From 326c6c60e3b0579241377228c3c2bf7f5970bd62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Mon, 14 Dec 2020 14:32:14 -0300 Subject: [PATCH 001/121] Rms unused import/property --- .../api/endpoints/class-tainacan-rest-logs-controller.php | 3 --- src/classes/repositories/class-tainacan-repository.php | 2 -- 2 files changed, 5 deletions(-) diff --git a/src/classes/api/endpoints/class-tainacan-rest-logs-controller.php b/src/classes/api/endpoints/class-tainacan-rest-logs-controller.php index 659a93c00..f5680121d 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-logs-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-logs-controller.php @@ -9,7 +9,6 @@ use Tainacan\Repositories\Repository; class REST_Logs_Controller extends REST_Controller { private $logs_repository; - private $log; /** * REST_Logs_Controller constructor. @@ -364,5 +363,3 @@ class REST_Logs_Controller extends REST_Controller { return $schema; } } - -?> diff --git a/src/classes/repositories/class-tainacan-repository.php b/src/classes/repositories/class-tainacan-repository.php index 22559212d..4bb6eb580 100644 --- a/src/classes/repositories/class-tainacan-repository.php +++ b/src/classes/repositories/class-tainacan-repository.php @@ -6,7 +6,6 @@ use Tainacan\Entities; use Tainacan\Entities\Entity; use Tainacan; use Tainacan\Repositories; -use \Respect\Validation\Validator as v; defined( 'ABSPATH' ) or die( 'No script kiddies please!' ); @@ -906,4 +905,3 @@ abstract class Repository { } -?> From cd00d5080c5d4fd527da5ea9a239ed43b0d147e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Tue, 15 Dec 2020 14:15:56 -0300 Subject: [PATCH 002/121] init refactor status check --- .../class-tainacan-item-metadata-entity.php | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/src/classes/entities/class-tainacan-item-metadata-entity.php b/src/classes/entities/class-tainacan-item-metadata-entity.php index 6fb2020be..679b16668 100644 --- a/src/classes/entities/class-tainacan-item-metadata-entity.php +++ b/src/classes/entities/class-tainacan-item-metadata-entity.php @@ -476,23 +476,15 @@ class Item_Metadata_Entity extends Entity { return false; } - if (empty($value) && $this->is_required() && in_array( $item->get_status(), apply_filters( 'tainacan-status-require-validation', [ - 'publish', - 'future', - 'private' - ] ) ) - ) { + $validation_statuses = ['publish', 'future', 'private']; + + if (empty($value) && $this->is_required() && in_array($item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { $this->add_error('required', $metadatum->get_name() . ' is required'); return false; } elseif (empty($value) && !$this->is_required()) { $this->set_as_valid(); return true; - } elseif(empty($value) && $this->is_required() && !in_array( $item->get_status(), apply_filters( 'tainacan-status-require-validation', [ - 'publish', - 'future', - 'private' - ] ) )) { - + } elseif(empty($value) && $this->is_required() && !in_array( $item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { $this->set_as_valid(); return true; } From e3917fe1e78ddfa06de27b13020cfd6aff86795e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Tue, 15 Dec 2020 15:51:56 -0300 Subject: [PATCH 003/121] finishes refactor status check --- .../class-tainacan-item-metadata-entity.php | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/src/classes/entities/class-tainacan-item-metadata-entity.php b/src/classes/entities/class-tainacan-item-metadata-entity.php index 679b16668..81ed002a1 100644 --- a/src/classes/entities/class-tainacan-item-metadata-entity.php +++ b/src/classes/entities/class-tainacan-item-metadata-entity.php @@ -471,26 +471,27 @@ class Item_Metadata_Entity extends Entity { $metadatum = $this->get_metadatum(); $item = $this->get_item(); - if( !isset($metadatum) ) { + if (!isset($metadatum)) { $this->add_error('not_found', ['metadatum not found'] ); return false; } - $validation_statuses = ['publish', 'future', 'private']; - - if (empty($value) && $this->is_required() && in_array($item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { - $this->add_error('required', $metadatum->get_name() . ' is required'); - return false; - } elseif (empty($value) && !$this->is_required()) { - $this->set_as_valid(); - return true; - } elseif(empty($value) && $this->is_required() && !in_array( $item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { - $this->set_as_valid(); - return true; - } + if (empty($value)) { + if ($this->is_required()) { + $validation_statuses = ['publish', 'future', 'private']; + if (in_array($item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { + $this->add_error('required', $metadatum->get_name() . ' is required'); + return false; + } else { + return $this->set_as_valid(); + } + } else { + return $this->set_as_valid(); + } + } $classMetadatumType = $metadatum->get_metadata_type_object(); - if( is_object( $classMetadatumType ) ){ + if (is_object($classMetadatumType)) { if( method_exists ( $classMetadatumType , 'validate' ) ){ if( ! $classMetadatumType->validate( $this ) ) { $this->add_error('metadata_type_error', $classMetadatumType->get_errors() ); From 5ca77d3373fe275e71df25eacc52197e5298f9e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 23 Dec 2020 11:55:43 -0300 Subject: [PATCH 004/121] Filters html content before saving it --- .../api/class-tainacan-rest-controller.php | 10 ++++---- ...tainacan-rest-item-metadata-controller.php | 23 ++++++++----------- .../class-tainacan-rest-items-controller.php | 3 +-- .../class-tainacan-item-metadata-entity.php | 2 +- 4 files changed, 17 insertions(+), 21 deletions(-) diff --git a/src/classes/api/class-tainacan-rest-controller.php b/src/classes/api/class-tainacan-rest-controller.php index 6657273df..dbde7e20e 100644 --- a/src/classes/api/class-tainacan-rest-controller.php +++ b/src/classes/api/class-tainacan-rest-controller.php @@ -4,7 +4,6 @@ namespace Tainacan\API; class REST_Controller extends \WP_REST_Controller { - /** * REST_Controller constructor. */ @@ -624,7 +623,6 @@ class REST_Controller extends \WP_REST_Controller { } - function get_permissions_schema() { return [ @@ -654,6 +652,10 @@ class REST_Controller extends \WP_REST_Controller { ]; } -} + protected function filter_value($content) { + $allowed_html = wp_kses_allowed_html('post'); -?> + return wp_kses($content, $allowed_html); + } + +} diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index ca2342c30..b8d467d16 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -187,27 +187,24 @@ class REST_Item_Metadata_Controller extends REST_Controller { public function update_item( $request ) { $body = json_decode( $request->get_body(), true ); - if($body) { - + if ($body) { $item_id = $request['item_id']; $metadatum_id = $request['metadatum_id']; $value = $body['values']; + if (is_array($value)) { + $value = implode(' ', $value); + } + $value = $this->filter_value($value); $parent_meta_id = isset( $body['parent_meta_id'] ) && $body['parent_meta_id'] > 0 ? $body['parent_meta_id'] : null; - $item = $this->item_repository->fetch( $item_id ); - $metadatum = $this->metadatum_repository->fetch( $metadatum_id ); + $item = $this->item_repository->fetch($item_id); + $metadatum = $this->metadatum_repository->fetch($metadatum_id); $item_metadata = new Entities\Item_Metadata_Entity( $item, $metadatum, null, $parent_meta_id); - if($item_metadata->is_multiple()) { - $item_metadata->set_value( $value ); - } elseif(is_array($value)) { - $item_metadata->set_value(implode(' ', $value)); - } else { - $item_metadata->set_value($value); - } + $item_metadata->set_value($value); - if ( $item_metadata->validate() ) { + if ($item_metadata->validate()) { if($item->can_edit()) { $updated_item_metadata = $this->item_metadata_repository->update( $item_metadata ); @@ -379,5 +376,3 @@ class REST_Item_Metadata_Controller extends REST_Controller { } } - -?> diff --git a/src/classes/api/endpoints/class-tainacan-rest-items-controller.php b/src/classes/api/endpoints/class-tainacan-rest-items-controller.php index 59e41722b..39b6f5588 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-items-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-items-controller.php @@ -707,10 +707,9 @@ class REST_Items_Controller extends REST_Controller { */ public function update_item( $request ) { $item_id = $request['item_id']; - $body = json_decode($request->get_body(), true); - if(!empty($body)){ + if (!empty($body)) { $attributes = []; foreach ($body as $att => $value){ diff --git a/src/classes/entities/class-tainacan-item-metadata-entity.php b/src/classes/entities/class-tainacan-item-metadata-entity.php index 81ed002a1..85ff9b2f2 100644 --- a/src/classes/entities/class-tainacan-item-metadata-entity.php +++ b/src/classes/entities/class-tainacan-item-metadata-entity.php @@ -462,7 +462,7 @@ class Item_Metadata_Entity extends Entity { } /** - * Validate attributes + * Returns whether metadata value is valid * * @return boolean */ From 539a3721e46cbde4b8abbc5e56d802624e50e01a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 23 Dec 2020 17:56:08 -0300 Subject: [PATCH 005/121] Fixes setting value for multiple config --- compile-sass.sh | 2 +- ...ss-tainacan-rest-item-metadata-controller.php | 15 ++++++++------- .../class-tainacan-item-metadata-entity.php | 16 +++++----------- 3 files changed, 14 insertions(+), 19 deletions(-) diff --git a/compile-sass.sh b/compile-sass.sh index cdfdc2787..36a3e9dcb 100644 --- a/compile-sass.sh +++ b/compile-sass.sh @@ -2,7 +2,7 @@ # Executa o comando 'sass' para verificar se existe (veja http://stackoverflow.com/a/677212/329911) command -v sass >/dev/null 2>&1 || { - echo >&2 "SASS parece não está disponivel."; + echo >&2 "Sass parece não estar disponivel."; exit 1; } diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index b8d467d16..6aea153fc 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -188,13 +188,9 @@ class REST_Item_Metadata_Controller extends REST_Controller { $body = json_decode( $request->get_body(), true ); if ($body) { - $item_id = $request['item_id']; - $metadatum_id = $request['metadatum_id']; - $value = $body['values']; - if (is_array($value)) { - $value = implode(' ', $value); - } - $value = $this->filter_value($value); + $item_id = $request['item_id']; + $value = $body['values']; + $metadatum_id = $request['metadatum_id']; $parent_meta_id = isset( $body['parent_meta_id'] ) && $body['parent_meta_id'] > 0 ? $body['parent_meta_id'] : null; $item = $this->item_repository->fetch($item_id); @@ -202,6 +198,11 @@ class REST_Item_Metadata_Controller extends REST_Controller { $item_metadata = new Entities\Item_Metadata_Entity( $item, $metadatum, null, $parent_meta_id); + if (is_array($value) && !$item_metadata->is_multiple()) { + $value = implode(' ', $value); + } + $value = $this->filter_value($value); + $item_metadata->set_value($value); if ($item_metadata->validate()) { diff --git a/src/classes/entities/class-tainacan-item-metadata-entity.php b/src/classes/entities/class-tainacan-item-metadata-entity.php index 85ff9b2f2..374af764d 100644 --- a/src/classes/entities/class-tainacan-item-metadata-entity.php +++ b/src/classes/entities/class-tainacan-item-metadata-entity.php @@ -199,10 +199,9 @@ class Item_Metadata_Entity extends Entity { public function get_value_as_array() { $value = $this->get_value(); $primitive_type = $this->get_metadatum()->get_metadata_type_object()->get_primitive_type(); - - if ( $this->is_multiple() ) { - $return = []; - + $return = []; + + if ($this->is_multiple()) { foreach ($value as $v) { if( is_array($v) ) { $options = $this->get_metadatum()->get_metadata_type_object()->get_options(); @@ -227,12 +226,8 @@ class Item_Metadata_Entity extends Entity { $return[] = $v; } } - } else { - - $return = ''; - - if( $primitive_type === 'compound' ) { + if ($primitive_type === 'compound') { $compounds = []; $compounds_not_ordinate = []; $options = $this->get_metadatum()->get_metadata_type_object()->get_options(); @@ -274,7 +269,6 @@ class Item_Metadata_Entity extends Entity { } return $return; - } /** @@ -285,7 +279,7 @@ class Item_Metadata_Entity extends Entity { * * @return array the representation of this object as an array */ - public function _toArray( $formatted_values = true, $cascade = false ){ + public function _toArray( $formatted_values = true, $cascade = false ){ $as_array = []; $as_array['value'] = $this->get_value_as_array(); From e14d8489a12e0e19aedd9f6ff03b836880cd3deb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 23 Dec 2020 18:41:58 -0300 Subject: [PATCH 006/121] Refactors metadata value checking qnd filtering --- ...tainacan-rest-item-metadata-controller.php | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index 6aea153fc..19dafb91e 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -198,14 +198,10 @@ class REST_Item_Metadata_Controller extends REST_Controller { $item_metadata = new Entities\Item_Metadata_Entity( $item, $metadatum, null, $parent_meta_id); - if (is_array($value) && !$item_metadata->is_multiple()) { - $value = implode(' ', $value); - } - $value = $this->filter_value($value); - + $value = $this->get_metadata_value($value); $item_metadata->set_value($value); - if ($item_metadata->validate()) { + if ($item_metadata->validate()) { if($item->can_edit()) { $updated_item_metadata = $this->item_metadata_repository->update( $item_metadata ); @@ -376,4 +372,17 @@ class REST_Item_Metadata_Controller extends REST_Controller { } } + private function get_metadata_value($is_multiple, $value) { + $filtered_value = $value; + if ($is_multiple) { + // if metadata is multiple, leave it as array + // this has to be verified before and separately than the array check + } elseif (is_array($value)) { + $filtered_value = implode(' ', $value); + } + + $filtered_value = $this->filter_value($filtered_value); + + return $filtered_value; + } } From 1ee639e0a745720eee3e9fd2837cb1b8bab9ca52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 30 Dec 2020 16:37:17 -0300 Subject: [PATCH 007/121] Fix filter tests --- .../endpoints/class-tainacan-rest-item-metadata-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index 19dafb91e..f3a3a75a8 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -198,7 +198,7 @@ class REST_Item_Metadata_Controller extends REST_Controller { $item_metadata = new Entities\Item_Metadata_Entity( $item, $metadatum, null, $parent_meta_id); - $value = $this->get_metadata_value($value); + $value = $this->get_metadata_value($item_metadata->is_multiple(), $value); $item_metadata->set_value($value); if ($item_metadata->validate()) { From 74d86f8e8ba5a109888187b569318d9ab299dd86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 30 Dec 2020 18:10:11 -0300 Subject: [PATCH 008/121] filter content passing all tests back again --- .../class-tainacan-rest-item-metadata-controller.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index f3a3a75a8..89372d679 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -381,7 +381,11 @@ class REST_Item_Metadata_Controller extends REST_Controller { $filtered_value = implode(' ', $value); } - $filtered_value = $this->filter_value($filtered_value); + if (is_array($filtered_value)) { + // process each element + } else { + $filtered_value = $this->filter_value($filtered_value); + } return $filtered_value; } From 3a3fa8b11f1fc3ee2c69c97a1b5de481da4d38c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 30 Dec 2020 18:20:33 -0300 Subject: [PATCH 009/121] Filters each multiple meta element --- .../class-tainacan-rest-item-metadata-controller.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index 89372d679..1ba6b2d25 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -382,7 +382,11 @@ class REST_Item_Metadata_Controller extends REST_Controller { } if (is_array($filtered_value)) { - // process each element + $filtered_arr = array_map(function($v) { + return $this->filter_value($v); + }, $filtered_value); + + $filtered_value = $filtered_arr; } else { $filtered_value = $this->filter_value($filtered_value); } From b256052a39ad3ca5db5e1fa35ed5c3380dc63969 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Wed, 30 Dec 2020 18:25:21 -0300 Subject: [PATCH 010/121] refactors checking and filtering --- ...tainacan-rest-item-metadata-controller.php | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index 1ba6b2d25..ed821076d 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -375,20 +375,16 @@ class REST_Item_Metadata_Controller extends REST_Controller { private function get_metadata_value($is_multiple, $value) { $filtered_value = $value; if ($is_multiple) { - // if metadata is multiple, leave it as array - // this has to be verified before and separately than the array check + if (is_array($filtered_value)) { + $filtered_arr = array_map(function($v) { + return $this->filter_value($v); + }, $filtered_value); + + $filtered_value = $filtered_arr; + } } elseif (is_array($value)) { - $filtered_value = implode(' ', $value); - } - - if (is_array($filtered_value)) { - $filtered_arr = array_map(function($v) { - return $this->filter_value($v); - }, $filtered_value); - - $filtered_value = $filtered_arr; - } else { - $filtered_value = $this->filter_value($filtered_value); + $string_value = implode(' ', $value); + $filtered_value = $this->filter_value($string_value); } return $filtered_value; From cf0a8f3e1e80ddfb10d0df7e9d9da6ca9f86891c Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Thu, 4 Feb 2021 15:23:32 -0300 Subject: [PATCH 011/121] fix: indentation --- .../class-tainacan-item-metadata-entity.php | 264 +++++++++--------- 1 file changed, 132 insertions(+), 132 deletions(-) diff --git a/src/classes/entities/class-tainacan-item-metadata-entity.php b/src/classes/entities/class-tainacan-item-metadata-entity.php index 374af764d..968c31190 100644 --- a/src/classes/entities/class-tainacan-item-metadata-entity.php +++ b/src/classes/entities/class-tainacan-item-metadata-entity.php @@ -199,7 +199,7 @@ class Item_Metadata_Entity extends Entity { public function get_value_as_array() { $value = $this->get_value(); $primitive_type = $this->get_metadatum()->get_metadata_type_object()->get_primitive_type(); - $return = []; + $return = []; if ($this->is_multiple()) { foreach ($value as $v) { @@ -297,40 +297,40 @@ class Item_Metadata_Entity extends Entity { $as_array['item'] = $this->get_item()->_toArray(); $as_array['metadatum'] = $this->get_metadatum()->_toArray(); } - + return apply_filters('tainacan-item-metadata-to-array', $as_array, $this); - } - - /** - * Define the item - * - * @param Item $item - * @return void - */ - function set_item(Item $item = null) { - $this->item = $item; - } - - /** - * Define the metadatum value - * - * @param [integer | string] $value - * @return void - */ - function set_value($value) { - $this->value = $value; - } - - /** - * Define the metadatum - * - * @param Metadatum $metadatum - * @return void - */ - function set_metadatum(Metadatum $metadatum = null) { - $this->metadatum = $metadatum; - } + } + + /** + * Define the item + * + * @param Item $item + * @return void + */ + function set_item(Item $item = null) { + $this->item = $item; + } + + /** + * Define the metadatum value + * + * @param [integer | string] $value + * @return void + */ + function set_value($value) { + $this->value = $value; + } + + /** + * Define the metadatum + * + * @param Metadatum $metadatum + * @return void + */ + function set_metadatum(Metadatum $metadatum = null) { + $this->metadatum = $metadatum; + } /** * Set the specific meta ID for this metadata. @@ -364,102 +364,102 @@ class Item_Metadata_Entity extends Entity { } return false; } - - /** - * Return the item - * - * @return Item - */ - function get_item() { - return $this->item; - } - - /** - * Return the metadatum - * - * @return Metadatum - */ - function get_metadatum() { - return $this->metadatum; - } /** - * Return the meta_id - * - * @return Metadatum - */ - function get_meta_id() { - return isset($this->meta_id) ? $this->meta_id : null; - } + * Return the item + * + * @return Item + */ + function get_item() { + return $this->item; + } /** - * Return the meta_id - * - * @return Metadatum - */ - function get_parent_meta_id() { - return isset($this->parent_meta_id) ? $this->parent_meta_id : 0; - } - - /** - * Return the metadatum value - * - * @return string | integer - */ - function get_value() { - if (isset($this->value)) - return $this->value; - - $Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance(); - return $Tainacan_Item_Metadata->get_value($this); - } + * Return the metadatum + * + * @return Metadatum + */ + function get_metadatum() { + return $this->metadatum; + } /** - * Check wether the item has a value stored in the database or not - * - * @return bool - */ - function has_value() { - if (isset($this->has_value)) - return $this->has_value; - + * Return the meta_id + * + * @return Metadatum + */ + function get_meta_id() { + return isset($this->meta_id) ? $this->meta_id : null; + } + + /** + * Return the meta_id + * + * @return Metadatum + */ + function get_parent_meta_id() { + return isset($this->parent_meta_id) ? $this->parent_meta_id : 0; + } + + /** + * Return the metadatum value + * + * @return string | integer + */ + function get_value() { + if (isset($this->value)) + return $this->value; + + $Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance(); + return $Tainacan_Item_Metadata->get_value($this); + } + + /** + * Check wether the item has a value stored in the database or not + * + * @return bool + */ + function has_value() { + if (isset($this->has_value)) + return $this->has_value; + $value = $this->get_value(); $this->has_value = (is_array($value)) ? !empty(array_filter($value)) : !empty($value); return $this->has_value; - } - - /** - * Return true if metadatum is multiple, else return false - * - * @return boolean - */ - function is_multiple() { - return $this->get_metadatum()->is_multiple(); - } - - /** - * Return true if metadatum is key - * - * @return boolean - */ - function is_collection_key() { - return $this->get_metadatum()->is_collection_key(); - } - - /** - * Return true if metadatum is required - * - * @return boolean - */ - function is_required() { - return $this->get_metadatum()->is_required(); - } - - /** - * Returns whether metadata value is valid - * - * @return boolean - */ + } + + /** + * Return true if metadatum is multiple, else return false + * + * @return boolean + */ + function is_multiple() { + return $this->get_metadatum()->is_multiple(); + } + + /** + * Return true if metadatum is key + * + * @return boolean + */ + function is_collection_key() { + return $this->get_metadatum()->is_collection_key(); + } + + /** + * Return true if metadatum is required + * + * @return boolean + */ + function is_required() { + return $this->get_metadatum()->is_required(); + } + + /** + * Returns whether metadata value is valid + * + * @return boolean + */ function validate() { $value = $this->get_value(); $metadatum = $this->get_metadatum(); @@ -471,18 +471,18 @@ class Item_Metadata_Entity extends Entity { } if (empty($value)) { - if ($this->is_required()) { - $validation_statuses = ['publish', 'future', 'private']; - if (in_array($item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { - $this->add_error('required', $metadatum->get_name() . ' is required'); - return false; - } else { - return $this->set_as_valid(); - } - } else { - return $this->set_as_valid(); - } - } + if ($this->is_required()) { + $validation_statuses = ['publish', 'future', 'private']; + if (in_array($item->get_status(), apply_filters( 'tainacan-status-require-validation', $validation_statuses) )) { + $this->add_error('required', $metadatum->get_name() . ' is required'); + return false; + } else { + return $this->set_as_valid(); + } + } else { + return $this->set_as_valid(); + } + } $classMetadatumType = $metadatum->get_metadata_type_object(); if (is_object($classMetadatumType)) { From 26a9ca138518c9f0e9c3d0fe7d28fe8ce8694f9d Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Thu, 4 Feb 2021 16:07:33 -0300 Subject: [PATCH 012/121] feat: add test to injection HTML --- tests/test-html-injection.php | 69 +++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 tests/test-html-injection.php diff --git a/tests/test-html-injection.php b/tests/test-html-injection.php new file mode 100644 index 000000000..ee130ab7e --- /dev/null +++ b/tests/test-html-injection.php @@ -0,0 +1,69 @@ +tainacan_entity_factory->create_entity( + 'collection', + array( + 'name' => 'collection name link link2 ', + 'description' => 'collection description', + ), + true + ); + $collection = $Tainacan_Collections->fetch($collection->get_id()); + + $metadatum = $this->tainacan_entity_factory->create_entity( + 'metadatum', + array( + 'name' => 'metadatum name link', + 'description' => 'metadatum description', + 'collection' => $collection, + 'metadata_type' => 'Tainacan\Metadata_Types\Text', + ), + true + ); + $metadatum = $Tainacan_Metadata->fetch($metadatum->get_id()); + + $item = $this->tainacan_entity_factory->create_entity( + 'item', + array( + 'title' => 'title item ', + 'description' => 'description item ', + 'collection' => $collection + ), + true + ); + $item = $Tainacan_Items->fetch($item->get_id()); + + $item_metadata = new \Tainacan\Entities\Item_Metadata_Entity($item, $metadatum); + $item_metadata->set_value(""); + $item_metadata->validate(); + $item_metadata = $Tainacan_Item_Metadata->insert($item_metadata); + + $this->assertEquals($collection->get_name(), 'collection name link link2'); + $this->assertEquals($metadatum->get_name(), 'metadatum name link'); + $this->assertEquals($item->get_title(), 'title item console.log("XSS")'); + $this->assertEquals($item->get_description(), 'description item'); + $this->assertEquals($item_metadata->get_value(), "alert('XSS')"); + //test terms + } +} From 72a1f1beda5d002cd9ba57642a1a4faa644d7183 Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Thu, 4 Feb 2021 16:08:29 -0300 Subject: [PATCH 013/121] fix: remove `filter_value` on API controller --- .../api/class-tainacan-rest-controller.php | 6 ---- ...tainacan-rest-item-metadata-controller.php | 35 +++++++------------ 2 files changed, 13 insertions(+), 28 deletions(-) diff --git a/src/classes/api/class-tainacan-rest-controller.php b/src/classes/api/class-tainacan-rest-controller.php index dbde7e20e..688f272e8 100644 --- a/src/classes/api/class-tainacan-rest-controller.php +++ b/src/classes/api/class-tainacan-rest-controller.php @@ -652,10 +652,4 @@ class REST_Controller extends \WP_REST_Controller { ]; } - protected function filter_value($content) { - $allowed_html = wp_kses_allowed_html('post'); - - return wp_kses($content, $allowed_html); - } - } diff --git a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php index ed821076d..40d857c3e 100644 --- a/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php +++ b/src/classes/api/endpoints/class-tainacan-rest-item-metadata-controller.php @@ -189,8 +189,8 @@ class REST_Item_Metadata_Controller extends REST_Controller { if ($body) { $item_id = $request['item_id']; - $value = $body['values']; - $metadatum_id = $request['metadatum_id']; + $value = $body['values']; + $metadatum_id = $request['metadatum_id']; $parent_meta_id = isset( $body['parent_meta_id'] ) && $body['parent_meta_id'] > 0 ? $body['parent_meta_id'] : null; $item = $this->item_repository->fetch($item_id); @@ -198,10 +198,10 @@ class REST_Item_Metadata_Controller extends REST_Controller { $item_metadata = new Entities\Item_Metadata_Entity( $item, $metadatum, null, $parent_meta_id); - $value = $this->get_metadata_value($item_metadata->is_multiple(), $value); - $item_metadata->set_value($value); + $value = $this->get_metadata_value($item_metadata->is_multiple(), $value); + $item_metadata->set_value($value); - if ($item_metadata->validate()) { + if ($item_metadata->validate()) { if($item->can_edit()) { $updated_item_metadata = $this->item_metadata_repository->update( $item_metadata ); @@ -273,7 +273,7 @@ class REST_Item_Metadata_Controller extends REST_Controller { $endpoint_args = array_merge( $endpoint_args, $this->get_wp_query_params() - ); + ); } elseif ($method === \WP_REST_Server::EDITABLE) { $endpoint_args['values'] = [ 'type' => ['array', 'string', 'object', 'integer'], @@ -373,20 +373,11 @@ class REST_Item_Metadata_Controller extends REST_Controller { } private function get_metadata_value($is_multiple, $value) { - $filtered_value = $value; - if ($is_multiple) { - if (is_array($filtered_value)) { - $filtered_arr = array_map(function($v) { - return $this->filter_value($v); - }, $filtered_value); - - $filtered_value = $filtered_arr; - } - } elseif (is_array($value)) { - $string_value = implode(' ', $value); - $filtered_value = $this->filter_value($string_value); - } - - return $filtered_value; - } + if ($is_multiple) { + return $value; + } elseif (is_array($value)) { + return implode(' ', $value); + } + return $value; + } } From b7629d4e99599fb15c9bcf4336cb3c723a69c6f2 Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Thu, 4 Feb 2021 16:09:02 -0300 Subject: [PATCH 014/121] feat: add function `sanitize_value` #447 --- src/classes/entities/class-tainacan-item-metadata-entity.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/classes/entities/class-tainacan-item-metadata-entity.php b/src/classes/entities/class-tainacan-item-metadata-entity.php index 968c31190..4fb83faa4 100644 --- a/src/classes/entities/class-tainacan-item-metadata-entity.php +++ b/src/classes/entities/class-tainacan-item-metadata-entity.php @@ -404,7 +404,7 @@ class Item_Metadata_Entity extends Entity { /** * Return the metadatum value * - * @return string | integer + * @return string|integer|Array */ function get_value() { if (isset($this->value)) From d8a7bcd43e192ea483d3850e3f10277a89deb9c8 Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Thu, 4 Feb 2021 16:09:56 -0300 Subject: [PATCH 015/121] feat: sanitize values metadata on insert ` #447 --- .../class-tainacan-item-metadata.php | 18 +++++++++--------- .../repositories/class-tainacan-repository.php | 8 ++++++++ 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/classes/repositories/class-tainacan-item-metadata.php b/src/classes/repositories/class-tainacan-item-metadata.php index 79756099f..d82260fa9 100644 --- a/src/classes/repositories/class-tainacan-item-metadata.php +++ b/src/classes/repositories/class-tainacan-item-metadata.php @@ -25,7 +25,7 @@ class Item_Metadata extends Repository { } /** - * @param Entities\Entity $item_metadata + * @param Entities\Item_Metadata_Entity $item_metadata * * @return Entities\Entity|Entities\Item_Metadata_Entity * @throws \Exception @@ -40,8 +40,6 @@ class Item_Metadata extends Repository { do_action( 'tainacan-pre-insert', $item_metadata ); do_action( 'tainacan-pre-insert-Item_Metadata_Entity', $item_metadata ); - $new = $item_metadata->get_value(); - $unique = ! $item_metadata->is_multiple(); $metadata_type = $item_metadata->get_metadatum()->get_metadata_type_object(); @@ -70,14 +68,14 @@ class Item_Metadata extends Repository { return $item_metadata; } else { if ( $unique ) { - + $item_metadata_value = $this->sanitize_value( $item_metadata->get_value() ); if ( !is_numeric($item_metadata->get_value()) && empty( $item_metadata->get_value() ) ) { if ( $item_metadata->get_metadatum()->get_parent() > 0 ) delete_metadata_by_mid( 'post', $item_metadata->get_meta_id() ); else delete_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id() ); } elseif ( is_int( $item_metadata->get_meta_id() ) ) { - update_metadata_by_mid( 'post', $item_metadata->get_meta_id(), $item_metadata->get_value() ); + update_metadata_by_mid( 'post', $item_metadata->get_meta_id(), $item_metadata_value ); } else { /** @@ -87,10 +85,10 @@ class Item_Metadata extends Repository { * and not update an existing. This is the case of a multiple compound metadatum. */ if ( $item_metadata->get_metadatum()->get_parent() > 0 && is_null( $item_metadata->get_meta_id() ) ) { - $added_meta_id = add_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id(), wp_slash( $item_metadata->get_value() ) ); + $added_meta_id = add_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id(), wp_slash( $item_metadata_value ) ); $added_compound = $this->add_compound_value( $item_metadata, $added_meta_id ); } else { - update_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id(), wp_slash( $item_metadata->get_value() ) ); + update_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id(), wp_slash( $item_metadata_value ) ); } } @@ -105,7 +103,8 @@ class Item_Metadata extends Repository { if ( !is_numeric($value) && empty($value) ) { continue; } - add_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id(), wp_slash( $value ) ); + $item_metadata_value = $this->sanitize_value( $value ); + add_post_meta( $item_metadata->get_item()->get_id(), $item_metadata->get_metadatum()->get_id(), wp_slash( $item_metadata_value ) ); } } } @@ -142,7 +141,7 @@ class Item_Metadata extends Repository { $set_method = 'set_' . $metadata_type->get_related_mapped_prop(); $value = $item_metadata->get_value(); - $item->$set_method( is_array( $value ) ? $value[0] : $value ); + $item->$set_method( $this->sanitize_value( is_array( $value ) ? $value[0] : $value ) ); if ( $item->validate_core_metadata() ) { $Tainacan_Items = \Tainacan\Repositories\Items::get_instance(); @@ -185,6 +184,7 @@ class Item_Metadata extends Repository { $insert[] = $exists->term_id; } else { $create_term = new Entities\Term(); + $new_term = $this->sanitize_value($new_term); $create_term->set_name($new_term); $create_term->set_taxonomy( $taxonomy->get_db_identifier() ); if ($create_term->validate()) { // Item_Metadata Entity was validated before, so this should be fine diff --git a/src/classes/repositories/class-tainacan-repository.php b/src/classes/repositories/class-tainacan-repository.php index 4bb6eb580..b119b0fb0 100644 --- a/src/classes/repositories/class-tainacan-repository.php +++ b/src/classes/repositories/class-tainacan-repository.php @@ -903,5 +903,13 @@ abstract class Repository { } + protected function sanitize_value($content) { + if( is_numeric($content) || empty($content) ) { + return $content; + } + $allowed_html = wp_kses_allowed_html('post'); + return wp_kses(trim($content), $allowed_html); + } + } From a3e844cda6a4b900d25b8c9993f9554817a25338 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Thu, 4 Feb 2021 16:12:04 -0300 Subject: [PATCH 016/121] Adds option to prevent curl download error [ref https://curl.se/docs/manpage.html\#-L] --- tests/bin/install-wp-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/bin/install-wp-tests.sh b/tests/bin/install-wp-tests.sh index d2fde0e38..c78371036 100755 --- a/tests/bin/install-wp-tests.sh +++ b/tests/bin/install-wp-tests.sh @@ -16,7 +16,7 @@ SKIP_DB_CREATE=${7-false} download() { if [ `which curl` ]; then - curl -s "$1" > "$2"; + curl -s -L "$1" > "$2"; elif [ `which wget` ]; then wget -nv -O "$2" "$1" fi From 20b52992547095d9f41397ae87db985adc4dc884 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Thu, 4 Feb 2021 16:24:48 -0300 Subject: [PATCH 017/121] ignores test-generated files --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 9ca9becdb..b7f965c4b 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,5 @@ src/assets/css/tainacan-embeds.css.map src/.DS_Store src/assets/css/tainacan-gutenberg-block-dynamic-items-list.css src/assets/css/tainacan-gutenberg-block-dynamic-items-list.css.map +tests/wordpress-test +tests/wordpress-tests-lib From 0fb53b61c4e0d4c1f8da20a212c680741ff93866 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Thu, 4 Feb 2021 23:42:07 -0300 Subject: [PATCH 018/121] fix identations --- .../repositories/class-tainacan-collections.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/classes/repositories/class-tainacan-collections.php b/src/classes/repositories/class-tainacan-collections.php index 1db6b3cf1..632ffb18e 100644 --- a/src/classes/repositories/class-tainacan-collections.php +++ b/src/classes/repositories/class-tainacan-collections.php @@ -26,7 +26,7 @@ class Collections extends Repository { * {@inheritDoc} * @see \Tainacan\Repositories\Repository::get_map() */ - protected function _get_map() { + protected function _get_map() { return apply_filters( 'tainacan-get-map-' . $this->get_name(), [ 'name' => [ 'map' => 'post_title', @@ -303,10 +303,9 @@ class Collections extends Repository { * @see \Tainacan\Repositories\Repository::insert() */ public function insert( $collection ) { + $this->pre_process( $collection ); + $this->handle_parent_order_clone( $collection ); - $this->pre_process( $collection ); - - $this->handle_parent_order_clone( $collection ); $new_collection = parent::insert( $collection ); $this->handle_core_metadata( $new_collection ); @@ -389,12 +388,9 @@ class Collections extends Repository { } function pre_process( $collection ) { - $this->old_collection = $this->fetch( $collection->get_id() ); $this->old_core_title = $collection->get_core_title_metadatum(); $this->old_core_description = $collection->get_core_description_metadatum(); - - } function handle_core_metadata( $collection ) { From 4c0deb392a5e5bd9cdfc9f6d0dcf3e443e724979 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Fri, 5 Feb 2021 01:37:26 -0300 Subject: [PATCH 019/121] Disallows a HTML tag from content --- .../repositories/class-tainacan-repository.php | 7 +++++-- tests/test-html-injection.php | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/src/classes/repositories/class-tainacan-repository.php b/src/classes/repositories/class-tainacan-repository.php index b119b0fb0..ed64358f5 100644 --- a/src/classes/repositories/class-tainacan-repository.php +++ b/src/classes/repositories/class-tainacan-repository.php @@ -904,10 +904,13 @@ abstract class Repository { } protected function sanitize_value($content) { - if( is_numeric($content) || empty($content) ) { + if (is_numeric($content) || empty($content) ) { return $content; } - $allowed_html = wp_kses_allowed_html('post'); + + $allowed_html = wp_kses_allowed_html('post'); + unset($allowed_html["a"]); + return wp_kses(trim($content), $allowed_html); } diff --git a/tests/test-html-injection.php b/tests/test-html-injection.php index ee130ab7e..4113886de 100644 --- a/tests/test-html-injection.php +++ b/tests/test-html-injection.php @@ -21,6 +21,8 @@ class HTML_Injection extends TAINACAN_UnitTestCase $Tainacan_Collections = \Tainacan\Repositories\Collections::get_instance(); $Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance(); + $link = 'link'; + $collection = $this->tainacan_entity_factory->create_entity( 'collection', array( @@ -59,11 +61,17 @@ class HTML_Injection extends TAINACAN_UnitTestCase $item_metadata->validate(); $item_metadata = $Tainacan_Item_Metadata->insert($item_metadata); - $this->assertEquals($collection->get_name(), 'collection name link link2'); - $this->assertEquals($metadatum->get_name(), 'metadatum name link'); - $this->assertEquals($item->get_title(), 'title item console.log("XSS")'); - $this->assertEquals($item->get_description(), 'description item'); + // $this->assertEquals($collection->get_name(), 'collection name link link2'); + // $this->assertEquals($metadatum->get_name(), 'metadatum name link'); + // $this->assertEquals($item->get_title(), 'title item console.log("XSS")'); + // $this->assertEquals($item->get_description(), 'description item'); $this->assertEquals($item_metadata->get_value(), "alert('XSS')"); + + $item_metadata->set_value($link); + $item_metadata->validate(); + $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); + $this->assertEquals($item_metadata->get_value(), 'link'); + //test terms } } From 1b73e9659454ed2b065f58363e379e1664b13621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Fri, 5 Feb 2021 11:26:30 -0300 Subject: [PATCH 020/121] Better organizes html injection tests class --- tests/test-html-injection.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/tests/test-html-injection.php b/tests/test-html-injection.php index 4113886de..fb139b74d 100644 --- a/tests/test-html-injection.php +++ b/tests/test-html-injection.php @@ -21,7 +21,8 @@ class HTML_Injection extends TAINACAN_UnitTestCase $Tainacan_Collections = \Tainacan\Repositories\Collections::get_instance(); $Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance(); - $link = 'link'; + $link = "link"; + $js = ""; $collection = $this->tainacan_entity_factory->create_entity( 'collection', @@ -32,7 +33,8 @@ class HTML_Injection extends TAINACAN_UnitTestCase true ); $collection = $Tainacan_Collections->fetch($collection->get_id()); - + // $this->assertEquals($collection->get_name(), 'collection name link link2'); + $metadatum = $this->tainacan_entity_factory->create_entity( 'metadatum', array( @@ -44,6 +46,7 @@ class HTML_Injection extends TAINACAN_UnitTestCase true ); $metadatum = $Tainacan_Metadata->fetch($metadatum->get_id()); + // $this->assertEquals($metadatum->get_name(), 'metadatum name link'); $item = $this->tainacan_entity_factory->create_entity( 'item', @@ -55,16 +58,15 @@ class HTML_Injection extends TAINACAN_UnitTestCase true ); $item = $Tainacan_Items->fetch($item->get_id()); + // $this->assertEquals($item->get_title(), 'title item console.log("XSS")'); + // $this->assertEquals($item->get_description(), 'description item'); + // Test metadata $item_metadata = new \Tainacan\Entities\Item_Metadata_Entity($item, $metadatum); - $item_metadata->set_value(""); + $item_metadata->set_value($js); $item_metadata->validate(); $item_metadata = $Tainacan_Item_Metadata->insert($item_metadata); - // $this->assertEquals($collection->get_name(), 'collection name link link2'); - // $this->assertEquals($metadatum->get_name(), 'metadatum name link'); - // $this->assertEquals($item->get_title(), 'title item console.log("XSS")'); - // $this->assertEquals($item->get_description(), 'description item'); $this->assertEquals($item_metadata->get_value(), "alert('XSS')"); $item_metadata->set_value($link); @@ -72,6 +74,6 @@ class HTML_Injection extends TAINACAN_UnitTestCase $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); $this->assertEquals($item_metadata->get_value(), 'link'); - //test terms + // Test terms } } From 3521b1da07d0fd66ccabf1ba2ed30a981acf7da8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Fri, 5 Feb 2021 12:05:16 -0300 Subject: [PATCH 021/121] introduces new test cases --- tests/test-html-injection.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tests/test-html-injection.php b/tests/test-html-injection.php index fb139b74d..606c7d74e 100644 --- a/tests/test-html-injection.php +++ b/tests/test-html-injection.php @@ -21,8 +21,11 @@ class HTML_Injection extends TAINACAN_UnitTestCase $Tainacan_Collections = \Tainacan\Repositories\Collections::get_instance(); $Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance(); - $link = "link"; - $js = ""; + // Evil attempts + $link = "link"; + $js = ""; + $css = "my text along with some style "; + $iframe = ""; $collection = $this->tainacan_entity_factory->create_entity( 'collection', @@ -74,6 +77,16 @@ class HTML_Injection extends TAINACAN_UnitTestCase $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); $this->assertEquals($item_metadata->get_value(), 'link'); + $item_metadata->set_value($css); + $item_metadata->validate(); + $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); + $this->assertEquals($item_metadata->get_value(), 'my text along with some style a { display: none }'); + + $item_metadata->set_value($iframe); + $item_metadata->validate(); + $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); + $this->assertEquals($item_metadata->get_value(), ''); + // Test terms } } From c094e2393a7d12e6c58ee2191dd20ae74dab0662 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodrigo=20Guimara=CC=83es?= Date: Fri, 5 Feb 2021 12:25:52 -0300 Subject: [PATCH 022/121] Adds tests for allowed tags --- tests/test-html-injection.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/test-html-injection.php b/tests/test-html-injection.php index 606c7d74e..d1fa932cd 100644 --- a/tests/test-html-injection.php +++ b/tests/test-html-injection.php @@ -27,6 +27,10 @@ class HTML_Injection extends TAINACAN_UnitTestCase $css = "my text along with some style "; $iframe = ""; + // Accepted formatting + $strong = "I have some info to tell the world. And I can bold it "; + $html = "

Main Info

sub title

My structure description

and another paragraph

"; + $collection = $this->tainacan_entity_factory->create_entity( 'collection', array( @@ -87,6 +91,16 @@ class HTML_Injection extends TAINACAN_UnitTestCase $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); $this->assertEquals($item_metadata->get_value(), ''); + $item_metadata->set_value($strong); + $item_metadata->validate(); + $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); + $this->assertEquals($item_metadata->get_value(), $strong); + + $item_metadata->set_value($html); + $item_metadata->validate(); + $item_metadata = $Tainacan_Item_Metadata->update($item_metadata); + $this->assertEquals($item_metadata->get_value(), $html); + // Test terms } } From 1a2b45ec61d11221b0e9de8b5e1728935e14b230 Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Sat, 27 Feb 2021 11:21:26 -0300 Subject: [PATCH 023/121] feat: disable BD auto commit while insert/update itemMetadata on importer #457 --- src/classes/importer/class-tainacan-csv.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/classes/importer/class-tainacan-csv.php b/src/classes/importer/class-tainacan-csv.php index 9ec075637..3980c04af 100644 --- a/src/classes/importer/class-tainacan-csv.php +++ b/src/classes/importer/class-tainacan-csv.php @@ -677,14 +677,13 @@ class CSV extends Importer { $Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance(); $Tainacan_Items = \Tainacan\Repositories\Items::get_instance(); - // $Tainacan_Items->disable_logs(); - // $Tainacan_Metadata->disable_logs(); - // $Tainacan_Item_Metadata->disable_logs(); $itemMetadataArray = []; $updating_item = false; + $Tainacan_Items->disable_logs(); + $Tainacan_Metadata->disable_logs(); $Tainacan_Item_Metadata->disable_logs(); if ( is_numeric($this->get_transient('item_id')) ) { $item = $Tainacan_Items->fetch( (int) $this->get_transient('item_id') ); @@ -787,7 +786,8 @@ class CSV extends Importer { $this->add_error_log( $item->get_errors() ); return false; } - + global $wpdb; + $wpdb->query( 'SET autocommit = 0;' ); foreach ( $itemMetadataArray as $itemMetadata ) { if($itemMetadata instanceof Entities\Item_Metadata_Entity ) { $itemMetadata->set_item( $insertedItem ); // *I told you @@ -826,6 +826,8 @@ class CSV extends Importer { // $this->add_error_log( 'Item ' . $insertedItem->get_id() . ' has an error' ); //} } + $wpdb->query( 'COMMIT;' ); + $wpdb->query( 'SET autocommit = 1;' ); if ( ! $updating_item ) { $insertedItem->set_status('publish' ); From c38794754833c3a8b7e5e12e3a98969c72b28e56 Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Sat, 27 Feb 2021 11:21:54 -0300 Subject: [PATCH 024/121] feat: add debug on BG process #457 --- src/classes/libs/wp-background-process.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/classes/libs/wp-background-process.php b/src/classes/libs/wp-background-process.php index 10ba39134..0f0ea6e73 100644 --- a/src/classes/libs/wp-background-process.php +++ b/src/classes/libs/wp-background-process.php @@ -226,6 +226,7 @@ $this->debug('process already running'); return true; } + $this->debug('process not already running'); return false; } From 7b6ed432ef2c0096e7910d78ea683cfb5b1fa37c Mon Sep 17 00:00:00 2001 From: vnmedeiros Date: Sat, 27 Feb 2021 11:22:44 -0300 Subject: [PATCH 025/121] fix: test if log is enabled #457 --- src/classes/repositories/class-tainacan-logs.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/classes/repositories/class-tainacan-logs.php b/src/classes/repositories/class-tainacan-logs.php index 55f3bc6af..075e0f973 100644 --- a/src/classes/repositories/class-tainacan-logs.php +++ b/src/classes/repositories/class-tainacan-logs.php @@ -260,6 +260,10 @@ class Logs extends Repository { $collection_id = method_exists($entity, 'get_collection_id') ? $entity->get_collection_id() : 'default'; + if ( method_exists($entity, 'get_repository') && !$entity->get_repository()->use_logs ) { + return; + } + if ( $entity instanceof Entities\Collection ) { $collection_id = $entity->get_id(); $log->set_title( sprintf( __( 'New file was attached to Collection "%s"', 'tainacan'), $entity->get_name() ) ); @@ -272,15 +276,11 @@ class Logs extends Repository { $object_type = get_class($entity); $object_id = $entity->get_id(); - $diff = []; - $log->set_collection_id($collection_id); $log->set_object_type($object_type); $log->set_object_id($object_id); $log->set_action('new-attachment'); - $title = __( sprintf('') , 'tainacan'); - $prepared = [ 'id' => $attachment->ID, 'title' => $attachment->post_title, @@ -313,7 +313,9 @@ class Logs extends Repository { $entity = Repository::get_entity_by_post( $entity_post ); if ( $entity ) { - + if ( method_exists($entity, 'get_repository') && !$entity->get_repository()->use_logs ) { + return; + } $collection_id = method_exists($entity, 'get_collection_id') ? $entity->get_collection_id() : 'default'; $log = new Entities\Log(); From d3911c4c66bc32c9fad496f23bf123aa64469864 Mon Sep 17 00:00:00 2001 From: mateuswetah Date: Tue, 2 Mar 2021 17:41:59 -0300 Subject: [PATCH 026/121] Begins implementaion of function to render media component #499 --- src/classes/theme-helper/template-tags.php | 74 ++++++++++++++++++++-- 1 file changed, 68 insertions(+), 6 deletions(-) diff --git a/src/classes/theme-helper/template-tags.php b/src/classes/theme-helper/template-tags.php index 448b3fe36..bf560e2b5 100644 --- a/src/classes/theme-helper/template-tags.php +++ b/src/classes/theme-helper/template-tags.php @@ -17,17 +17,11 @@ use \Tainacan\Repositories; * Optional. Array or string of arguments. * * @type mixed $metadata Metadatum object, ID or slug to retrieve only one metadatum. empty returns all metadata - * * @type array $metadata__in Array of metadata IDs or Slugs to be retrieved. Default none - * * @type array $metadata__not_in Array of metadata IDs (slugs not accepted) to excluded. Default none - * * @type bool $exclude_title Exclude the Core Title Metadata from result. Default false - * * @type bool $exclude_description Exclude the Core Description Metadata from result. Default false - * * @type bool $exclude_core Exclude Core Metadata (title and description) from result. Default false - * * @type bool $hide_empty Wether to hide or not metadata the item has no value to * Default: true * @type string $before String to be added before each metadata block @@ -219,6 +213,73 @@ function tainacan_the_collection_description() { echo tainacan_get_the_collection_description(); } +/** + * Tainacan Gallery component, used to render document, attachments and other files + * + * @return string + */ +function tainacan_the_media_component($media_items, $args) { + echo tainacan_get_the_media_component($media_items, $args); +} + + +/** + * Tainacan Gallery component, used to render document, attachments and other files + * + * @param array $media_items Array of media items to be rendered inside the carousel. Default to empty array + * @param array|string $args { + * Optional. Array of arguments. + * + * @type bool $render_main_gallery Render a main gallery bellow the thumbnails carousel. Default false. + * @type string $before_main_div String to be added before the main gallery div + * @type string $after_main_div String to be added after the main gallery div + * @type string $before_thumbs_div String to be added before the thumbs gallery div + * @type string $after_thumbs_div String to be added after the thumbs gallery div + * @type string $before_main_ul String to be added before the main gallery ul + * @type string $after_main_ul String to be added after the main gallery ul + * @type string $before_thumbs_ul String to be added before the thumbs gallery ul + * @type string $after_thumbs_ul String to be added after the thumbs gallery ul + * @type string $class_main_div Class to be added to the main gallery div + * @type string $class_main_ul Class to be added to the main gallery ul + * @type string $class_main_li Class to be added to the main gallery li + * @type string $class_thumbs_div Class to be added to the thumbs gallery div + * @type string $class_thumbs_ul Class to be added to the thumbs gallery ul + * @type string $class_thumbs_li Class to be added to the thumbs gallery li + * } + * @return string + */ +function tainacan_get_the_media_component($media_items = array(), $args = array()) { +?> + + + +
+ +
    + +
  • + +
    • + +
+ +
+ + + + +
+ +
    +
  • + TESTEEE +
    • +
+ +
+ +get_tainacan_items_list($args); + //TEST: tainacan_the_media_component(['a', 'b', 'c true, 'class_main_div' => 'teste']); } /** From da99673585e0b0517f9062fdf7415a63513b886a Mon Sep 17 00:00:00 2001 From: mateuswetah Date: Wed, 3 Mar 2021 10:59:48 -0300 Subject: [PATCH 027/121] Adds function to render photoswipe layer and basic enqueus #499 --- src/classes/theme-helper/template-tags.php | 104 +++++- src/views/admin/js/media-component.js | 371 +++++++++++++++++++++ webpack.common.js | 1 + 3 files changed, 469 insertions(+), 7 deletions(-) create mode 100644 src/views/admin/js/media-component.js diff --git a/src/classes/theme-helper/template-tags.php b/src/classes/theme-helper/template-tags.php index bf560e2b5..1c9de92be 100644 --- a/src/classes/theme-helper/template-tags.php +++ b/src/classes/theme-helper/template-tags.php @@ -249,8 +249,21 @@ function tainacan_the_media_component($media_items, $args) { * @return string */ function tainacan_get_the_media_component($media_items = array(), $args = array()) { + global $TAINACAN_BASE_URL; + + // Modal layer for rendering photoswipe + echo tainacan_get_the_media_modal_layer(); + + //Necessary enqueues for the media component + wp_enqueue_style( 'swiper', 'https://unpkg.com/swiper/swiper-bundle.min.css', array(), TAINACAN_VERSION); + wp_enqueue_script( 'swiper', 'https://unpkg.com/swiper/swiper-bundle.min.js', array(), TAINACAN_VERSION, true ); + wp_enqueue_style( 'photoswipe', 'https://cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/photoswipe.min.css', array(), TAINACAN_VERSION); + wp_enqueue_style( 'photoswipe-skin', 'https://cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/default-skin/default-skin.min.css', array(), TAINACAN_VERSION); + wp_enqueue_script( 'photoswipe', 'https://cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/photoswipe.min.js', array(), TAINACAN_VERSION, true ); + wp_enqueue_script( 'photoswipe-skin', 'https://cdnjs.cloudflare.com/ajax/libs/photoswipe/4.1.3/photoswipe-ui-default.min.js', array(), TAINACAN_VERSION, true ); + wp_enqueue_script( 'tainacan-media-component', $TAINACAN_BASE_URL . '/assets/js/media_component.js', ['swiper', 'photoswipe', 'photoswipe-skin'], TAINACAN_VERSION, true ); ?> - +
@@ -258,7 +271,7 @@ function tainacan_get_the_media_component($media_items = array(), $args = array(
  • - + ID) ?>
@@ -271,13 +284,89 @@ function tainacan_get_the_media_component($media_items = array(), $args = array(
    -
  • - TESTEEE -
    • + +
  • + ID) ?> +
    • +
+ + + + get_tainacan_items_list($args); - //TEST: tainacan_the_media_component(['a', 'b', 'c true, 'class_main_div' => 'teste']); + // echo $theme_helper->get_tainacan_items_list($args); + $attachments = tainacan_get_the_attachments(); + tainacan_the_media_component($attachments, ['render_main_gallery' => true, 'class_main_div' => 'teste']); } /** diff --git a/src/views/admin/js/media-component.js b/src/views/admin/js/media-component.js new file mode 100644 index 000000000..ea2ead5ae --- /dev/null +++ b/src/views/admin/js/media-component.js @@ -0,0 +1,371 @@ +// TAINACAN MEDIA GALLERY -------------------------------------------------------- +// +// Counts on some markup to make a list of media link be displayed +// as a carousel with a lightbox. It can be used in two modes: + +/* + +-- MODE 1 ---- Carousel of thumbnails only ---------------------------------------- + +
+