Update FrmAppHelper::sanitize_value to support objects without a fatal error

[Crabcyborg]

I noticed this in an old ticket when searching for an error https://secure.helpscout.net/conversation/1902277510/100120

Fatal error
: Uncaught Error: Object of class WP_Post could not be converted to string in .../wp-includes/kses.php:1685 Stack trace: #0 .../wp-includes/kses.php(1685): preg_replace('/[x00-x08x0B...', '', Object(WP_Post)) #1 .../wp-includes/kses.php(717): wp_kses_no_null(Object(WP_Post), Array) #2 .../wp-includes/kses.php(2106): wp_kses(Object(WP_Post), 'post') #3 .../wp-content/plugins/formidable/classes/helpers/FrmAppHelper.php(548): wp_kses_post(Object(WP_Post)) #4 .../wp-content/plugins/formidable-stripe/models/FrmStrpAuth.php(261): FrmAppHelper::sanitize_value('wp_kses_post', Object(WP_Post)) #5 .../wp-content/plugins/formidable-stripe/models/FrmStrpAuth.php(230): FrmStrpAuth::generate_false_entry() #6 .../wp-content/plugi in
.../wp-includes/kses.php

This comes from the Stripe add-on in code (that also exists now in Stripe Lite), where a value in $_POST is a WP_Post object. This must be caused by a plugin conflict of some sort.

This update sets $value to an empty string if it is an object, since we shouldn't accept an object.

I also updated the function a bit. I gave it comments, and I added some returns to reduce the indentation.

Summary by CodeRabbit

• Bug Fixes
  • Updated input sanitization to handle object inputs more securely by converting them to an empty string.

[coderabbitai]

Walkthrough

The update focuses on enhancing the sanitize_value method within FrmAppHelper.php. This method has been refined to treat object inputs uniquely by converting them to empty strings. Furthermore, it introduces an explicit void return type and a new parameter, $sanitize, to provide more control over the sanitization process.

Changes

File	Summary
FrmAppHelper.php	Updated sanitize_value to handle object inputs as empty strings, added $sanitize parameter, and now explicitly returns void.

Poem

In the digital fields, where code does bloom,
A rabbit hopped under the silvery moon.
With each leap and bound, it tweaked and tuned,
Turning objects to strings, under the noon.
"Fear not," it whispered, with a smile so wide,
"For cleaner, safer data, I always provide."
🌟🐰💻🌙

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[codecov]

Codecov Report

Attention: Patch coverage is 81.81818% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 29.58%. Comparing base (c27720d) to head (f2bdef6).

Files	Patch %	Lines
classes/helpers/FrmAppHelper.php	81.81%	2 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #1569      +/-   ##
============================================
+ Coverage     29.50%   29.58%   +0.07%     
- Complexity     7805     7806       +1     
============================================
  Files           119      119              
  Lines         25691    25696       +5     
============================================
+ Hits           7580     7602      +22     
+ Misses        18111    18094      -17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between c27720d and f2bdef6.

Files selected for processing (1)

• classes/helpers/FrmAppHelper.php (1 hunks)

Additional comments: 5

classes/helpers/FrmAppHelper.php (5)

• 646-678: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The get_menu_icon_class method correctly handles the retrieval of the menu icon class with appropriate checks for the existence of the Pro version of the plugin. Good use of fallback mechanism.

• 646-678: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The add_dismissable_warning_message method provides a secure and efficient way to handle dismissible warning messages with appropriate permission checks and nonce verification.

• 646-678: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The dismiss_warning_message method correctly handles the AJAX request to update the dismissal state of a warning message with necessary security checks.

• 646-678: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

The deprecated methods are correctly marked with _deprecated_function and provide clear guidance on the new implementations or reasons for deprecation.

• 646-678: > 📝 NOTE

This review was outside the diff hunks, and no overlapping diff hunk was found. Original lines [1-1]

Due to the extensive changes and the addition of new methods, a detailed review of each method is required to ensure correctness, security, performance, and adherence to best practices. Further analysis is needed to provide specific feedback on each method.

[stephywells]

This looks great!