diff --git a/.github/workflows/php.lint.test.yml b/.github/workflows/php.lint.test.yml index c018e05de..69268b21f 100644 --- a/.github/workflows/php.lint.test.yml +++ b/.github/workflows/php.lint.test.yml @@ -3,16 +3,16 @@ name: PHP Lint & Test on: # allow to manually run this workflow from the UI workflow_dispatch: -# push: -# paths: -# - '**.php' -# branches: -# - main -# pull_request: -# paths: -# - '**.php' -# branches: -# - main + push: + paths: + - '**.php' + branches: + - main + pull_request: + paths: + - '**.php' + branches: + - main env: DB_HOST: 127.0.0.1 diff --git a/compatibility/jet-engine/preset-sources/preset-source-options-page.php b/compatibility/jet-engine/preset-sources/preset-source-options-page.php index e1c09399c..32bf76c40 100644 --- a/compatibility/jet-engine/preset-sources/preset-source-options-page.php +++ b/compatibility/jet-engine/preset-sources/preset-source-options-page.php @@ -32,7 +32,12 @@ public function query_source() { $item = jet_engine()->options_pages->registered_pages[ $this->page ] ?? false; if ( ! $item ) { - throw new Preset_Exception( "Undefined option page: {$this->page}" ); + throw new Preset_Exception( + sprintf( + 'Undefined option page: %s', + esc_html( $this->page ) + ) + ); } return $item; diff --git a/compatibility/woocommerce/methods/wc-product-modification/product-catalog-visibility-property.php b/compatibility/woocommerce/methods/wc-product-modification/product-catalog-visibility-property.php index 697df52a5..e43086af4 100644 --- a/compatibility/woocommerce/methods/wc-product-modification/product-catalog-visibility-property.php +++ b/compatibility/woocommerce/methods/wc-product-modification/product-catalog-visibility-property.php @@ -44,7 +44,7 @@ public function get_value( Abstract_Modifier $modifier ) { try { $product->set_catalog_visibility( $this->value ); } catch ( \WC_Data_Exception $exception ) { - throw new Action_Exception( $exception->getMessage() ); + throw new Action_Exception( esc_html( $exception->getMessage() ) ); } } diff --git a/compatibility/woocommerce/methods/wc-product-modification/product-id-property.php b/compatibility/woocommerce/methods/wc-product-modification/product-id-property.php index f976390e3..8871a8f03 100644 --- a/compatibility/woocommerce/methods/wc-product-modification/product-id-property.php +++ b/compatibility/woocommerce/methods/wc-product-modification/product-id-property.php @@ -25,7 +25,7 @@ public function do_before( string $key, $value, Abstract_Modifier $modifier ) { try { $this->value = new \WC_Product( $value ); } catch ( \Exception $exception ) { - throw new Action_Exception( $exception->getMessage() ); + throw new Action_Exception( esc_html( $exception->getMessage() ) ); } } diff --git a/compatibility/woocommerce/methods/wc-product-modification/product-sku-property.php b/compatibility/woocommerce/methods/wc-product-modification/product-sku-property.php index 3c65d9dfb..7aee22932 100644 --- a/compatibility/woocommerce/methods/wc-product-modification/product-sku-property.php +++ b/compatibility/woocommerce/methods/wc-product-modification/product-sku-property.php @@ -34,7 +34,7 @@ public function get_value( Abstract_Modifier $modifier ) { try { $product->set_sku( $this->value ); } catch ( \WC_Data_Exception $exception ) { - throw new Action_Exception( $exception->getMessage() ); + throw new Action_Exception( esc_html( $exception->getMessage() ) ); } } } diff --git a/compatibility/woocommerce/methods/wc-product-modification/product-tax-status-property.php b/compatibility/woocommerce/methods/wc-product-modification/product-tax-status-property.php index 466af5151..5ab4962aa 100644 --- a/compatibility/woocommerce/methods/wc-product-modification/product-tax-status-property.php +++ b/compatibility/woocommerce/methods/wc-product-modification/product-tax-status-property.php @@ -36,7 +36,7 @@ public function get_value( Abstract_Modifier $modifier ) { try { $product->set_tax_status( $this->value ); } catch ( \WC_Data_Exception $exception ) { - throw new Action_Exception( $exception->getMessage() ); + throw new Action_Exception( esc_html( $exception->getMessage() ) ); } } diff --git a/components/repository/repository-aborts-trait.php b/components/repository/repository-aborts-trait.php index 1b3f1a94b..22aaf99e0 100644 --- a/components/repository/repository-aborts-trait.php +++ b/components/repository/repository-aborts-trait.php @@ -1,5 +1,4 @@ -getMessage() ), '2.0.0' ); + break; } } diff --git a/includes/actions/conditions/condition-manager.php b/includes/actions/conditions/condition-manager.php index ec00940f6..19f40f544 100644 --- a/includes/actions/conditions/condition-manager.php +++ b/includes/actions/conditions/condition-manager.php @@ -127,13 +127,17 @@ public function check_all() { return; case self::THROW_IF_ONE_WRONG: default: - throw new Condition_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Condition_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } } if ( 'or' === $this->operator ) { - throw new Condition_Exception( 'None of the conditions are met' ); + throw new Condition_Exception( esc_html__( 'None of the conditions are met', 'jet-form-builder' ) ); } } @@ -168,16 +172,18 @@ public function throw_by_method( $is_success, ...$additional ) { case 'or': if ( $is_success ) { throw new Condition_Silence_Exception( + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped self::THROW_IF_ONE_MATCH, - ...$additional + ...$additional // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } break; case 'and': if ( ! $is_success ) { throw new Condition_Silence_Exception( + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped self::THROW_IF_ONE_WRONG, - ...$additional + ...$additional // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } break; diff --git a/includes/actions/events/default-process/default-with-gateway-executor.php b/includes/actions/events/default-process/default-with-gateway-executor.php index 506703036..3dd9979b6 100644 --- a/includes/actions/events/default-process/default-with-gateway-executor.php +++ b/includes/actions/events/default-process/default-with-gateway-executor.php @@ -1,10 +1,10 @@ -inserted_id->get_error_message() + esc_html( $this->inserted_id->get_error_message() ) ); } } diff --git a/includes/actions/methods/post-modification/post-id-property.php b/includes/actions/methods/post-modification/post-id-property.php index 5c93c8db8..da3555c82 100644 --- a/includes/actions/methods/post-modification/post-id-property.php +++ b/includes/actions/methods/post-modification/post-id-property.php @@ -34,7 +34,7 @@ public function can_attach( string $key, $value ): bool { return false; } if ( empty( $value ) ) { - throw new Action_Exception( 'empty_field', $key ); + throw new Action_Exception( 'empty_field', esc_html( $key ) ); } $post = get_post( (int) $value ); @@ -50,7 +50,7 @@ public function can_attach( string $key, $value ): bool { throw new Action_Exception( 'failed', array( - 'post' => $post, + 'post' => $post, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ) ); } diff --git a/includes/actions/methods/post-modification/update-action.php b/includes/actions/methods/post-modification/update-action.php index 903a7c4dc..9071662a9 100644 --- a/includes/actions/methods/post-modification/update-action.php +++ b/includes/actions/methods/post-modification/update-action.php @@ -37,7 +37,7 @@ public function do_action() { throw new Action_Exception( 'failed', - $this->inserted_id->get_error_message() + esc_html( $this->inserted_id->get_error_message() ) ); } } diff --git a/includes/actions/methods/update-user/update-action.php b/includes/actions/methods/update-user/update-action.php index 8b4ebd037..9e97d254c 100644 --- a/includes/actions/methods/update-user/update-action.php +++ b/includes/actions/methods/update-user/update-action.php @@ -26,8 +26,8 @@ public function do_action() { if ( is_wp_error( $response ) ) { throw new Action_Exception( - $response->get_error_message(), - $response->get_error_data() + esc_html( $response->get_error_message() ), + esc_html( $response->get_error_data() ) ); } } diff --git a/includes/actions/methods/update-user/user-id-property.php b/includes/actions/methods/update-user/user-id-property.php index 93eb3b051..55e6e9099 100644 --- a/includes/actions/methods/update-user/user-id-property.php +++ b/includes/actions/methods/update-user/user-id-property.php @@ -55,6 +55,7 @@ public function do_before( string $key, $value, Abstract_Modifier $modifier ) { $this->user = get_user_by( 'ID', $this->value ); if ( ! is_a( $this->user, \WP_User::class ) ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'internal_error', $this->user, $this->value ); } } diff --git a/includes/actions/types/call-hook.php b/includes/actions/types/call-hook.php index 4a893c801..cd5de059d 100644 --- a/includes/actions/types/call-hook.php +++ b/includes/actions/types/call-hook.php @@ -43,7 +43,10 @@ public function action_attributes() { public function do_action( array $request, Action_Handler $handler ) { if ( empty( $this->settings['hook_name'] ) ) { - throw new Action_Exception( 'failed', $this->settings ); + throw new Action_Exception( + 'failed', + esc_html__( 'Empty hook name', 'jet-form-builder' ) + ); } /** diff --git a/includes/actions/types/call-webhook.php b/includes/actions/types/call-webhook.php index 283a28567..cee66cf16 100644 --- a/includes/actions/types/call-webhook.php +++ b/includes/actions/types/call-webhook.php @@ -37,7 +37,10 @@ public function do_action( array $request, Action_Handler $handler ) { $webhook_url = ! empty( $this->settings['webhook_url'] ) ? trim( $this->settings['webhook_url'] ) : false; if ( ! $webhook_url ) { - throw new Action_Exception( 'failed', $this->settings ); + throw new Action_Exception( + 'failed', + esc_html__( 'Empty webhook url', 'jet-form-builder' ) + ); } $args = array( @@ -71,7 +74,11 @@ public function do_action( array $request, Action_Handler $handler ) { $response = wp_remote_post( $webhook_url, $args ); if ( $response instanceof \WP_Error ) { - throw new Action_Exception( 'failed', $response ); + throw new Action_Exception( + 'failed', + esc_html__( 'Remote request returned error', 'jet-form-builder' ), + $response // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ); } /** * Fires whe webhook response received diff --git a/includes/actions/types/getresponse.php b/includes/actions/types/getresponse.php index c27fb8807..ded763cfa 100644 --- a/includes/actions/types/getresponse.php +++ b/includes/actions/types/getresponse.php @@ -121,7 +121,7 @@ public function do_action( array $request, Action_Handler $handler ) { throw new Action_Exception( 'empty_field', array( - 'email' => $body_args['email'], + 'email' => esc_html( $body_args['email'] ), ) ); } @@ -139,7 +139,11 @@ public function do_action( array $request, Action_Handler $handler ) { // Error response if ( isset( $response['httpStatus'] ) && isset( $response['code'] ) ) { - throw new Action_Exception( "derror|{$response['message']}", $response ); + throw new Action_Exception( + esc_html( "derror|{$response['message']}" ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $response + ); } } diff --git a/includes/actions/types/mailchimp.php b/includes/actions/types/mailchimp.php index d8a13d559..750e4e96b 100644 --- a/includes/actions/types/mailchimp.php +++ b/includes/actions/types/mailchimp.php @@ -1,4 +1,4 @@ -request[ $field ]; + break; } } diff --git a/includes/actions/types/redirect-to-page.php b/includes/actions/types/redirect-to-page.php index 37713e93c..cd83b94a1 100644 --- a/includes/actions/types/redirect-to-page.php +++ b/includes/actions/types/redirect-to-page.php @@ -127,6 +127,7 @@ public function do_action( array $request, Action_Handler $handler ) { $to_url = $this->get_redirect_url(); if ( ! $to_url ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'failed', $this->settings ); } diff --git a/includes/actions/types/register-user.php b/includes/actions/types/register-user.php index 3b46ec188..e9d3184d2 100644 --- a/includes/actions/types/register-user.php +++ b/includes/actions/types/register-user.php @@ -284,6 +284,7 @@ public function do_action( array $request, Action_Handler $handler ) { jet_fb_context()->update_request( $user_id, 'user_id' ); } } else { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'failed', $userarr ); } } diff --git a/includes/actions/types/send-email.php b/includes/actions/types/send-email.php index ba787e0cf..191bb1296 100644 --- a/includes/actions/types/send-email.php +++ b/includes/actions/types/send-email.php @@ -2,13 +2,13 @@ namespace Jet_Form_Builder\Actions\Types; -// If this file is called directly, abort. use Jet_Form_Builder\Actions\Action_Handler; use Jet_Form_Builder\Classes\Tools; use Jet_Form_Builder\Dev_Mode; use Jet_Form_Builder\Exceptions\Action_Exception; use Jet_Form_Builder\Request\Request_Tools; +// If this file is called directly, abort. if ( ! defined( 'WPINC' ) ) { die; } @@ -254,10 +254,10 @@ function ( \WP_Error $wp_error ) { throw new Action_Exception( 'failed', array( - 'to' => $this->get_mail_to(), - 'subject' => $this->get_subject(), - 'message' => $message, - 'headers' => $this->get_headers(), + 'to' => $this->get_mail_to(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + 'subject' => $this->get_subject(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + 'message' => $message, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + 'headers' => $this->get_headers(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ) ); } diff --git a/includes/admin/single-pages/base-single-page.php b/includes/admin/single-pages/base-single-page.php index 03d774a41..1b3dd7d39 100644 --- a/includes/admin/single-pages/base-single-page.php +++ b/includes/admin/single-pages/base-single-page.php @@ -73,7 +73,9 @@ public function query_id(): int { */ public function set_id( int $id ): Base_Single_Page { if ( ! $id ) { - throw new Not_Found_Page_Exception( 'Item id is empty: ' . $id . ' in ' . static::class ); + throw new Not_Found_Page_Exception( + esc_html( 'Item id is empty: ' . $id . ' in ' . static::class ) + ); } $this->id = $id; diff --git a/includes/admin/single-pages/meta-boxes/base-meta-box.php b/includes/admin/single-pages/meta-boxes/base-meta-box.php index 3f5aecd48..4d7eabe93 100644 --- a/includes/admin/single-pages/meta-boxes/base-meta-box.php +++ b/includes/admin/single-pages/meta-boxes/base-meta-box.php @@ -87,7 +87,11 @@ public function to_array(): array { try { $this->prepare_dependencies(); } catch ( Sql_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } return array( diff --git a/includes/admin/single-pages/meta-containers/base-meta-container.php b/includes/admin/single-pages/meta-containers/base-meta-container.php index fb11ddfb4..e7ba87215 100644 --- a/includes/admin/single-pages/meta-containers/base-meta-container.php +++ b/includes/admin/single-pages/meta-containers/base-meta-container.php @@ -77,7 +77,7 @@ public function get_box_by_scope( string $scoped_slug ): Base_Meta_Box { } } - throw new Repository_Exception( 'Undefined ' . $scoped_slug ); + throw new Repository_Exception( esc_html( 'Undefined ' . $scoped_slug ) ); } public function get_migrations(): \Generator { diff --git a/includes/blocks/block-helper.php b/includes/blocks/block-helper.php index 2ca2e2433..60ca3c1f7 100644 --- a/includes/blocks/block-helper.php +++ b/includes/blocks/block-helper.php @@ -18,19 +18,6 @@ */ class Block_Helper { - /** - * @param array $source_block - * @param \WP_Block|null $parent_block - * - * @return \WP_Block - * @noinspection PhpMissingParamTypeInspection - */ - public static function get_wp_block_instance( array $source_block, $parent_block ): \WP_Block { - if ( is_null( $parent_block ) ) { - - } - } - /** * @since 3.1.1 * diff --git a/includes/classes/arrayable/array-convert-once.php b/includes/classes/arrayable/array-convert-once.php index 615507540..0ec2bd053 100644 --- a/includes/classes/arrayable/array-convert-once.php +++ b/includes/classes/arrayable/array-convert-once.php @@ -98,7 +98,7 @@ public function exist( string $slug ): Array_Convert_Once { return $this; } - throw new Array_Continue_Exception( 'Undefined item: ' . $slug ); + throw new Array_Continue_Exception( esc_html( 'Undefined item: ' . $slug ) ); } diff --git a/includes/classes/resources/uploaded-file.php b/includes/classes/resources/uploaded-file.php index 150191728..fa2c26dfb 100644 --- a/includes/classes/resources/uploaded-file.php +++ b/includes/classes/resources/uploaded-file.php @@ -48,7 +48,7 @@ protected function upload_file( array $file ) { ); if ( ! empty( $upload['error'] ) ) { - throw new Upload_Exception( $upload['error'] ); + throw new Upload_Exception( esc_html( $upload['error'] ) ); } $this->set_from_array( $upload ); @@ -80,7 +80,7 @@ public function add_attachment() { ); if ( is_wp_error( $attachment ) ) { - throw new Upload_Exception( $attachment->get_error_message() ); + throw new Upload_Exception( esc_html( $attachment->get_error_message() ) ); } wp_update_attachment_metadata( diff --git a/includes/db-queries/base-db-model.php b/includes/db-queries/base-db-model.php index d5edba7a7..889e8294a 100644 --- a/includes/db-queries/base-db-model.php +++ b/includes/db-queries/base-db-model.php @@ -259,7 +259,7 @@ protected function migrations_install() { $migration->install(); } } catch ( Migration_Exception $exception ) { - throw new Sql_Exception( $exception->getMessage() ); + throw new Sql_Exception( esc_html( $exception->getMessage() ) ); } } @@ -290,7 +290,7 @@ public function before_delete() { } if ( ! current_user_can( 'manage_options' ) ) { throw new Sql_Exception( - "Not enough capabilities for current user to delete rows in {$this::table()}" + esc_html( "Not enough capabilities for current user to delete rows in {$this::table()}" ) ); } } diff --git a/includes/db-queries/execution-builder.php b/includes/db-queries/execution-builder.php index eafbe8a41..42237d777 100644 --- a/includes/db-queries/execution-builder.php +++ b/includes/db-queries/execution-builder.php @@ -90,7 +90,11 @@ public function insert( Base_Db_Model $model, $columns = array(), $format = null $wpdb->insert( $model::table(), $insert_columns, $format ); if ( ! $wpdb->insert_id ) { - throw new Sql_Exception( "Something went wrong on insert into: {$model::table()}", $insert_columns ); + throw new Sql_Exception( + esc_html( "Something went wrong on insert into: {$model::table()}" ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $insert_columns + ); } $model->after_insert( $insert_columns ); @@ -120,9 +124,9 @@ public function update( Base_Db_Model $model, $columns, $where, $format = null, if ( ! $wpdb->rows_affected ) { throw new Sql_Exception( - "Something went wrong on update rows in: {$model::table()}", - $columns, - $where + esc_html( "Something went wrong on update rows in: {$model::table()}" ), + $columns, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $where // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } @@ -147,8 +151,8 @@ public function delete( Base_Db_Model $model, $where, $where_format ): int { if ( ! $result ) { throw new Sql_Exception( - "Something went wrong on delete rows in: {$model->table()}", - $where + esc_html( "Something went wrong on delete rows in: {$model->table()}" ), + $where // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } @@ -173,8 +177,8 @@ public function view_delete( View_Base $view ): int { if ( ! $wpdb->rows_affected ) { throw new Query_Builder_Exception( - "Something went wrong on delete rows in: {$view->table()}", - $where + esc_html( "Something went wrong on delete rows in: {$view->table()}" ), + $where // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } @@ -203,9 +207,9 @@ public function view_update( array $columns, View_Base $view ): int { if ( ! $wpdb->rows_affected ) { throw new Sql_Exception( - "Something went wrong on update rows in: {$view->table()}", - $query, - $wpdb->rows_affected + esc_html( "Something went wrong on update rows in: {$view->table()}" ), + $query, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $wpdb->rows_affected // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } diff --git a/includes/db-queries/query-builder.php b/includes/db-queries/query-builder.php index cc270e2a8..342130d85 100644 --- a/includes/db-queries/query-builder.php +++ b/includes/db-queries/query-builder.php @@ -234,7 +234,7 @@ public function query_all(): array { $rows = $this->db()->get_results( $this->sql(), ARRAY_A ); if ( empty( $rows ) ) { - throw new Query_Builder_Exception( "Empty {$this->view()->table()} rows" ); + throw new Query_Builder_Exception( esc_html( "Empty {$this->view()->table()} rows" ) ); } $response = array(); @@ -257,7 +257,7 @@ public function generate_all( string $format = OBJECT ): \Generator { $this->db()->query( $this->sql() ); if ( empty( $this->db()->last_result ) ) { - throw new Query_Builder_Exception( "Empty {$this->view()->table()} rows" ); + throw new Query_Builder_Exception( esc_html( "Empty {$this->view()->table()} rows" ) ); } foreach ( (array) $this->db()->last_result as $row ) { diff --git a/includes/db-queries/views/view-base.php b/includes/db-queries/views/view-base.php index a0986c7f8..666093759 100644 --- a/includes/db-queries/views/view-base.php +++ b/includes/db-queries/views/view-base.php @@ -211,7 +211,11 @@ public function get_prepared_row( $row ) { $prepared = $this->prepare_row( $row ); if ( empty( $prepared ) ) { - throw new Query_Builder_Exception( $this->empty_message(), $row ); + throw new Query_Builder_Exception( + esc_html( $this->empty_message() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $row + ); } return $prepared; @@ -227,7 +231,11 @@ public function get_prepared_values( $values ) { $prepared = $this->prepare_values( $values ); if ( empty( $prepared ) ) { - throw new Query_Builder_Exception( $this->empty_message(), $values ); + throw new Query_Builder_Exception( + esc_html( $this->empty_message() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $values + ); } return $prepared; @@ -438,7 +446,7 @@ public function prepare_dependencies() { $model->create(); foreach ( $model->get_migrations() as $migration ) { - throw new Query_Builder_Exception( get_class( $model ) . ' is not updated' ); + throw new Query_Builder_Exception( esc_html( get_class( $model ) . ' is not updated' ) ); } } } diff --git a/includes/integrations/integration-base.php b/includes/integrations/integration-base.php index 4c41af55e..685cba89a 100644 --- a/includes/integrations/integration-base.php +++ b/includes/integrations/integration-base.php @@ -56,7 +56,7 @@ public function request_with_code( $end_point, $request_args = array() ) { if ( ! in_array( $code, $this->success_codes(), true ) ) { $message = wp_remote_retrieve_response_message( $response ); - throw new Silence_Exception( $message ); + throw new Silence_Exception( esc_html( $message ) ); } } diff --git a/includes/migrations/versions/base-migration.php b/includes/migrations/versions/base-migration.php index b98a48d61..3a382fd9b 100644 --- a/includes/migrations/versions/base-migration.php +++ b/includes/migrations/versions/base-migration.php @@ -83,7 +83,7 @@ final protected function run_up() { $this->profiler->on_up_end( $this, $timer_stop ); if ( $wpdb->last_error ) { - throw new Migration_Exception( $wpdb->last_error ); + throw new Migration_Exception( esc_html( $wpdb->last_error ) ); } $this->save( $time ); @@ -102,13 +102,13 @@ final public function run_down() { $this->profiler->on_down_end( $this, $timer_stop ); if ( $wpdb->last_error ) { - throw new Migration_Exception( $wpdb->last_error ); + throw new Migration_Exception( esc_html( $wpdb->last_error ) ); } try { $this->delete(); } catch ( Sql_Exception $exception ) { - throw new Migration_Exception( $exception->getMessage() ); + throw new Migration_Exception( esc_html( $exception->getMessage() ) ); } } diff --git a/includes/presets/preset-manager.php b/includes/presets/preset-manager.php index ad86b2580..e613c1663 100644 --- a/includes/presets/preset-manager.php +++ b/includes/presets/preset-manager.php @@ -204,7 +204,9 @@ public function get_field_value( $args = array() ) { */ public function get_source_by_type( $type ): Sources\Base_Source { if ( ! isset( $this->_source_types[ $type ] ) ) { - throw new Preset_Exception( "Undefined source type: {$type}" ); + throw new Preset_Exception( + esc_html( "Undefined source type: {$type}" ) + ); } return clone $this->_source_types[ $type ]; diff --git a/includes/presets/sources/base-source.php b/includes/presets/sources/base-source.php index 593a80ef3..d2ad995d8 100644 --- a/includes/presets/sources/base-source.php +++ b/includes/presets/sources/base-source.php @@ -81,6 +81,7 @@ public function maybe_query_source() { return $this; } + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Preset_Exception( 'Empty `prop` in ' . get_class( $this ), $this->field_data ); } @@ -92,11 +93,12 @@ protected function get_field_data() { if ( $this->has_field_in_map() ) { return $this->fields_map[ $this->field ]; } - + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped throw new Preset_Exception( "Empty `fields_map['{$this->field}']` in " . get_class( $this ), $this->fields_map ); + // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped } public function has_field_in_map() { @@ -242,7 +244,9 @@ public function default_prop( string $prop ) { throw new Preset_Exception( "Source isn't object" ); } - throw new Preset_Exception( "Can't get value from " . get_class( $source ) ); + throw new Preset_Exception( + esc_html( "Can't get value from " . get_class( $source ) ) + ); } @@ -274,6 +278,7 @@ public function get_field_object(): Base { $block = jet_form_builder()->blocks->get_field_by_name( $type ); if ( ! $block ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Preset_Exception( 'Undefined block_type: ' . $type, $this->field_args ); } diff --git a/includes/presets/sources/preset-source-post.php b/includes/presets/sources/preset-source-post.php index 65fc60326..dc07fe4f1 100644 --- a/includes/presets/sources/preset-source-post.php +++ b/includes/presets/sources/preset-source-post.php @@ -121,7 +121,11 @@ public function source__post_meta() { */ public function source__post_terms() { if ( empty( $this->field_data['key'] ) ) { - throw new Preset_Exception( 'Undefined `key` in `field_data`', $this->field_data ); + throw new Preset_Exception( + 'Undefined `key` in `field_data`', + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + $this->field_data + ); } $value = wp_get_post_terms( $this->src()->ID, $this->field_data['key'] ); diff --git a/includes/presets/types/dynamic-preset.php b/includes/presets/types/dynamic-preset.php index 6a9866c3c..071009225 100644 --- a/includes/presets/types/dynamic-preset.php +++ b/includes/presets/types/dynamic-preset.php @@ -70,6 +70,7 @@ public function is_active_preset_json( $source ) { ? Preset_Manager::instance()->prepare_result( $args['type'], $source ) : $source; + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Plain_Default_Exception( $result ); } diff --git a/modules/active-campaign/methods/custom-contact-property.php b/modules/active-campaign/methods/custom-contact-property.php index adf1ed656..4cd4c90f1 100644 --- a/modules/active-campaign/methods/custom-contact-property.php +++ b/modules/active-campaign/methods/custom-contact-property.php @@ -114,6 +114,7 @@ protected function get_fields( Contact_Modifier $modifier ): Retrieve_Custom_Fie try { $fields->request()->check_response_code()->response_body_as_array(); } catch ( Gateway_Exception $exception ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'internal_error', $fields->get_request_args() ); } diff --git a/modules/active-campaign/methods/list-contact-property.php b/modules/active-campaign/methods/list-contact-property.php index 2158b38f0..3d66ac014 100644 --- a/modules/active-campaign/methods/list-contact-property.php +++ b/modules/active-campaign/methods/list-contact-property.php @@ -50,6 +50,7 @@ public function do_after( Abstract_Modifier $modifier ) { try { $api->send_request(); } catch ( Gateway_Exception $exception ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'internal_error', $api->get_request_args() ); } } diff --git a/modules/active-campaign/methods/tags-contact-property.php b/modules/active-campaign/methods/tags-contact-property.php index 63b0bbf05..5f173ecd8 100644 --- a/modules/active-campaign/methods/tags-contact-property.php +++ b/modules/active-campaign/methods/tags-contact-property.php @@ -53,6 +53,7 @@ public function do_after( Abstract_Modifier $modifier ) { try { $api_tags->check_response_code()->response_body_as_array(); } catch ( Gateway_Exception $exception ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'internal_error', $api_tags->get_request_args() ); } @@ -94,6 +95,7 @@ protected function create_tag( Contact_Modifier $modifier, string $tag ): int { try { $response = $api->send_request(); } catch ( Gateway_Exception $exception ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'internal_error', $api->get_request_args() ); } @@ -115,6 +117,7 @@ protected function attach_tag( Contact_Modifier $modifier, int $tag, int $contac try { $api->request()->check_response_code(); } catch ( Gateway_Exception $exception ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Action_Exception( 'internal_error', $api->get_request_args() ); } } diff --git a/modules/block-parsers/fields/media-field-parser.php b/modules/block-parsers/fields/media-field-parser.php index 781ebfd18..c30d2944f 100644 --- a/modules/block-parsers/fields/media-field-parser.php +++ b/modules/block-parsers/fields/media-field-parser.php @@ -47,7 +47,10 @@ public function get_response() { /** @var Media_Block_Value $uploads */ $uploads = $uploader->upload(); } catch ( Upload_Exception $exception ) { - throw new Sanitize_Value_Exception( $exception->getMessage(), $this->name ); + throw new Sanitize_Value_Exception( + esc_html( $exception->getMessage() ), + esc_html( $this->name ) + ); } $this->set_file( $uploads ); diff --git a/modules/block-parsers/file-uploader.php b/modules/block-parsers/file-uploader.php index bdae1683f..0c8022ba2 100644 --- a/modules/block-parsers/file-uploader.php +++ b/modules/block-parsers/file-uploader.php @@ -124,6 +124,7 @@ protected function get_uploaded( File $file ) { protected function sanitize_permissions() { $cap = ! empty( $this->settings['allowed_user_cap'] ) ? $this->settings['allowed_user_cap'] : 'upload_files'; + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped if ( 'any_user' !== $cap && ! is_user_logged_in() ) { throw new Upload_Permission_Exception( __( 'You are not allowed to upload files', 'jet-form-builder' ) @@ -135,6 +136,7 @@ protected function sanitize_permissions() { __( 'You are not allowed to upload files', 'jet-form-builder' ) ); } + // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped } /** diff --git a/modules/block-parsers/parser-context.php b/modules/block-parsers/parser-context.php index 7d5816dc5..4caad0ad9 100644 --- a/modules/block-parsers/parser-context.php +++ b/modules/block-parsers/parser-context.php @@ -153,6 +153,7 @@ protected function generate_blocks( $fields ): \Generator { * @throws Parse_Exception */ public function validate_field( array $field ) { + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped if ( empty( $field['blockName'] ) ) { throw new Parse_Exception( Module::EMPTY_BLOCK_ERROR ); } @@ -167,6 +168,7 @@ public function validate_field( array $field ) { if ( ! Module::instance()->isset_parser( $field['blockName'] ) ) { throw new Parse_Exception( Module::NOT_FIELD_HAS_INNER, $field['innerBlocks'] ); } + // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped } /** @@ -808,6 +810,7 @@ public function resolve( $path ) { } if ( ! array_key_exists( $path[0], $this->parsers ) ) { + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Repository_Exception( 'undefined_parser', $path ); } if ( ! ( $this->parsers[ $path[0] ] instanceof Field_Data_Parser ) ) { diff --git a/modules/block-sanitizer/sanitizers/repeater-sanitizer.php b/modules/block-sanitizer/sanitizers/repeater-sanitizer.php index ca1cd0a3d..4f27cfc67 100644 --- a/modules/block-sanitizer/sanitizers/repeater-sanitizer.php +++ b/modules/block-sanitizer/sanitizers/repeater-sanitizer.php @@ -36,7 +36,6 @@ public function apply_block_data( array $parsed_block, array $source_block, $par return $parsed_block; } - return $parsed_block; } diff --git a/modules/captcha/friendly-captcha/friendly-captcha.php b/modules/captcha/friendly-captcha/friendly-captcha.php index 31c1f5a8f..0c5d73dbd 100644 --- a/modules/captcha/friendly-captcha/friendly-captcha.php +++ b/modules/captcha/friendly-captcha/friendly-captcha.php @@ -36,8 +36,8 @@ public function verify( array $request ) { } catch ( Gateway_Exception $exception ) { throw new Spam_Exception( 'captcha_failed', - $exception->getMessage(), - ...$exception->get_additional() + $exception->getMessage(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } } diff --git a/modules/captcha/friendly-captcha/verify-token-action.php b/modules/captcha/friendly-captcha/verify-token-action.php index a2dd51dfa..4a0d61b2a 100644 --- a/modules/captcha/friendly-captcha/verify-token-action.php +++ b/modules/captcha/friendly-captcha/verify-token-action.php @@ -29,6 +29,7 @@ public function send_request() { return $response; } + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Gateway_Exception( 'captcha_failed', $response, $this->get_request_args() ); } diff --git a/modules/captcha/hcaptcha/hcaptcha.php b/modules/captcha/hcaptcha/hcaptcha.php index 5ee3569dc..147d493c2 100644 --- a/modules/captcha/hcaptcha/hcaptcha.php +++ b/modules/captcha/hcaptcha/hcaptcha.php @@ -39,8 +39,8 @@ public function verify( array $request ) { } catch ( Gateway_Exception $exception ) { throw new Spam_Exception( 'captcha_failed', - $exception->getMessage(), - ...$exception->get_additional() + $exception->getMessage(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } } diff --git a/modules/captcha/re-captcha-v3/re-captcha-v3.php b/modules/captcha/re-captcha-v3/re-captcha-v3.php index f2c586bec..802de11ce 100644 --- a/modules/captcha/re-captcha-v3/re-captcha-v3.php +++ b/modules/captcha/re-captcha-v3/re-captcha-v3.php @@ -47,8 +47,8 @@ public function verify( array $request ) { } catch ( Gateway_Exception $exception ) { throw new Spam_Exception( 'captcha_failed', - $exception->getMessage(), - ...$exception->get_additional() + $exception->getMessage(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } } diff --git a/modules/captcha/re-captcha-v3/verify-token-action.php b/modules/captcha/re-captcha-v3/verify-token-action.php index b39421a3d..c9e81fb95 100644 --- a/modules/captcha/re-captcha-v3/verify-token-action.php +++ b/modules/captcha/re-captcha-v3/verify-token-action.php @@ -39,6 +39,7 @@ public function send_request() { return $response; } + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Gateway_Exception( 'captcha_failed', $response, $this->get_request_args() ); } diff --git a/modules/captcha/turnstile/turnstile.php b/modules/captcha/turnstile/turnstile.php index 4295a7d7e..7318c181c 100644 --- a/modules/captcha/turnstile/turnstile.php +++ b/modules/captcha/turnstile/turnstile.php @@ -39,8 +39,8 @@ public function verify( array $request ) { } catch ( Gateway_Exception $exception ) { throw new Spam_Exception( 'captcha_failed', - $exception->getMessage(), - ...$exception->get_additional() + $exception->getMessage(), // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ); } } diff --git a/modules/captcha/turnstile/verify-token-action.php b/modules/captcha/turnstile/verify-token-action.php index 734563bc7..2227da616 100644 --- a/modules/captcha/turnstile/verify-token-action.php +++ b/modules/captcha/turnstile/verify-token-action.php @@ -39,6 +39,7 @@ public function send_request() { return $response; } + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped throw new Gateway_Exception( 'captcha_failed', $response, $this->get_request_args() ); } diff --git a/modules/form-record/admin/meta-boxes/form-record-actions-box.php b/modules/form-record/admin/meta-boxes/form-record-actions-box.php index 662f1b5ce..725419b4e 100644 --- a/modules/form-record/admin/meta-boxes/form-record-actions-box.php +++ b/modules/form-record/admin/meta-boxes/form-record-actions-box.php @@ -61,7 +61,11 @@ public function get_raw_list( array $args ): array { ->query_all(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } } diff --git a/modules/form-record/admin/meta-boxes/form-record-errors-box.php b/modules/form-record/admin/meta-boxes/form-record-errors-box.php index 449b57827..2c1608d84 100644 --- a/modules/form-record/admin/meta-boxes/form-record-errors-box.php +++ b/modules/form-record/admin/meta-boxes/form-record-errors-box.php @@ -51,7 +51,11 @@ public function get_raw_list( array $args ): array { ->query_all(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } } diff --git a/modules/form-record/admin/meta-boxes/form-record-fields-box.php b/modules/form-record/admin/meta-boxes/form-record-fields-box.php index 72a2160b2..b8334cd7f 100644 --- a/modules/form-record/admin/meta-boxes/form-record-fields-box.php +++ b/modules/form-record/admin/meta-boxes/form-record-fields-box.php @@ -79,7 +79,11 @@ public function get_raw_list( array $args ): array { ->query_all(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } diff --git a/modules/form-record/admin/meta-boxes/form-record-inline-actions-box.php b/modules/form-record/admin/meta-boxes/form-record-inline-actions-box.php index 83aeabb0d..af00ecc14 100644 --- a/modules/form-record/admin/meta-boxes/form-record-inline-actions-box.php +++ b/modules/form-record/admin/meta-boxes/form-record-inline-actions-box.php @@ -49,7 +49,11 @@ public function get_list(): array { try { return Record_View::findById( $this->get_id() ); } catch ( Query_Builder_Exception $exception ) { - throw new Not_Found_Page_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Not_Found_Page_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } diff --git a/modules/form-record/admin/meta-boxes/form-record-values-box.php b/modules/form-record/admin/meta-boxes/form-record-values-box.php index a80a05980..1122c62e1 100644 --- a/modules/form-record/admin/meta-boxes/form-record-values-box.php +++ b/modules/form-record/admin/meta-boxes/form-record-values-box.php @@ -57,7 +57,11 @@ public function get_list(): array { try { $record = Record_View::findById( $this->get_id() ); } catch ( Query_Builder_Exception $exception ) { - throw new Not_Found_Page_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Not_Found_Page_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } if ( $record['is_viewed'] ) { @@ -75,7 +79,11 @@ public function get_list(): array { ); $record['is_viewed'] = 1; } catch ( Sql_Exception $exception ) { - throw new Not_Found_Page_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Not_Found_Page_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } return $record; diff --git a/modules/form-record/admin/meta-boxes/record-to-payment-box.php b/modules/form-record/admin/meta-boxes/record-to-payment-box.php index e0d63659a..3d81e760b 100644 --- a/modules/form-record/admin/meta-boxes/record-to-payment-box.php +++ b/modules/form-record/admin/meta-boxes/record-to-payment-box.php @@ -49,7 +49,11 @@ public function get_id(): int { )->query()->query_col(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } return $record_id; diff --git a/modules/form-record/export/multiple-controller.php b/modules/form-record/export/multiple-controller.php index 757eb8b3e..61d587fa9 100644 --- a/modules/form-record/export/multiple-controller.php +++ b/modules/form-record/export/multiple-controller.php @@ -36,7 +36,7 @@ public function do_export() { if ( ! $this->fields_columns && ! $this->extra_columns ) { throw new \Exception( - __( 'Fields or additional columns must be specified', 'jet-form-builder' ) + esc_html__( 'Fields or additional columns must be specified', 'jet-form-builder' ) ); } @@ -158,7 +158,7 @@ protected function get_form_id(): int { if ( ! $form_id ) { throw new \Exception( - __( 'Form ID is empty', 'jet-form-builder' ) + esc_html__( 'Form ID is empty', 'jet-form-builder' ) ); } diff --git a/modules/form-record/export/single-controller.php b/modules/form-record/export/single-controller.php index 4641b29df..e7cc5b510 100644 --- a/modules/form-record/export/single-controller.php +++ b/modules/form-record/export/single-controller.php @@ -59,7 +59,7 @@ protected function get_record_id(): int { if ( ! $record_id ) { throw new \Exception( - __( 'Record ID is empty', 'jet-form-builder' ) + esc_html__( 'Record ID is empty', 'jet-form-builder' ) ); } diff --git a/modules/gateways/base-gateway-action.php b/modules/gateways/base-gateway-action.php index 1dc598206..6a2f37219 100644 --- a/modules/gateways/base-gateway-action.php +++ b/modules/gateways/base-gateway-action.php @@ -319,9 +319,11 @@ public function check_response_code(): self { $this->response_body_as_array(); throw new Gateway_Exception( - $this->response_message( 'Invalid HTTP code.' ), + esc_html( $this->response_message( 'Invalid HTTP code.' ) ), + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped $this->get_response_body(), $this->get_body() + // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped ); } @@ -335,14 +337,17 @@ public function response_body_as_array(): self { } if ( empty( $this->get_response_body() ) ) { - throw new Gateway_Exception( $this->response_message( 'Empty response.' ) ); + throw new Gateway_Exception( + esc_html( $this->response_message( 'Empty response.' ) ) + ); } if ( is_wp_error( $this->get_response_body() ) ) { /** @var \WP_Error $response */ $response = $this->get_response_body(); throw new Gateway_Exception( - $this->response_message( 'Internal error.' ), + esc_html( $this->response_message( 'Internal error.' ) ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped $response->get_error_message( $response->get_error_code() ) @@ -353,10 +358,12 @@ public function response_body_as_array(): self { if ( is_null( $parsed_response ) ) { throw new Gateway_Exception( - $this->response_message( 'Invalid JSON.' ), + esc_html( $this->response_message( 'Invalid JSON.' ) ), + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped $this->get_response_body(), $this->get_request_args(), $this->get_url() + // phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped ); } diff --git a/modules/gateways/base-gateway.php b/modules/gateways/base-gateway.php index 5a6a97f66..bb10614ed 100644 --- a/modules/gateways/base-gateway.php +++ b/modules/gateways/base-gateway.php @@ -203,7 +203,7 @@ public function set_current_gateway_options() { $default_val = $option['default'] ?? false; if ( $is_required && ! $this->current_gateway( $name ) && false === $default_val ) { - throw new Gateway_Exception( 'Invalid gateway options', $name ); + throw new Gateway_Exception( 'Invalid gateway options', esc_html( $name ) ); } $this->options[ $name ] = $this->isset_current_gateway( $name ) diff --git a/modules/gateways/export/multiple-controller.php b/modules/gateways/export/multiple-controller.php index 18b55bb53..013b699aa 100644 --- a/modules/gateways/export/multiple-controller.php +++ b/modules/gateways/export/multiple-controller.php @@ -28,7 +28,7 @@ public function do_export() { ! $this->record_columns ) { throw new \Exception( - __( 'General or additional columns must be specified', 'jet-form-builder' ) + esc_html__( 'General or additional columns must be specified', 'jet-form-builder' ) ); } diff --git a/modules/gateways/export/single-controller.php b/modules/gateways/export/single-controller.php index a7e99bd3d..76dc8ddea 100644 --- a/modules/gateways/export/single-controller.php +++ b/modules/gateways/export/single-controller.php @@ -54,7 +54,7 @@ protected function get_payment_id(): int { if ( ! $payment_id ) { throw new \Exception( - __( 'Payment ID is empty', 'jet-form-builder' ) + esc_html__( 'Payment ID is empty', 'jet-form-builder' ) ); } diff --git a/modules/gateways/legacy-base-gateway.php b/modules/gateways/legacy-base-gateway.php index 0b12fddb5..36a1121c8 100644 --- a/modules/gateways/legacy-base-gateway.php +++ b/modules/gateways/legacy-base-gateway.php @@ -144,7 +144,7 @@ public function set_order_token() { $this->order_token = $this->query_order_token( $this->order_id, jet_fb_handler()->form_id ); if ( ! $this->order_token ) { - throw new Gateway_Exception( 'Invalid token', $this->order_token ); + throw new Gateway_Exception( 'Invalid token', esc_html( $this->order_token ) ); } } @@ -203,7 +203,7 @@ public function set_price_field() { ); if ( ! $this->price_field ) { - throw new Gateway_Exception( 'Invalid price field', $this->gateways_meta ); + throw new Gateway_Exception( 'Invalid price field' ); } } diff --git a/modules/gateways/meta-boxes/payer-box.php b/modules/gateways/meta-boxes/payer-box.php index d4a9d1a20..509ffa5e7 100644 --- a/modules/gateways/meta-boxes/payer-box.php +++ b/modules/gateways/meta-boxes/payer-box.php @@ -41,7 +41,11 @@ public function get_list(): array { return $payment['payer'] ?? array(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } } diff --git a/modules/gateways/meta-boxes/payer-shipping-box.php b/modules/gateways/meta-boxes/payer-shipping-box.php index fc5d3367c..51a7247a2 100644 --- a/modules/gateways/meta-boxes/payer-shipping-box.php +++ b/modules/gateways/meta-boxes/payer-shipping-box.php @@ -50,7 +50,11 @@ public function get_list(): array { return $payment['ship'] ?? array(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } } diff --git a/modules/gateways/meta-boxes/payment-actions-box.php b/modules/gateways/meta-boxes/payment-actions-box.php index 3161e393b..7b1caae19 100644 --- a/modules/gateways/meta-boxes/payment-actions-box.php +++ b/modules/gateways/meta-boxes/payment-actions-box.php @@ -36,7 +36,11 @@ public function get_list(): array { try { return Payment_For_Export_View::findById( $this->get_id() ); } catch ( Query_Builder_Exception $exception ) { - throw new Not_Found_Page_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Not_Found_Page_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } diff --git a/modules/gateways/meta-boxes/payment-details-box.php b/modules/gateways/meta-boxes/payment-details-box.php index 5ad8ab5b1..73621af2b 100644 --- a/modules/gateways/meta-boxes/payment-details-box.php +++ b/modules/gateways/meta-boxes/payment-details-box.php @@ -69,7 +69,11 @@ public function get_list(): array { try { return Payment_View::findById( $this->get_id() ); } catch ( Query_Builder_Exception $exception ) { - throw new Not_Found_Page_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Not_Found_Page_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } } } diff --git a/modules/gateways/meta-boxes/payment-info-for-record.php b/modules/gateways/meta-boxes/payment-info-for-record.php index 1961e2c85..1b98cc19c 100644 --- a/modules/gateways/meta-boxes/payment-info-for-record.php +++ b/modules/gateways/meta-boxes/payment-info-for-record.php @@ -48,7 +48,11 @@ public function get_id(): int { ) )->query()->query_col(); } catch ( Query_Builder_Exception $exception ) { - throw new Empty_Box_Exception( $exception->getMessage(), ...$exception->get_additional() ); + throw new Empty_Box_Exception( + esc_html( $exception->getMessage() ), + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + ...$exception->get_additional() + ); } return $payment_id; diff --git a/modules/gateways/paypal/controller.php b/modules/gateways/paypal/controller.php index 0d38df4f5..0fec2cbde 100644 --- a/modules/gateways/paypal/controller.php +++ b/modules/gateways/paypal/controller.php @@ -158,7 +158,11 @@ public static function get_token_global() { */ public static function get_token_with_credits( $client_id, $secret ) { if ( ! $client_id || ! $secret ) { - throw new Gateway_Exception( 'Empty `client_id` or `secret_key`.', array( $client_id, $secret ) ); + throw new Gateway_Exception( + 'Empty `client_id` or `secret_key`.', + esc_html( $client_id ), + esc_html( $secret ) + ); } $hash = 'jet_fb_pp_token_' . md5( $client_id . $secret ); $token = get_transient( $hash ); @@ -173,7 +177,8 @@ public static function get_token_with_credits( $client_id, $secret ) { $response = $request->send_request(); if ( empty( $response['access_token'] ) ) { - throw new Gateway_Exception( $response['error_description'], $response, $request->get_request_args() ); + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + throw new Gateway_Exception( esc_html( $response['error_description'] ), $response, $request->get_request_args() ); } $token = $response['access_token']; diff --git a/modules/gateways/paypal/scenarios-logic/pay-now.php b/modules/gateways/paypal/scenarios-logic/pay-now.php index f6a1972c3..644603900 100644 --- a/modules/gateways/paypal/scenarios-logic/pay-now.php +++ b/modules/gateways/paypal/scenarios-logic/pay-now.php @@ -3,7 +3,7 @@ namespace JFB_Modules\Gateways\Paypal\Scenarios_Logic; -use Jet_Form_Builder\Actions\Types\Save_Record; +use JFB_Modules\Form_Record\Action_Types\Save_Record; use Jet_Form_Builder\Db_Queries\Exceptions\Sql_Exception; use Jet_Form_Builder\Db_Queries\Execution_Builder; use Jet_Form_Builder\Exceptions\Action_Exception; @@ -99,7 +99,8 @@ public function create_resource() { $payment = $action->send_request(); if ( empty( $payment['id'] ) ) { - throw new Gateway_Exception( $payment['message'], $payment ); + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + throw new Gateway_Exception( esc_html( $payment['message'] ), $payment ); } do_action( 'jet-form-builder/gateways/after-create', $action, $payment ); @@ -151,7 +152,7 @@ public function save_resource( $payment ) { ); } catch ( Sql_Exception $exception ) { - throw new Gateway_Exception( $exception->getMessage() ); + throw new Gateway_Exception( esc_html( $exception->getMessage() ) ); } } @@ -179,7 +180,7 @@ public function query_scenario_row() { )->query()->query_one(); } catch ( Query_Builder_Exception $exception ) { - throw new Gateway_Exception( $exception->getMessage() ); + throw new Gateway_Exception( esc_html( $exception->getMessage() ) ); } } @@ -207,7 +208,7 @@ public function process_after() { } catch ( Sql_Exception $exception ) { Execution_Builder::instance()->transaction_rollback(); - throw new Gateway_Exception( $exception->getMessage() ); + throw new Gateway_Exception( esc_html( $exception->getMessage() ) ); } } @@ -234,7 +235,8 @@ private function on_error( array $payment ) { } catch ( Sql_Exception $exception ) { return; } finally { - throw new Gateway_Exception( 'Payment was voided', $payment['message'] ); + // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped + throw new Gateway_Exception( 'Payment was voided', $payment ); } } diff --git a/modules/gateways/scenarios-abstract/scenarios-manager-abstract.php b/modules/gateways/scenarios-abstract/scenarios-manager-abstract.php index 1d478fd2a..970f05671 100644 --- a/modules/gateways/scenarios-abstract/scenarios-manager-abstract.php +++ b/modules/gateways/scenarios-abstract/scenarios-manager-abstract.php @@ -89,7 +89,7 @@ public function query_logic(): Scenario_Logic_Base { $this->queried_scenario = $this->logic()->rep_get_item( $scenario ); } } catch ( Repository_Exception $exception ) { - throw new Gateway_Exception( $exception->getMessage() ); + throw new Gateway_Exception( esc_html( $exception->getMessage() ) ); } return $this->queried_scenario;