Merge pull request #11 from xwp/hotfix/0.3.1

valendesigns · valendesigns · commit d72775f4a5d8 · 2016-03-18T00:43:51.000-07:00
v0.3.1
diff --git a/.jshintignore b/.jshintignore
diff --git a/.jshintignore b/.jshintignore
@@ -0,0 +1,3 @@
+**/*.min.js
+**/node_modules/**
+**/vendor/**
diff --git a/composer.json b/composer.json
@@ -1,14 +1,14 @@
 {
 	"name": "xwp/wp-customize-snapshots",
 	"description": "Allow Customizer states to be drafted, and previewed with a private URL.",
-	"version": "0.3.0",
+	"version": "0.3.1",
 	"type": "wordpress-plugin",
 	"homepage": "https://github.com/xwp/wp-customize-snapshots",
 	"license": "GPL-2.0+",
 	"require": {
 		"php": ">=5.3.0"
 	},
 	"require-dev": {
-		"satooshi/php-coveralls": "~1.0"
+		"satooshi/php-coveralls": "dev-master"
 	}
 }
diff --git a/contributing.md b/contributing.md
@@ -58,13 +58,7 @@ To check the text domain:
 $ grunt checktextdomain
 ```
 
-To create a pot file:
-
-``` bash
-$ grunt makepot
-```
-
-The default task (simply running `grunt`) will do the following: `jshint -> checktextdomain`.
+The default task (simply running `grunt`) will do the following: `jshint -> uglify -> cssmin -> checktextdomain`.
 
 ### PHPUnit Testing
 
diff --git a/customize-snapshots.php b/customize-snapshots.php
@@ -3,7 +3,7 @@
  * Plugin Name: Customize Snapshots
  * Plugin URI: https://github.com/xwp/wp-customize-snapshots
  * Description: Allow Customizer states to be drafted, and previewed with a private URL.
- * Version: 0.3.0
+ * Version: 0.3.1
  * Author:  XWP
  * Author URI: https://xwp.co/
  * License: GPLv2+
diff --git a/dev-lib b/dev-lib
@@ -1 +1 @@
-Subproject commit dec53929b6851b5c11afe671999d91e612bbe234
+Subproject commit 3c2de00ca1d7456498e2751a4b7ad173d8d2a613
diff --git a/js/customize-snapshots.js b/js/customize-snapshots.js
@@ -225,15 +225,15 @@ var customizeSnapshots = ( function( $ ) {
 				snapshotDialogShareLink = wp.template( id );
 
 			if ( url.match( regex ) ) {
-				url = url.replace( regex, '$1' + 'customize_snapshot_uuid=' + response.customize_snapshot_uuid + '$2' );
+				url = url.replace( regex, '$1' + 'customize_snapshot_uuid=' + encodeURIComponent( response.customize_snapshot_uuid ) + '$2' );
 			} else {
-				url = url + separator + 'customize_snapshot_uuid=' + response.customize_snapshot_uuid;
+				url = url + separator + 'customize_snapshot_uuid=' + encodeURIComponent( response.customize_snapshot_uuid );
 			}
 
 			if ( 'dirty' !== scope ) {
 				scope = 'full';
 			}
-			url += '&scope=' + scope;
+			url += '&scope=' + encodeURIComponent( scope );
 
 			// Write over the UUID
 			if ( ! isPreview ) {
diff --git a/js/customize-snapshots.min.js b/js/customize-snapshots.min.js
diff --git a/package.json b/package.json
@@ -11,12 +11,12 @@
 	"devDependencies": {
 		"grunt": "~0.4.5",
 		"grunt-checktextdomain": "~1.0.0",
-		"grunt-contrib-clean": "^0.7.0",
-		"grunt-contrib-copy": "~0.8.2",
-		"grunt-contrib-cssmin": "^0.14.0",
-		"grunt-contrib-jshint": "~0.11.3",
-		"grunt-contrib-uglify": "^0.11.0",
-		"grunt-shell": "~1.1.2",
+		"grunt-contrib-clean": "~1.0.0",
+		"grunt-contrib-copy": "~1.0.0",
+		"grunt-contrib-cssmin": "~1.0.1",
+		"grunt-contrib-jshint": "~1.0.0",
+		"grunt-contrib-uglify": "~1.0.1",
+		"grunt-shell": "~1.2.1",
 		"grunt-wp-deploy": "^1.1.0"
 	}
 }
diff --git a/php/class-customize-snapshot-manager.php b/php/class-customize-snapshot-manager.php
@@ -18,12 +18,14 @@ class Customize_Snapshot_Manager {
 
 	/**
 	 * Post type.
+	 *
 	 * @type string
 	 */
 	const POST_TYPE = 'customize_snapshot';
 
 	/**
 	 * Action nonce.
+	 *
 	 * @type string
 	 */
 	const AJAX_ACTION = 'customize_update_snapshot';
@@ -90,14 +92,16 @@ public function __construct( Plugin $plugin ) {
 			$this->capture_unsanitized_snapshot_post_data();
 		}
 
-		$uuid = isset( $_REQUEST['customize_snapshot_uuid'] ) ? sanitize_key( wp_unslash( $_REQUEST['customize_snapshot_uuid'] ) ) : null; // WPCS: input var ok.
-		$scope = isset( $_REQUEST['scope'] ) ? sanitize_key( wp_unslash( $_REQUEST['scope'] ) ) : 'dirty';  // WPCS: input var ok.
+		$uuid = isset( $_REQUEST['customize_snapshot_uuid'] ) ? sanitize_text_field( sanitize_key( wp_unslash( $_REQUEST['customize_snapshot_uuid'] ) ) ) : null; // WPCS: input var ok.
+		$scope = isset( $_REQUEST['scope'] ) ? sanitize_text_field( sanitize_key( wp_unslash( $_REQUEST['scope'] ) ) ) : 'dirty';  // WPCS: input var ok.
 		$apply_dirty = ( 'dirty' === $scope );
 
 		// Bootstrap the Customizer.
 		if ( empty( $GLOBALS['wp_customize'] ) || ! ( $GLOBALS['wp_customize'] instanceof \WP_Customize_Manager ) && $uuid ) {
 			require_once( ABSPATH . WPINC . '/class-wp-customize-manager.php' );
+			// @codingStandardsIgnoreStart
 			$GLOBALS['wp_customize'] = new \WP_Customize_Manager();
+			// @codingStandardsIgnoreEnd
 		}
 		$this->customize_manager = $GLOBALS['wp_customize'];
 
@@ -146,7 +150,7 @@ public function set_return_url() {
 				'customize_snapshot_uuid' => $this->snapshot->uuid(),
 				'scope' => $this->snapshot->apply_dirty ? 'dirty' : 'full',
 			);
-			$return_url = add_query_arg( $args, $this->customize_manager->get_return_url() );
+			$return_url = add_query_arg( array_map( 'rawurlencode', $args ), $this->customize_manager->get_return_url() );
 			$this->customize_manager->set_return_url( $return_url );
 		}
 	}
@@ -159,7 +163,7 @@ public function set_return_url() {
 	public function current_url() {
 		$http_host = isset( $_SERVER['HTTP_HOST'] ) ? wp_unslash( $_SERVER['HTTP_HOST'] ) : parse_url( home_url(), PHP_URL_HOST ); // WPCS: input var ok; sanitization ok.
 		$request_uri = isset( $_SERVER['REQUEST_URI'] ) ? wp_unslash( $_SERVER['REQUEST_URI'] ) : '/'; // WPCS: input var ok; sanitization ok.
-		return esc_url_raw( ( is_ssl() ? 'https://' : 'http://' ) . $http_host . $request_uri );
+		return ( is_ssl() ? 'https://' : 'http://' ) . $http_host . $request_uri;
 	}
 
 	/**
@@ -168,15 +172,15 @@ public function current_url() {
 	 * @return string
 	 */
 	public function clean_current_url() {
-		return esc_url( remove_query_arg( array( 'customize_snapshot_uuid', 'scope' ), $this->current_url() ) );
+		return remove_query_arg( array( 'customize_snapshot_uuid', 'scope' ), $this->current_url() );
 	}
 
 	/**
 	 * Redirect when preview is not allowed for the current theme.
 	 */
 	public function maybe_force_redirect() {
 		if ( false === $this->snapshot->is_preview() && isset( $_GET['customize_snapshot_uuid'] ) ) { // WPCS: input var ok.
-			wp_safe_redirect( $this->clean_current_url() );
+			wp_safe_redirect( esc_url_raw( $this->clean_current_url() ) );
 			exit;
 		}
 	}
@@ -242,7 +246,7 @@ public function enqueue_scripts() {
 			'is_preview' => $this->snapshot->is_preview(),
 			'current_user_can_publish' => current_user_can( 'customize_publish' ),
 			'snapshot_theme' => $snapshot_theme,
-			'scope' => ( isset( $_GET['scope'] ) ? sanitize_key( wp_unslash( $_GET['scope'] ) ) : 'dirty' ), // WPCS: input var ok.
+			'scope' => ( isset( $_GET['scope'] ) ? sanitize_text_field( sanitize_key( wp_unslash( $_GET['scope'] ) ) ) : 'dirty' ), // WPCS: input var ok.
 			'i18n' => array(
 				'saveButton' => __( 'Save', 'customize-snapshots' ),
 				'saveDraftButton' => __( 'Save Draft', 'customize-snapshots' ),
@@ -322,7 +326,7 @@ public function set_snapshot_uuid() {
 		}
 		false && check_ajax_referer(); // Note: This is a workaround for PHPCS nonce verification check.
 
-		$uuid = ! empty( $_POST['snapshot_uuid'] ) ? sanitize_key( wp_unslash( $_POST['snapshot_uuid'] ) ) : null; // WPCS: input var ok.
+		$uuid = ! empty( $_POST['snapshot_uuid'] ) ? sanitize_text_field( sanitize_key( wp_unslash( $_POST['snapshot_uuid'] ) ) ) : null; // WPCS: input var ok.
 		if ( current_user_can( 'customize' ) && $uuid && $this->snapshot->is_valid_uuid( $uuid ) ) {
 			$this->snapshot_uuid = $uuid;
 		}
@@ -383,7 +387,7 @@ public function update_snapshot() {
 		}
 
 		// Set the snapshot UUID.
-		$this->snapshot->set_uuid( sanitize_key( wp_unslash( $_POST['customize_snapshot_uuid'] ) ) ); // WPCS: input var ok.
+		$this->snapshot->set_uuid( sanitize_text_field( sanitize_key( wp_unslash( $_POST['customize_snapshot_uuid'] ) ) ) ); // WPCS: input var ok.
 		$uuid = $this->snapshot->uuid();
 		$next_uuid = $uuid;
 
@@ -430,19 +434,17 @@ public function customize_menu( $wp_admin_bar ) {
 			return;
 		}
 
-		$current_url = remove_query_arg( array( 'customize_snapshot_uuid', 'scope' ), $this->current_url() );
-
 		$args = array();
-		$uuid = isset( $_GET['customize_snapshot_uuid'] ) ? sanitize_key( wp_unslash( $_GET['customize_snapshot_uuid'] ) ) : null; // WPCS: input var ok.
-		$scope = isset( $_GET['scope'] ) ? sanitize_key( wp_unslash( $_GET['scope'] ) ) : 'dirty'; // WPCS: input var ok.
+		$uuid = isset( $_GET['customize_snapshot_uuid'] ) ? sanitize_text_field( sanitize_key( wp_unslash( $_GET['customize_snapshot_uuid'] ) ) ) : null; // WPCS: input var ok.
+		$scope = isset( $_GET['scope'] ) ? sanitize_text_field( sanitize_key( wp_unslash( $_GET['scope'] ) ) ) : 'dirty'; // WPCS: input var ok.
 
 		if ( $uuid && $this->snapshot->is_valid_uuid( $uuid ) ) {
 			$args['customize_snapshot_uuid'] = $uuid;
 			$args['scope'] = ( 'dirty' !== $scope ? 'full' : 'dirty' );
 		}
 
-		$args['url'] = urlencode( $current_url );
-		$customize_url = add_query_arg( $args, wp_customize_url() );
+		$args['url'] = esc_url_raw( $this->clean_current_url() );
+		$customize_url = add_query_arg( array_map( 'rawurlencode', $args ), wp_customize_url() );
 
 		$wp_admin_bar->add_menu(
 			array(
diff --git a/php/class-customize-snapshot.php b/php/class-customize-snapshot.php
@@ -228,8 +228,11 @@ public function post( $refresh = false ) {
 			'posts_per_page' => 1,
 			'post_type' => Customize_Snapshot_Manager::POST_TYPE,
 			'post_status' => array( 'draft', 'publish' ),
+			'no_found_rows' => true,
+			'ignore_sticky_posts' => true,
+			'cache_results' => false,
 		) );
-		$posts = $query->get_posts();
+		$posts = $query->posts;
 		remove_action( 'pre_get_posts', array( $this, '_override_wp_query_is_single' ) );
 
 		if ( empty( $posts ) ) {
diff --git a/php/class-plugin.php b/php/class-plugin.php
@@ -43,7 +43,7 @@ public function __construct() {
 	public function init() {
 		add_action( 'wp_default_scripts', array( $this, 'register_scripts' ), 11 );
 		add_action( 'wp_default_styles', array( $this, 'register_styles' ), 11 );
-		add_action( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10, 4 );
+		add_action( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10 );
 
 		$this->customize_snapshot_manager = new Customize_Snapshot_Manager( $this );
 	}
@@ -77,17 +77,14 @@ public function register_styles( \WP_Styles $wp_styles ) {
 	/**
 	 * Add the customize_publish capability to users who can edit_theme_options by default.
 	 *
-	 * @param array    $allcaps An array of all the user's capabilities.
-	 * @param array    $caps    Actual capabilities for meta capability.
-	 * @param array    $args    Optional parameters passed to has_cap(), typically object ID.
-	 * @param \WP_User $user    The user object.
+	 * @param array $allcaps An array of all the user's capabilities.
 	 * @return array All caps.
 	 */
-	public function filter_user_has_cap( $allcaps, $caps, $args, $user ) {
-		unset( $caps, $args, $user );
+	public function filter_user_has_cap( $allcaps ) {
 		if ( ! empty( $allcaps['edit_theme_options'] ) ) {
 			$allcaps['customize_publish'] = true;
 		}
+
 		return $allcaps;
 	}
 }
diff --git a/readme.md b/readme.md
@@ -7,7 +7,7 @@ Allow Customizer states to be drafted, and previewed with a private URL.
 **Tags:** [customizer](https://wordpress.org/plugins/tags/customizer), [customize](https://wordpress.org/plugins/tags/customize), [snapshots](https://wordpress.org/plugins/tags/snapshots)  
 **Requires at least:** 4.3  
 **Tested up to:** trunk  
-**Stable tag:** 0.3.0  
+**Stable tag:** 0.3.1  
 **License:** [GPLv2 or later](http://www.gnu.org/licenses/gpl-2.0.html)  
 
 [![Build Status](https://travis-ci.org/xwp/wp-customize-snapshots.svg?branch=master)](https://travis-ci.org/xwp/wp-customize-snapshots) [![Coverage Status](https://coveralls.io/repos/xwp/wp-customize-snapshots/badge.svg?branch=master)](https://coveralls.io/github/xwp/wp-customize-snapshots) [![Built with Grunt](https://cdn.gruntjs.com/builtwith.png)](http://gruntjs.com) [![devDependency Status](https://david-dm.org/xwp/wp-customize-snapshots/dev-status.svg)](https://david-dm.org/xwp/wp-customize-snapshots#info=devDependencies) 
@@ -24,6 +24,11 @@ Requires PHP 5.3+.
 
 ## Changelog ##
 
+### 0.3.1 ###
+* Fix additional WordPress VIP issues.
+* Update `dev-lib`.
+* Update Coveralls.
+
 ### 0.3.0 ###
 * Initialize Snapshots before Widget Posts so that `$wp_customize` will be set on the front-end.
 * Fix WordPress VIP PHPCS issues.
diff --git a/readme.txt b/readme.txt

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+*/.min.js`
	`2`	`+/node_modules/`
	`3`	`+/vendor/`
Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,14 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "xwp/wp-customize-snapshots",`
`3`	`3`	`"description": "Allow Customizer states to be drafted, and previewed with a private URL.",`
`4`		`- "version": "0.3.0",`
	`4`	`+ "version": "0.3.1",`
`5`	`5`	`"type": "wordpress-plugin",`
`6`	`6`	`"homepage": "https://github.com/xwp/wp-customize-snapshots",`
`7`	`7`	`"license": "GPL-2.0+",`
`8`	`8`	`"require": {`
`9`	`9`	`"php": ">=5.3.0"`
`10`	`10`	`},`
`11`	`11`	`"require-dev": {`
`12`		`- "satooshi/php-coveralls": "~1.0"`
	`12`	`+ "satooshi/php-coveralls": "dev-master"`
`13`	`13`	`}`
`14`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ public function __construct() {`
`43`	`43`	`public function init() {`
`44`	`44`	`add_action( 'wp_default_scripts', array( $this, 'register_scripts' ), 11 );`
`45`	`45`	`add_action( 'wp_default_styles', array( $this, 'register_styles' ), 11 );`
`46`		`- add_action( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10, 4 );`
	`46`	`+ add_action( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10 );`
`47`	`47`
`48`	`48`	`$this->customize_snapshot_manager = new Customize_Snapshot_Manager( $this );`
`49`	`49`	`}`
`@@ -77,17 +77,14 @@ public function register_styles( \WP_Styles $wp_styles ) {`
`77`	`77`	`/**`
`78`	`78`	`* Add the customize_publish capability to users who can edit_theme_options by default.`
`79`	`79`	`*`
`80`		`- * @param array $allcaps An array of all the user's capabilities.`
`81`		`- * @param array $caps Actual capabilities for meta capability.`
`82`		`- * @param array $args Optional parameters passed to has_cap(), typically object ID.`
`83`		`- * @param \WP_User $user The user object.`
	`80`	`+ * @param array $allcaps An array of all the user's capabilities.`
`84`	`81`	`* @return array All caps.`
`85`	`82`	`*/`
`86`		`- public function filter_user_has_cap( $allcaps, $caps, $args, $user ) {`
`87`		`- unset( $caps, $args, $user );`
	`83`	`+ public function filter_user_has_cap( $allcaps ) {`
`88`	`84`	`if ( ! empty( $allcaps['edit_theme_options'] ) ) {`
`89`	`85`	`$allcaps['customize_publish'] = true;`
`90`	`86`	`}`
	`87`	`+`
`91`	`88`	`return $allcaps;`
`92`	`89`	`}`
`93`	`90`	`}`