Merge pull request #368 from equalizedigital/feature/plugin-check-upd…

…ates

Feature/plugin check updates

.github/workflows/cs.yml

@@ -0,0 +1,56 @@
+name: CS
+
+on:
+  # Run on all pushes (except to main) and on all pull requests.
+  push:
+    branches-ignore:
+      - 'master'
+  pull_request:
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  checkcs:
+    name: 'Check code style'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '7.4'
+          coverage: none
+          tools: cs2pr
+
+      # Validate the composer.json file.
+      # @link https://getcomposer.org/doc/03-cli.md#validate
+      - name: Validate Composer installation
+        run: composer validate --no-check-all
+
+      # Install dependencies and handle caching in one go.
+      # @link https://github.com/marketplace/actions/install-composer-dependencies
+      - name: Install Composer dependencies
+        uses: ramsey/composer-install@v2
+        with:
+          # Bust the cache at least once a month - output format: YYYY-MM-DD.
+          custom-cache-suffix: $(date -u -d "-0 month -$(($(date +%d)-1)) days" "+%F")
+
+      # Check the codestyle of the files.
+      # The results of the CS check will be shown inline in the PR via the CS2PR tool.
+      # @link https://github.com/staabm/annotate-pull-request-from-checkstyle/
+      - name: Check PHP code style
+        id: phpcs
+        run: composer check-cs -- --report-full --report-checkstyle=./phpcs-report.xml --ignore=vendor
+
+      - name: Show PHPCS results in PR
+        if: ${{ always() && steps.phpcs.outcome == 'failure' }}
+        run: cs2pr ./phpcs-report.xml

.github/workflows/lint.yml

@@ -0,0 +1,55 @@
+name: Lint
+
+on:
+  # Run on pushes to select branches and on all pull requests.
+  push:
+    branches:
+      - master
+      - develop
+      - trunk
+      - 'release/**'
+      - 'hotfix/[0-9]+.[0-9]+*'
+  pull_request:
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        # Lint against the highest/lowest supported versions of each PHP major.
+        # And also do a run against "nightly" (the current dev version of PHP).
+        php_version: ['7.4', '8.0', '8.1', '8.2']
+
+    name: "Lint: PHP ${{ matrix.php_version }}"
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php_version }}
+          ini-values: zend.assertions=1, error_reporting=-1, display_errors=On
+          coverage: none
+          tools: cs2pr
+
+      # Install dependencies and handle caching in one go.
+      # @link https://github.com/marketplace/actions/install-composer-dependencies
+      - name: Install Composer dependencies
+        uses: ramsey/composer-install@v2
+        with:
+          # Bust the cache at least once a month - output format: YYYY-MM-DD.
+          custom-cache-suffix: $(date -u -d "-0 month -$(($(date +%d)-1)) days" "+%F")
+
+      - name: Lint against parse errors
+        run: composer lint -- --checkstyle | cs2pr

accessibility-checker.php

@@ -28,7 +28,7 @@
 require_once plugin_dir_path( __FILE__ ) . 'includes/classes/class-playground-check.php';
 $plugin_check = new EDAC\Playground_Check();
 if ( ! $plugin_check->should_load ) {
-    return;
+	return;
 }
 
 // Include plugin dependency.
@@ -142,7 +142,7 @@
 }
 if ( ! class_exists( 'simple_html_dom' ) ) {
 	include_once plugin_dir_path( __FILE__ ) . 'includes/simplehtmldom/simple_html_dom.php';
-	include_once plugin_dir_path( __FILE__ ) . 'includes/classes/class_edac_dom.php';
+	include_once plugin_dir_path( __FILE__ ) . 'includes/classes/class-edac-dom.php';
 }
 
 require_once plugin_dir_path( __FILE__ ) . 'includes/classes/class-edac-frontend-highlight.php';
@@ -227,7 +227,7 @@ function edac_update_database() {
 	$table_name = $wpdb->prefix . 'accessibility_checker';
 
 	$query = $wpdb->prepare( 'SHOW TABLES LIKE %s', $wpdb->esc_like( $table_name ) );
-	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Prepare above, Safe variable used for table name, caching not required for one time operation.
 	if ( get_option( 'edac_db_version' ) !== EDAC_DB_VERSION || $wpdb->get_var( $query ) !== $table_name ) {
 
 		$charset_collate = $wpdb->get_charset_collate();
@@ -645,7 +645,6 @@ function edac_register_rules() {
 			'slug'      => 'color_contrast_failure',
 			'rule_type' => 'error',
 			'summary'   => esc_html( 'Insufficient Color Contrast errors means that we have identified that one or more of the color combinations on your post or page do not meet the minimum color contrast ratio of 4.5:1. Depending upon how your site is built there may be "false positives" for this error as some colors are contained in different HTML layers on the page. To fix an Insufficient Color Contrast error, you will need to ensure that flagged elements meet the minimum required ratio of 4.5:1. To do so, you will need to find the hexadecimal codes of your foreground and background color, and test them in a color contrast checker. If these color codes have a ratio of 4.5:1 or greater you can “Ignore” this error. If the color codes do not have a ratio of at least 4.5:1, you will need to make adjustments to your colors.' ),
-			// 'ruleset'   => 'js',
 		)
 	);
 
@@ -958,7 +957,7 @@ function edac_summary( $post_id ) {
 			$postid = $post_id;
 			$siteid = get_current_blog_id();
 
-			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+			// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 			$rule_count = $wpdb->get_var( $wpdb->prepare( "SELECT count(*) FROM {$table_name} where rule = %s and siteid = %d and postid = %d and ignre = %d", $rule['slug'], $siteid, $postid, 0 ) );
 
 			if ( ! $rule_count ) {
@@ -971,7 +970,7 @@ function edac_summary( $post_id ) {
 
 	// count errors.
 	$query = 'SELECT count(*) FROM ' . $table_name . ' where siteid = %d and postid = %d and ruletype = %s and ignre = %d';
-	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 	$summary['errors'] = intval( $wpdb->get_var( $wpdb->prepare( $query, get_current_blog_id(), $post_id, 'error', 0 ) ) );
 
 	// count warnings.
@@ -982,7 +981,7 @@ function edac_summary( $post_id ) {
 		$warnings_where .= ' and rule != %s';
 	}
 	$query = 'SELECT count(*) FROM ' . $table_name . ' ' . $warnings_where;
-	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 	$summary['warnings'] = intval( $wpdb->get_var( $wpdb->prepare( $query, $warnings_parameters ) ) );
 
 	// count ignored issues.
@@ -993,12 +992,12 @@ function edac_summary( $post_id ) {
 		$ignored_where .= ' and rule != %s';
 	}
 	$query = 'SELECT count(*) FROM ' . $table_name . ' ' . $ignored_where;
-	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 	$summary['ignored'] = intval( $wpdb->get_var( $wpdb->prepare( $query, $ignored_parameters ) ) );
 
 	// contrast errors.
 	$query = 'SELECT count(*) FROM ' . $table_name . ' where siteid = %d and postid = %d and rule = %s and ignre = %d';
-	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 	$summary['contrast_errors'] = intval( $wpdb->get_var( $wpdb->prepare( $query, get_current_blog_id(), $post_id, 'color_contrast_failure', 0 ) ) );
 
 	// remove color contrast from errors count.
@@ -1107,6 +1106,7 @@ function edac_update_post_meta( $rule ) {
 	global $wpdb;
 	$site_id = get_current_blog_id();
 
+	// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 	$posts = $wpdb->get_results( $wpdb->prepare( 'SELECT postid FROM ' . $wpdb->prefix . 'accessibility_checker WHERE rule = %s and siteid = %d', $rule, $site_id ), ARRAY_A );
 
 	if ( $posts ) {
@@ -1190,7 +1190,7 @@ function edac_details_ajax() {
 		// add count, unset passed error rules and add passed rules to array.
 		if ( $error_rules ) {
 			foreach ( $error_rules as $key => $error_rule ) {
-				// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+				// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 				$count = count( $wpdb->get_results( $wpdb->prepare( 'SELECT id, postid, object, ruletype, ignre, ignre_user, ignre_date, ignre_comment FROM ' . $table_name . ' where postid = %d and rule = %s and siteid = %d and ignre = %d', $postid, $error_rule['slug'], $siteid, 0 ), ARRAY_A ) );
 				if ( $count ) {
 					$error_rules[ $key ]['count'] = $count;
@@ -1205,7 +1205,7 @@ function edac_details_ajax() {
 		// add count, unset passed warning rules and add passed rules to array.
 		if ( $warning_rules ) {
 			foreach ( $warning_rules as $key => $error_rule ) {
-				// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+				// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 				$count = count( $wpdb->get_results( $wpdb->prepare( 'SELECT id, postid, object, ruletype, ignre, ignre_user, ignre_date, ignre_comment FROM ' . $table_name . ' where postid = %d and rule = %s and siteid = %d and ignre = %d', $postid, $error_rule['slug'], $siteid, 0 ), ARRAY_A ) );
 				if ( $count ) {
 					$warning_rules[ $key ]['count'] = $count;
@@ -1256,7 +1256,7 @@ function ( $a, $b ) {
 			$ignore_permission = apply_filters( 'edac_ignore_permission', $ignore_permission );
 		}
 		foreach ( $rules as $rule ) {
-			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 			$results        = $wpdb->get_results( $wpdb->prepare( 'SELECT id, postid, object, ruletype, ignre, ignre_user, ignre_date, ignre_comment, ignre_global FROM ' . $table_name . ' where postid = %d and rule = %s and siteid = %d', $postid, $rule['slug'], $siteid ), ARRAY_A );
 			$count_classes  = ( 'error' === $rule['rule_type'] ) ? ' edac-details-rule-count-error' : ' edac-details-rule-count-warning';
 			$count_classes .= ( 0 !== $rule['count'] ) ? ' active' : '';
@@ -1271,7 +1271,7 @@ function ( $a, $b ) {
 				}
 			}
 
-			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for interacting with custom database, safe variable used for table name, caching not required for one time operation.
 			$expand_rule = count( $wpdb->get_results( $wpdb->prepare( 'SELECT id FROM ' . $table_name . ' where postid = %d and rule = %s and siteid = %d', $postid, $rule['slug'], $siteid ), ARRAY_A ) );
 
 			$tool_tip_link = edac_documentation_link( $rule );
@@ -1417,7 +1417,6 @@ function ( $a, $b ) {
 			}
 
 			$html .= '</div>';
-
 		}
 	}
 
@@ -1459,7 +1458,7 @@ function edac_readability_ajax() {
 
 	$post_id                        = intval( $_REQUEST['post_id'] );
 	$html                           = '';
-	$simplified_summary             = get_post_meta( $post_id, '_edac_simplified_summary', true ) ?: '';
+	$simplified_summary             = get_post_meta( $post_id, '_edac_simplified_summary', true ) ? get_post_meta( $post_id, '_edac_simplified_summary', true ) : '';
 	$simplified_summary_position    = get_option( 'edac_simplified_summary_position', $default = false );
 	$content_post                   = get_post( $post_id );
 	$content                        = $content_post->post_content;
@@ -1671,7 +1670,7 @@ function edac_get_simplified_summary( $post = null ) {
  * @return string
  */
 function edac_simplified_summary_markup( $post ) {
-	$simplified_summary         = get_post_meta( $post, '_edac_simplified_summary', true ) ?: '';
+	$simplified_summary         = get_post_meta( $post, '_edac_simplified_summary', true ) ? get_post_meta( $post, '_edac_simplified_summary', true ) : '';
 	$simplified_summary_heading = 'Simplified Summary';
 
 	// filter title.
@@ -1764,7 +1763,7 @@ function edac_email_opt_in() {
 add_filter(
 	'perfmatters_lazyload',
 	function ( $lazyload ) {
-		if ( ! isset( $_GET['edac_nonce'] ) || ! wp_verify_nonce( $_GET['edac_nonce'], 'edac_highlight' ) ) {
+		if ( ! isset( $_GET['edac_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_GET['edac_nonce'] ), 'edac_highlight' ) ) {
 			return $lazyload;
 		}
 		if ( isset( $_GET['edac'] ) ) {

composer.json

@@ -1,33 +1,68 @@
 {
     "name": "equalizedigital/accesibility-checker",
+    "description": "Audit and check your website for accessibility before you hit publish. In-post accessibility scanner and guidance.",
+    "keywords": [
+		"accessibility",
+		"accessible",
+		"wcag"
+	],
+    "homepage": "https://equalizedigital.com/accessibility-checker/",
+	"license": "GPL-3.0-or-later",
     "authors": [
         {
-            "name": "Steve Jones",
-            "email": "dev@equalizedigital.com"
+            "name": "Equalize Digital",
+			"homepage": "https://equalizedigital.com"
         }
     ],
+    "type": "wordpress-plugin",
     "config": {
+        "platform": {
+            "php": "7.4"
+        },
         "allow-plugins": {
             "dealerdirect/phpcodesniffer-composer-installer": true,
-            "phpstan/extension-installer": true
+            "phpstan/extension-installer": true,
+            "composer/installers": true
         }
     },
     "minimum-stability": "dev",
     "prefer-stable": true,
     "repositories": [
         {
-          "type": "vcs",
-          "url": "https://github.com/equalizedigital/accessibility-checker-wp-env"
+            "type": "vcs",
+            "url": "https://github.com/equalizedigital/accessibility-checker-wp-env"
         }
-      ],
+    ],
     "require-dev": {
         "automattic/vipwpcs": "^3",
         "dealerdirect/phpcodesniffer-composer-installer": "^0.7.2",
-        "equalizedigital/accessibility-checker-wp-env": "dev-main#2d6218b193e089baeb1848f8b9935c22343cbaa0",       
-        "phpcompatibility/php-compatibility": "*"        
+        "equalizedigital/accessibility-checker-wp-env": "1.0.0",
+        "phpcompatibility/php-compatibility": "*",
+		"yoast/wp-test-utils": "^1.1.1",
+        "php-parallel-lint/php-parallel-lint": "^1.3"
     },
     "require": {
         "cbschuld/browser.php": "^1.9",
-        "davechild/textstatistics": "1.0.2"
-    }
+        "davechild/textstatistics": "1.0.2",
+        "php": ">=7.4",
+		"composer/installers": "^1.12.0"
+    },
+    "scripts": {
+		"lint": [
+			"@php ./vendor/php-parallel-lint/php-parallel-lint/parallel-lint . -e php --show-deprecated --exclude vendor --exclude node_modules --exclude .git"
+		],
+		"config-yoastcs" : [
+			"Dealerdirect\\Composer\\Plugin\\Installers\\PHPCodeSniffer\\Plugin::run",
+			"@php ./vendor/squizlabs/php_codesniffer/bin/phpcs --config-set default_standard Yoast"
+		],
+		"check-cs": [
+			"@php ./vendor/squizlabs/php_codesniffer/bin/phpcs --runtime-set testVersion 7.4-"
+		],
+		"fix-cs": [
+			"@php ./vendor/squizlabs/php_codesniffer/bin/phpcbf"
+		],
+		"test": [
+			"@php ./vendor/phpunit/phpunit/phpunit"
+		]
+	}
 }

includes/activation.php

@@ -16,15 +16,18 @@ function edac_activation() {
 	add_option( 'edac_post_types', array( 'post', 'page' ) );
 	add_option( 'edac_simplified_summary_position', 'after' );
 
+	// Sanitize the input.
+	// phpcs:ignore WordPress.Security.NonceVerification.Recommended -- Nonce is not required.
+	$action = isset( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
+	// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce is not required.
+	$checked = isset( $_POST['checked'] ) ? array_map( 'sanitize_text_field', $_POST['checked'] ) : array();
+
 	// Redirect: Don't do redirects when multiple plugins are bulk activated.
-	if (
-		( isset( $_REQUEST['action'] ) && 'activate-selected' === $_REQUEST['action'] ) &&
-		( isset( $_POST['checked'] ) && count( $_POST['checked'] ) > 1 ) ) {
+	if ( 'activate-selected' === $action && count( $checked ) > 1 ) {
 		return;
 	}
 
 	edac_add_accessibility_statement_page();
-
 }
 
 /**
@@ -40,6 +43,7 @@ function edac_add_accessibility_statement_page() {
 
 	global $wpdb;
 
+	// phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using direct query for adding data to database, caching not required for one time operation.
 	if ( null === $wpdb->get_row( "SELECT post_name FROM {$wpdb->prefix}posts WHERE post_name = 'accessibility-statement'", 'ARRAY_A' ) ) {
 
 		$current_user = wp_get_current_user();
@@ -95,5 +99,4 @@ function edac_add_accessibility_statement_page() {
 		wp_insert_post( $page );
 
 	}
-
 }

includes/classes/class-admin-notices.php

@@ -376,7 +376,6 @@ public function edac_password_protected_notice_ajax() {
 
 		wp_send_json_success( wp_json_encode( $results ) );
 	}
-
 }
 
 new Admin_Notices();