From 35b6d5592b75f4a8f16292ee6a88dbf81ce0efcb Mon Sep 17 00:00:00 2001
From: Stefan Kalscheuer <stefan@stklcode.de>
Date: Sat, 27 Oct 2018 19:05:09 +0200
Subject: [PATCH] Cleaned up labels and added PHPCS rule for settings view

---
 phpcs.xml               |   3 +-
 views/settings-page.php | 140 ++++++++++++++++++++--------------------
 2 files changed, 73 insertions(+), 70 deletions(-)

diff --git a/phpcs.xml b/phpcs.xml
index ff901cc..b317a5b 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -6,8 +6,9 @@
 	<arg name="colors"/>
 
 	<!-- Files to sniff -->
-	<file>inc</file>
 	<file>statify-blacklist.php</file>
+	<file>inc</file>
+	<file>views</file>
 
 	<!-- Compliance with WordPress Coding Standard -->
 	<config name="minimum_supported_wp_version" value="4.7"/>
diff --git a/views/settings-page.php b/views/settings-page.php
index 2213995..e2a210b 100755
--- a/views/settings-page.php
+++ b/views/settings-page.php
@@ -19,7 +19,7 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 
 	// Check user capabilities.
 	if ( ! current_user_can( 'manage_options' ) ) {
-		die( __( 'Are you sure you want to do this?' ) );
+		die( esc_html__( 'Are you sure you want to do this?' ) );
 	}
 
 	if ( ! empty( $_POST['cleanUp'] ) ) {
@@ -27,24 +27,27 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 		StatifyBlacklist_Admin::cleanup_database();
 	} else {
 		// Extract referer array.
-		if ( empty( trim( $_POST['statifyblacklist']['referer']['blacklist'] ) ) ) {
+		$referer_str = sanitize_textarea_field( wp_unslash( $_POST['statifyblacklist']['referer']['blacklist'] ) );
+		if ( empty( trim( $referer_str ) ) ) {
 			$referer = array();
 		} else {
-			$referer = explode( "\r\n", $_POST['statifyblacklist']['referer']['blacklist'] );
+			$referer = explode( "\r\n", $referer_str );
 		}
 
 		// Extract target array.
-		if ( empty( trim( $_POST['statifyblacklist']['target']['blacklist'] ) ) ) {
+		$target_str = sanitize_textarea_field( wp_unslash( $_POST['statifyblacklist']['target']['blacklist'] ) );
+		if ( empty( trim( $target_str ) ) ) {
 			$target = array();
 		} else {
-			$target = explode( "\r\n", str_replace( '\\\\', '\\', $_POST['statifyblacklist']['target']['blacklist'] ) );
+			$target = explode( "\r\n", str_replace( '\\\\', '\\', $target_str ) );
 		}
 
 		// Extract IP array.
-		if ( empty( trim( $_POST['statifyblacklist']['ip']['blacklist'] ) ) ) {
+		$ip_str = sanitize_textarea_field( wp_unslash( $_POST['statifyblacklist']['ip']['blacklist'] ) );
+		if ( empty( trim( $ip_str ) ) ) {
 			$ip = array();
 		} else {
-			$ip = explode( "\r\n", $_POST['statifyblacklist']['ip']['blacklist'] );
+			$ip = explode( "\r\n", $ip_str );
 		}
 
 		// Update options (data will be sanitized).
@@ -90,10 +93,17 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 		}
 	} // End if().
 } // End if().
+
+/*
+ * Disable some code style rules that are impractical for textarea content:
+ *
+ * phpcs:disable Squiz.PHP.EmbeddedPhp.ContentBeforeOpen
+ * phpcs:disable Squiz.PHP.EmbeddedPhp.ContentAfterEnd
+ */
 ?>
 
 <div class="wrap">
-	<h1><?php esc_html_e( 'Statify Blacklist', 'statify-blacklist' ) ?></h1>
+	<h1><?php esc_html_e( 'Statify Blacklist', 'statify-blacklist' ); ?></h1>
 	<?php
 	if ( is_plugin_inactive( 'statify/statify.php' ) ) {
 		print '<div class="notice notice-warning"><p>';
@@ -103,7 +113,7 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 	if ( isset( $statifyblacklist_post_warning ) ) {
 		print '<div class="notice notice-warning"><p>' .
 			esc_html( $statifyblacklist_post_warning );
-		print '<br/>';
+		print '<br>';
 		esc_html_e( 'Settings have not been saved yet.', 'statify-blacklist' );
 		print '</p></div>';
 	}
@@ -120,26 +130,24 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 				<li>
 					<label for="statify-blacklist_active_referer">
 						<input type="checkbox" name="statifyblacklist[referer][active]"
-							   id="statifyblacklist_active_referer"
-							   value="1" <?php checked( StatifyBlacklist::$_options['referer']['active'], 1 ); ?> />
+							   id="statify-blacklist_active_referer"
+							   value="1" <?php checked( StatifyBlacklist::$_options['referer']['active'], 1 ); ?>>
 						<?php esc_html_e( 'Activate live fiter', 'statify-blacklist' ); ?>
 					</label>
 				</li>
 				<li>
 					<label for="statify-blacklist_cron_referer">
-						<input type="checkbox" name="statifyblacklist[referer][cron]" id="statifyblacklist_cron_referer"
-							   value="1" <?php checked( StatifyBlacklist::$_options['referer']['cron'], 1 ); ?> />
+						<input type="checkbox" name="statifyblacklist[referer][cron]" id="statify-blacklist_cron_referer"
+							   value="1" <?php checked( StatifyBlacklist::$_options['referer']['cron'], 1 ); ?>>
 						<?php esc_html_e( 'CronJob execution', 'statify-blacklist' ); ?>
-						<small>(<?php esc_html_e( 'Clean database periodically in background', 'statify-blacklist' ); ?>
-							)
-						</small>
 					</label>
+					<small>(<?php esc_html_e( 'Clean database periodically in background', 'statify-blacklist' ); ?>)</small>
 				</li>
 				<li>
 					<label for="statify-blacklist_referer_regexp">
 						<?php esc_html_e( 'Use regular expressions', 'statify-blacklist' ); ?>:
-						<br />
-						<select name="statifyblacklist[referer][regexp]" id="statifyblacklist_referer_regexp">
+						<br>
+						<select name="statifyblacklist[referer][regexp]" id="statify-blacklist_referer_regexp">
 							<option value="0" <?php selected( StatifyBlacklist::$_options['referer']['regexp'], 0 ); ?>>
 								<?php esc_html_e( 'Disabled', 'statify-blacklist' ); ?>
 							</option>
@@ -150,28 +158,22 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 								<?php esc_html_e( 'Case-insensitive', 'statify-blacklist' ); ?>
 							</option>
 						</select>
-						<small>
-							(<?php esc_html_e( 'Performance slower than standard filter. Recommended for cron or manual execition only.', 'statify-blacklist' ); ?>
-							)
-						</small>
 					</label>
+					<small>(<?php esc_html_e( 'Performance slower than standard filter. Recommended for cron or manual execition only.', 'statify-blacklist' ); ?>)</small>
 				</li>
 				<li>
 					<label for="statify-blacklist_referer">
-						<?php esc_html_e( 'Referer blacklist', 'statify-blacklist' ); ?>:<br />
+						<?php esc_html_e( 'Referer blacklist', 'statify-blacklist' ); ?>:<br>
 						<textarea cols="40" rows="5" name="statifyblacklist[referer][blacklist]" id="statify-blacklist_referer"><?php
 						if ( isset( $statifyblacklist_update_result['referer'] ) ) {
 							print esc_html( implode( "\r\n", array_keys( $statifyblacklist_update_result['referer'] ) ) );
 						} else {
 							print esc_html( implode( "\r\n", array_keys( StatifyBlacklist::$_options['referer']['blacklist'] ) ) );
 						}
-							?></textarea>
-						<br />
-						<small>
-							(<?php esc_html_e( 'Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist' ); ?>
-							)
-						</small>
+						?></textarea>
 					</label>
+					<br>
+					<small> (<?php esc_html_e( 'Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist' ); ?>)</small>
 				</li>
 			</ul>
 		</fieldset>
@@ -182,26 +184,24 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 				<li>
 					<label for="statify-blacklist_active_target">
 						<input type="checkbox" name="statifyblacklist[target][active]"
-							   id="statifyblacklist_active_target"
-							   value="1" <?php checked( StatifyBlacklist::$_options['target']['active'], 1 ); ?> />
+							   id="statify-blacklist_active_target"
+							   value="1" <?php checked( StatifyBlacklist::$_options['target']['active'], 1 ); ?>>
 						<?php esc_html_e( 'Activate live fiter', 'statify-blacklist' ); ?>
 					</label>
 				</li>
 				<li>
 					<label for="statify-blacklist_cron_target">
-						<input type="checkbox" name="statifyblacklist[target][cron]" id="statifyblacklist_cron_target"
-							   value="1" <?php checked( StatifyBlacklist::$_options['target']['cron'], 1 ); ?> />
+						<input type="checkbox" name="statifyblacklist[target][cron]" id="statify-blacklist_cron_target"
+							   value="1" <?php checked( StatifyBlacklist::$_options['target']['cron'], 1 ); ?>>
 						<?php esc_html_e( 'CronJob execution', 'statify-blacklist' ); ?>
-						<small>(<?php esc_html_e( 'Clean database periodically in background', 'statify-blacklist' ); ?>
-							)
-						</small>
 					</label>
+					<small>(<?php esc_html_e( 'Clean database periodically in background', 'statify-blacklist' ); ?>)</small>
 				</li>
 				<li>
 					<label for="statify-blacklist_target_regexp">
 						<?php esc_html_e( 'Use regular expressions', 'statify-blacklist' ); ?>:
-						<br />
-						<select name="statifyblacklist[target][regexp]" id="statifyblacklist_target_regexp">
+						<br>
+						<select name="statifyblacklist[target][regexp]" id="statify-blacklist_target_regexp">
 							<option value="0" <?php selected( StatifyBlacklist::$_options['target']['regexp'], 0 ); ?>>
 								<?php esc_html_e( 'Disabled', 'statify-blacklist' ); ?>
 							</option>
@@ -212,29 +212,29 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 								<?php esc_html_e( 'Case-insensitive', 'statify-blacklist' ); ?>
 							</option>
 						</select>
-						<small>
-							(<?php esc_html_e( 'Performance slower than standard filter. Recommended for cron or manual execition only.', 'statify-blacklist' ); ?>
-							)
-						</small>
 					</label>
+					<small>(<?php esc_html_e( 'Performance slower than standard filter. Recommended for cron or manual execition only.', 'statify-blacklist' ); ?>)</small>
 				</li>
 				<li>
 					<label for="statify-blacklist_target">
-						<?php esc_html_e( 'Target blacklist', 'statify-blacklist' ); ?>:<br />
+						<?php esc_html_e( 'Target blacklist', 'statify-blacklist' ); ?>:<br>
 						<textarea cols="40" rows="5" name="statifyblacklist[target][blacklist]" id="statify-blacklist_target"><?php
 						if ( isset( $statifyblacklist_update_result['target'] ) ) {
 							print esc_html( implode( "\r\n", array_keys( $statifyblacklist_update_result['target'] ) ) );
 						} else {
 							print esc_html( implode( "\r\n", array_keys( StatifyBlacklist::$_options['target']['blacklist'] ) ) );
 						}
-							?></textarea>
-						<br />
-						<small>
-							(<?php esc_html_e( 'Add one target URL each line, e.g.', 'statify-blacklist' );
-							print ' /, /test/page/, /?page_id=123' ?>
-							)
-						</small>
+						?></textarea>
 					</label>
+					<br>
+					<small>
+						(
+						<?php
+						esc_html_e( 'Add one target URL each line, e.g.', 'statify-blacklist' );
+						print ' /, /test/page/, /?page_id=123';
+						?>
+						)
+					</small>
 				</li>
 			</ul>
 		</fieldset>
@@ -244,8 +244,8 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 			<ul style="list-style: none;">
 				<li>
 					<label for="statify-blacklist_active_ip">
-						<input type="checkbox" name="statifyblacklist[ip][active]" id="statifyblacklist_active_ip"
-							   value="1" <?php checked( StatifyBlacklist::$_options['ip']['active'], 1 ); ?> />
+						<input type="checkbox" name="statifyblacklist[ip][active]" id="statify-blacklist_active_ip"
+							   value="1" <?php checked( StatifyBlacklist::$_options['ip']['active'], 1 ); ?>>
 						<?php esc_html_e( 'Activate live fiter', 'statify-blacklist' ); ?>
 					</label>
 				</li>
@@ -257,21 +257,21 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 				</li>
 				<li>
 					<label for="statify-blacklist_ip">
-						<?php esc_html_e( 'IP blacklist', 'statify-blacklist' ); ?>:<br />
+						<?php esc_html_e( 'IP blacklist', 'statify-blacklist' ); ?>:<br>
 						<textarea cols="40" rows="5" name="statifyblacklist[ip][blacklist]" id="statify-blacklist_ip"><?php
 						if ( isset( $statifyblacklist_update_result['ip'] ) ) {
-							print esc_html( $_POST['statifyblacklist']['ip']['blacklist'] );
+							print esc_html( implode( "\r\n", $statifyblacklist_update_result['ip'] ) );
 						} else {
 							print esc_html( implode( "\r\n", StatifyBlacklist::$_options['ip']['blacklist'] ) );
 						}
-							?></textarea>
-						<br />
-						<small>
-							(<?php esc_html_e( 'Add one IP address or range per line, e.g.', 'statify-blacklist' ) ?>
-							127.0.0.1, 192.168.123.0/24, 2001:db8:a0b:12f0::1/64
-							)
-						</small>
+						?></textarea>
 					</label>
+					<br>
+					<small>
+						(<?php esc_html_e( 'Add one IP address or range per line, e.g.', 'statify-blacklist' ); ?>
+						127.0.0.1, 192.168.123.0/24, 2001:db8:a0b:12f0::1/64
+						)
+					</small>
 				</li>
 			</ul>
 		</fieldset>
@@ -279,14 +279,16 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 		<?php wp_nonce_field( 'statify-blacklist-settings' ); ?>
 
 		<p class="submit">
-			<input class="button-primary" type="submit" name="submit" value="<?php esc_html_e( 'Save Changes' ) ?>">
-		<hr />
-		<input class="button-secondary" type="submit" name="cleanUp"
-			   value="<?php esc_html_e( 'CleanUp Database', 'statify-blacklist' ) ?>"
-			   onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');">
-		<br />
-		<small><?php esc_html_e( 'Applies referer and target filter (even if disabled) to data stored in database.', 'statify-blacklist' ); ?>
-			<em><?php esc_html_e( 'This cannot be undone!', 'statify-blacklist' ); ?></em></small>
+			<input class="button-primary" type="submit" name="submit" value="<?php esc_html_e( 'Save Changes' ); ?>">
+			<hr>
+			<input class="button-secondary" type="submit" name="cleanUp"
+				   value="<?php esc_html_e( 'CleanUp Database', 'statify-blacklist' ); ?>"
+				   onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');">
+			<br>
+			<small>
+				<?php esc_html_e( 'Applies referer and target filter (even if disabled) to data stored in database.', 'statify-blacklist' ); ?>
+				<em><?php esc_html_e( 'This cannot be undone!', 'statify-blacklist' ); ?></em>
+			</small>
 		</p>
 	</form>
 </div>