_name'] ) ? wc_sanitize_taxonomy_name( stripslashes( $_POST['attribute_name'] ) ) : '',
+			'attribute_name'    => isset( $_POST['attribute_name'] ) ? wc_sanitize_taxonomy_name( wp_unslash( $_POST['attribute_name'] ) ) : '', // WPCS: input var ok, CSRF ok, sanitization ok.
-			'attribute_type'    => isset( $_POST['attribute_type'] ) ? wc_clean( $_POST['attribute_type'] ) : 'select',
+			'attribute_type'    => isset( $_POST['attribute_type'] ) ? wc_clean( wp_unslash( $_POST['attribute_type'] ) ) : 'select', // WPCS: input var ok, CSRF ok.
-			'attribute_orderby' => isset( $_POST['attribute_orderby'] ) ? wc_clean( $_POST['attribute_orderby'] ) : '',
+			'attribute_orderby' => isset( $_POST['attribute_orderby'] ) ? wc_clean( wp_unslash( $_POST['attribute_orderby'] ) ) : '', // WPCS: input var ok, CSRF ok.
-			'attribute_public'  => isset( $_POST['attribute_public'] ) ? 1 : 0,
+			'attribute_public'  => isset( $_POST['attribute_public'] ) ? 1 : 0, // WPCS: input var ok, CSRF ok.
 		);
 		if ( empty( $attribute['attribute_type'] ) ) {
@ -117,7 +117,7 @@ class WC_Admin_Attributes {
 	 * @return bool|WP_Error
 	 */
 	private static function process_edit_attribute() {
-		$attribute_id = absint( $_GET['edit'] );
+		$attribute_id = isset( $_GET['edit'] ) ? absint( $_GET['edit'] ) : 0;
 		check_admin_referer( 'woocommerce-save-attribute_' . $attribute_id );
 		$attribute = self::get_posted_attribute();
@ -135,7 +135,7 @@ class WC_Admin_Attributes {
 			return $id;
 		}
-		echo '<div class="updated"><p>' . __( 'Attribute updated successfully', 'woocommerce' ) . '</p><p><a href="' . esc_url( admin_url( 'edit.php?post_type=product&amp;page=product_attributes' ) ) . '">' . __( 'Back to Attributes', 'woocommerce' ) . '</a></p></div>';
+		echo '<div class="updated"><p>' . esc_html__( 'Attribute updated successfully', 'woocommerce' ) . '</p><p><a href="' . esc_url( admin_url( 'edit.php?post_type=product&amp;page=product_attributes' ) ) . '">' . esc_html__( 'Back to Attributes', 'woocommerce' ) . '</a></p></div>';
 		return true;
 	}
@ -146,7 +146,7 @@ class WC_Admin_Attributes {
 	 * @return bool
 	 */
 	private static function process_delete_attribute() {
-		$attribute_id = absint( $_GET['delete'] );
+		$attribute_id = isset( $_GET['delete'] ) ? absint( $_GET['delete'] ) : 0;
 		check_admin_referer( 'woocommerce-delete-attribute_' . $attribute_id );
 		return wc_delete_attribute( $attribute_id );
@ -160,9 +160,17 @@ class WC_Admin_Attributes {
 	public static function edit_attribute() {
 		global $wpdb;
-		$edit = absint( $_GET['edit'] );
+		$edit = isset( $_GET['edit'] ) ? absint( $_GET['edit'] ) : 0;
-		$attribute_to_edit = $wpdb->get_row( 'SELECT attribute_type, attribute_label, attribute_name, attribute_orderby, attribute_public FROM ' . $wpdb->prefix . "woocommerce_attribute_taxonomies WHERE attribute_id = '$edit'" );
+		$attribute_to_edit = $wpdb->get_row(
 			$wpdb->prepare(
 				"
 				SELECT attribute_type, attribute_label, attribute_name, attribute_orderby, attribute_public
 				FROM {$wpdb->prefix}woocommerce_attribute_taxonomies WHERE attribute_id = %d
 				",
 				$edit
 			)
 		);
 		?>
 		<div class="wrap woocommerce">
@ -297,7 +305,8 @@ class WC_Admin_Attributes {
 							</thead>
 							<tbody>
 								<?php
-								if ( $attribute_taxonomies = wc_get_attribute_taxonomies() ) :
+								$attribute_taxonomies = wc_get_attribute_taxonomies();
 								if ( $attribute_taxonomies ) :
 									foreach ( $attribute_taxonomies as $tax ) :
 										?>
 										<tr>
@ -333,21 +342,7 @@ class WC_Admin_Attributes {
 													$taxonomy = wc_attribute_taxonomy_name( $tax->attribute_name );
 													if ( taxonomy_exists( $taxonomy ) ) {
-														if ( 'menu_order' === wc_attribute_orderby( $taxonomy ) ) {
+														$terms        = get_terms( $taxonomy, 'hide_empty=0' );
 															$terms = get_terms( $taxonomy, 'hide_empty=0&menu_order=ASC' );
 														} else {
 															$terms = get_terms( $taxonomy, 'hide_empty=0&menu_order=false' );
 														}
 														switch ( $tax->attribute_orderby ) {
 															case 'name_num':
 																usort( $terms, '_wc_get_product_terms_name_num_usort_callback' );
 																break;
 															case 'parent':
 																usort( $terms, '_wc_get_product_terms_parent_usort_callback' );
 																break;
 														}
 														$terms_string = implode( ', ', wp_list_pluck( $terms, 'name' ) );
 														if ( $terms_string ) {
 															echo esc_html( $terms_string );