Issues in class-metaboxes.php (master) - Issues in master - fooplugins/foogallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1881)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

extensions/albums/admin/class-metaboxes.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * FooGallery Admin Album MetaBoxes class
 */

if ( ! class_exists( 'FooGallery_Admin_Album_MetaBoxes' ) ) {

	class FooGallery_Admin_Album_MetaBoxes {

		private $_album;

		public function __construct() {
			//add our foogallery metaboxes
			add_action( 'add_meta_boxes_' . FOOGALLERY_CPT_ALBUM, array( $this, 'add_meta_boxes' ) );

			//save extra post data for a gallery
			add_action( 'save_post', array( $this, 'save_album' ) );

			//whitelist metaboxes for our album posttype
			add_filter( 'foogallery-album_metabox_sanity', array( $this, 'whitelist_metaboxes' ) );

			//add scripts used by metaboxes
			add_action( 'admin_enqueue_scripts', array( $this, 'include_required_scripts' ) );

			// Ajax call for getting gallery details
			add_action( 'wp_ajax_foogallery_get_gallery_details', array( $this, 'ajax_get_gallery_details' ) );

			// Ajax call for saving gallery details
			add_action( 'wp_ajax_foogallery_save_gallery_details', array( $this, 'ajax_save_gallery_details' ) );

			// Save details for the gallery
			add_action( 'foogallery_album_gallery_details_save', array( $this, 'gallery_details_save' ), 10, 3 );
		}

		public function whitelist_metaboxes() {
			return array(
				FOOGALLERY_CPT_GALLERY => array(
					'whitelist'  => apply_filters( 'foogallery_metabox_sanity_foogallery-album',
						array(
							'submitdiv',
							'slugdiv',
							'postimagediv',
							'foogalleryalbum_galleries',
							'foogalleryalbum_shortcode'
						)
					),
					'contexts'   => array( 'normal', 'advanced', 'side', ),
					'priorities' => array( 'high', 'core', 'default', 'low', ),
				)
			);
		}

		public function add_meta_boxes( $post ) {

			add_meta_box(
				'foogalleryalbum_galleries',
				__( 'Galleries - click a gallery to add it to your album.', 'foogallery' ),
				array( $this, 'render_gallery_metabox' ),
				FOOGALLERY_CPT_ALBUM,
				'normal',
				'high'
			);

			add_meta_box(
				'foogalleryalbum_settings',
				__( 'Settings', 'foogallery' ),
				array( $this, 'render_settings_metabox' ),
				FOOGALLERY_CPT_ALBUM,
				'normal',
				'high'
			);

			add_meta_box(
				'foogalleryalbum_customcss',
				__( 'Custom CSS', 'foogallery' ),
				array( $this, 'render_customcss_metabox' ),
				FOOGALLERY_CPT_ALBUM,
				'normal',
				'low'
			);

			add_meta_box(
				'foogalleryalbum_shortcode',
				__( 'Album Shortcode', 'foogallery' ),
				array( $this, 'render_shortcode_metabox' ),
				FOOGALLERY_CPT_ALBUM,
				'side',
				'default'
			);

			add_meta_box(
				'foogalleryalbum_sorting',
				__( 'Album Sorting', 'foogallery' ),
				array( $this, 'render_sorting_metabox' ),
				FOOGALLERY_CPT_ALBUM,
				'side',
				'default'
			);
		}

		public function get_album( $post ) {
			if ( ! isset( $this->_album ) ) {
				$this->_album = FooGalleryAlbum::get( $post );
			}

			return $this->_album;
		}

		public function save_album( $post_id ) {
			// check autosave
			if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
				return $post_id;
			}

			// verify nonce
			if ( array_key_exists( FOOGALLERY_CPT_ALBUM . '_nonce', $_POST ) &&
			     wp_verify_nonce( $_POST[ FOOGALLERY_CPT_ALBUM . '_nonce' ], plugin_basename( FOOGALLERY_FILE ) )
			) {
				//if we get here, we are dealing with the Album custom post type

				$galleries = apply_filters( 'foogallery_save_album_galleries', explode( ',', $_POST[ FOOGALLERY_ALBUM_META_GALLERIES ] ) );
				update_post_meta( $post_id, FOOGALLERY_ALBUM_META_GALLERIES, $galleries );

				if ( !empty( $_POST[FOOGALLERY_ALBUM_META_TEMPLATE] ) ) {
					update_post_meta( $post_id, FOOGALLERY_ALBUM_META_TEMPLATE, $_POST[FOOGALLERY_ALBUM_META_TEMPLATE] );
				}

				if ( isset( $_POST[FOOGALLERY_ALBUM_META_SORT] ) ) {
					update_post_meta( $post_id, FOOGALLERY_ALBUM_META_SORT, $_POST[FOOGALLERY_ALBUM_META_SORT] );
				}

				$settings = isset($_POST['_foogallery_settings']) ?
					$_POST['_foogallery_settings'] : array();

				$settings = apply_filters( 'foogallery_save_album_settings', $settings );

				if ( !empty( $settings ) ) {
					update_post_meta( $post_id, FOOGALLERY_META_SETTINGS_OLD, $settings );
				} else {
					delete_post_meta( $post_id, FOOGALLERY_META_SETTINGS_OLD );
				}

				$custom_css = isset($_POST[FOOGALLERY_META_CUSTOM_CSS]) ?
					$_POST[FOOGALLERY_META_CUSTOM_CSS] : '';

				if ( empty( $custom_css ) ) {
					delete_post_meta( $post_id, FOOGALLERY_META_CUSTOM_CSS );
				} else {
					update_post_meta( $post_id, FOOGALLERY_META_CUSTOM_CSS, $custom_css );
				}

				do_action( 'foogallery_after_save_album', $post_id, $_POST );
			}
		}

		public function get_ordered_galleries( $album ) {
		    //exclude the galleries already added to the album
            $excluded_galleries = $album->gallery_ids;

            //allow more galleries to be excluded
            $excluded_galleries = apply_filters( 'foogallery_album_exlcuded_galleries', $excluded_galleries, $album );

			//get all other galleries
			$galleries = foogallery_get_all_galleries( $excluded_galleries );

			$album_galleries = $album->galleries();

			return array_merge( $album_galleries, $galleries );
		}

		public function render_gallery_metabox( $post ) {
			$album = $this->get_album( $post );

			$galleries = $this->get_ordered_galleries( $album );

			wp_enqueue_style( 'media-views' );

			?>
			<input type="hidden" name="<?php echo FOOGALLERY_CPT_ALBUM; ?>_nonce"
			       id="<?php echo FOOGALLERY_CPT_ALBUM; ?>_nonce"
			       value="<?php echo wp_create_nonce( plugin_basename( FOOGALLERY_FILE ) ); ?>"/>
			<input type="hidden" name='foogallery_album_galleries' id="foogallery_album_galleries"
			       value="<?php echo $album->gallery_id_csv(); ?>"/>
			<div>
				<?php if ( !$album->has_galleries() ) { ?>
					<div class="foogallery-album-error">
						<?php _e( 'There are no galleries selected for your album yet! Click any gallery to add it to your album.', 'foogallery' ); ?>
					</div>
				<?php } ?>

				<div class="foogallery-album-info-modal media-modal">
					<div class="media-modal-content">
						<div class="media-frame mode-select">
							<div class="media-frame-title">
								<h1><?php _e('Edit Gallery Details', 'foogallery'); ?></h1>
								<span class="spinner is-active"></span>
							</div>
							<div class="modal-content">
								<?php wp_nonce_field( 'foogallery_album_gallery_details', 'foogallery_album_gallery_details_nonce', false ); ?>
								<div class="gallery-details" data-loading="<?php _e( 'Loading details for ', 'foogallery' ); ?>"></div>
							</div>
						</div>
						<div class="media-frame-toolbar">
							<div class="media-toolbar">
								<div class="media-toolbar-secondary"></div>
								<div class="media-toolbar-primary search-form">
									<button type="button" class="button media-button button-primary button-large media-button-select gallery-details-save"><?php _e('Save Gallery Details', 'foogallery'); ?></button>
									<span class="spinner"></span>
								</div>
							</div>
						</div>
					</div>
					<button type="button" class="button-link media-modal-close">
						<span class="media-modal-icon"><span class="screen-reader-text"><?php _e('Close media panel', 'foogallery'); ?></span></span>
					</button>

				</div>
				<div class="foogallery-album-info-modal-backdrop media-modal-backdrop"></div>


				<ul class="foogallery-album-gallery-list">
					<?php
					foreach ( $galleries as $gallery ) {
						$img_src  = foogallery_find_featured_attachment_thumbnail_src( $gallery );
						$images   = $gallery->image_count();
						$selected = $album->includes_gallery( $gallery->ID ) ? ' selected' : '';
						$title = $gallery->safe_name();
						?>
						<li class="foogallery-pile">
							<div class="foogallery-gallery-select attachment-preview landscape<?php echo $selected; ?>" data-foogallery-id="<?php echo $gallery->ID; ?>">
								<div class="thumbnail" style="display: table;">
									<div style="display: table-cell; vertical-align: middle; text-align: center;">
										<img src="<?php echo $img_src; ?>"/>
										<h3><?php echo $title; ?>
											<span><?php echo $images; ?></span>
										</h3>
									</div>
								</div>
								<a class="info foogallery-album-info" href="#"
								   title="<?php _e( 'Edit Album Info', 'foogallery' ); ?>"
								   data-gallery-title="<?php echo $title; ?>"
								   data-gallery-id="<?php echo $gallery->ID; ?>"><span class="dashicons dashicons-info"></span></a>
							</div>
						</li>
					<?php } ?>
				</ul>
				<div style="clear: both;"></div>
			</div>
		<?php
		}

		public function render_shortcode_metabox( $post ) {
			$album   = $this->get_album( $post );
			$shortcode = $album->shortcode();
			?>
			<p class="foogallery-shortcode">
				<input type="text" id="foogallery_copy_shortcode" size="<?php echo strlen( $shortcode ); ?>" value="<?php echo htmlspecialchars( $shortcode ); ?>" readonly="readonly" />
			</p>
			<p>
				<?php _e( 'Paste the above shortcode into a post or page to show the album.', 'foogallery' ); ?>
			</p>
			<script>
				jQuery(function($) {
					var shortcodeInput = document.querySelector('#foogallery_copy_shortcode');
					shortcodeInput.addEventListener('click', function () {
						try {
							// select the contents
							shortcodeInput.select();
							//copy the selection
							document.execCommand('copy');
							//show the copied message
							$('.foogallery-shortcode-message').remove();
							$(shortcodeInput).after('<p class="foogallery-shortcode-message"><?php _e( 'Shortcode copied to clipboard :)','foogallery' ); ?></p>');
						} catch(err) {
							console.log('Oops, unable to copy!');
						}
					}, false);
				});
			</script>
		<?php
		}

		public function render_sorting_metabox( $post ) {
			$album = $this->get_album( $post );
			$sorting_options = foogallery_sorting_options(); ?>
			<p>
				<?php _e('Change the way galleries are sorted within your album. By default, they are sorted in the order you see them.', 'foogallery'); ?>
			</p>
			<?php
			foreach ( $sorting_options as $sorting_key => $sorting_label ) { ?>
				<p>
				<input type="radio" value="<?php echo $sorting_key; ?>" <?php checked( $sorting_key === $album->sorting ); ?> id="FooGallerySettings_AlbumSort_<?php echo $sorting_key; ?>" name="<?php echo FOOGALLERY_ALBUM_META_SORT; ?>" />
				<label for="FooGallerySettings_AlbumSort_<?php echo $sorting_key; ?>"><?php echo $sorting_label; ?></label>
				</p><?php
			}
		}

		public function render_settings_metabox( $post ) {
			$album = $this->get_album( $post );
			$available_templates = foogallery_album_templates();
			$album_template = foogallery_default_album_template();
			if ( ! empty($album->album_template) ) {
				$album_template = $album->album_template;
			}
			if ( false === $album_template ) {
				$album_template = $available_templates[0]['slug'];
			}
			$hide_help = 'on' == foogallery_get_setting( 'hide_gallery_template_help' );
			?>
			<table class="foogallery-album-metabox-settings">
				<tbody>
				<tr class="foogallery_template_field foogallery_template_field_selector">
					<th>
						<label for="FooGallerySettings_AlbumTemplate"><?php _e( 'Album Template', 'foogallery' ); ?></label>
					</th>
					<td>
						<select id="FooGallerySettings_AlbumTemplate" name="<?php echo FOOGALLERY_ALBUM_META_TEMPLATE; ?>">
							<?php
							foreach ( $available_templates as $template ) {
								$selected = ($album_template === $template['slug']) ? 'selected' : '';
								echo "<option {$selected} value=\"{$template['slug']}\">{$template['name']}</option>";
							}
							?>
						</select>
						<br />
						<small><?php _e( 'The album template that will be used when the album is output to the frontend.', 'foogallery' ); ?></small>
					</td>
				</tr>
				<?php
				foreach ( $available_templates as $template ) {
					$field_visibility = ($album_template !== $template['slug']) ? 'style="display:none"' : '';
					$section          = '';
					$fields = isset( $template['fields'] ) ? $template['fields'] : array();
					foreach ( $fields as $field ) {
						//allow for the field to be altered by extensions.
						$field = apply_filters( 'foogallery_alter_gallery_template_field', $field, $album );

						$class ="foogallery_template_field foogallery_template_field-{$template['slug']} foogallery_template_field-{$template['slug']}-{$field['id']}";

						if ( isset($field['section']) && $field['section'] !== $section ) {
							$section = $field['section'];
							?>
							<tr class="<?php echo $class; ?>" <?php echo $field_visibility; ?>>
								<td colspan="2"><h4><?php echo $section; ?></h4></td>
							</tr>
						<?php }
						if (isset($field['type']) && 'help' == $field['type'] && $hide_help) {
							continue; //skip help if the 'hide help' setting is turned on
						}
						?>
						<tr class="<?php echo $class; ?>" <?php echo $field_visibility; ?>>
							<?php if ( isset($field['type']) && 'help' == $field['type'] ) { ?>
								<td colspan="2">
									<div class="foogallery-help">
										<?php echo $field['desc']; ?>
									</div>
								</td>
							<?php } else { ?>
								<th>
									<label for="FooGallerySettings_<?php echo $template['slug'] . '_' . $field['id']; ?>"><?php echo $field['title']; ?></label>
								</th>
								<td>
									<?php do_action( 'foogallery_render_gallery_template_field', $field, $album, $template ); ?>
								</td>
							<?php } ?>
						</tr>
					<?php
					}
				}
				?>
				</tbody>
			</table>
		<?php
		}

		public function render_customcss_metabox( $post ) {
			$album = $this->get_album( $post );
			$custom_css = $album->custom_css;
			$example = '<code>#foogallery-album-' . $post->ID . ' { }</code>';
			?>
			<p>
				<?php printf( __( 'Add any custom CSS to target this specific album. For example %s', 'foogallery' ), $example ); ?>
			</p>
			<table id="table_styling" class="form-table">
				<tbody>
					<tr>
						<td>
							<textarea class="foogallery_metabox_custom_css" name="<?php echo FOOGALLERY_META_CUSTOM_CSS; ?>" type="text"><?php echo $custom_css; ?></textarea>
						</td>
					</tr>
				</tbody>
			</table>
		<?php
		}

		public function include_required_scripts() {
			if ( FOOGALLERY_CPT_ALBUM === foo_current_screen_post_type() ) {
				//include album selection script
				$url = FOOGALLERY_ALBUM_URL . 'js/admin-foogallery-album.js';
				wp_enqueue_script( 'admin-foogallery-album', $url, array( 'jquery', 'jquery-ui-core','jquery-ui-sortable' ), FOOGALLERY_VERSION );

				//include album selection css
				$url = FOOGALLERY_ALBUM_URL . 'css/admin-foogallery-album.css';
				wp_enqueue_style( 'admin-foogallery-album', $url, array(), FOOGALLERY_VERSION );

				//spectrum needed for the colorpicker field
				$url = FOOGALLERY_URL . 'lib/spectrum/spectrum.js';
				wp_enqueue_script( 'foogallery-spectrum', $url, array('jquery'), FOOGALLERY_VERSION );
				$url = FOOGALLERY_URL . 'lib/spectrum/spectrum.css';
				wp_enqueue_style( 'foogallery-spectrum', $url, array(), FOOGALLERY_VERSION );
			}
		}

		public function ajax_get_gallery_details() {
			if ( check_admin_referer( 'foogallery_album_gallery_details' ) ) {
				$foogallery_id = $_POST['foogallery_id'];
				$gallery = FooGallery::get_by_id( $foogallery_id );

				if ( false !== $gallery ) {
					$fields = $this->get_gallery_detail_fields( $gallery ); ?>
					<form name="foogallery_gallery_details">
					<input type="hidden" name="foogallery_id" id="foogallery_id" value="<?php echo $foogallery_id; ?>" />
					<table class="gallery-detail-fields">
						<tbody>
							<?php foreach ( $fields as $field => $values ) {
								$value = get_post_meta( $gallery->ID, $field, true );
								$input_id = 'foogallery-gallery-detail-fields-' . $field;
								switch ( $values['input'] ) {
									case 'text':
										$values['html'] = '<input type="text" id="' . $input_id . '" name="' . $field . '" value="' . $value . '" />';
										break;

									case 'textarea':
										$values['html'] = '<textarea id="' . $input_id . '" name="' . $field . '">' . $value . '</textarea>';
										break;

									case 'select':
										$html = '<select id="' . $input_id . '" name="' . $field . '">';

										// If options array is passed
										if ( isset( $values['options'] ) ) {
											// Browse and add the options
											foreach ( $values['options'] as $k => $v ) {
												// Set the option selected or not
												if ( $value == $k )
													$selected = ' selected="selected"';
												else
													$selected = '';

												$html .= '<option' . $selected . ' value="' . $k . '">' . $v . '</option>';
											}
										}

										$html .= '</select>';

										// Set the html content
										$values['html'] = $html;

										break;

									case 'checkbox':
										// Set the checkbox checked or not
										if ( $value == 'on' )
											$checked = ' checked="checked"';
										else
											$checked = '';

										$html = '<input' . $checked . ' type="checkbox" name="' . $field . ']" id="' . $input_id . '" />';

										$values['html'] = $html;

										break;

									case 'radio':
										$html = '';

										if ( ! empty( $values['options'] ) ) {
											$i = 0;

											foreach ( $values['options'] as $k => $v ) {
												if ( $value == $k )
													$checked = ' checked="checked"';
												else
													$checked = '';

												$html .= '<input' . $checked . ' value="' . $k . '" type="radio" name="' . $field . ']" id="' . sanitize_key( $field . '_' . $i ) . '" /> <label for="' . sanitize_key( $field . '_' . $i ) . '">' . $v . '</label><br />';
												$i++;
											}
										}

										$values['html'] = $html;

										break;
								} ?>
							<tr class="foogallery-gallery-detail-fields-<?php echo $field; ?>">
								<th scope="row" class="label">
									<label for="foogallery-gallery-detail-fields-<?php echo $field; ?>"><?php echo $values['label']; ?></label>
								</th>
								<td>
									<?php echo $values['html']; ?>
									<?php if ( !empty( $values['help'] ) ) { ?><p class="help"><?php echo $values['help']; ?></p><?php } ?>
								</td>
							</tr>
							<?php } ?>
						</tbody>
					</table>
					</form><?php
				} else {
					echo '<h2>' . __( 'Invalid Gallery!', 'foogallery' ) . '</h2>';
				}
			}
			die();
		}

		public function ajax_save_gallery_details() {
			if ( check_admin_referer( 'foogallery_album_gallery_details' ) ) {
				$foogallery_id = $_POST['foogallery_id'];
				$gallery       = FooGallery::get_by_id( $foogallery_id );
				if ( false !== $gallery ) {
					$fields = $this->get_gallery_detail_fields( $gallery );

					foreach ( $fields as $field => $values ) {
						//for every field, save some info
						do_action( 'foogallery_album_gallery_details_save', $field, $values, $gallery );
					}
				}
			}
		}

		public function gallery_details_save($field, $field_args, $gallery) {
			if ( 'custom_url' === $field || 'custom_target' === $field ) {
				$value = $_POST[$field];
				update_post_meta( $gallery->ID, $field, $value );
			}
		}

		/**
		 * Get the fields that we want to edit for a gallery from the album management page
		 * @param $gallery FooGallery
		 *
		 * @return mixed|void
		 */
		public function get_gallery_detail_fields($gallery) {

			$target_options = apply_filters( 'foogallery_gallery_detail_fields_custom_target_options',  array(
				'default' => __( 'Default', 'foogallery' ),
				'_blank' => __( 'New tab (_blank)', 'foogallery' ),
				'_self' => __( 'Same tab (_self)', 'foogallery' )
			) );

			$edit_url = get_edit_post_link( $gallery->ID );

			$fields = array(
				'gallery_title' => array(
					'label' => __( 'Gallery Title', 'foogallery' ),
					'input' => 'html',
					'html'  => '<strong>' . $gallery->safe_name() . ' <a href="' . $edit_url . '" target="_blank">' . __( 'Edit Gallery', 'foogallery' ) . '</a></strong>',
				),

				'gallery_template' => array(
					'label' => __( 'Gallery Template', 'foogallery' ),
					'input' => 'html',
					'html'  => '<strong>' . $gallery->gallery_template_name() . '</strong>',
				),

				'gallery_media' => array(
					'label' => __( 'Media', 'foogallery' ),
					'input' => 'html',
					'html'  => '<strong>' . $gallery->image_count() . '</strong>'
				),

				'custom_url' => array(
					'label' =>  __( 'Custom URL', 'foogallery' ),
					'input' => 'text',
					'help'  => __( 'Point your gallery to a custom URL', 'foogallery' )
				),

				'custom_target' => array(
					'label'   =>  __( 'Custom Target', 'foogallery' ),
					'input'   => 'select',
					'help'    => __( 'Set a custom target for your gallery', 'foogallery' ),
					'options' => $target_options
				)
			);

			return apply_filters( 'foogallery_gallery_detail_fields', $fields );
		}
	}
}


GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

extensions/albums/admin/class-metaboxes.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			/*
4			* FooGallery Admin Album MetaBoxes class
5			*/
6
7			if ( ! class_exists( 'FooGallery_Admin_Album_MetaBoxes' ) ) {
8
9			class FooGallery_Admin_Album_MetaBoxes {
10
11			private $_album;
12
13			public function __construct() {
14			//add our foogallery metaboxes
15			add_action( 'add_meta_boxes_' . FOOGALLERY_CPT_ALBUM, array( $this, 'add_meta_boxes' ) );
16
17			//save extra post data for a gallery
18			add_action( 'save_post', array( $this, 'save_album' ) );
19
20			//whitelist metaboxes for our album posttype
21			add_filter( 'foogallery-album_metabox_sanity', array( $this, 'whitelist_metaboxes' ) );
22
23			//add scripts used by metaboxes
24			add_action( 'admin_enqueue_scripts', array( $this, 'include_required_scripts' ) );
25
26			// Ajax call for getting gallery details
27			add_action( 'wp_ajax_foogallery_get_gallery_details', array( $this, 'ajax_get_gallery_details' ) );
28
29			// Ajax call for saving gallery details
30			add_action( 'wp_ajax_foogallery_save_gallery_details', array( $this, 'ajax_save_gallery_details' ) );
31
32			// Save details for the gallery
33			add_action( 'foogallery_album_gallery_details_save', array( $this, 'gallery_details_save' ), 10, 3 );
34			}
35
36			public function whitelist_metaboxes() {
37			return array(
38			FOOGALLERY_CPT_GALLERY => array(
39			'whitelist' => apply_filters( 'foogallery_metabox_sanity_foogallery-album',
40			array(
41			'submitdiv',
42			'slugdiv',
43			'postimagediv',
44			'foogalleryalbum_galleries',
45			'foogalleryalbum_shortcode'
46			)
47			),
48			'contexts' => array( 'normal', 'advanced', 'side', ),
49			'priorities' => array( 'high', 'core', 'default', 'low', ),
50			)
51			);
52			}
53
54			public function add_meta_boxes( $post ) {
			0 ignored issues – show Unused Code introduced 2017-10-01 05:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$post` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
55			add_meta_box(
56			'foogalleryalbum_galleries',
57			__( 'Galleries - click a gallery to add it to your album.', 'foogallery' ),
58			array( $this, 'render_gallery_metabox' ),
59			FOOGALLERY_CPT_ALBUM,
60			'normal',
61			'high'
62			);
63
64			add_meta_box(
65			'foogalleryalbum_settings',
66			__( 'Settings', 'foogallery' ),
67			array( $this, 'render_settings_metabox' ),
68			FOOGALLERY_CPT_ALBUM,
69			'normal',
70			'high'
71			);
72
73			add_meta_box(
74			'foogalleryalbum_customcss',
75			__( 'Custom CSS', 'foogallery' ),
76			array( $this, 'render_customcss_metabox' ),
77			FOOGALLERY_CPT_ALBUM,
78			'normal',
79			'low'
80			);
81
82			add_meta_box(
83			'foogalleryalbum_shortcode',
84			__( 'Album Shortcode', 'foogallery' ),
85			array( $this, 'render_shortcode_metabox' ),
86			FOOGALLERY_CPT_ALBUM,
87			'side',
88			'default'
89			);
90
91			add_meta_box(
92			'foogalleryalbum_sorting',
93			__( 'Album Sorting', 'foogallery' ),
94			array( $this, 'render_sorting_metabox' ),
95			FOOGALLERY_CPT_ALBUM,
96			'side',
97			'default'
98			);
99			}
100
101			public function get_album( $post ) {
102			if ( ! isset( $this->_album ) ) {
103			$this->_album = FooGalleryAlbum::get( $post );
104			}
105
106			return $this->_album;
107			}
108
109			public function save_album( $post_id ) {
110			// check autosave
111			if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
112			return $post_id;
113			}
114
115			// verify nonce
116			if ( array_key_exists( FOOGALLERY_CPT_ALBUM . '_nonce', $_POST ) &&
117			wp_verify_nonce( $_POST[ FOOGALLERY_CPT_ALBUM . '_nonce' ], plugin_basename( FOOGALLERY_FILE ) )
118			) {
119			//if we get here, we are dealing with the Album custom post type
120
121			$galleries = apply_filters( 'foogallery_save_album_galleries', explode( ',', $_POST[ FOOGALLERY_ALBUM_META_GALLERIES ] ) );
122			update_post_meta( $post_id, FOOGALLERY_ALBUM_META_GALLERIES, $galleries );
123
124			if ( !empty( $_POST[FOOGALLERY_ALBUM_META_TEMPLATE] ) ) {
125			update_post_meta( $post_id, FOOGALLERY_ALBUM_META_TEMPLATE, $_POST[FOOGALLERY_ALBUM_META_TEMPLATE] );
126			}
127
128			if ( isset( $_POST[FOOGALLERY_ALBUM_META_SORT] ) ) {
129			update_post_meta( $post_id, FOOGALLERY_ALBUM_META_SORT, $_POST[FOOGALLERY_ALBUM_META_SORT] );
130			}
131
132			$settings = isset($_POST['_foogallery_settings']) ?
133			$_POST['_foogallery_settings'] : array();
134
135			$settings = apply_filters( 'foogallery_save_album_settings', $settings );
136
137			if ( !empty( $settings ) ) {
138			update_post_meta( $post_id, FOOGALLERY_META_SETTINGS_OLD, $settings );
139			} else {
140			delete_post_meta( $post_id, FOOGALLERY_META_SETTINGS_OLD );
141			}
142
143			$custom_css = isset($_POST[FOOGALLERY_META_CUSTOM_CSS]) ?
144			$_POST[FOOGALLERY_META_CUSTOM_CSS] : '';
145
146			if ( empty( $custom_css ) ) {
147			delete_post_meta( $post_id, FOOGALLERY_META_CUSTOM_CSS );
148			} else {
149			update_post_meta( $post_id, FOOGALLERY_META_CUSTOM_CSS, $custom_css );
150			}
151
152			do_action( 'foogallery_after_save_album', $post_id, $_POST );
153			}
154			}
155
156			public function get_ordered_galleries( $album ) {
157			//exclude the galleries already added to the album
158			$excluded_galleries = $album->gallery_ids;
159
160			//allow more galleries to be excluded
161			$excluded_galleries = apply_filters( 'foogallery_album_exlcuded_galleries', $excluded_galleries, $album );
162
163			//get all other galleries
164			$galleries = foogallery_get_all_galleries( $excluded_galleries );
165
166			$album_galleries = $album->galleries();
167
168			return array_merge( $album_galleries, $galleries );
169			}
170
171			public function render_gallery_metabox( $post ) {
172			$album = $this->get_album( $post );
173
174			$galleries = $this->get_ordered_galleries( $album );
175
176			wp_enqueue_style( 'media-views' );
177
178			?>
179			<input type="hidden" name="<?php echo FOOGALLERY_CPT_ALBUM; ?>_nonce"
180			id="<?php echo FOOGALLERY_CPT_ALBUM; ?>_nonce"
181			value="<?php echo wp_create_nonce( plugin_basename( FOOGALLERY_FILE ) ); ?>"/>
182			<input type="hidden" name='foogallery_album_galleries' id="foogallery_album_galleries"
183			value="<?php echo $album->gallery_id_csv(); ?>"/>
184			<div>
185			<?php if ( !$album->has_galleries() ) { ?>
186			<div class="foogallery-album-error">
187			<?php _e( 'There are no galleries selected for your album yet! Click any gallery to add it to your album.', 'foogallery' ); ?>
188			</div>
189			<?php } ?>
190
191			<div class="foogallery-album-info-modal media-modal">
192			<div class="media-modal-content">
193			<div class="media-frame mode-select">
194			<div class="media-frame-title">
195			<h1><?php _e('Edit Gallery Details', 'foogallery'); ?></h1>
196			<span class="spinner is-active"></span>
197			</div>
198			<div class="modal-content">
199			<?php wp_nonce_field( 'foogallery_album_gallery_details', 'foogallery_album_gallery_details_nonce', false ); ?>
200			<div class="gallery-details" data-loading="<?php _e( 'Loading details for ', 'foogallery' ); ?>"></div>
201			</div>
202			</div>
203			<div class="media-frame-toolbar">
204			<div class="media-toolbar">
205			<div class="media-toolbar-secondary"></div>
206			<div class="media-toolbar-primary search-form">
207			<button type="button" class="button media-button button-primary button-large media-button-select gallery-details-save"><?php _e('Save Gallery Details', 'foogallery'); ?></button>
208			<span class="spinner"></span>
209			</div>
210			</div>
211			</div>
212			</div>
213			<button type="button" class="button-link media-modal-close">
214			<span class="media-modal-icon"><span class="screen-reader-text"><?php _e('Close media panel', 'foogallery'); ?></span></span>
215			</button>
216
217			</div>
218			<div class="foogallery-album-info-modal-backdrop media-modal-backdrop"></div>
219
220
221			<ul class="foogallery-album-gallery-list">
222			<?php
223			foreach ( $galleries as $gallery ) {
224			$img_src = foogallery_find_featured_attachment_thumbnail_src( $gallery );
225			$images = $gallery->image_count();
226			$selected = $album->includes_gallery( $gallery->ID ) ? ' selected' : '';
227			$title = $gallery->safe_name();
228			?>
229			<li class="foogallery-pile">
230			<div class="foogallery-gallery-select attachment-preview landscape<?php echo $selected; ?>" data-foogallery-id="<?php echo $gallery->ID; ?>">
231			<div class="thumbnail" style="display: table;">
232			<div style="display: table-cell; vertical-align: middle; text-align: center;">
233			<img src="<?php echo $img_src; ?>"/>
234			<h3><?php echo $title; ?>
235			<span><?php echo $images; ?></span>
236			</h3>
237			</div>
238			</div>
239			<a class="info foogallery-album-info" href="#"
240			title="<?php _e( 'Edit Album Info', 'foogallery' ); ?>"
241			data-gallery-title="<?php echo $title; ?>"
242			data-gallery-id="<?php echo $gallery->ID; ?>"><span class="dashicons dashicons-info"></span></a>
243			</div>
244			</li>
245			<?php } ?>
246			</ul>
247			<div style="clear: both;"></div>
248			</div>
249			<?php
250			}
251
252			public function render_shortcode_metabox( $post ) {
253			$album = $this->get_album( $post );
254			$shortcode = $album->shortcode();
255			?>
256			<p class="foogallery-shortcode">
257			<input type="text" id="foogallery_copy_shortcode" size="<?php echo strlen( $shortcode ); ?>" value="<?php echo htmlspecialchars( $shortcode ); ?>" readonly="readonly" />
258			</p>
259			<p>
260			<?php _e( 'Paste the above shortcode into a post or page to show the album.', 'foogallery' ); ?>
261			</p>
262			<script>
263			jQuery(function($) {
264			var shortcodeInput = document.querySelector('#foogallery_copy_shortcode');
265			shortcodeInput.addEventListener('click', function () {
266			try {
267			// select the contents
268			shortcodeInput.select();
269			//copy the selection
270			document.execCommand('copy');
271			//show the copied message
272			$('.foogallery-shortcode-message').remove();
273			$(shortcodeInput).after('<p class="foogallery-shortcode-message"><?php _e( 'Shortcode copied to clipboard :)','foogallery' ); ?></p>');
274			} catch(err) {
275			console.log('Oops, unable to copy!');
276			}
277			}, false);
278			});
279			</script>
280			<?php
281			}
282
283			public function render_sorting_metabox( $post ) {
284			$album = $this->get_album( $post );
285			$sorting_options = foogallery_sorting_options(); ?>
286			<p>
287			<?php _e('Change the way galleries are sorted within your album. By default, they are sorted in the order you see them.', 'foogallery'); ?>
288			</p>
289			<?php
290			foreach ( $sorting_options as $sorting_key => $sorting_label ) { ?>
291			<p>
292			<input type="radio" value="<?php echo $sorting_key; ?>" <?php checked( $sorting_key === $album->sorting ); ?> id="FooGallerySettings_AlbumSort_<?php echo $sorting_key; ?>" name="<?php echo FOOGALLERY_ALBUM_META_SORT; ?>" />
293			<label for="FooGallerySettings_AlbumSort_<?php echo $sorting_key; ?>"><?php echo $sorting_label; ?></label>
294			</p><?php
295			}
296			}
297
298			public function render_settings_metabox( $post ) {
299			$album = $this->get_album( $post );
300			$available_templates = foogallery_album_templates();
301			$album_template = foogallery_default_album_template();
302			if ( ! empty($album->album_template) ) {
303			$album_template = $album->album_template;
304			}
305			if ( false === $album_template ) {
306			$album_template = $available_templates[0]['slug'];
307			}
308			$hide_help = 'on' == foogallery_get_setting( 'hide_gallery_template_help' );
309			?>
310			<table class="foogallery-album-metabox-settings">
311			<tbody>
312			<tr class="foogallery_template_field foogallery_template_field_selector">
313			<th>
314			<label for="FooGallerySettings_AlbumTemplate"><?php _e( 'Album Template', 'foogallery' ); ?></label>
315			</th>
316			<td>
317			<select id="FooGallerySettings_AlbumTemplate" name="<?php echo FOOGALLERY_ALBUM_META_TEMPLATE; ?>">
318			<?php
319			foreach ( $available_templates as $template ) {
320			$selected = ($album_template === $template['slug']) ? 'selected' : '';
321			echo "<option {$selected} value=\"{$template['slug']}\">{$template['name']}</option>";
322			}
323			?>
324			</select>
325			<br />
326			<small><?php _e( 'The album template that will be used when the album is output to the frontend.', 'foogallery' ); ?></small>
327			</td>
328			</tr>
329			<?php
330			foreach ( $available_templates as $template ) {
331			$field_visibility = ($album_template !== $template['slug']) ? 'style="display:none"' : '';
332			$section = '';
333			$fields = isset( $template['fields'] ) ? $template['fields'] : array();
334			foreach ( $fields as $field ) {
335			//allow for the field to be altered by extensions.
336			$field = apply_filters( 'foogallery_alter_gallery_template_field', $field, $album );
337
338			$class ="foogallery_template_field foogallery_template_field-{$template['slug']} foogallery_template_field-{$template['slug']}-{$field['id']}";
339
340			if ( isset($field['section']) && $field['section'] !== $section ) {
341			$section = $field['section'];
342			?>
343			<tr class="<?php echo $class; ?>" <?php echo $field_visibility; ?>>
344			<td colspan="2"><h4><?php echo $section; ?></h4></td>
345			</tr>
346			<?php }
347			if (isset($field['type']) && 'help' == $field['type'] && $hide_help) {
348			continue; //skip help if the 'hide help' setting is turned on
349			}
350			?>
351			<tr class="<?php echo $class; ?>" <?php echo $field_visibility; ?>>
352			<?php if ( isset($field['type']) && 'help' == $field['type'] ) { ?>
353			<td colspan="2">
354			<div class="foogallery-help">
355			<?php echo $field['desc']; ?>
356			</div>
357			</td>
358			<?php } else { ?>
359			<th>
360			<label for="FooGallerySettings_<?php echo $template['slug'] . '_' . $field['id']; ?>"><?php echo $field['title']; ?></label>
361			</th>
362			<td>
363			<?php do_action( 'foogallery_render_gallery_template_field', $field, $album, $template ); ?>
364			</td>
365			<?php } ?>
366			</tr>
367			<?php
368			}
369			}
370			?>
371			</tbody>
372			</table>
373			<?php
374			}
375
376			public function render_customcss_metabox( $post ) {
377			$album = $this->get_album( $post );
378			$custom_css = $album->custom_css;
379			$example = '<code>#foogallery-album-' . $post->ID . ' { }</code>';
380			?>
381			<p>
382			<?php printf( __( 'Add any custom CSS to target this specific album. For example %s', 'foogallery' ), $example ); ?>
383			</p>
384			<table id="table_styling" class="form-table">
385			<tbody>
386			<tr>
387			<td>
388			<textarea class="foogallery_metabox_custom_css" name="<?php echo FOOGALLERY_META_CUSTOM_CSS; ?>" type="text"><?php echo $custom_css; ?></textarea>
389			</td>
390			</tr>
391			</tbody>
392			</table>
393			<?php
394			}
395
396			public function include_required_scripts() {
397			if ( FOOGALLERY_CPT_ALBUM === foo_current_screen_post_type() ) {
398			//include album selection script
399			$url = FOOGALLERY_ALBUM_URL . 'js/admin-foogallery-album.js';
400			wp_enqueue_script( 'admin-foogallery-album', $url, array( 'jquery', 'jquery-ui-core','jquery-ui-sortable' ), FOOGALLERY_VERSION );
401
402			//include album selection css
403			$url = FOOGALLERY_ALBUM_URL . 'css/admin-foogallery-album.css';
404			wp_enqueue_style( 'admin-foogallery-album', $url, array(), FOOGALLERY_VERSION );
405
406			//spectrum needed for the colorpicker field
407			$url = FOOGALLERY_URL . 'lib/spectrum/spectrum.js';
408			wp_enqueue_script( 'foogallery-spectrum', $url, array('jquery'), FOOGALLERY_VERSION );
409			$url = FOOGALLERY_URL . 'lib/spectrum/spectrum.css';
410			wp_enqueue_style( 'foogallery-spectrum', $url, array(), FOOGALLERY_VERSION );
411			}
412			}
413
414			public function ajax_get_gallery_details() {
415			if ( check_admin_referer( 'foogallery_album_gallery_details' ) ) {
416			$foogallery_id = $_POST['foogallery_id'];
417			$gallery = FooGallery::get_by_id( $foogallery_id );
418
419			if ( false !== $gallery ) {
420			$fields = $this->get_gallery_detail_fields( $gallery ); ?>
421			<form name="foogallery_gallery_details">
422			<input type="hidden" name="foogallery_id" id="foogallery_id" value="<?php echo $foogallery_id; ?>" />
423			<table class="gallery-detail-fields">
424			<tbody>
425			<?php foreach ( $fields as $field => $values ) {
426			$value = get_post_meta( $gallery->ID, $field, true );
427			$input_id = 'foogallery-gallery-detail-fields-' . $field;
428			switch ( $values['input'] ) {
429			case 'text':
430			$values['html'] = '<input type="text" id="' . $input_id . '" name="' . $field . '" value="' . $value . '" />';
431			break;
432
433			case 'textarea':
434			$values['html'] = '<textarea id="' . $input_id . '" name="' . $field . '">' . $value . '</textarea>';
435			break;
436
437			case 'select':
438			$html = '<select id="' . $input_id . '" name="' . $field . '">';
439
440			// If options array is passed
441			if ( isset( $values['options'] ) ) {
442			// Browse and add the options
443			foreach ( $values['options'] as $k => $v ) {
444			// Set the option selected or not
445			if ( $value == $k )
446			$selected = ' selected="selected"';
447			else
448			$selected = '';
449
450			$html .= '<option' . $selected . ' value="' . $k . '">' . $v . '</option>';
451			}
452			}
453
454			$html .= '</select>';
455
456			// Set the html content
457			$values['html'] = $html;
458
459			break;
460
461			case 'checkbox':
462			// Set the checkbox checked or not
463			if ( $value == 'on' )
464			$checked = ' checked="checked"';
465			else
466			$checked = '';
467
468			$html = '<input' . $checked . ' type="checkbox" name="' . $field . ']" id="' . $input_id . '" />';
469
470			$values['html'] = $html;
471
472			break;
473
474			case 'radio':
475			$html = '';
476
477			if ( ! empty( $values['options'] ) ) {
478			$i = 0;
479
480			foreach ( $values['options'] as $k => $v ) {
481			if ( $value == $k )
482			$checked = ' checked="checked"';
483			else
484			$checked = '';
485
486			$html .= '<input' . $checked . ' value="' . $k . '" type="radio" name="' . $field . ']" id="' . sanitize_key( $field . '_' . $i ) . '" /> <label for="' . sanitize_key( $field . '_' . $i ) . '">' . $v . '</label><br />';
487			$i++;
488			}
489			}
490
491			$values['html'] = $html;
492
493			break;
494			} ?>
495			<tr class="foogallery-gallery-detail-fields-<?php echo $field; ?>">
496			<th scope="row" class="label">
497			<label for="foogallery-gallery-detail-fields-<?php echo $field; ?>"><?php echo $values['label']; ?></label>
498			</th>
499			<td>
500			<?php echo $values['html']; ?>
501			<?php if ( !empty( $values['help'] ) ) { ?><p class="help"><?php echo $values['help']; ?></p><?php } ?>
502			</td>
503			</tr>
504			<?php } ?>
505			</tbody>
506			</table>
507			</form><?php
508			} else {
509			echo '<h2>' . __( 'Invalid Gallery!', 'foogallery' ) . '</h2>';
510			}
511			}
512			die();
513			}
514
515			public function ajax_save_gallery_details() {
516			if ( check_admin_referer( 'foogallery_album_gallery_details' ) ) {
517			$foogallery_id = $_POST['foogallery_id'];
518			$gallery = FooGallery::get_by_id( $foogallery_id );
519			if ( false !== $gallery ) {
520			$fields = $this->get_gallery_detail_fields( $gallery );
521
522			foreach ( $fields as $field => $values ) {
523			//for every field, save some info
524			do_action( 'foogallery_album_gallery_details_save', $field, $values, $gallery );
525			}
526			}
527			}
528			}
529
530			public function gallery_details_save($field, $field_args, $gallery) {
531			if ( 'custom_url' === $field \|\| 'custom_target' === $field ) {
532			$value = $_POST[$field];
533			update_post_meta( $gallery->ID, $field, $value );
534			}
535			}
536
537			/**
538			* Get the fields that we want to edit for a gallery from the album management page
539			* @param $gallery FooGallery
540			*
541			* @return mixed\|void
542			*/
543			public function get_gallery_detail_fields($gallery) {
544
545			$target_options = apply_filters( 'foogallery_gallery_detail_fields_custom_target_options', array(
546			'default' => __( 'Default', 'foogallery' ),
547			'_blank' => __( 'New tab (_blank)', 'foogallery' ),
548			'_self' => __( 'Same tab (_self)', 'foogallery' )
549			) );
550
551			$edit_url = get_edit_post_link( $gallery->ID );
552
553			$fields = array(
554			'gallery_title' => array(
555			'label' => __( 'Gallery Title', 'foogallery' ),
556			'input' => 'html',
557			'html' => '<strong>' . $gallery->safe_name() . ' <a href="' . $edit_url . '" target="_blank">' . __( 'Edit Gallery', 'foogallery' ) . '</a></strong>',
558			),
559
560			'gallery_template' => array(
561			'label' => __( 'Gallery Template', 'foogallery' ),
562			'input' => 'html',
563			'html' => '<strong>' . $gallery->gallery_template_name() . '</strong>',
564			),
565
566			'gallery_media' => array(
567			'label' => __( 'Media', 'foogallery' ),
568			'input' => 'html',
569			'html' => '<strong>' . $gallery->image_count() . '</strong>'
570			),
571
572			'custom_url' => array(
573			'label' => __( 'Custom URL', 'foogallery' ),
574			'input' => 'text',
575			'help' => __( 'Point your gallery to a custom URL', 'foogallery' )
576			),
577
578			'custom_target' => array(
579			'label' => __( 'Custom Target', 'foogallery' ),
580			'input' => 'select',
581			'help' => __( 'Set a custom target for your gallery', 'foogallery' ),
582			'options' => $target_options
583			)
584			);
585
586			return apply_filters( 'foogallery_gallery_detail_fields', $fields );
587			}
588			}
589			}
590

fooplugins / foogallery

GitHub Access Token became invalid

Issues (1881)

Security Analysis not enabled

extensions/albums/admin/class-metaboxes.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like