diff --git a/src/admin/class-footnotes-admin.php b/src/admin/class-footnotes-admin.php index 05f1ad8..2809853 100644 --- a/src/admin/class-footnotes-admin.php +++ b/src/admin/class-footnotes-admin.php @@ -1,56 +1,62 @@ get_sections() as $l_arr_section ) { @@ -174,10 +215,12 @@ abstract class Footnotes_Layout_Engine { } /** - * Registers all Meta boxes for a sub page. + * Registers all Meta boxes for a sub-page. * - * @since 1.5.0 - * @param string $p_str_parent_id Parent section unique id. + * @access private + * @param string $p_str_parent_id Parent section unique ID. + * + * @since 1.5.0 */ private function register_meta_boxes( $p_str_parent_id ) { // Iterate through each meta box. @@ -196,12 +239,14 @@ abstract class Footnotes_Layout_Engine { } /** - * Append javascript and css files for specific sub page. + * Append JavaScript and CSS files for specific sub-page. + * + * @access private * * @since 1.5.0 + * @todo Move to {@see Footnotes_Admin}. */ private function append_scripts() { - // TODO: Move to `Footnotes_Admin`. wp_enqueue_script( 'postbox' ); wp_enqueue_style( 'wp-color-picker' ); wp_enqueue_script( 'wp-color-picker' ); @@ -209,15 +254,14 @@ abstract class Footnotes_Layout_Engine { // phpcs:disable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing /** - * Displays the content of specific sub page. + * Displays the content of specific sub-page. * * @since 1.5.0 + * @todo Review nonce verification. */ public function display_content() { $this->append_scripts(); - // TODO: add nonce verification. - // Get the current section. reset( $this->a_arr_sections ); $l_str_active_section_id = isset( $_GET['t'] ) ? wp_unslash( $_GET['t'] ) : key( $this->a_arr_sections ); @@ -276,14 +320,17 @@ abstract class Footnotes_Layout_Engine { echo '});'; echo ''; } - // phpcs:enable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing + // phpcs:enable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing // phpcs:disable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing /** - * Save all Plugin settings. + * Save all plugin settings. * - * @since 1.5.0 - * @return bool + * @access private + * @return bool `true` on save success, else `false`. + * + * @since 1.5.0 + * @todo Review nonce verification. */ private function save_settings() { $l_arr_new_settings = array(); @@ -309,35 +356,31 @@ abstract class Footnotes_Layout_Engine { // phpcs:enable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing /** - * Output the Description of a section. May be overwritten in any section. + * Output the description of a section. May be overwritten in any section. * - * @since 1.5.0 + * @since 1.5.0 + * @todo Required? Should be `abstract`? */ public function description() { // Default no description will be displayed. } /** - * Loads specific setting and returns an array with the keys [id, name, value]. + * Loads a specified setting. * - * @since 1.5.0 - * @param string $p_str_setting_key_name Settings Array key name. - * @return array Contains Settings ID, Settings Name and Settings Value. + * @access protected + * @param string $p_str_setting_key_name Setting key. + * @return array { + * A configurable setting. * - * @since 2.5.11 Remove escapement function. - * When refactoring the codebase after 2.5.8, all and every output was escaped. - * After noticing that the plugin was broken, all escapement functions were removed. - * @link https://github.com/markcheret/footnotes/pull/50/commits/25c3f2f12eb5de1079e9215bf624ec4289b095a5 - * @link https://github.com/markcheret/footnotes/pull/50#issuecomment-787624123 - * In that process, this instance of esc_attr() was removed too, so the plugin was - * broken again. - * @link https://github.com/markcheret/footnotes/pull/50/commits/25c3f2f12eb5de1079e9215bf624ec4289b095a5#diff-a8ed6e859c32a18fc10bbbad3b4dd8ce7f43f2378d29471c7638e314ab30f1bdL349-L354 + * @type string $id Setting key. + * @type string $name Setting name. + * @type string $value Setting value. + * } * - * @since 2.5.15 To fix it, the data was escaped in add_select_box() instead. - * @since 2.6.1 Restore esc_attr() in load_setting(). - * @see add_select_box() - * This is the only instance of esc_|kses|sanitize in the pre-2.5.11 codebase. - * Removing this did not fix the quotation mark backslash escapement bug. + * @since 1.5.0 + * @since 2.5.11 Broken due to accidental removal of `esc_attr()` call. + * @since 2.6.1 Restore `esc_attr()` call. */ protected function load_setting( $p_str_setting_key_name ) { // Get current section. @@ -348,45 +391,31 @@ abstract class Footnotes_Layout_Engine { $p_arr_return['value'] = esc_attr( Footnotes_Settings::instance()->get( $p_str_setting_key_name ) ); return $p_arr_return; } - + /** - * Returns a line break to start a new line. + * Returns a simple text inside HTML `` element. + * + * @access protected + * @param string $p_str_text Message to be surrounded with `` tags. + * @return string * * @since 1.5.0 - * @return string - */ - protected function add_newline() { - return '
'; - } - - /** - * Returns a line break to have a space between two lines. - * - * @since 1.5.0 - * @return string - */ - protected function add_line_space() { - return '

'; - } - - /** - * Returns a simple text inside html text. - * - * @since 1.5.0 - * @param string $p_str_text Message to be surrounded with simple html tag (span). - * @return string + * @todo Refactor HTML generation. */ protected function add_text( $p_str_text ) { return sprintf( '%s', $p_str_text ); } /** - * Returns the html tag for an input/select label. + * Returns the HTML tag for an ``/`` element. + * + * @access protected + * @param string $p_str_setting_name Setting key. + * @param int $p_str_max_length Maximum length of the input. Default length 999 chars. + * @param bool $p_bool_readonly Set the input to be read only. Default `false`. + * @param bool $p_bool_hidden Set the input to be hidden. Default `false`. + * @return string * * @since 1.5.0 - * @param string $p_str_setting_name Name of the Settings key to pre load the input field. - * @param int $p_str_max_length Maximum length of the input, default 999 characters. - * @param bool $p_bool_readonly Set the input to be read only, default false. - * @param bool $p_bool_hidden Set the input to be hidden, default false. - * @return string + * @todo Refactor HTML generation. */ protected function add_text_box( $p_str_setting_name, $p_str_max_length = 999, $p_bool_readonly = false, $p_bool_hidden = false ) { $l_str_style = ''; @@ -435,11 +468,14 @@ abstract class Footnotes_Layout_Engine { } /** - * Returns the html tag for an input [type = checkbox]. + * Constructs the HTML for a checkbox `` element. + * + * @access protected + * @param string $p_str_setting_name Setting key. + * @return string * * @since 1.5.0 - * @param string $p_str_setting_name Name of the Settings key to pre load the input field. - * @return string + * @todo Refactor HTML generation. */ protected function add_checkbox( $p_str_setting_name ) { // Collect data for given settings field. @@ -453,21 +489,15 @@ abstract class Footnotes_Layout_Engine { } /** - * Returns the html tag for a select box. + * Constructs the HTML for a `