191 test helper php 81 improvements #192
Conversation
0fb73ac
to
4310295
Compare
.gitignore
Outdated
|
|
||
| .vscode/ |
There was a problem hiding this comment.
I think this can live in the upper section next to say .idea (from PHPStorm) just fine?
src/downgrader.php
Outdated
| @@ -58,7 +58,8 @@ public function handle_submit() { | |||
| return; | |||
| } | |||
|
|
|||
| $target_version = \filter_var( \wp_unslash( $_POST['target_version'] ) ); | |||
| $target_version = ( isset( $_POST['target_version'] ) ) ? \sanitize_text_field( \wp_unslash( $_POST['target_version'] ) ) : null; | |||
There was a problem hiding this comment.
I think you want to add a is_string check here too. I'm not sure unslash and sanitize text field like operating on non-strings.
Also, the null fallback does not seem compatible with the downgrade method! What did you want to achieve?
src/plugin-toggler.php
Outdated
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- The nonce is verified above. | ||
| $group = ( isset( $_GET['group'] ) ) ? \sanitize_text_field( \wp_unslash( $_GET['group'] ) ) : null; | ||
| // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- The nonce is verified above. | ||
| $plugin = ( isset( $_GET['plugin'] ) ) ? \sanitize_text_field( \wp_unslash( $_GET['plugin'] ) ) : null; |
There was a problem hiding this comment.
Same as above, about the is_string. As well as using null as fallback, that does not seem compatible with the methods they are passed too.
src/plugin-toggler.php
Outdated
| @@ -422,7 +424,7 @@ private function deactivate_plugin_group( $group ) { | |||
| */ | |||
| private function verify_nonce() { | |||
| // Get the nonce value. | |||
| $ajax_nonce = \filter_input( \INPUT_GET, 'ajax_nonce' ); | |||
| $ajax_nonce = isset( $_GET['ajax_nonce'] ) ? sanitize_text_field( wp_unslash( $_GET['ajax_nonce'] ) ) : null; | |||
There was a problem hiding this comment.
In this case I think we can just check isset and then pass it to the nonce.
wp_verify_nonce does a (string) and hash_equals, which I think takes care of the need to is_string and sanitize_text_field and possibly the wp_unslash.
But as said in another PR, I'm not entirely sure on this 😅
src/schema.php
Outdated
| $is_needed_breadcrumb = $this->validate_submit( \filter_input( \INPUT_POST, 'is_needed_breadcrumb' ) ); | ||
| $is_needed_webpage = $this->validate_submit( \filter_input( \INPUT_POST, 'is_needed_webpage' ) ); | ||
| if ( isset( $_POST['is_needed_breadcrumb'] ) ) { | ||
| $is_needed_breadcrumb = \sanitize_text_field( \wp_unslash( $_POST['is_needed_breadcrumb'] ) ); |
There was a problem hiding this comment.
validate_submit method is strict comparing only. Seems like we do not need sanitize_text_field here.
src/schema.php
Outdated
| $this->option->set( 'is_needed_breadcrumb', $is_needed_breadcrumb ); | ||
| $this->option->set( 'is_needed_webpage', $is_needed_webpage ); | ||
| if ( isset( $_POST['is_needed_webpage'] ) ) { | ||
| $is_needed_webpage = \sanitize_text_field( \wp_unslash( $_POST['is_needed_webpage'] ) ); |
There was a problem hiding this comment.
Same as above: validate_submit method is strict comparing only. Seems like we do not need sanitize_text_field here.
Co-authored-by: Igor <[email protected]>
Co-authored-by: Igor <[email protected]>
a9d93f7
to
d707698
Compare
Co-authored-by: Igor <[email protected]>
Co-authored-by: Igor <[email protected]>
Co-authored-by: Igor <[email protected]>
Co-authored-by: Igor <[email protected]>
There was a problem hiding this comment.
CR & AC ✅
About the test instructions:
- Saving refreshes the page already
- The plugin toggler functionality doesn't seem to work anymore, but that is unrelated to this PR. I'm pretty sure it is obsolete since we made it so that both plugins are active at the same time. It used to be that Premium totally included Free. I added a draft issue on our tech debt board.
Summary
This PR can be summarized in the following changelog entry:
filter_inputandfilter_varfor PHP 8.1.Relevant technical choices:
Go to
Tools->Yoast Testand check the following:Domain dropdown
Domain dropdowncard and change tolocal.Downgrade Yoast SEO
Downgrade Yoast SEOand add a previous version and save.Inline script
Inline scriptcard and check the checkbox.Scriptboxconsole.log('test');and save.Scriptbox and disable the Inline script and save.Plugin toggler
Plugin togglercard and enable.Schema
Schemacard and select different option forInfluence the Breadcrumb Graph piece.Influence the WebPage Graph pieceand save.XML Sitemaps
XML Sitemapsand check the checkbox.Milestone
Test instructions
Test instructions for the acceptance test before the PR gets merged
This PR can be acceptance tested by following these steps:
Test instructions for QA when the code is in the RC
QA can test this PR by following these steps:
Fixes #191