From e08c46ab92f98c505e65a0b9466aa05d1ade776a Mon Sep 17 00:00:00 2001 From: kawsarahmedr Date: Sat, 31 Aug 2024 14:48:31 +0600 Subject: [PATCH 1/7] Add php initializer in admin js --- src/js/insertcodes-admin.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/js/insertcodes-admin.js b/src/js/insertcodes-admin.js index 1922d4c..75d6a5d 100644 --- a/src/js/insertcodes-admin.js +++ b/src/js/insertcodes-admin.js @@ -10,10 +10,18 @@ mode: 'htmlmixed' }) }); + // PHP Editor. + var phpSettings = _.extend({}, defaultSettings, { + codemirror: _.extend({}, defaultSettings.codemirror, { + mode: 'application/x-httpd-php' // Or use "php" instead. + }) + }); + // Initialize the code editors. wp.codeEditor.initialize($('#insertcodes_header'), htmlSettings); wp.codeEditor.initialize($('#insertcodes_body'), htmlSettings); wp.codeEditor.initialize($('#insertcodes_footer'), htmlSettings); + wp.codeEditor.initialize($('#insertcodes_php'), phpSettings); }); }); })(jQuery); From b0cba33819bc45ba1603a9e675419818533562c5 Mon Sep 17 00:00:00 2001 From: kawsarahmedr Date: Sat, 31 Aug 2024 18:35:06 +0600 Subject: [PATCH 2/7] Add php code editor --- assets/js/insertcodes-admin.asset.php | 1 + assets/js/insertcodes-admin.js | 20 +------- includes/Admin/Admin.php | 36 ++++++++++++- includes/Admin/views/snippets.php | 73 +++++++++++++++++++++++++++ insert-codes.php | 4 +- languages/insert-codes.pot | 59 +++++++++++++++++++--- package-lock.json | 4 +- package.json | 2 +- src/js/insertcodes-admin.js | 33 ++++++++---- webpack.config.js | 6 +-- 10 files changed, 192 insertions(+), 46 deletions(-) create mode 100644 assets/js/insertcodes-admin.asset.php create mode 100644 includes/Admin/views/snippets.php diff --git a/assets/js/insertcodes-admin.asset.php b/assets/js/insertcodes-admin.asset.php new file mode 100644 index 0000000..6cf6b1a --- /dev/null +++ b/assets/js/insertcodes-admin.asset.php @@ -0,0 +1 @@ + array(), 'version' => '0e0f7bc8e55c70c67db9'); diff --git a/assets/js/insertcodes-admin.js b/assets/js/insertcodes-admin.js index 1922d4c..adabb55 100644 --- a/assets/js/insertcodes-admin.js +++ b/assets/js/insertcodes-admin.js @@ -1,19 +1 @@ -(function ($) { - 'use strict'; - $(window).on('load', function () { - $.ready.then(function () { - var defaultSettings = wp.codeEditor.defaultSettings ? _.clone(wp.codeEditor.defaultSettings) : {}; - - // HTML Editor. - var htmlSettings = _.extend({}, defaultSettings, { - codemirror: _.extend({}, defaultSettings.codemirror, { - mode: 'htmlmixed' - }) - }); - - wp.codeEditor.initialize($('#insertcodes_header'), htmlSettings); - wp.codeEditor.initialize($('#insertcodes_body'), htmlSettings); - wp.codeEditor.initialize($('#insertcodes_footer'), htmlSettings); - }); - }); -})(jQuery); +!function(e){"use strict";e(window).on("load",(function(){e.ready.then((function(){var o=wp.codeEditor.defaultSettings?_.clone(wp.codeEditor.defaultSettings):{},i=_.extend({},o,{codemirror:_.extend({},o.codemirror,{mode:"htmlmixed"})});wp.codeEditor.initialize(e("#insertcodes_header"),i),wp.codeEditor.initialize(e("#insertcodes_body"),i),wp.codeEditor.initialize(e("#insertcodes_footer"),i)})),e.ready.then((function(){var o=wp.codeEditor.defaultSettings?_.clone(wp.codeEditor.defaultSettings):{},i=_.extend({},o,{codemirror:_.extend({},o.codemirror,{mode:"application/x-httpd-php"})}),t=wp.codeEditor.initialize(e("#insertcodes_php"),i),d=t.codemirror.getValue();0!==d.indexOf(" 'text/html' ) ); + // Conditionally enqueue the code editor and admin script. + if ( in_array( $hook, array( 'toplevel_page_insert-codes', 'insert-codes_page_insert-codes-snippets' ), true ) ) { + $settings = wp_enqueue_code_editor( array( 'type' => 'application/x-httpd-php' ) ); // Return if the editor was not enqueued. if ( false === $settings ) { @@ -113,6 +144,7 @@ public function enqueue_scripts( $hook ) { wp_enqueue_script( 'insertcodes-admin' ); } + // Enqueue the admin style for the defined screens. if ( in_array( $hook, $screens, true ) ) { wp_enqueue_style( 'insertcodes-admin' ); } diff --git a/includes/Admin/views/snippets.php b/includes/Admin/views/snippets.php new file mode 100644 index 0000000..da55d58 --- /dev/null +++ b/includes/Admin/views/snippets.php @@ -0,0 +1,73 @@ + +
+
+
+

+ +

+

+
+
+
+
+
+
+

+
+ +
+
+ +
+
+ +

+
+
+ +
+ + +
+ +
+
+
+
+
+
+
+

+
+
+
    +
  • +

    + + +

    +
    • +
  • +

    + + +

    +
    • +
+
+
+
+
+
+
+ Date: Thu, 5 Sep 2024 09:51:56 +0600 Subject: [PATCH 3/7] Fix php code input field and sanitization --- includes/Controllers/Actions.php | 23 +++++++ includes/functions.php | 106 +++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) diff --git a/includes/Controllers/Actions.php b/includes/Controllers/Actions.php index 165f30c..1bc8da1 100644 --- a/includes/Controllers/Actions.php +++ b/includes/Controllers/Actions.php @@ -17,6 +17,7 @@ class Actions { */ public function __construct() { add_action( 'admin_post_insertcodes_hbf_scripts', array( __CLASS__, 'handle_hbf_scripts' ) ); + add_action( 'admin_post_insertcodes_snippets', array( __CLASS__, 'handle_snippets' ) ); add_action( 'admin_post_insertcodes_settings', array( __CLASS__, 'handle_settings' ) ); } @@ -43,6 +44,28 @@ public static function handle_hbf_scripts() { exit(); } + /** + * Updating settings. + * + * @since 1.0.0 + * @return void + */ + public static function handle_snippets() { + check_admin_referer( 'insertcodes_snippets' ); + + $php_snippets = isset( $_POST['insertcodes_php'] ) ? sanitize_textarea_field( wp_unslash( $_POST['insertcodes_php'] ) ) : ''; + + // Decode html entity. + $php_snippets = html_entity_decode( $php_snippets, ENT_QUOTES, 'UTF-8' ); + + // Updating options. + update_option( 'insertcodes_php', $php_snippets ); + + insertcodes()->add_flash_notice( __( 'PHP code snippets saved successfully.', 'insert-codes' ) ); + wp_safe_redirect( wp_get_referer() ); + exit(); + } + /** * Updating settings. * diff --git a/includes/functions.php b/includes/functions.php index a7f95da..719e234 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -77,3 +77,109 @@ function insertcodes_get_allowed_html() { ), ); } + +/** + * Get php allowed html. + * + * @since 1.0.0 + * @return array + */ +function insertcodes_get_php_allowed_html() { + return array( + 'pre' => array(), + 'code' => array(), + 'br' => array(), + 'strong' => array(), + 'em' => array(), + 'p' => array(), + 'div' => array(), + 'span' => array(), + 'img' => array(), + 'ul' => array(), + 'ol' => array(), + 'li' => array(), + 'a' => array(), + 'iframe' => array(), + 'blockquote' => array(), + 'h1' => array(), + 'h2' => array(), + 'h3' => array(), + 'h4' => array(), + 'h5' => array(), + 'h6' => array(), + 'table' => array(), + 'thead' => array(), + 'tbody' => array(), + 'tfoot' => array(), + 'tr' => array(), + 'th' => array(), + 'td' => array(), + 'hr' => array(), + 'form' => array(), + 'input' => array(), + 'select' => array(), + 'option' => array(), + 'textarea' => array(), + 'label' => array(), + 'button' => array(), + 'script' => array(), + 'noscript' => array(), + 'meta' => array(), + 'link' => array(), + 'style' => array(), + 'abbr' => array(), + 'acronym' => array(), + 'address' => array(), + 'applet' => array(), + 'area' => array(), + 'article' => array(), + 'aside' => array(), + 'audio' => array(), + 'b' => array(), + 'base' => array(), + 'bdi' => array(), + 'bdo' => array(), + 'big' => array(), + 'body' => array(), + 'canvas' => array(), + 'caption' => array(), + 'center' => array(), + 'cite' => array(), + 'col' => array(), + 'colgroup' => array(), + 'datalist' => array(), + 'dd' => array(), + 'del' => array(), + 'details' => array(), + 'dfn' => array(), + 'dialog' => array(), + ); +} + +/** + * Sanitize the PHP code snippets. + * + * @since 1.0.0 + * @param string $php_code PHP code snippet. + */ +function insertcodes_sanitize_php_snippets( $php_code ) { + $allowed_tags = array( + 'br' => array(), + 'em' => array(), + 'strong' => array(), + 'p' => array(), + // Add more allowed HTML tags here. + ); + $allowed_php_tags = array( + 'php' => array(), + 'echo' => array(), + 'if' => array(), + 'else' => array(), + // Add more allowed PHP constructs if necessary. + ); + + // Combine allowed tags. + $sanitized_code = wp_kses( $php_code, array_merge( $allowed_tags, $allowed_php_tags ) ); + + return $sanitized_code; +} From e21122d436e46a17cd5cd271852fbf4e506de6d3 Mon Sep 17 00:00:00 2001 From: kawsarahmedr Date: Fri, 6 Sep 2024 23:58:41 +0600 Subject: [PATCH 4/7] Add php code snippets support --- includes/Admin/views/snippets.php | 31 +++ includes/Controllers/Actions.php | 46 ++++- includes/Controllers/ExecutableCodes.php | 75 +++++++ includes/Controllers/Execute.php | 245 +++++++++++++++++++++++ includes/Plugin.php | 3 + includes/functions.php | 106 ---------- languages/insert-codes.pot | 10 +- 7 files changed, 403 insertions(+), 113 deletions(-) create mode 100644 includes/Controllers/ExecutableCodes.php create mode 100644 includes/Controllers/Execute.php diff --git a/includes/Admin/views/snippets.php b/includes/Admin/views/snippets.php index da55d58..36d27ae 100644 --- a/includes/Admin/views/snippets.php +++ b/includes/Admin/views/snippets.php @@ -35,6 +35,37 @@ +
+

+
+ +
+
+ +
+
+ +

+
+
+ +
+
+ +
+
+ +

+
+
+
diff --git a/includes/Controllers/Actions.php b/includes/Controllers/Actions.php index 1bc8da1..42ab087 100644 --- a/includes/Controllers/Actions.php +++ b/includes/Controllers/Actions.php @@ -30,6 +30,11 @@ public function __construct() { public static function handle_hbf_scripts() { check_admin_referer( 'insertcodes_hbf_scripts' ); + // User capability check. You must have manage_options capability to perform this action. + if ( ! current_user_can( 'manage_options' ) ) { + insertcodes()->add_flash_notice( __( 'You do not have sufficient permissions to perform this action.', 'insert-codes' ) ); + } + $header_scripts = isset( $_POST['insertcodes_header'] ) ? wp_kses( wp_unslash( $_POST['insertcodes_header'] ), insertcodes_get_allowed_html() ) : ''; $body_scripts = isset( $_POST['insertcodes_body'] ) ? wp_kses( wp_unslash( $_POST['insertcodes_body'] ), insertcodes_get_allowed_html() ) : ''; $footer_scripts = isset( $_POST['insertcodes_footer'] ) ? wp_kses( wp_unslash( $_POST['insertcodes_footer'] ), insertcodes_get_allowed_html() ) : ''; @@ -45,7 +50,7 @@ public static function handle_hbf_scripts() { } /** - * Updating settings. + * Updating PHP code snippets. * * @since 1.0.0 * @return void @@ -53,13 +58,27 @@ public static function handle_hbf_scripts() { public static function handle_snippets() { check_admin_referer( 'insertcodes_snippets' ); - $php_snippets = isset( $_POST['insertcodes_php'] ) ? sanitize_textarea_field( wp_unslash( $_POST['insertcodes_php'] ) ) : ''; + // User capability check. You must have manage_options capability to perform this action. + if ( ! current_user_can( 'manage_options' ) ) { + insertcodes()->add_flash_notice( __( 'You do not have sufficient permissions to perform this action.', 'insert-codes' ) ); + } + + // Get the sanitized PHP code snippets. + $php_snippets = self::sanitize_snippet( $_POST ); + + // Get settings value. + $enable_snippets = isset( $_POST['insertcodes_enable_snippets'] ) ? sanitize_key( wp_unslash( $_POST['insertcodes_enable_snippets'] ) ) : ''; + $location = isset( $_POST['insertcodes_snippets_location'] ) ? sanitize_key( wp_unslash( $_POST['insertcodes_snippets_location'] ) ) : ''; - // Decode html entity. - $php_snippets = html_entity_decode( $php_snippets, ENT_QUOTES, 'UTF-8' ); + // If 'add_flash_notice( __( 'PHP code snippets saved successfully.', 'insert-codes' ) ); wp_safe_redirect( wp_get_referer() ); @@ -75,6 +94,11 @@ public static function handle_snippets() { public static function handle_settings() { check_admin_referer( 'insertcodes_settings' ); + // User capability check. You must have manage_options capability to perform this action. + if ( ! current_user_can( 'manage_options' ) ) { + insertcodes()->add_flash_notice( __( 'You do not have sufficient permissions to perform this action.', 'insert-codes' ) ); + } + $headers_priority = isset( $_POST['insertcodes_header_priority'] ) ? intval( wp_unslash( $_POST['insertcodes_header_priority'] ) ) : intval( '10' ); $body_priority = isset( $_POST['insertcodes_body_priority'] ) ? intval( wp_unslash( $_POST['insertcodes_body_priority'] ) ) : intval( '10' ); $footers_priority = isset( $_POST['insertcodes_footer_priority'] ) ? intval( wp_unslash( $_POST['insertcodes_footer_priority'] ) ) : intval( '10' ); @@ -90,4 +114,18 @@ public static function handle_settings() { wp_safe_redirect( wp_get_referer() ); exit(); } + + /** + * Sanitize PHP codes. + * + * @param array $data POST data. + * + * @since 1.0.0 + * @return string $codes Sanitized PHP codes. + */ + public static function sanitize_snippet( $data ) { + $codes = isset( $data['insertcodes_php'] ) ? wp_unslash( $data['insertcodes_php'] ) : ''; + + return $codes; + } } diff --git a/includes/Controllers/ExecutableCodes.php b/includes/Controllers/ExecutableCodes.php new file mode 100644 index 0000000..de1b758 --- /dev/null +++ b/includes/Controllers/ExecutableCodes.php @@ -0,0 +1,75 @@ + 'php', + 'location' => get_option( 'insertcodes_snippets_location', 'everywhere' ), + 'priority' => 'default', + 'hook' => 'init', + ); + + // Get the executable code snippets. + $code_snippets = get_option( 'insertcodes_php', '' ); + + // Check if the code snippets is empty. + if ( empty( $code_snippets ) ) { + return; + } + + // phpcs:disable + // TODO: We should Implode all the code and execute it when we supported multiple Code Snippets. + // Example: $code_snippets = implode( PHP_EOL, $code_snippets );. + // Loop through the code snippets. + /* + foreach ( $code_snippets as $code_snippet ) { + // Execute the code snippet. + $this->execute( + $code_snippet['code'], + $code_snippet['type'], + $code_snippet['location'], + $code_snippet['priority'], + $code_snippet['hook'], + $code_snippet['args'] + ); + } + */ + // phpcs:enable + + // Execute the code snippets. + new Execute( $code_snippets, $args ); + } +} diff --git a/includes/Controllers/Execute.php b/includes/Controllers/Execute.php new file mode 100644 index 0000000..35e6533 --- /dev/null +++ b/includes/Controllers/Execute.php @@ -0,0 +1,245 @@ +error = null; + $this->execute( $code, $args ); + } + + /** + * Validate the php code snippet. + * + * @param string $code The code snippet. + * + * @since 1.0.0 + * @return bool + */ + public function validate_code( $code ) { + $tokens = @token_get_all( 'error = 'Unexpected closing brace'; + return false; + } + } + } else { + list( $id, $text ) = $token; + if ( T_INLINE_HTML === $id ) { + $this->error = 'Unexpected inline HTML'; + return false; + } elseif ( T_CONSTANT_ENCAPSED_STRING === $id || T_ENCAPSED_AND_WHITESPACE === $id ) { + $in_string = ! $in_string; + } elseif ( T_COMMENT === $id || T_DOC_COMMENT === $id ) { + // Ignore comments. + continue; + } + + if ( T_STRING === $id && ( 'die(' === $text || 'wp_die' === $text ) ) { + $this->error = 'Usage of die() or wp_die() is not allowed'; + return false; + } + // phpcs:disable + // TODO: We should add more checks to validate the code snippet like: + // elseif ( T_VARIABLE === $id && ! $in_string && ! defined( $text ) ) { + // $this->error = 'Invalid variable usage'; + // return false; + // } + // phpcs:enable + } + } + + if ( 0 !== $braces ) { + $this->error = 'Unmatched braces'; + return false; + } + + return true; + } + + /** + * Execute the code snippet. + * + * @param string $code The code snippet. + * @param array $args The arguments to pass to the code snippet. + * + * @since 1.0.0 + * @return void|string + */ + public function execute( $code, $args = array() ) { + // Check if the code is empty. + if ( empty( $code ) ) { + return; + } + + // Default arguments. + $defaults = array( + 'type' => 'php', + 'location' => 'everywhere', + 'priority' => 'default', + 'hook' => 'init', + ); + // Parse the arguments. + $args = wp_parse_args( $args, $defaults ); + + // Check if the code type is set. + if ( ! isset( $args['type'] ) ) { + return; + } + + // Check if the location is set. + if ( ! isset( $args['location'] ) ) { + return; + } + + // Check if the priority is set. + if ( ! isset( $args['priority'] ) ) { + return; + } + + // Check if the hook is set. + if ( ! isset( $args['hook'] ) ) { + return; + } + + // Check if the hook is valid. + if ( ! has_action( $args['hook'] ) ) { + return; + } + + // Check if the code type is valid. + if ( ! in_array( $args['type'], array( 'php', 'html', 'css', 'js' ), true ) ) { + return; + } + + // Check if the location is valid. + if ( ! in_array( $args['location'], array( 'everywhere', 'frontend_only', 'admin_only' ), true ) ) { + return; + } + + // Check if the priority is valid. + if ( ! in_array( $args['priority'], array( 'high', 'default', 'low' ), true ) ) { + return; + } + + // Check if the code snippet is valid. + if ( ! $this->validate_code( $code ) ) { + $this->maybe_disable_snippet( $this->error ); + return; + } + + // Don't allow executing suspicious code. + if ( self::is_code_not_allowed( $code ) ) { + $this->maybe_disable_snippet( __( 'Suspicious code detected. Maybe the code snippet contains a disallowed function: wp_die, die, exit, eval.', 'insert-codes' ) ); + return; + } + + // Check the location value and return if not match. + if ( 'frontend_only' === $args['location'] && is_admin() ) { + return; + } + + if ( 'admin_only' === $args['location'] && ! is_admin() ) { + return; + } + + $error = false; + + // Execute the code snippet based on the code type. + switch ( $args['type'] ) { + case 'php': + // Execute the PHP code snippet. + try { + eval( $code ); // phpcs:ignore Squiz.PHP.Eval.Discouraged + } catch ( \Error $e ) { + $error = array( + 'message' => $e->getMessage(), + 'line' => $e->getLine(), + ); + } + if ( $error ) { + $this->maybe_disable_snippet( $error['message'], $error['line'] ); + } + break; + } + } + + /** + * Add a method to detect suspicious code. + * + * @param string $code The code to check. + * + * @return bool + */ + public static function is_code_not_allowed( $code ) { + if ( preg_match_all( '/(base64_decode|error_reporting|ini_set|eval)\s*\(/i', $code, $matches ) ) { + if ( count( $matches[0] ) > 5 ) { + return true; + } + } + + if ( preg_match( '/dns_get_record/i', $code ) ) { + return true; + } + + // if 'wp_die', 'die', 'exit' or 'eval' is present in the code, then remove it. + if ( preg_match( '/(@?\\\\?(die|wp_die|exit)\s*\(?)/i', $code ) ) { + return true; + } + + return false; + } + + /** + * Maybe disable the snippet. + * + * @param string $error The error message. + * @param string $line The line number. + * + * @since 1.0.0 + * @return void + */ + public function maybe_disable_snippet( $error, $line = null ) { + update_option( 'insertcodes_enable_snippets', 'no' ); + + // Add a flash notice. + if ( $line ) { + $error = sprintf( '%s on line %d', $error, ( absint( $line ) - 1 ) ); + } + + insertcodes()->add_flash_notice( sprintf( '%s And the PHP code snippets has been disabled.', $error ), 'error' ); + } +} diff --git a/includes/Plugin.php b/includes/Plugin.php index 58bf0dc..a53a319 100644 --- a/includes/Plugin.php +++ b/includes/Plugin.php @@ -187,6 +187,9 @@ public function display_flash_notices() { * @return void */ public function init() { + // Load common classes. + new Controllers\ExecutableCodes(); + // Load admin classes. if ( is_admin() ) { new Admin\Admin(); diff --git a/includes/functions.php b/includes/functions.php index 719e234..a7f95da 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -77,109 +77,3 @@ function insertcodes_get_allowed_html() { ), ); } - -/** - * Get php allowed html. - * - * @since 1.0.0 - * @return array - */ -function insertcodes_get_php_allowed_html() { - return array( - 'pre' => array(), - 'code' => array(), - 'br' => array(), - 'strong' => array(), - 'em' => array(), - 'p' => array(), - 'div' => array(), - 'span' => array(), - 'img' => array(), - 'ul' => array(), - 'ol' => array(), - 'li' => array(), - 'a' => array(), - 'iframe' => array(), - 'blockquote' => array(), - 'h1' => array(), - 'h2' => array(), - 'h3' => array(), - 'h4' => array(), - 'h5' => array(), - 'h6' => array(), - 'table' => array(), - 'thead' => array(), - 'tbody' => array(), - 'tfoot' => array(), - 'tr' => array(), - 'th' => array(), - 'td' => array(), - 'hr' => array(), - 'form' => array(), - 'input' => array(), - 'select' => array(), - 'option' => array(), - 'textarea' => array(), - 'label' => array(), - 'button' => array(), - 'script' => array(), - 'noscript' => array(), - 'meta' => array(), - 'link' => array(), - 'style' => array(), - 'abbr' => array(), - 'acronym' => array(), - 'address' => array(), - 'applet' => array(), - 'area' => array(), - 'article' => array(), - 'aside' => array(), - 'audio' => array(), - 'b' => array(), - 'base' => array(), - 'bdi' => array(), - 'bdo' => array(), - 'big' => array(), - 'body' => array(), - 'canvas' => array(), - 'caption' => array(), - 'center' => array(), - 'cite' => array(), - 'col' => array(), - 'colgroup' => array(), - 'datalist' => array(), - 'dd' => array(), - 'del' => array(), - 'details' => array(), - 'dfn' => array(), - 'dialog' => array(), - ); -} - -/** - * Sanitize the PHP code snippets. - * - * @since 1.0.0 - * @param string $php_code PHP code snippet. - */ -function insertcodes_sanitize_php_snippets( $php_code ) { - $allowed_tags = array( - 'br' => array(), - 'em' => array(), - 'strong' => array(), - 'p' => array(), - // Add more allowed HTML tags here. - ); - $allowed_php_tags = array( - 'php' => array(), - 'echo' => array(), - 'if' => array(), - 'else' => array(), - // Add more allowed PHP constructs if necessary. - ); - - // Combine allowed tags. - $sanitized_code = wp_kses( $php_code, array_merge( $allowed_tags, $allowed_php_tags ) ); - - return $sanitized_code; -} diff --git a/languages/insert-codes.pot b/languages/insert-codes.pot index e872730..5357652 100644 --- a/languages/insert-codes.pot +++ b/languages/insert-codes.pot @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Insert Codes - Headers And Footers Code Snippet 1.2.0\n" "Report-Msgid-Bugs-To: https://urldev.com/support\n" -"POT-Creation-Date: 2024-08-31 12:12:56+00:00\n" +"POT-Creation-Date: 2024-09-05 15:14:59+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -181,11 +181,15 @@ msgstr "" msgid "These scripts will be executed in the PHP context." msgstr "" -#: includes/Controllers/Actions.php:41 +#: includes/Controllers/Actions.php:42 msgid "Codes saved successfully." msgstr "" -#: includes/Controllers/Actions.php:66 +#: includes/Controllers/Actions.php:64 +msgid "PHP code snippets saved successfully." +msgstr "" + +#: includes/Controllers/Actions.php:89 msgid "Settings saved successfully." msgstr "" From a4bdadadfa662b8816e7388f9f75360da2247ea5 Mon Sep 17 00:00:00 2001 From: kawsarahmedr Date: Sat, 7 Sep 2024 00:04:15 +0600 Subject: [PATCH 5/7] Add php code snippets support --- includes/Admin/views/snippets.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/includes/Admin/views/snippets.php b/includes/Admin/views/snippets.php index 36d27ae..d31a36b 100644 --- a/includes/Admin/views/snippets.php +++ b/includes/Admin/views/snippets.php @@ -24,7 +24,6 @@

-
@@ -34,11 +33,9 @@

-

-
@@ -51,7 +48,6 @@

-
@@ -65,7 +61,6 @@

-
From 663583014f1b4f7ad4aa94bd1b4c46e752c57970 Mon Sep 17 00:00:00 2001 From: kawsarahmedr Date: Sat, 7 Sep 2024 00:13:08 +0600 Subject: [PATCH 6/7] Update since tag --- includes/Admin/Admin.php | 4 ++-- includes/Controllers/Actions.php | 4 ++-- includes/Controllers/ExecutableCodes.php | 7 ++----- includes/Controllers/Execute.php | 13 ++++++++----- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/includes/Admin/Admin.php b/includes/Admin/Admin.php index 49b26e3..8c8949e 100644 --- a/includes/Admin/Admin.php +++ b/includes/Admin/Admin.php @@ -53,7 +53,7 @@ public function add_menu() { /** * Add code snippets submenu. * - * @since 1.0.0 + * @since 1.2.0 * @return void */ public function code_snippets_menu() { @@ -70,7 +70,7 @@ public function code_snippets_menu() { /** * Render code snippets page. * - * @since 1.0.0 + * @since 1.2.0 * @return void */ public function code_snippets_page() { diff --git a/includes/Controllers/Actions.php b/includes/Controllers/Actions.php index 42ab087..3982267 100644 --- a/includes/Controllers/Actions.php +++ b/includes/Controllers/Actions.php @@ -52,7 +52,7 @@ public static function handle_hbf_scripts() { /** * Updating PHP code snippets. * - * @since 1.0.0 + * @since 1.2.0 * @return void */ public static function handle_snippets() { @@ -120,7 +120,7 @@ public static function handle_settings() { * * @param array $data POST data. * - * @since 1.0.0 + * @since 1.2.0 * @return string $codes Sanitized PHP codes. */ public static function sanitize_snippet( $data ) { diff --git a/includes/Controllers/ExecutableCodes.php b/includes/Controllers/ExecutableCodes.php index de1b758..37031cb 100644 --- a/includes/Controllers/ExecutableCodes.php +++ b/includes/Controllers/ExecutableCodes.php @@ -8,14 +8,12 @@ * Class ExecutableCodes. * Handles the executable codes. * - * @since 1.0.0 + * @since 1.2.0 * @package InsertCodes\Controllers */ class ExecutableCodes { /** * Constructor. - * - * @since 1.0.0 */ public function __construct() { add_action( 'init', array( $this, 'execute_init' ) ); @@ -24,8 +22,7 @@ public function __construct() { /** * Execute the code snippet. * - * @since 1.0.0 - * + * @since 1.2.0 * @return void */ public function execute_init() { diff --git a/includes/Controllers/Execute.php b/includes/Controllers/Execute.php index 35e6533..44d638a 100644 --- a/includes/Controllers/Execute.php +++ b/includes/Controllers/Execute.php @@ -8,7 +8,7 @@ * Class Execute. * Execute the code snippets when needed. * - * @since 1.0.0 + * @since 1.2.0 * @package InsertCodes\Controllers */ class Execute { @@ -16,6 +16,8 @@ class Execute { * The error message. * * @var string $error The error message. + * + * @since 1.2.0 */ private $error; @@ -25,7 +27,7 @@ class Execute { * @param string $code The code snippet. * @param array $args The arguments to pass to the code snippet. * - * @since 1.0.0 + * @since 1.2.0 */ public function __construct( $code, $args = array() ) { $this->error = null; @@ -37,7 +39,7 @@ public function __construct( $code, $args = array() ) { * * @param string $code The code snippet. * - * @since 1.0.0 + * @since 1.2.0 * @return bool */ public function validate_code( $code ) { @@ -96,7 +98,7 @@ public function validate_code( $code ) { * @param string $code The code snippet. * @param array $args The arguments to pass to the code snippet. * - * @since 1.0.0 + * @since 1.2.0 * @return void|string */ public function execute( $code, $args = array() ) { @@ -202,6 +204,7 @@ public function execute( $code, $args = array() ) { * * @param string $code The code to check. * + * @since 1.2.0 * @return bool */ public static function is_code_not_allowed( $code ) { @@ -229,7 +232,7 @@ public static function is_code_not_allowed( $code ) { * @param string $error The error message. * @param string $line The line number. * - * @since 1.0.0 + * @since 1.2.0 * @return void */ public function maybe_disable_snippet( $error, $line = null ) { From e9746d74a1e99a0d45dd10ea6cee170e2a51a484 Mon Sep 17 00:00:00 2001 From: kawsarahmedr Date: Sat, 7 Sep 2024 00:17:11 +0600 Subject: [PATCH 7/7] Update pot file --- languages/insert-codes.pot | 69 ++++++++++++++++++++++++++++++++------ 1 file changed, 58 insertions(+), 11 deletions(-) diff --git a/languages/insert-codes.pot b/languages/insert-codes.pot index 5357652..d29c75e 100644 --- a/languages/insert-codes.pot +++ b/languages/insert-codes.pot @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Insert Codes - Headers And Footers Code Snippet 1.2.0\n" "Report-Msgid-Bugs-To: https://urldev.com/support\n" -"POT-Creation-Date: 2024-09-05 15:14:59+00:00\n" +"POT-Creation-Date: 2024-09-06 18:15:43+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -80,27 +80,27 @@ msgid "Insert Scripts in Footer:" msgstr "" #: includes/Admin/views/codes.php:70 includes/Admin/views/settings.php:89 -#: includes/Admin/views/snippets.php:50 +#: includes/Admin/views/snippets.php:76 msgid "Support & Rating" msgstr "" #: includes/Admin/views/codes.php:76 includes/Admin/views/settings.php:95 -#: includes/Admin/views/snippets.php:56 +#: includes/Admin/views/snippets.php:82 msgid "If you need help, please visit the support forum." msgstr "" #: includes/Admin/views/codes.php:77 includes/Admin/views/settings.php:96 -#: includes/Admin/views/snippets.php:57 +#: includes/Admin/views/snippets.php:83 msgid "Get Support" msgstr "" #: includes/Admin/views/codes.php:82 includes/Admin/views/settings.php:101 -#: includes/Admin/views/snippets.php:62 +#: includes/Admin/views/snippets.php:88 msgid "If you like the plugin, please rate it on WordPress.org." msgstr "" #: includes/Admin/views/codes.php:83 includes/Admin/views/settings.php:102 -#: includes/Admin/views/snippets.php:63 +#: includes/Admin/views/snippets.php:89 msgid "Give a Rating" msgstr "" @@ -173,26 +173,73 @@ msgstr "" msgid "PHP Code Snippets" msgstr "" -#: includes/Admin/views/snippets.php:30 +#: includes/Admin/views/snippets.php:29 msgid "PHP Code Snippets:" msgstr "" -#: includes/Admin/views/snippets.php:34 +#: includes/Admin/views/snippets.php:33 msgid "These scripts will be executed in the PHP context." msgstr "" -#: includes/Controllers/Actions.php:42 +#: includes/Admin/views/snippets.php:37 +msgid "Snippets Settings" +msgstr "" + +#: includes/Admin/views/snippets.php:41 +msgid "Enable Snippets:" +msgstr "" + +#: includes/Admin/views/snippets.php:46 +msgid "Enable php code snippet" +msgstr "" + +#: includes/Admin/views/snippets.php:48 +msgid "Enabling this will execute the PHP code snippets." +msgstr "" + +#: includes/Admin/views/snippets.php:53 +msgid "Location:" +msgstr "" + +#: includes/Admin/views/snippets.php:57 +msgid "Everywhere" +msgstr "" + +#: includes/Admin/views/snippets.php:58 +msgid "Admin only" +msgstr "" + +#: includes/Admin/views/snippets.php:59 +msgid "Frontend only" +msgstr "" + +#: includes/Admin/views/snippets.php:61 +msgid "Select where the code snippet should execute." +msgstr "" + +#: includes/Controllers/Actions.php:35 includes/Controllers/Actions.php:63 +#: includes/Controllers/Actions.php:99 +msgid "You do not have sufficient permissions to perform this action." +msgstr "" + +#: includes/Controllers/Actions.php:47 msgid "Codes saved successfully." msgstr "" -#: includes/Controllers/Actions.php:64 +#: includes/Controllers/Actions.php:83 msgid "PHP code snippets saved successfully." msgstr "" -#: includes/Controllers/Actions.php:89 +#: includes/Controllers/Actions.php:113 msgid "Settings saved successfully." msgstr "" +#: includes/Controllers/Execute.php:168 +msgid "" +"Suspicious code detected. Maybe the code snippet contains a disallowed " +"function: wp_die, die, exit, eval." +msgstr "" + #. Plugin Name of the plugin/theme msgid "Insert Codes - Headers And Footers Code Snippet" msgstr ""