Allowed HTML in Component class

lloc · Sep 24, 2024 · 862660a · 862660a
1 parent cd2d4fe
commit 862660a
Show file tree

Hide file tree

Showing 21 changed files with 116 additions and 74 deletions.
diff --git a/includes/Component/Component.php b/includes/Component/Component.php
@@ -0,0 +1,50 @@
+<?php declare( strict_types = 1 );
+
+namespace lloc\Msls\Component;
+
+/**
+ * Abstract class Input
+ *
+ * @package lloc\Msls\Component
+ */
+abstract class Component {
+
+	const INPUT_PREFIX = 'msls_input_';
+
+	const ALLOWED_HTML = array(
+		'label'  => array(
+			'for' => array(),
+		),
+		'option' => array(
+			'value'    => array(),
+			'selected' => array(),
+		),
+		'select' => array(
+			'id'   => array(),
+			'name' => array(),
+		),
+		'input'  => array(
+			'type'     => array(),
+			'class'    => array(),
+			'id'       => array(),
+			'name'     => array(),
+			'value'    => array(),
+			'size'     => array(),
+			'readonly' => array(),
+		),
+	);
+
+	/**
+	 * @return string
+	 */
+	abstract public function render(): string;
+
+	/**
+	 * Adds our input elements to the allowed HTML elements of a post
+	 */
+	public static function get_allowed_html(): array {
+		$my_allowed = wp_kses_allowed_html( 'post' );
+
+		return array_merge( $my_allowed, self::ALLOWED_HTML );
+	}
+}
diff --git a/includes/Component/Icon.php b/includes/Component/Icon.php
@@ -1,9 +1,10 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component;
 
 /**
  * Class Icon
+ *
  * @package lloc\Msls\Component
  */
 abstract class Icon {
@@ -48,5 +49,4 @@ abstract protected function get_include(): string;
 	 * @return string
 	 */
 	abstract public function get( string $language ): string;
-
-}
+}
diff --git a/includes/Component/Icon/IconLabel.php b/includes/Component/Icon/IconLabel.php
@@ -1,4 +1,4 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Icon;
 
@@ -10,7 +10,7 @@
  *
  * @package lloc\Msls\Component
  */
-class IconLabel extends Icon {
+final class IconLabel extends Icon {
 
 	/**
 	 * @return string

diff --git a/includes/Component/Icon/IconPng.php b/includes/Component/Icon/IconPng.php
@@ -1,4 +1,4 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Icon;
 
@@ -7,9 +7,10 @@
 
 /**
  * Class IconPng
+ *
  * @package lloc\Msls\Component
  */
-class IconPng extends Icon {
+final class IconPng extends Icon {
 
 	const FLAGS_FILE = 'flags/flags.php';
 
@@ -28,5 +29,4 @@ protected function get_include(): string {
 	public function get( string $language ): string {
 		return $this->map[ $language ] ?? $this->maybe( $language, '', '.png' );
 	}
-
-}
+}
diff --git a/includes/Component/Icon/IconSvg.php b/includes/Component/Icon/IconSvg.php
@@ -1,4 +1,4 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Icon;
 
@@ -7,9 +7,10 @@
 
 /**
  * Class IconSvg
+ *
  * @package lloc\Msls\Component
  */
-class IconSvg extends Icon {
+final class IconSvg extends Icon {
 
 	const FLAGS_FILE = 'css-flags/flags.php';
 
@@ -28,5 +29,4 @@ protected function get_include(): string {
 	public function get( string $language ): string {
 		return $this->map[ $language ] ?? $this->maybe( $language, 'flag-icon-' );
 	}
-
-}
+}
diff --git a/includes/Component/Input/Checkbox.php b/includes/Component/Input/Checkbox.php
@@ -1,15 +1,15 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Input;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
 /**
  * Class Checkbox
  *
  * @package lloc\Msls\Component\Input
  */
-class Checkbox implements InputInterface {
+final class Checkbox extends Component {
 
 	/**
 	 * @var string

diff --git a/includes/Component/Input/Group.php b/includes/Component/Input/Group.php
@@ -1,19 +1,18 @@
-<?php
-
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Input;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
 /**
  * Class Options
  *
  * @package lloc\Msls\Component\Input
  */
-class Group implements InputInterface {
+final class Group extends Component {
 
 	/**
-	 * @var InputInterface[]
+	 * @var Component[]
 	 */
 	protected $arr = array();
 
@@ -32,11 +31,11 @@ public function __construct( string $glue = ' ' ) {
 	}
 
 	/**
-	 * @param InputInterface $input
+	 * @param Component $input
 	 *
 	 * @return self
 	 */
-	public function add( InputInterface $input ): self {
+	public function add( Component $input ): self {
 		$this->arr[] = $input;
 
 		return $this;
@@ -47,7 +46,7 @@ public function add( InputInterface $input ): self {
 	 */
 	public function render(): string {
 		$items = array_map(
-			function ( InputInterface $input ) {
+			function ( Component $input ) {
 				return $input->render(); // phpcs:ignore WordPress.Security.EscapeOutput
 			},
 			$this->arr

diff --git a/includes/Component/Input/Label.php b/includes/Component/Input/Label.php
@@ -1,15 +1,15 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Input;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
 /**
  * Class Label
  *
  * @package lloc\Msls\Component\Input
  */
-class Label implements InputInterface {
+final class Label extends Component {
 
 	/**
 	 * @var string

diff --git a/includes/Component/Input/Option.php b/includes/Component/Input/Option.php
@@ -1,15 +1,15 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Input;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
 /**
  * Class Option
  *
  * @package lloc\Msls\Component\Input
  */
-class Option implements InputInterface {
+final class Option extends Component {
 
 	/**
 	 * @var string

diff --git a/includes/Component/Input/Select.php b/includes/Component/Input/Select.php
@@ -1,10 +1,10 @@
-<?php
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Input;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
-class Select implements InputInterface {
+final class Select extends Component {
 
 	const RENDER_FILTER = 'msls_input_select_name';
 
@@ -28,7 +28,7 @@ public function __construct( string $key, array $arr, ?string $selected = null )
 
 		$this->options = new Group( '' );
 		foreach ( $arr as $key => $value ) {
-			$this->options->add( new Option( $key, strval( $value ), $selected ) );
+			$this->options->add( new Option( strval( $key ), strval( $value ), $selected ) );
 		}
 	}
 

diff --git a/includes/Component/Input/Text.php b/includes/Component/Input/Text.php
@@ -1,11 +1,10 @@
-<?php
-
+<?php declare( strict_types = 1 );
 
 namespace lloc\Msls\Component\Input;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
-class Text implements InputInterface {
+final class Text extends Component {
 
 	const DEFAULT_SIZE = 30;
 

diff --git a/includes/Component/InputInterface.php b/includes/Component/InputInterface.php
diff --git a/includes/Component/Wrapper.php b/includes/Component/Wrapper.php
@@ -2,7 +2,7 @@
 
 namespace lloc\Msls\Component;
 
-class Wrapper {
+final class Wrapper extends Component {
 
 	protected string $element;
 
@@ -14,6 +14,6 @@ public function __construct( string $element, string $content ) {
 	}
 
 	public function render(): string {
-		return sprintf( '<%1$s>%2$s</%1$s>', esc_html( $this->element ), wp_kses_post( $this->content ) );
+		return sprintf( '<%1$s>%2$s</%1$s>', esc_html( $this->element ), wp_kses( $this->content, self::get_allowed_html() ) );
 	}
 }
diff --git a/includes/ContentImport/LogWriters/AdminNoticeLogger.php b/includes/ContentImport/LogWriters/AdminNoticeLogger.php
@@ -2,6 +2,7 @@
 
 namespace lloc\Msls\ContentImport\LogWriters;
 
+use lloc\Msls\Component\Component;
 use lloc\Msls\ContentImport\ImportCoordinates;
 use lloc\Msls\MslsRegistryInstance;
 
@@ -141,7 +142,7 @@ public function show_last_log( $echo = true ): ?string {
 		}
 
 		if ( $echo ) {
-			echo wp_kses_post( $html );
+			echo wp_kses( $html, Component::get_allowed_html() );
 		}
 
 		// we've shown it, no reason to keep it

diff --git a/includes/ContentImport/MetaBox.php b/includes/ContentImport/MetaBox.php
@@ -2,6 +2,7 @@
 
 namespace lloc\Msls\ContentImport;
 
+use lloc\Msls\Component\Component;
 use lloc\Msls\Component\Wrapper;
 use lloc\Msls\ContentImport\Importers\Map;
 use lloc\Msls\MslsBlogCollection;
@@ -86,7 +87,7 @@ function ( $lang ) use ( $mydata ) {
 			$output = ( new Wrapper( 'p', $warning ) )->render();
 		}
 
-		echo wp_kses_post( $output );
+		echo wp_kses( $output, Component::get_allowed_html() );
 	}
 
 	protected function inline_thickbox_url( array $data = array() ): string {
@@ -172,7 +173,7 @@ protected function inline_thickbox_html( $echo = true, array $data = array() ):
 		$html = ob_get_clean();
 
 		if ( $echo ) {
-			echo wp_kses_post( $html );
+			echo wp_kses( $html, Component::get_allowed_html() );
 		}
 
 		return $html;

diff --git a/includes/MslsCustomColumn.php b/includes/MslsCustomColumn.php
@@ -2,6 +2,8 @@
 
 namespace lloc\Msls;
 
+use lloc\Msls\Component\Component;
+
 /**
  * Handling of existing/not existing translations in the backend listings of
  * various post types
@@ -94,7 +96,7 @@ public function td( $column_name, $item_id ): void {
 					printf(
 						'<span class="msls-icon-wrapper %1$s">%2$s</span>',
 						esc_attr( $this->options->get_icon_type() ),
-						wp_kses_post( $icon->get_a() )
+						wp_kses( $icon->get_a(), Component::get_allowed_html() )
 					);
 
 					restore_current_blog();

diff --git a/includes/MslsMain.php b/includes/MslsMain.php
@@ -2,7 +2,7 @@
 
 namespace lloc\Msls;
 
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
 
 /**
  * Abstraction for the hook classes
@@ -75,9 +75,9 @@ public function get_input_array( $object_id ): array {
 			return $arr;
 		}
 
-		$offset = strlen( InputInterface::INPUT_PREFIX );
+		$offset = strlen( Component::INPUT_PREFIX );
 		foreach ( $input_post as $key => $value ) {
-			if ( false === strpos( $key, InputInterface::INPUT_PREFIX ) || empty( $value ) ) {
+			if ( false === strpos( $key, Component::INPUT_PREFIX ) || empty( $value ) ) {
 				continue;
 			}