LBRYCommunity/lbrypress
1
0
Fork 0
Code Issues 27 Pull requests Projects Releases Packages Wiki Activity

better sanitize supports page #78

Merged
lemsmyth merged 14 commits from master into master 2022-02-27 20:30:08 +01:00
Conversation 0 Commits 14 Files changed 7 +216 -3
3 changed files with 216 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 68d741c9d5 - Show all commits

201
templates/channel-edit-page.php Normal file
View file

@ -0,0 +1,201 @@
<?php
/**
* ============================
* CHANNELS EDIT ADMIN PAGE
* Uses the post-admin action so we can use the $_POST global variable to build our cURL request and the settings are not saved to the datbase
* @package LBRYPress
* ============================
*/
defined('ABSPATH') || die(); // Exit if accessed directly
if ( current_user_can( 'manage_options' ) ) {
// Generate a custom nonce
$lbrynonce = wp_create_nonce( 'edit_channel_nonce' );
$claim_id = $_GET['claim_id'];
$claim_id = sanitize_text_field( $claim_id );
$lbry_url = $_GET['lbry_url'];
$lbry_url = urldecode($lbry_url);
$init_bid = $_GET['init_bid'];
$init_bid = number_format( floatval( $init_bid ), 3, '.', '' );
$channel = $_GET['channel_name'];
$channel = sanitize_user( $channel );
$support_amount = $_GET['current_support'];
$support_amount = number_format( floatval( $support_amount ), 3, '.', '' );
// Save attachment ID
// if ( isset( $_POST['submit'] ) && isset( $_POST['lbry_header_attachment_id'] ) ) :
// update_option( 'lbry_media_selector_header_id', absint( $_POST['lbry_header_attachment_id'] ) );
// endif;
if ( isset( $_POST['submit'] ) && isset( $_POST['lbry_thumbnail_attachment_id'] ) ) :
update_option( 'lbry_media_selector_thumbnail_id', absint( $_POST['lbry_thumbnail_attachment_id'] ) );
endif;
// Build the page
?>
<img src="">
<img src="">
<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post" id="lbry_edit_channel_form">
<input type="hidden" name="action" value="lbry_edit_channel">
<input type="hidden" name="_lbrynonce" value="<?php echo $lbrynonce ?>">
<input type="hidden" name="claim_id" value ="<?php echo $claim_id ?>">
<!-- <input type='hidden' name='lbry_header_attachment_id' id='lbry_header_attachment_id' value='<?php //echo get_option( 'lbry_media_selector_header_id' ); ?>'> -->
<input type='hidden' name='lbry_thumbnail_attachment_id' id='lbry_thumbnail_attachment_id' value='<?php echo get_option( 'lbry_media_selector_thumbnail_id' ); ?>'>
<?php if ( $claim_id ) { ?>
<h2><?php echo _e( 'Editing Channel: ' . esc_html__( $channel ), 'lbrypress' ); ?></h2>
<?php printf(
'<h3>' . esc_html__( '%1$s', 'lbrypress' ) . '</h3>
<h4>Claim ID: <code>' . esc_html__( '%2$s', 'lbrypress' ) . '</code></h4>',
$lbry_url,
$claim_id,
);
} ?>
<table class="form-table" role="presentation">
<tbody>
<!-- <tr>
<th scope="row">Header Image</th>
<td>
<div class='image-preview-wrapper'>
<img id='header-preview' src='<?php //echo wp_get_attachment_url( get_option( 'lbry_media_selector_header_id' ) ); ?>' height='100'>
</div>
<input id="lbry_upload_header_button" type="button" class="button" value="<?php //_e( 'Upload Header', 'lbrypress' ); ?>">
<p class="header-image-info">6.25:1 ratio for best result</p>
<td>
</tr> -->
<tr>
<th scope="row">Thumbnail Image</th>
<td>
<div class='image-preview-wrapper'>
<img id="thumbnail-preview" src="'<?php echo wp_get_attachment_url( get_option( 'lbry_media_selector_thumbnail_id' ) ); ?>'" height="100">
</div>
<input id="lbry_upload_thumbnail_button" type="button" class="button" value="<?php _e( 'Upload Thumbnail', 'lbrypress' ); ?>">
<p class="channel-image-info">1:1 ratio for best result</p>
<td>
</tr>
<?php if ( $channel ) { ?>
<tr>
<th scope="row">Channel Name</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('%2$s') . '" required readonly>',
'lbry_edit_channel_name',
$channel,
); ?>
<p>If you want to edit another channel, use the link for the specific channel claim found on the <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channels' ),'options.php' ) ) ); ?>">Channels tab</a>or to create a complete <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channel-edit' ), 'admin.php' ) ) ); ?>">Channel</a></p>
</td>
</tr>
<?php } else { ?>
<tr>
<th scope="row">Channel Name</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="@' . esc_attr('') . '" required>',
'lbry_edit_channel_name',
); ?>
<p>No spaces or special characters in @ Channel Name</p>
</td>
</tr>
<?php } ?>
<tr>
<th scope="row">Title</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_edit_channel_title',
); ?>
<p></p>
</td>
</tr>
<tr>
<th scope="row">Description</th>
<td>
<?php printf(
'<textarea rows="8" cols="24" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '"></textarea>',
'lbry_edit_channel_description',
); ?>
<p></p>
</td>
</tr>
<tr>
<th scope="row">Tags</th>
<td>
<?php printf(
'<input type="text" rows="10" cols="50" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_edit_channel_tags',
); ?>
<p>Add up to five tags (comma separated)</p>
</td>
</tr>
<tr>
<th scope="row">Website</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_website',
); ?>
<p>Default is LBRYPress site channel was created on</p>
</td>
</tr>
<tr>
<th scope="row">Email</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_email',
); ?>
<p>Default is WordPress admin email</p>
</td>
</tr>
<tr>
<th scope="row">Language</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_prim_lang',
); ?>
<p>Primary language of the channel</p>
</td>
</tr>
<tr>
<th scope="row">Second Language</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_sec_lang',
); ?>
<p>Secondary language channel uses (if any)</p>
</td>
</tr>
<?php if ( $channel ) { ?>
<tr>
<th scope="row">Add LBC as Support</th>
<td>
<?php printf(
'<input type="number" step="0.001" min="0.01" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('%2$.3f') . '" required>',
'lbry_supports_add_bid_amount',
$bid_amount,
); ?>
<p>Current minimum support bid <img src="<?php echo esc_url( plugin_dir_url( LBRY_PLUGIN_FILE ) . 'admin/images/lbc.png' ) ?>" class="icon icon-lbc bid-icon-lbc"> 0.01</p>
</td>
</tr>
<?php } else { ?>
<tr>
<th scope="row">LBC to Bid</th>
<td>
<?php printf(
'<input type="number" step="0.001" min="0.001" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('%2$.3f') . '" required>',
'lbry_channel_add_bid_amount',
$bid_amount,
); ?>
<p>Current minimum bid <img src="<?php echo esc_url( plugin_dir_url( LBRY_PLUGIN_FILE ) . 'admin/images/lbc.png' ) ?>" class="icon icon-lbc bid-icon-lbc"> 0.001</p>
</td>
</tr>
<?php } ?>
</tbody>
</table>
<p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="Create New Channel"></p>
</form>
<?php
}

5
templates/channels-page.php
View file

@ -68,7 +68,7 @@ if ( current_user_can( 'manage_options' ) ) {
}
$init_bid = $results->items[0]->amount; ?>
<tr>
<td><a href=""><?php esc_html_e( $channel->name, 'lbrypress' ); ?></a></td>
<td><a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channel-edit', 'claim_id' => urlencode( esc_html__( $claim_id, 'lbrypress' ) ), 'channel_name' => urlencode( esc_html__($channel->name, 'lbrypress' ) ), 'current_support' => urlencode( floatval($support_amount) ), 'init_bid' => urlencode( floatval($init_bid) ), 'lbry_url' => urlencode( esc_url($lbry_url) ) ), 'admin.php' ) ) ); ?>"><?php esc_html_e( $channel->name, 'lbrypress' ); ?></a></td>
<td><a href="<?php echo esc_url( $open_url, 'lbrypress' ); ?>"><?php esc_html_e( esc_url( $lbry_url ), 'lbrypress' ); ?></a></td>
<td><?php esc_html_e( $claim_id, 'lbrypress' ); ?></td>
<td><?php esc_html_e( $created_date, 'lbrypress' ); ?></td>
@ -91,7 +91,8 @@ if ( current_user_can( 'manage_options' ) ) {
<input type="hidden" name="action" value="lbry_add_channel">
<input type="hidden" name="_lbrynonce" value="<?php echo $lbrynonce ?>">
<h3><?php echo _e( 'Create a New Channel', 'lbrypress' ); ?></h3>
<h3><?php echo _e( 'Quick Create a New Channel', 'lbrypress' ); ?></h3>
<p>Create a Channel that can be edited later to add details or set-up a complete <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channel-edit' ), 'admin.php' ) ) ); ?>">Channel</a> now.</p>
<table class="form-table" role="presentation">
<tbody>
<tr>

13
templates/options-page.php
View file

@ -26,16 +26,25 @@ $lbry_active_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : 'general';
'<a href="' . esc_url( $admin_url ) . '" class="nav-tab nav-tab-active">' . esc_html__( 'Supports', 'lbrypress') . '</a>',
$admin_url,
);
}
if ( $lbry_active_tab == 'channel-edit' ) {
$admin_url = admin_url( 'admin.php?page=lbrypress&tab=channel-edit' );
printf(
'<a href="' . esc_url( $admin_url ) . '" class="nav-tab nav-tab-active">' . esc_html__( 'Channel', 'lbrypress' ) . '</a>',
$admin_url,
);
} ?>
</nav>
<?php if ( $lbry_active_tab == 'channels' ) {
include_once( 'channels-page.php' );
} elseif ( $lbry_active_tab == 'supports' ) {
include_once( 'supports-add-form.php' );
} elseif ( $lbry_active_tab == 'channel-edit' ) {
include_once( 'channel-edit-page.php' );
} else {
?>
<form class="form-table" action="<?php echo esc_url( admin_url( 'options.php' ) ); ?>" method="post">
<?php
<?php // TODO: write this as a switch?
}
if ( $lbry_active_tab == 'general' ) {
settings_fields( 'lbry_general_settings' );
@ -45,6 +54,8 @@ $lbry_active_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : 'general';
//include_once( 'channels-page.php' );
} elseif ( $lbry_active_tab == 'supports' ) {
//include_once( 'supports-add-form.php' );
} elseif ( $lbry_active_tab == 'channel-edit' ) {
//include_once( 'supports-add-form.php' );
} elseif ( $lbry_active_tab == 'speech' ) {
settings_fields( LBRY_SPEECH_SETTINGS );
do_settings_sections( 'lbrypress-speech' );