Added Nonces

* ADDED: Nonces were added to the urls to make them safer.

classes/class.all-audits-table.php

@@ -314,7 +314,7 @@ public function column_name( $item ) {
 
 				$actions['edit'] = $condition_modal;
 
-				return apply_filters( 'msa_all_audits_table_column_name', sprintf( '%1$s %2$s', '<a href="' . get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $item['id'] . '">' . $item['name'] . '</a><small style="opacity:0.5;padding-left:4px;">id:(' . $item['id'] . ')</small>', $this->row_actions( $actions ) ) );
+				return apply_filters( 'msa_all_audits_table_column_name', sprintf( '%1$s %2$s', '<a href="' . msa_get_single_audit_link( $item['id'] ) . '">' . $item['name'] . '</a><small style="opacity:0.5;padding-left:4px;">id:(' . $item['id'] . ')</small>', $this->row_actions( $actions ) ) );
 
 			}
 

classes/class.all-posts-table.php

@@ -258,7 +258,7 @@ public function column_default( $item, $column_name ) {
 			switch ( $column_name ) {
 
 				case 'score':
-					$data = '<span>' . round( 100 * $score['score'] ) . '%</span><br/> <a href="' . get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit . '&post=' . $item['post']->ID . '">' . $item['post']->post_title . '</a>';
+					$data = '<span>' . round( 100 * $score['score'] ) . '%</span><br/> <a href="' . msa_get_single_audit_post_link( $audit, $item['post']->ID ) . '">' . $item['post']->post_title . '</a>';
 				break;
 
 				case 'modified_date':

functions/common.php

@@ -22,6 +22,27 @@ function msa_force_redirect( $url ) {
 	</script><?php
 }
 
+/**
+ * Returns a safe link to a single audit
+ *
+ * @param int $audit_id The audit id.
+ * @return string $url  The url to an audit with a nonce.
+ */
+function msa_get_single_audit_link( $audit_id ) {
+	return wp_nonce_url( get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit_id, 'msa-single-audit' );
+}
+
+/**
+ * Returns a safe link to a single audit post
+ *
+ * @param int $audit_id The audit id.
+ * @param int $post_id  The post id.
+ * @return string $url  The url to an audit with a nonce.
+ */
+function msa_get_single_audit_post_link( $audit_id, $post_id ) {
+	return wp_nonce_url( get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit_id . '&post=' . $post_id, 'msa-single-audit-post' );
+}
+
 /**
  * Get the post excerpt
  *

functions/dashboard-panel.php

@@ -77,7 +77,7 @@ function msa_dashboard_panel_last_audit_content() {
 
 					$user = get_userdata( $audit['user'] );
 
-					$output .= '<tr><td>' . __( 'Name', 'msa' ) . '</td> <td><a href="' . get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit['id'] . '">' . $audit['name'] . '</a></td></tr>';
+					$output .= '<tr><td>' . __( 'Name', 'msa' ) . '</td> <td><a href="' . msa_get_single_audit_link( $audit['id'] ) . '">' . $audit['name'] . '</a></td></tr>';
 					$output .= '<tr><td>' . __( 'Created On', 'msa' ) . '</td> <td>' . date( 'M d Y, h:i:s', strtotime( $audit['date'] ) ) . '</td></tr>';
 					$output .= '<tr><td>' . __( 'Number of Posts', 'msa' ) . '</td> <td>' . $audit['num_posts'] . '</td></tr>';
 					$output .= '<tr><td>' . __( 'Created By', 'msa' ) . '</td> <td>' . $user->display_name . '</td></tr>';

functions/notifications.php

@@ -39,7 +39,7 @@ function msa_notifiy_audit_is_completed( $audit_id, $audit_name ) {
 		}
 
 		$subject = $audit_name . __( ' Completed for site: ', 'msa' ) . $site_name;
-		$message = __( 'Your Audit has been completed for site: ', 'msa' ) . get_site_url() . "\r\n\r\n" . __( 'View: ', 'msa' ) . get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit_id;
+		$message = __( 'Your Audit has been completed for site: ', 'msa' ) . get_site_url() . "\r\n\r\n" . __( 'View: ', 'msa' ) . msa_get_single_audit_link( $audit_id );
 		$headers = '';
 		// $headers .= "MIME-Version: 1.0\r\n";
 		// $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

functions/post-meta-box.php

@@ -72,7 +72,7 @@ function msa_meta_box_callback( $post ) {
 
 			<div class="msa-post-meta-container msa-post-meta-audit-meta-values">
 				<p class="msa-post-meta-value msa-post-status-bg msa-post-status-bg-<?php esc_attr_e( msa_get_score_status( $score['score'] ) ); ?>"><?php esc_attr_e( round( $score['score'] * 100, 2 ) ); ?>%</p>
-				<p class="msa-post-meta-value"><a href="<?php esc_attr_e( get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit['id'] ); ?>" target="_blank"><?php esc_attr_e( $audit['name'] ); ?></a></p>
+				<p class="msa-post-meta-value"><a href="<?php esc_attr_e( msa_get_single_audit_link( $audit['id'] ) ); ?>" target="_blank"><?php esc_attr_e( $audit['name'] ); ?></a></p>
 				<p class="msa-post-meta-value"><?php esc_attr_e( date( 'M j, Y', strtotime( $audit['date'] ) ) ); ?></p>
 				<p class="msa-post-meta-value"><?php esc_attr_e( $user->display_name ); ?></p>
 			</div><?php

my-site-audit.php

@@ -3,7 +3,7 @@
  * Plugin Name: My Site Audit
  * Plugin URI: https://99robots.com/products/my-site-audit
  * Description: The ultimate way to audit your site's content to drive more traffic to your site and enhance your user engagement.
- * version: 1.0.3
+ * version: 1.1.0
  * Author: 99 Robots
  * Author URI: https://99robots.com
  * License: GPL2
@@ -137,7 +137,7 @@ private function setup_constants() {
 			 */
 
 			if ( ! defined( 'MY_SITE_AUDIT_VERSION' ) ) {
-				define( 'MY_SITE_AUDIT_VERSION', '1.0.3' );
+				define( 'MY_SITE_AUDIT_VERSION', '1.1.0' );
 			}
 
 			/**
@@ -340,7 +340,6 @@ function msa_create_audit( $audit_data ) {
 	require_once( plugin_dir_path( __FILE__ ) . 'functions/attribute.php' );
 	require_once( plugin_dir_path( __FILE__ ) . 'functions/score-status.php' );
 	require_once( plugin_dir_path( __FILE__ ) . 'functions/create-audit.php' );
-
 	require_once( plugin_dir_path( __FILE__ ) . 'functions/notifications.php' );
 
 	msa_create_initial_conditions();

readme.txt

@@ -4,7 +4,7 @@ Donate link: https://99robots.com
 Tags: content audit, content, audit, seo, site, site audit
 Requires at least: 4.0.0
 Tested up to: 4.4.2
-Stable tag: 1.0.3
+Stable tag: 1.1.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -47,7 +47,11 @@ e.g.
 
 == Changelog ==
 
-= 1.0.3 =
+= 1.1.0 =
+* IMPROVED: Now complies to WordPress's Coding Standards Core, Docs and Extra
+* ADDED: Nonces were added to the urls to make them safer.
+
+= 1.0.3 = 2016-2-5
 * UPDATED: Store URL to support extensions
 
 = 1.0.2 = 2016-1-7

views/all-audits.php

@@ -11,7 +11,7 @@
 
 require_once( 'header.php' );
 
-if ( isset( $_GET['post'] ) && isset( $_GET['audit'] ) ) { // Input var okay.
+if ( isset( $_GET['post'] ) && isset( $_GET['audit'] ) && check_admin_referer( 'msa-single-audit-post' ) ) { // Input var okay.
 
 	$post_id = sanitize_text_field( wp_unslash( $_GET['post'] ) ); // Input var okay.
 	$audit_id = sanitize_text_field( wp_unslash( $_GET['audit'] ) ); // Input var okay.
@@ -26,7 +26,7 @@
 	$score = $audit_post['data']['score']; ?>
 
 	<h1><?php esc_attr_e( 'Post Audit Details', 'msa' ); ?>
-		<a href="<?php esc_attr_e( get_admin_url() . 'admin.php?page=msa-all-audits&audit=' . $audit_id ); ?>" class="page-title-action"><?php esc_attr_e( 'All Posts', 'msa' ); ?></a>
+		<a href="<?php esc_attr_e( msa_get_single_audit_link( $audit_id ) ); ?>" class="page-title-action"><?php esc_attr_e( 'All Posts', 'msa' ); ?></a>
 	</h1>
 
 	<div class="msa-header msa-single-post">
@@ -138,7 +138,7 @@
 
 	</div>
 
-<?php } else if ( isset( $_GET['audit'] ) ) { // Input var okay.
+<?php } else if ( isset( $_GET['audit'] ) && check_admin_referer( 'msa-single-audit' ) ) { // Input var okay.
 
 	$audit_id = sanitize_text_field( wp_unslash( $_GET['audit'] ) ); // Input var okay.