LBRYCommunity/lbrypress
1
0
Fork 0
Code Issues 27 Pull requests Packages Projects Releases Wiki Activity

better sanitize supports page #78

Merged
lemsmyth merged 14 commits from master into master 2022-02-27 20:30:08 +01:00
Conversation 0 Commits 14 Files changed 7 +381 -10
7 changed files with 381 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
admin/js/admin-image-uploader.js Normal file
View file

@ -0,0 +1,56 @@
jQuery( document ).ready( function( $ ) {
// Uploading files
var file_frame;
var wp_media_post_id = wp.media.model.settings.post.id; // Store the old id
var set_to_post_id = 10; // Set this
jQuery('#lbry_upload_thumbnail_button').on('click', function( event ){
event.preventDefault();
// If the media frame already exists, reopen it.
if ( file_frame ) {
// Set the post ID to what we want
file_frame.uploader.uploader.param( 'post_id', set_to_post_id );
// Open frame
file_frame.open();
return;
} else {
// Set the wp.media post id so the uploader grabs the ID we want when initialised
wp.media.model.settings.post.id = set_to_post_id;
}
// Create the media frame.
file_frame = wp.media.frames.file_frame = wp.media({
title: jQuery( this ).data( 'uploader_title' ),
button: {
text: jQuery( this ).data( 'uploader_button_text' ),
},
multiple: true // Set to true to allow multiple files to be selected
});
// When an image is selected, run a callback.
file_frame.on( 'select', function() {
// We set multiple to false so only get one image from the uploader
attachment = file_frame.state().get('selection').first().toJSON();
// Do something with attachment.id and/or attachment.url here
$( '#thumbnail-preview' ).attr( 'src', attachment.url ).css( 'width', 'auto' );
$( '#lbry_thumbnail_attachment_id' ).val( attachment.id );
$( '#lbry_upload_thumbnail_button' ).css( 'display', 'none' );
$( '.channel-image-info' ).css( 'display', 'none' );
// Restore the main post ID
wp.media.model.settings.post.id = wp_media_post_id;
});
// Finally, open the modal
file_frame.open();
});
// Restore the main ID when the add media button is pressed
jQuery('a.add_media').on('click', function() {
wp.media.model.settings.post.id = wp_media_post_id;
});
});

83
classes/LBRY_Admin.php
View file

@ -20,6 +20,7 @@ class LBRY_Admin
add_action('admin_init', array($this, 'wallet_balance_warning'));
add_action('admin_post_lbry_add_channel', array($this, 'add_channel'));
add_action('admin_post_lbry_add_supports', array($this, 'add_supports'));
add_action('admin_post_lbry_edit_channel', array($this, 'edit_channel'));
}
/**
@ -53,7 +54,7 @@ class LBRY_Admin
add_action( 'admin_enqueue_scripts', 'load_admin_stylesheet' );
// Admin channel sort JS enqueue
function load_admin_script() {
function load_channel_sort_script() {
if ( ( $_GET['page'] == 'lbrypress') && ( $_GET['tab'] == 'channels' ) ) {
wp_enqueue_script(
'lbry-table-sort',
@ -64,7 +65,22 @@ class LBRY_Admin
);
}
}
add_action( 'admin_enqueue_scripts', 'load_admin_script' );
add_action( 'admin_enqueue_scripts', 'load_channel_sort_script' );
// Admin Media Upload on Edit Channel tab
function load_channel_edit_media_scripts() {
if ( ( $_GET['page'] == 'lbrypress' ) && ( $_GET['tab'] == 'channel-edit' ) ) {
wp_enqueue_media();
wp_enqueue_script(
'lbry-media-upload',
plugins_url( '/admin/js/admin-image-uploader.js', LBRY_PLUGIN_FILE ),
array( 'jquery' ),
LBRY_VERSION,
true
);
}
}
add_action( 'admin_enqueue_scripts', 'load_channel_edit_media_scripts' );
// Admin Error Notices
function lbry_plugin_not_configured_notice() {
@ -476,7 +492,7 @@ class LBRY_Admin
*/
public function add_supports()
{
if ( ( $_POST['post_id'] ) && ( $_POST['post_id'] !== null ) ) {
if ( ( $_POST['post_id'] ) && ( absint( $_POST['post_id'] ) ) ) {
$redirect_url = admin_url( add_query_arg( array( 'post' => $_POST['post_id'], 'action' => 'edit' ), 'post.php') );
} else {
$redirect_url = admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channels' ), 'options.php' ) );
@ -509,6 +525,67 @@ class LBRY_Admin
exit();
}
/**
* Handles editing an existing channel form submission
*/
public function edit_channel()
{
$redirect_url = admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channels' ), 'options.php' ) );
$claim = $_POST['claim_id'];
$claim_id = sanitize_text_field( $claim );
$bid = $_POST['lbry_supports_add_bid_amount'];
$channel_bid = number_format( floatval( $bid ), 3, '.', '' );
$title = $_POST['lbry_edit_channel_title'];
$channel_title = sanitize_text_field( $title );
$description = $_POST['lbry_edit_channel_description'];
$channel_description = sanitize_text_field( $description );
$tags = $_POST['lbry_edit_channel_tags'];
$channel_tags = sanitize_text_field( $tags );
$website = $_POST['lbry_new_channel_website'];
$channel_website = sanitize_text_field( $website );
$email = $_POST['lbry_new_channel_email'];
$channel_email = sanitize_text_field( $email );
// $language_array = LBRY()->languages;
// $primlang = $_POST['lbry_new_channel_prim_lang'];
// $primary_language = ( ($primlang) && in_array( $primlang, $language_array ) );
// $seclang = $_POST['lbry_new_channel_sec_lang'];
// $secondary_language = ( ($seclang) && in_array( $seclang, $language_array ) );
// $thumbnail = $_POST[''];
// $thumbnail_url = wp_get_attachment_url( get_option( 'lbry_media_selector_thumbnail_id' ) )
// $header = $_POST[''];
// $header_url = wp_get_attachment_url( get_option( 'lbry_media_selector_header_id' ) );
// Check that nonce
if ( isset( $_POST['_lbrynonce'] ) && wp_verify_nonce( $_POST['_lbrynonce'], 'edit_channel_nonce' ) ) {
$args = array(
'claim_id' => $claim_id,
'bid' => $channel_bid,
'title' => $channel_title,
'description' => $channel_description,
'tags' => $channel_tags,
'website_url' => $channel_website,
'email' => $channel_email,
//'languages' => array( $primary_language, $secondary_language ),
//'thumbnail_url' => $thumbnail_url,
//'cover_url' => $header_url,
);
// Try to add support to the claim
try {
$result = LBRY()->daemon->channel_edit( $args );
} catch ( \Exception $e ) {
LBRY()->notice->set_notice( 'error', $e->getMessage(), false );
}
} else {
LBRY()->notice->set_notice('error', 'Security check failed' );
die( __( 'Security check failed', 'lbrypress' ) );
}
wp_safe_redirect( $redirect_url );
exit();
}
/**
* Checks at most once an hour to see if the wallet balance is too low
*/

25
classes/LBRY_Daemon.php
View file

@ -171,6 +171,31 @@ class LBRY_Daemon
return;
}
}
/**
* Edit an existing channel to add missing details
* https://lbry.tech/api/sdk#channel_update
* @return array dictionary containing result of the request
*/
public function channel_edit( $args )
{
try {
$result = $this->request(
'channel_update',
$args
);
$this->logger->log( 'channel_update success!', 'Successfully updated channel with result: ' . print_r( $result->result, true ) );
return $result->result;
} catch (LBRYDaemonException $e) {
$this->logger->log( 'channel_update error', $e->getMessage() . ' | Code: ' . $e->getCode() );
throw new \Exception( 'Issue updating channel.', 1 );
return;
}
}
/**
* Add supports to an existing claim
* https://lbry.tech/api/sdk#

201
templates/channel-edit-page.php Normal file
View file

@ -0,0 +1,201 @@
<?php
/**
* ============================
* CHANNELS EDIT ADMIN PAGE
* Uses the post-admin action so we can use the $_POST global variable to build our cURL request and the settings are not saved to the datbase
* @package LBRYPress
* ============================
*/
defined('ABSPATH') || die(); // Exit if accessed directly
if ( current_user_can( 'manage_options' ) ) {
// Generate a custom nonce
$lbrynonce = wp_create_nonce( 'edit_channel_nonce' );
$claim_id = $_GET['claim_id'];
$claim_id = sanitize_text_field( $claim_id );
$lbry_url = $_GET['lbry_url'];
$lbry_url = urldecode($lbry_url);
$init_bid = $_GET['init_bid'];
$init_bid = number_format( floatval( $init_bid ), 3, '.', '' );
$channel = $_GET['channel_name'];
$channel = sanitize_user( $channel );
$support_amount = $_GET['current_support'];
$support_amount = number_format( floatval( $support_amount ), 3, '.', '' );
// Save attachment ID
// if ( isset( $_POST['submit'] ) && isset( $_POST['lbry_header_attachment_id'] ) ) :
// update_option( 'lbry_media_selector_header_id', absint( $_POST['lbry_header_attachment_id'] ) );
// endif;
if ( isset( $_POST['submit'] ) && isset( $_POST['lbry_thumbnail_attachment_id'] ) ) :
update_option( 'lbry_media_selector_thumbnail_id', absint( $_POST['lbry_thumbnail_attachment_id'] ) );
endif;
// Build the page
?>
<img src="">
<img src="">
<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post" id="lbry_edit_channel_form">
<input type="hidden" name="action" value="lbry_edit_channel">
<input type="hidden" name="_lbrynonce" value="<?php echo $lbrynonce ?>">
<input type="hidden" name="claim_id" value ="<?php echo $claim_id ?>">
<!-- <input type='hidden' name='lbry_header_attachment_id' id='lbry_header_attachment_id' value='<?php //echo get_option( 'lbry_media_selector_header_id' ); ?>'> -->
<input type='hidden' name='lbry_thumbnail_attachment_id' id='lbry_thumbnail_attachment_id' value='<?php echo get_option( 'lbry_media_selector_thumbnail_id' ); ?>'>
<?php if ( $claim_id ) { ?>
<h2><?php echo _e( 'Editing Channel: ' . esc_html__( $channel ), 'lbrypress' ); ?></h2>
<?php printf(
'<h3>' . esc_html__( '%1$s', 'lbrypress' ) . '</h3>
<h4>Claim ID: <code>' . esc_html__( '%2$s', 'lbrypress' ) . '</code></h4>',
$lbry_url,
$claim_id,
);
} ?>
<table class="form-table" role="presentation">
<tbody>
<!-- <tr>
<th scope="row">Header Image</th>
<td>
<div class='image-preview-wrapper'>
<img id='header-preview' src='<?php //echo wp_get_attachment_url( get_option( 'lbry_media_selector_header_id' ) ); ?>' height='100'>
</div>
<input id="lbry_upload_header_button" type="button" class="button" value="<?php //_e( 'Upload Header', 'lbrypress' ); ?>">
<p class="header-image-info">6.25:1 ratio for best result</p>
<td>
</tr> -->
<tr>
<th scope="row">Thumbnail Image</th>
<td>
<div class='image-preview-wrapper'>
<img id="thumbnail-preview" src="'<?php echo wp_get_attachment_url( get_option( 'lbry_media_selector_thumbnail_id' ) ); ?>'" height="100">
</div>
<input id="lbry_upload_thumbnail_button" type="button" class="button" value="<?php _e( 'Upload Thumbnail', 'lbrypress' ); ?>">
<p class="channel-image-info">1:1 ratio for best result</p>
<td>
</tr>
<?php if ( $channel ) { ?>
<tr>
<th scope="row">Channel Name</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('%2$s') . '" required readonly>',
'lbry_edit_channel_name',
$channel,
); ?>
<p>If you want to edit another channel, use the link for the specific channel claim found on the <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channels' ),'options.php' ) ) ); ?>">Channels tab</a>or to create a complete <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channel-edit' ), 'admin.php' ) ) ); ?>">Channel</a></p>
</td>
</tr>
<?php } else { ?>
<tr>
<th scope="row">Channel Name</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="@' . esc_attr('') . '" required>',
'lbry_edit_channel_name',
); ?>
<p>No spaces or special characters in @ Channel Name</p>
</td>
</tr>
<?php } ?>
<tr>
<th scope="row">Title</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_edit_channel_title',
); ?>
<p></p>
</td>
</tr>
<tr>
<th scope="row">Description</th>
<td>
<?php printf(
'<textarea rows="8" cols="24" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '"></textarea>',
'lbry_edit_channel_description',
); ?>
<p></p>
</td>
</tr>
<tr>
<th scope="row">Tags</th>
<td>
<?php printf(
'<input type="text" rows="10" cols="50" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_edit_channel_tags',
); ?>
<p>Add up to five tags (comma separated)</p>
</td>
</tr>
<tr>
<th scope="row">Website</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_website',
); ?>
<p>Default is LBRYPress site channel was created on</p>
</td>
</tr>
<tr>
<th scope="row">Email</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_email',
); ?>
<p>Default is WordPress admin email</p>
</td>
</tr>
<tr>
<th scope="row">Language</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_prim_lang',
); ?>
<p>Primary language of the channel</p>
</td>
</tr>
<tr>
<th scope="row">Second Language</th>
<td>
<?php printf(
'<input type="text" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('') . '">',
'lbry_new_channel_sec_lang',
); ?>
<p>Secondary language channel uses (if any)</p>
</td>
</tr>
<?php if ( $channel ) { ?>
<tr>
<th scope="row">Add LBC as Support</th>
<td>
<?php printf(
'<input type="number" step="0.001" min="0.01" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('%2$.3f') . '" required>',
'lbry_supports_add_bid_amount',
$bid_amount,
); ?>
<p>Current minimum support bid <img src="<?php echo esc_url( plugin_dir_url( LBRY_PLUGIN_FILE ) . 'admin/images/lbc.png' ) ?>" class="icon icon-lbc bid-icon-lbc"> 0.01</p>
</td>
</tr>
<?php } else { ?>
<tr>
<th scope="row">LBC to Bid</th>
<td>
<?php printf(
'<input type="number" step="0.001" min="0.001" id="' . esc_attr('%1$s') . '" name="' . esc_attr('%1$s') . '" value="' . esc_attr('%2$.3f') . '" required>',
'lbry_channel_add_bid_amount',
$bid_amount,
); ?>
<p>Current minimum bid <img src="<?php echo esc_url( plugin_dir_url( LBRY_PLUGIN_FILE ) . 'admin/images/lbc.png' ) ?>" class="icon icon-lbc bid-icon-lbc"> 0.001</p>
</td>
</tr>
<?php } ?>
</tbody>
</table>
<p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="Create New Channel"></p>
</form>
<?php
}

5
templates/channels-page.php
View file

@ -68,7 +68,7 @@ if ( current_user_can( 'manage_options' ) ) {
}
$init_bid = $results->items[0]->amount; ?>
<tr>
<td><a href=""><?php esc_html_e( $channel->name, 'lbrypress' ); ?></a></td>
<td><a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channel-edit', 'claim_id' => urlencode( esc_html__( $claim_id, 'lbrypress' ) ), 'channel_name' => urlencode( esc_html__($channel->name, 'lbrypress' ) ), 'current_support' => urlencode( floatval($support_amount) ), 'init_bid' => urlencode( floatval($init_bid) ), 'lbry_url' => urlencode( esc_url($lbry_url) ) ), 'admin.php' ) ) ); ?>"><?php esc_html_e( $channel->name, 'lbrypress' ); ?></a></td>
<td><a href="<?php echo esc_url( $open_url, 'lbrypress' ); ?>"><?php esc_html_e( esc_url( $lbry_url ), 'lbrypress' ); ?></a></td>
<td><?php esc_html_e( $claim_id, 'lbrypress' ); ?></td>
<td><?php esc_html_e( $created_date, 'lbrypress' ); ?></td>
@ -91,7 +91,8 @@ if ( current_user_can( 'manage_options' ) ) {
<input type="hidden" name="action" value="lbry_add_channel">
<input type="hidden" name="_lbrynonce" value="<?php echo $lbrynonce ?>">
<h3><?php echo _e( 'Create a New Channel', 'lbrypress' ); ?></h3>
<h3><?php echo _e( 'Quick Create a New Channel', 'lbrypress' ); ?></h3>
<p>Create a Channel that can be edited later to add details or set-up a complete <a href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channel-edit' ), 'admin.php' ) ) ); ?>">Channel</a> now.</p>
<table class="form-table" role="presentation">
<tbody>
<tr>

13
templates/options-page.php
View file

@ -26,16 +26,25 @@ $lbry_active_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : 'general';
'<a href="' . esc_url( $admin_url ) . '" class="nav-tab nav-tab-active">' . esc_html__( 'Supports', 'lbrypress') . '</a>',
$admin_url,
);
}
if ( $lbry_active_tab == 'channel-edit' ) {
$admin_url = admin_url( 'admin.php?page=lbrypress&tab=channel-edit' );
printf(
'<a href="' . esc_url( $admin_url ) . '" class="nav-tab nav-tab-active">' . esc_html__( 'Channel', 'lbrypress' ) . '</a>',
$admin_url,
);
} ?>
</nav>
<?php if ( $lbry_active_tab == 'channels' ) {
include_once( 'channels-page.php' );
} elseif ( $lbry_active_tab == 'supports' ) {
include_once( 'supports-add-form.php' );
} elseif ( $lbry_active_tab == 'channel-edit' ) {
include_once( 'channel-edit-page.php' );
} else {
?>
<form class="form-table" action="<?php echo esc_url( admin_url( 'options.php' ) ); ?>" method="post">
<?php
<?php // TODO: write this as a switch?
}
if ( $lbry_active_tab == 'general' ) {
settings_fields( 'lbry_general_settings' );
@ -45,6 +54,8 @@ $lbry_active_tab = isset( $_GET['tab'] ) ? $_GET['tab'] : 'general';
//include_once( 'channels-page.php' );
} elseif ( $lbry_active_tab == 'supports' ) {
//include_once( 'supports-add-form.php' );
} elseif ( $lbry_active_tab == 'channel-edit' ) {
//include_once( 'supports-add-form.php' );
} elseif ( $lbry_active_tab == 'speech' ) {
settings_fields( LBRY_SPEECH_SETTINGS );
do_settings_sections( 'lbrypress-speech' );

8
templates/supports-add-form.php
View file

@ -34,10 +34,10 @@ if ( current_user_can( 'manage_options' ) ) {
<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post" id="lbry_add_supports_form">
<input type="hidden" name="action" value="lbry_add_supports">
<input type="hidden" name="_lbrynonce" value="<?php echo $lbrynonce; ?>">
<input type="hidden" name="post_id" value="<?php echo $return_post; ?>">
<input type="hidden" name="lbry_url" value="<?php echo esc_attr($lbry_url); ?>">
<input type="hidden" name="supporting_channel" value="<?php echo $supporting_channel; ?>">
<input type="hidden" name="_lbrynonce" value="<?php echo esc_attr($lbrynonce); ?>">
<input type="hidden" name="post_id" value="<?php echo esc_attr($return_post); ?>">
<input type="hidden" name="lbry_url" value="<?php echo esc_url($lbry_url); ?>">
<input type="hidden" name="supporting_channel" value="<?php echo esc_attr($supporting_channel); ?>">
<h2><?php echo _e( 'Add Supports to Claim:', 'lbrypress' ); ?></h2>
<?php printf(