audit clean-up

add 'no dates' logic
This commit is contained in:
2026-02-22 19:05:49 -08:00
parent 999c2cc866
commit 9bb2171b92
9 changed files with 291 additions and 76 deletions
+16 -6
View File
@@ -406,8 +406,8 @@ Headers: X-HSSM-API-Key: your-api-key</code></pre>
add_settings_error( 'hssm_settings', 'api_key_generated', __( 'New API key generated successfully.', 'hi-school-slide-manager' ), 'success' );
}
// Handle API key deletion
if ( isset( $_POST['delete_api_key'] ) && isset( $_POST['api_key_index'] ) ) {
// Handle API key deletion (only when delete was explicitly triggered via JS with index)
if ( ! empty( $_POST['delete_api_key'] ) && isset( $_POST['api_key_index'] ) && $_POST['api_key_index'] !== '' ) {
$api_keys = get_option( 'hssm_api_keys', array() );
$index = (int) $_POST['api_key_index'];
if ( isset( $api_keys[ $index ] ) ) {
@@ -511,6 +511,8 @@ Headers: X-HSSM-API-Key: your-api-key</code></pre>
if ( empty( $api_keys ) ) {
echo '<p>' . __( 'No API keys generated yet.', 'hi-school-slide-manager' ) . '</p>';
} else {
echo '<input type="hidden" name="api_key_index" id="hssm-delete-api-key-index" value="" />';
echo '<input type="hidden" name="delete_api_key" id="hssm-delete-api-key-flag" value="0" />';
echo '<table class="widefat">';
echo '<thead><tr><th>' . __( 'API Key', 'hi-school-slide-manager' ) . '</th><th>' . __( 'Actions', 'hi-school-slide-manager' ) . '</th></tr></thead>';
echo '<tbody>';
@@ -519,9 +521,8 @@ Headers: X-HSSM-API-Key: your-api-key</code></pre>
echo '<tr>';
echo '<td><code>' . esc_html( $key ) . '</code></td>';
echo '<td>';
echo '<button type="button" class="button copy-api-key" data-key="' . esc_attr( $key ) . '">' . __( 'Copy', 'hi-school-slide-manager' ) . '</button> ';
echo '<button type="submit" name="delete_api_key" value="1" class="button button-link-delete" onclick="return confirm(\'' . esc_js( __( 'Are you sure you want to delete this API key?', 'hi-school-slide-manager' ) ) . '\')">' . __( 'Delete', 'hi-school-slide-manager' ) . '</button>';
echo '<input type="hidden" name="api_key_index" value="' . esc_attr( $index ) . '" />';
echo '<button type="button" class="button copy-api-key" data-key="' . esc_attr( $key ) . '">' . __( 'Copy', 'hi-school-slide-manager' ) . '</button> ';
echo '<button type="button" class="button button-link-delete hssm-delete-api-key" data-index="' . esc_attr( $index ) . '">' . __( 'Delete', 'hi-school-slide-manager' ) . '</button>';
echo '</td>';
echo '</tr>';
}
@@ -534,7 +535,7 @@ Headers: X-HSSM-API-Key: your-api-key</code></pre>
echo '</div>';
// Add JavaScript for copy functionality
// Add JavaScript for copy and delete functionality
?>
<script>
jQuery(document).ready(function($) {
@@ -544,6 +545,15 @@ Headers: X-HSSM-API-Key: your-api-key</code></pre>
alert("API key copied to clipboard!");
});
});
$(".hssm-delete-api-key").on("click", function() {
if (! confirm("<?php echo esc_js( __( 'Are you sure you want to delete this API key?', 'hi-school-slide-manager' ) ); ?>")) {
return;
}
var index = $(this).data("index");
$("#hssm-delete-api-key-index").val(index);
$("#hssm-delete-api-key-flag").val("1");
$(this).closest("form").submit();
});
});
</script>
<?php
+52 -41
View File
@@ -59,12 +59,6 @@ class HSSM_Frontend {
add_action( 'wp_ajax_hssm_get_notification_settings', array( $this, 'ajax_get_notification_settings' ) );
add_action( 'wp_ajax_hssm_save_notification_settings', array( $this, 'ajax_save_notification_settings' ) );
// Test handler to verify AJAX is working
add_action( 'wp_ajax_hssm_test', array( $this, 'ajax_test' ) );
add_action( 'wp_ajax_nopriv_hssm_test', array( $this, 'ajax_test' ) );
// Debug: Log that handlers are being registered
error_log( 'HSSM: AJAX handlers registered including hssm_get_slides' );
// Frontend assets
add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_assets' ) );
@@ -297,8 +291,7 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_upload_image() {
// Verify nonce and permissions
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! current_user_can( 'upload_files' ) ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! current_user_can( 'upload_files' ) ) {
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
return;
}
@@ -332,8 +325,7 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_preview_slides() {
// Verify nonce and permissions
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! current_user_can( 'read' ) ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! current_user_can( 'read' ) ) {
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
return;
}
@@ -347,9 +339,21 @@ class HSSM_Frontend {
$meta_query = array(
'relation' => 'AND',
array(
'key' => '_hssm_start_date',
'value' => $date,
'compare' => '<=',
'relation' => 'OR',
array(
'key' => '_hssm_start_date',
'value' => '',
'compare' => '=',
),
array(
'key' => '_hssm_start_date',
'value' => $date,
'compare' => '<=',
),
array(
'key' => '_hssm_start_date',
'compare' => 'NOT EXISTS',
),
),
array(
'relation' => 'OR',
@@ -406,9 +410,9 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_save_slide() {
// Verify nonce and permissions
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
return;
}
// Sanitize and validate input
@@ -678,7 +682,7 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_get_slides() {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
return;
}
@@ -855,13 +859,12 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_approve_slide() {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
return;
}
error_log( 'Approve slide AJAX called' );
if ( empty( $_POST['slide_id'] ) ) {
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
return;
}
@@ -918,28 +921,19 @@ class HSSM_Frontend {
}
}
/**
* Test AJAX handler to verify AJAX is working
*
* @since 1.0.0
*/
public function ajax_test() {
error_log( 'AJAX TEST HANDLER CALLED - SUCCESS!' );
wp_send_json_success( array( 'message' => 'AJAX is working!' ) );
}
/**
* AJAX handler for deleting slides
*
* @since 1.0.0
*/
public function ajax_delete_slide() {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
return;
}
if ( empty( $_POST['slide_id'] ) ) {
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
return;
}
$slide_id = intval( $_POST['slide_id'] );
@@ -970,12 +964,13 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_update_slide() {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) ) {
wp_send_json_error( array( 'message' => 'Nonce verification failed' ) );
return;
}
if ( empty( $_POST['slide_id'] ) ) {
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
return;
}
$slide_id = intval( $_POST['slide_id'] );
@@ -1281,12 +1276,14 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_duplicate_slide() {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
return;
}
if ( empty( $_POST['slide_id'] ) ) {
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
return;
}
$original_id = intval( $_POST['slide_id'] );
@@ -1328,12 +1325,14 @@ class HSSM_Frontend {
* @since 1.0.0
*/
public function ajax_toggle_slide_status() {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'hssm_dashboard_nonce' ) || ! $this->check_dashboard_access() ) {
wp_send_json_error( array( 'message' => 'Unauthorized' ) );
return;
}
if ( empty( $_POST['slide_id'] ) ) {
if ( ! isset( $_POST['slide_id'] ) || '' === trim( (string) $_POST['slide_id'] ) ) {
wp_send_json_error( array( 'message' => 'Slide ID is required' ) );
return;
}
$slide_id = intval( $_POST['slide_id'] );
@@ -1454,13 +1453,25 @@ class HSSM_Frontend {
$date_param = isset( $_GET['hssm_date'] ) ? sanitize_text_field( $_GET['hssm_date'] ) : current_time( 'Y-m-d' );
$site_param = isset( $_GET['hssm_site'] ) ? sanitize_text_field( $_GET['hssm_site'] ) : '';
// Apply Meta Query for Date
// Apply Meta Query for Date (evergreen: no start/end = always show)
$meta_query = array(
'relation' => 'AND',
array(
'key' => '_hssm_start_date',
'value' => $date_param,
'compare' => '<=',
'relation' => 'OR',
array(
'key' => '_hssm_start_date',
'value' => '',
'compare' => '=',
),
array(
'key' => '_hssm_start_date',
'value' => $date_param,
'compare' => '<=',
),
array(
'key' => '_hssm_start_date',
'compare' => 'NOT EXISTS',
),
),
array(
'relation' => 'OR',
+4
View File
@@ -472,6 +472,9 @@ class HSSM_Main {
*/
private static function remove_plugin_options() {
$options = array(
'hssm_plugin_mode',
'hssm_api_url',
'hssm_client_site_slug',
'hssm_notification_emails',
'hssm_default_slide_duration',
'hssm_cache_duration',
@@ -479,6 +482,7 @@ class HSSM_Main {
'hssm_preview_page_slug',
'hssm_manager_page_slug',
'hssm_api_keys',
'hssm_notification_settings',
);
foreach ( $options as $option ) {
+8 -6
View File
@@ -378,18 +378,20 @@ class HSSM_REST_API {
return null;
}
$sizes = array( 'full', 'large', 'medium', 'thumbnail' );
$sizes_data = array();
foreach ( $sizes as $size ) {
$src = wp_get_attachment_image_src( $thumbnail_id, $size );
$sizes_data[ $size ] = ( $src && isset( $src[0] ) ) ? $src[0] : $image_data[0];
}
return array(
'id' => $thumbnail_id,
'url' => $image_data[0],
'width' => $image_data[1],
'height' => $image_data[2],
'alt' => get_post_meta( $thumbnail_id, '_wp_attachment_image_alt', true ),
'sizes' => array(
'full' => wp_get_attachment_image_src( $thumbnail_id, 'full' )[0],
'large' => wp_get_attachment_image_src( $thumbnail_id, 'large' )[0],
'medium' => wp_get_attachment_image_src( $thumbnail_id, 'medium' )[0],
'thumbnail' => wp_get_attachment_image_src( $thumbnail_id, 'thumbnail' )[0],
),
'sizes' => $sizes_data,
);
}
+2 -2
View File
@@ -109,7 +109,6 @@ class HSSM_Slides_CPT {
'supports' => array( 'title', 'editor', 'thumbnail', 'excerpt' ),
'show_in_rest' => true,
'rest_base' => 'slides',
'rest_controller_class' => 'HSSM_REST_Slides_Controller',
);
register_post_type( self::POST_TYPE, $args );
@@ -927,7 +926,8 @@ class HSSM_Slides_CPT {
*/
public function ajax_update_slide_order() {
// Verify nonce and permissions
if ( ! wp_verify_nonce( $_POST['nonce'], 'hssm_update_slide_order' ) || ! current_user_can( 'edit_posts' ) ) {
$nonce = isset( $_POST['nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['nonce'] ) ) : '';
if ( ! wp_verify_nonce( $nonce, 'hssm_update_slide_order' ) || ! current_user_can( 'edit_posts' ) ) {
wp_send_json_error( 'Unauthorized' );
}