937 lines
34 KiB
PHP
937 lines
34 KiB
PHP
<?php
|
|
/**
|
|
* Admin settings handler.
|
|
*
|
|
* Manages rendering of the options page, sanitization of inputs,
|
|
* and saving general plugin configurations.
|
|
*
|
|
* @package Head_Footer_Code
|
|
* @since 1.0.0
|
|
*/
|
|
|
|
namespace Techwebux\Hfc;
|
|
|
|
// If this file is called directly, abort.
|
|
if ( ! defined( 'ABSPATH' ) ) {
|
|
exit;
|
|
}
|
|
|
|
class Settings {
|
|
/** @var array Settings retrieved from the main controller. */
|
|
private $settings;
|
|
|
|
/** @var Plugin_Info Plugin metadata object. */
|
|
protected $plugin;
|
|
|
|
/** @var array Allowed HTML tags for sanitization. */
|
|
public $allowed_html;
|
|
public $form_allowed_html;
|
|
public $security_risk_notice;
|
|
|
|
/**
|
|
* Initializes the class and registers admin hooks.
|
|
*
|
|
* @param Plugin_Info $plugin Instance of the plugin info object.
|
|
* @param array $settings Plugin settings array.
|
|
*/
|
|
public function __construct( Plugin_Info $plugin, $settings ) {
|
|
$this->plugin = $plugin;
|
|
$this->settings = $settings;
|
|
|
|
// Add Settings page link to plugin actions cell.
|
|
add_filter( 'plugin_action_links_' . $this->plugin->basename, array( $this, 'plugin_settings_link' ) );
|
|
|
|
// Update links in plugin row on Plugins page.
|
|
add_filter( 'plugin_row_meta', array( $this, 'add_plugin_meta_links' ), 10, 2 );
|
|
|
|
// Create menu item for settings page.
|
|
add_action( 'admin_menu', array( $this, 'add_admin_menu' ) );
|
|
|
|
// add_action( 'admin_init', array( $this, 'settings_init' ) );
|
|
add_action( 'admin_init', array( $this, 'settings_register' ) );
|
|
|
|
// Plugins settings page only hooks.
|
|
$current_page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
|
|
|
|
if ( ! empty( $current_page ) && $current_page === $this->plugin->slug ) {
|
|
|
|
$this->allowed_html = Common::allowed_html();
|
|
$this->form_allowed_html = Common::form_allowed_html();
|
|
|
|
// Initiate settings section and fields.
|
|
|
|
add_action( 'admin_init', array( $this, 'settings_prepare' ) );
|
|
|
|
// Add Review CTA to the footer thankyou
|
|
add_filter( 'admin_footer_text', array( $this, 'custom_footer_thankyou' ) );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Add submenu for Head & Footer code to Tools.
|
|
*/
|
|
public function add_admin_menu() {
|
|
add_submenu_page(
|
|
'tools.php', // Parent Slug.
|
|
$this->plugin->name, // Page Title.
|
|
$this->plugin->name, // Menu Title.
|
|
'manage_options', // Capability.
|
|
$this->plugin->slug, // Menu Slug.
|
|
array( $this, 'options_page' ) // Callback.
|
|
// Position.
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Register a setting and its sanitization callback.
|
|
*
|
|
* This is part of the Settings API, which lets you automatically generate
|
|
* wp-admin settings pages by registering your settings and using a few
|
|
* callbacks to control the output.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function settings_register() {
|
|
$homepage_blog_posts = 'posts' === get_option( 'show_on_front', false ) ? true : false;
|
|
|
|
// Site-wide.
|
|
register_setting(
|
|
'head_footer_code_settings', // Option group.
|
|
'auhfc_settings_sitewide', // Option name.
|
|
array(
|
|
'sanitize_callback' => array( $this, 'sanitize_sitewide' ),
|
|
)
|
|
);
|
|
|
|
// Blog gomepage.
|
|
if ( $homepage_blog_posts ) {
|
|
register_setting(
|
|
'head_footer_code_settings', // Option group.
|
|
'auhfc_settings_homepage', // Option name.
|
|
array(
|
|
'sanitize_callback' => array( $this, 'sanitize_homepage' ),
|
|
)
|
|
);
|
|
}
|
|
|
|
// Articles
|
|
register_setting(
|
|
'head_footer_code_settings', // Option group.
|
|
'auhfc_settings_article', // Option name.
|
|
array(
|
|
'sanitize_callback' => array( $this, 'sanitize_article' ),
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Register a setting and its sanitization callback
|
|
* define section and settings fields
|
|
*/
|
|
public function settings_prepare() {
|
|
/**
|
|
* Get settings from options table
|
|
*/
|
|
$homepage_blog_posts = 'posts' === get_option( 'show_on_front', false ) ? true : false;
|
|
$head_note = $this->head_note();
|
|
$this->security_risk_notice = Common::get_security_risk_notice();
|
|
|
|
/**
|
|
* Settings Sections are the groups of settings you see on WordPress settings pages
|
|
* with a shared heading. In your plugin you can add new sections to existing
|
|
* settings pages rather than creating a whole new page. This makes your plugin
|
|
* simpler to maintain and creates less new pages for users to learn.
|
|
* You just tell them to change your setting on the relevant existing page.
|
|
*/
|
|
add_settings_section(
|
|
'head_footer_code_settings_sitewide', // Id.
|
|
__( 'Site-wide head, body and footer code', 'head-footer-code' ), // Title.
|
|
array( $this, 'sitewide_settings_section_description' ), // Callback.
|
|
$this->plugin->slug // Page.
|
|
);
|
|
|
|
/**
|
|
* Register a settings field to a settings page and section.
|
|
* This is part of the Settings API, which lets you automatically generate
|
|
* wp-admin settings pages by registering your settings and using a few
|
|
* callbacks to control the output.
|
|
*/
|
|
$this->add_field(
|
|
'head', // Id.
|
|
esc_html__( 'HEAD Code', 'head-footer-code' ), // Title.
|
|
'textarea_field_render', // Callback method name.
|
|
'sitewide', // Section.
|
|
array( // Arguments.
|
|
'description' => $head_note . '<p>' . sprintf(
|
|
/* translators: %s will be replaced with preformatted HTML tag </head> */
|
|
esc_html__( 'Code to enqueue in HEAD section (before the %s).', 'head-footer-code' ),
|
|
Common::format_as_code( '</head>' )
|
|
) . '</p>',
|
|
'field_class' => 'widefat code codeEditor',
|
|
'rows' => 7,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'priority_h',
|
|
esc_html__( 'HEAD Priority', 'head-footer-code' ),
|
|
'number_field_render',
|
|
'sitewide',
|
|
array(
|
|
'description' => sprintf(
|
|
/* translators: 1: default HEAD priority, 2: preformatted HTML tag </head> */
|
|
esc_html__( 'Priority for enqueued HEAD code. Default is %1$d. Larger number inject code closer to %2$s.', 'head-footer-code' ),
|
|
10,
|
|
Common::format_as_code( '</head>' )
|
|
),
|
|
'class' => 'num',
|
|
'min' => 1,
|
|
'max' => 1000,
|
|
'step' => 1,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'do_shortcode_h',
|
|
esc_html__( 'Process HEAD Shortcodes', 'head-footer-code' ),
|
|
'select_field_render',
|
|
'sitewide',
|
|
array(
|
|
'items' => array(
|
|
'y' => __( 'Enable', 'head-footer-code' ),
|
|
'n' => __( 'Disable', 'head-footer-code' ),
|
|
),
|
|
'description' => esc_html__( 'If you wish to process shortcodes in the HEAD section, enable this option. Please note, shortcodes with malformed output in the HEAD section can break the rendering of your website!', 'head-footer-code' ),
|
|
'class' => 'regular-text',
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'body',
|
|
esc_html__( 'BODY Code', 'head-footer-code' ),
|
|
'textarea_field_render',
|
|
'sitewide',
|
|
array(
|
|
'description' => '<p>' . sprintf(
|
|
/* translators: %s will be replaced with preformatted HTML tag <body> */
|
|
esc_html__( 'Code to enqueue in BODY section (after the %s).', 'head-footer-code' ),
|
|
Common::format_as_code( '<body>' )
|
|
) . '</p>',
|
|
'field_class' => 'widefat code codeEditor',
|
|
'rows' => 7,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'priority_b',
|
|
esc_html__( 'BODY Priority', 'head-footer-code' ),
|
|
'number_field_render',
|
|
'sitewide',
|
|
array(
|
|
'description' => sprintf(
|
|
/* translators: 1: default BODY priority, 2: preformatted HTML tag <body> */
|
|
esc_html__(
|
|
'Priority for enqueued BODY code. Default is %1$d. Smaller number inject code closer to %2$s.',
|
|
'head-footer-code'
|
|
),
|
|
10,
|
|
Common::format_as_code( '<body>' )
|
|
),
|
|
'class' => 'num',
|
|
'min' => 1,
|
|
'max' => 1000,
|
|
'step' => 1,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'do_shortcode_b',
|
|
esc_html__( 'Process BODY Shortcodes', 'head-footer-code' ),
|
|
'select_field_render',
|
|
'sitewide',
|
|
array(
|
|
'items' => array(
|
|
'y' => __( 'Enable', 'head-footer-code' ),
|
|
'n' => __( 'Disable', 'head-footer-code' ),
|
|
),
|
|
'description' => esc_html__( 'If you wish to process shortcodes in the BODY section, enable this option.', 'head-footer-code' ),
|
|
'class' => 'regular-text',
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'footer',
|
|
esc_html__( 'FOOTER Code', 'head-footer-code' ),
|
|
'textarea_field_render',
|
|
'sitewide',
|
|
array(
|
|
'description' => '<p>' . sprintf(
|
|
/* translators: %s will be replaced with preformatted HTML tag </body> */
|
|
esc_html__( 'Code to enqueue in footer section (before the %s).', 'head-footer-code' ),
|
|
Common::format_as_code( '</body>' )
|
|
) . '</p>',
|
|
'field_class' => 'widefat code codeEditor',
|
|
'rows' => 7,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'priority_f',
|
|
esc_html__( 'FOOTER Priority', 'head-footer-code' ),
|
|
'number_field_render',
|
|
'sitewide',
|
|
array(
|
|
'description' => sprintf(
|
|
/* translators: 1: default FOOTER priority, 2: preformatted HTML tag </body> */
|
|
esc_html__( 'Priority for enqueued FOOTER code. Default is %1$d. Larger number inject code closer to %2$s.', 'head-footer-code' ),
|
|
10,
|
|
Common::format_as_code( '</body>' )
|
|
),
|
|
'class' => 'num',
|
|
'min' => 1,
|
|
'max' => 1000,
|
|
'step' => 1,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'do_shortcode_f',
|
|
esc_html__( 'Process FOOTER Shortcodes', 'head-footer-code' ),
|
|
'select_field_render',
|
|
'sitewide',
|
|
array(
|
|
'items' => array(
|
|
'y' => __( 'Enable', 'head-footer-code' ),
|
|
'n' => __( 'Disable', 'head-footer-code' ),
|
|
),
|
|
'description' => esc_html__( 'If you wish to process shortcodes in the FOOTER section, enable this option.', 'head-footer-code' ),
|
|
'class' => 'regular-text',
|
|
)
|
|
);
|
|
|
|
/**
|
|
* Add section for Homepage if show_on_front is set to Blog Posts
|
|
*/
|
|
if ( $homepage_blog_posts ) {
|
|
/**
|
|
* Settings Sections are the groups of settings you see on WordPress settings pages
|
|
* with a shared heading. In your plugin you can add new sections to existing
|
|
* settings pages rather than creating a whole new page. This makes your plugin
|
|
* simpler to maintain and creates less new pages for users to learn.
|
|
* You just tell them to change your setting on the relevant existing page.
|
|
*/
|
|
add_settings_section(
|
|
'head_footer_code_settings_homepage', // Id.
|
|
esc_html__( 'Head, body and footer code on Homepage in Blog Posts mode', 'head-footer-code' ), // Title.
|
|
array( $this, 'homepage_settings_section_description' ), // Callback.
|
|
$this->plugin->slug // Page.
|
|
);
|
|
|
|
/**
|
|
* Register a settings field to a settings page and section.
|
|
* This is part of the Settings API, which lets you automatically generate
|
|
* wp-admin settings pages by registering your settings and using a few
|
|
* callbacks to control the output.
|
|
*/
|
|
$this->add_field(
|
|
'head', // Id.
|
|
esc_html__( 'Homepage HEAD Code', 'head-footer-code' ), // Title.
|
|
'textarea_field_render', // Callback name.
|
|
'homepage', // Section.
|
|
array( // Arguments.
|
|
'label' => __( 'Homepage HEAD Code', 'head-footer-code' ),
|
|
'description' => $head_note . '<p>' . sprintf(
|
|
/* translators: %s will be replaced with preformatted HTML tag </head> */
|
|
esc_html__( 'Code to enqueue in HEAD section (before the %s) on Homepage.', 'head-footer-code' ),
|
|
Common::format_as_code( '</head>' )
|
|
) . '</p>',
|
|
'field_class' => 'widefat code codeEditor',
|
|
'rows' => 5,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'body',
|
|
esc_html__( 'Homepage BODY Code', 'head-footer-code' ),
|
|
'textarea_field_render',
|
|
'homepage',
|
|
array(
|
|
'label' => __( 'Homepage BODY Code', 'head-footer-code' ),
|
|
'description' => '<p>' . sprintf(
|
|
/* translators: %s: preformatted HTML tag <body> */
|
|
esc_html__( 'Code to enqueue in BODY section (after the %s) on Homepage.', 'head-footer-code' ),
|
|
Common::format_as_code( '<body>' )
|
|
) . '</p>',
|
|
'field_class' => 'widefat code codeEditor',
|
|
'rows' => 5,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'footer',
|
|
esc_html__( 'Homepage FOOTER Code', 'head-footer-code' ),
|
|
'textarea_field_render',
|
|
'homepage',
|
|
array(
|
|
'label' => __( 'Homepage FOOTER Code', 'head-footer-code' ),
|
|
'description' => '<p>' . sprintf(
|
|
/* translators: %s will be replaced with preformatted HTML tag </body> */
|
|
esc_html__( 'Code to enqueue in footer section (before the %s) on Homepage.', 'head-footer-code' ),
|
|
Common::format_as_code( '</body>' )
|
|
) . '</p>',
|
|
'field_class' => 'widefat code codeEditor',
|
|
'rows' => 5,
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'behavior',
|
|
esc_html__( 'Behavior', 'head-footer-code' ),
|
|
'select_field_render',
|
|
'homepage',
|
|
array(
|
|
'items' => array(
|
|
'append' => __( 'Append to the site-wide code', 'head-footer-code' ),
|
|
'replace' => __( 'Replace the site-wide code', 'head-footer-code' ),
|
|
),
|
|
'description' => esc_html__( 'Chose how the Homepage specific code will be enqueued in relation to site-wide code.', 'head-footer-code' ),
|
|
'class' => 'regular-text',
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'paged',
|
|
esc_html__( 'On paged homepage', 'head-footer-code' ),
|
|
'select_field_render',
|
|
'homepage',
|
|
array(
|
|
'items' => array(
|
|
'yes' => __( 'Add on paged homepage', 'head-footer-code' ),
|
|
'no' => __( 'Do not add on paged homepage', 'head-footer-code' ),
|
|
),
|
|
'description' => esc_html__( 'Chose if the Homepage specific code will be enqueued on paged pages 2, 3, and so on.', 'head-footer-code' ),
|
|
'class' => 'regular-text',
|
|
)
|
|
);
|
|
} // END condition: $homepage_blog_posts
|
|
|
|
/**
|
|
* Settings Sections are the groups of settings you see on WordPress settings pages
|
|
* with a shared heading. In your plugin you can add new sections to existing
|
|
* settings pages rather than creating a whole new page. This makes your plugin
|
|
* simpler to maintain and creates less new pages for users to learn.
|
|
* You just tell them to change your setting on the relevant existing page.
|
|
*/
|
|
add_settings_section(
|
|
'head_footer_code_settings_article', // Id.
|
|
esc_html__( 'Article specific settings', 'head-footer-code' ), // Title.
|
|
array( $this, 'article_settings_section_description' ), // Callback.
|
|
$this->plugin->slug // Page.
|
|
);
|
|
|
|
// Prepare clean list of post types w/o attachment.
|
|
$public_post_types = get_post_types( array( 'public' => true ), 'objects' );
|
|
$clean_post_types = array();
|
|
foreach ( $public_post_types as $public_post_type => $public_post_object ) {
|
|
if ( 'attachment' === $public_post_type ) {
|
|
continue;
|
|
}
|
|
$clean_post_types[ $public_post_type ] = esc_html( $public_post_object->label ) . ' (' . esc_attr( $public_post_type ) . ')';
|
|
}
|
|
|
|
$this->add_field(
|
|
'post_types', // Field key.
|
|
esc_html__( 'Post Types', 'head-footer-code' ), // Title.
|
|
'checkbox_group_field_render', // Callback method name.
|
|
'article', // Section.
|
|
array( // Arguments.
|
|
'label_for' => false,
|
|
'items' => $clean_post_types,
|
|
'description' => esc_html__( 'Choose the post types that will have an article specific section.', 'head-footer-code' )
|
|
. '<br>'
|
|
. esc_html__( 'Please note, if you add head, body, and footer code for individual articles and then disable that post type, the article-specific code will no longer be output and only the site-wide code will be used.', 'head-footer-code' ),
|
|
'class' => 'checkbox',
|
|
)
|
|
);
|
|
|
|
// Prepare list of public taxonomies, including built-in ones
|
|
$public_taxonomies = get_taxonomies( array( 'public' => true ), 'objects' );
|
|
$clean_taxonomies = array();
|
|
foreach ( $public_taxonomies as $tax_slug => $tax_object ) {
|
|
// Skip specific eg. nav_menu, post_format
|
|
if ( in_array( $tax_slug, array( 'nav_menu', 'post_format' ), true ) ) {
|
|
continue;
|
|
}
|
|
|
|
$clean_taxonomies[ $tax_slug ] = esc_html( $tax_object->label ) . ' (' . esc_attr( $tax_slug ) . ')';
|
|
}
|
|
$this->add_field(
|
|
'taxonomies', // Field key.
|
|
esc_html__( 'Taxonomies', 'head-footer-code' ), // Title.
|
|
'checkbox_group_field_render', // Callback method name.
|
|
'article', // Section.
|
|
array( // Arguments.
|
|
'label_for' => false,
|
|
'items' => $clean_taxonomies,
|
|
'description' => esc_html__( 'Choose the taxonomies that will have a taxonomy specific section.', 'head-footer-code' )
|
|
. '<br>'
|
|
. esc_html__( 'Please note, if you add head, body, and footer code for individual taxonomy and then disable that taxonomy, the txonomy-specific code will no longer be output and only the site-wide code will be used.', 'head-footer-code' ),
|
|
'class' => 'checkbox',
|
|
)
|
|
);
|
|
|
|
$this->add_field(
|
|
'allowed_roles', // Field key.
|
|
esc_html__( 'Allow for User Roles', 'head-footer-code' ), // Title.
|
|
'checkbox_group_field_render', // Callback method name.
|
|
'article', // Section.
|
|
array( // Arguments.
|
|
'label_for' => false,
|
|
'items' => array(
|
|
'editor' => __( 'Editor', 'head-footer-code' ),
|
|
'author' => __( 'Author', 'head-footer-code' ),
|
|
),
|
|
'description' => esc_html__( 'Choose which unprivileged user roles can manage article-specific and taxonomy-specific code.', 'head-footer-code' )
|
|
. '<br>'
|
|
. '<span class="warn"><strong>'
|
|
. esc_html__( 'Security Notice', 'head-footer-code' )
|
|
. '</strong><br>'
|
|
. '<i></i>' . esc_html__( 'Granting access to non-administrator roles (e.g., Editors) allows users to inject raw HTML, CSS, and JavaScript into individual posts and pages, and taxonomies!', 'head-footer-code' )
|
|
. '<br><i></i>' . esc_html__( 'This may pose a security risk if those users are not fully trusted!', 'head-footer-code' )
|
|
. '<br><i></i>' . esc_html__( 'Only allow for roles you trust to handle code responsibly!', 'head-footer-code' )
|
|
. '</span>',
|
|
'class' => 'checkbox',
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Wrapper for add_settings_field
|
|
*
|
|
* @param string $key Field key to identify the field.
|
|
* @param string $title Formatted title of the field. Shown as the label for the field during output.
|
|
* @param string $callback_name Name of the function that fills the field with the desired form inputs.
|
|
* @param string $section Key of the section of the settings page in which to show the box.
|
|
* @param array $args {
|
|
* Optional. Extra arguments that get passed to add_settingd_field $args
|
|
*
|
|
* @type bool $label_for If `false` the setting title will not be wrapped in a `<label>` element
|
|
* @type string $class CSS Class to be added to the `<tr>` element when the field is output.
|
|
* }
|
|
*/
|
|
private function add_field(
|
|
$key,
|
|
$title,
|
|
$callback_name,
|
|
$section,
|
|
$args = array()
|
|
) {
|
|
// Compose field name from args
|
|
$full_field_name = "auhfc_settings_{$section}[{$key}]";
|
|
$args['field'] = $full_field_name;
|
|
|
|
// Generate clean_id
|
|
$clean_id = $this->generate_clean_id( $full_field_name );
|
|
|
|
// Append label_for to args if missing
|
|
if ( ! isset( $args['label_for'] ) ) {
|
|
$args['label_for'] = $clean_id;
|
|
}
|
|
|
|
// Extract value from the settings array
|
|
$args['value'] = isset( $this->settings[ $section ][ $key ] ) ? $this->settings[ $section ][ $key ] : '';
|
|
|
|
// Call WordPress Core metod
|
|
add_settings_field(
|
|
'auhfc_' . $key,
|
|
$title,
|
|
array( $this, $callback_name ),
|
|
$this->plugin->slug,
|
|
'head_footer_code_settings_' . $section,
|
|
$args
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Generate valid HTML ID from the field name.
|
|
*
|
|
* @param string $field Field name (eg. 'prefix[settings][key]').
|
|
* @param string $suffix Optional suffix (eg. 'editor' or 'post').
|
|
*
|
|
* @return string Clean ID ready for HTML.
|
|
*/
|
|
public function generate_clean_id( $field, $suffix = '' ) {
|
|
$id = $field . ( $suffix ? '_' . $suffix : '' );
|
|
$id = rtrim( str_replace( array( '[', ']', '__' ), '_', $id ), '_' );
|
|
|
|
return sanitize_key( $id );
|
|
}
|
|
|
|
/**
|
|
* This function provides textarea for settings fields
|
|
*
|
|
* @param array $args Array of arguments (field, rows, field_class, value, description).
|
|
*/
|
|
public function textarea_field_render( $args ) {
|
|
if ( empty( $args ) ) {
|
|
return;
|
|
}
|
|
// Set defaults and sanitize values.
|
|
$field = isset( $args['field'] ) ? $args['field'] : '';
|
|
$field_id = isset( $args['label_for'] ) ? $args['label_for'] : $field;
|
|
$field_class = isset( $args['field_class'] ) ? $args['field_class'] : '';
|
|
$label = isset( $args['label'] ) ? $args['label'] : '';
|
|
$value = isset( $args['value'] ) ? $args['value'] : '';
|
|
$rows = isset( $args['rows'] ) ? $args['rows'] : 7;
|
|
|
|
// Compose input HTML.
|
|
|
|
$html = '<div class="description">';
|
|
$html .= '<p class="notice notice-warning">';
|
|
$html .= '<strong>' . esc_html( $this->security_risk_notice['title'] ) . '</strong> ';
|
|
$html .= esc_html( $this->security_risk_notice['message'] );
|
|
$html .= '</p></div>';
|
|
|
|
$html .= sprintf(
|
|
'<textarea name="%1$s" id="%2$s" rows="%3$s" class="%4$s" title="%5$s">%6$s</textarea>',
|
|
esc_attr( $field ), // 1
|
|
esc_attr( $field_id ), // 2
|
|
intval( $rows ), // 3
|
|
esc_attr( $field_class ), // 4
|
|
esc_html( $label ), // 5
|
|
esc_textarea( $value ) // 6
|
|
);
|
|
|
|
// Append description if exists.
|
|
if ( ! empty( $args['description'] ) ) {
|
|
$html .= sprintf( '<div class="description">%s</div>', $args['description'] );
|
|
}
|
|
|
|
// Remove Jetpack filter that may interfere with wp_kses.
|
|
remove_filter( 'pre_kses', array( 'Filter_Embedded_HTML_Objects', 'maybe_create_links' ), 100 );
|
|
|
|
// Filter allowed HTML tags and attributes.
|
|
echo wp_kses( $html, $this->allowed_html );
|
|
|
|
// Re-add the Jetpack filter if it exists.
|
|
// This is to ensure compatibility with Jetpack and other plugins that may use this filter.
|
|
if ( is_callable( array( 'Filter_Embedded_HTML_Objects', 'maybe_create_links' ) ) ) {
|
|
add_filter( 'pre_kses', array( 'Filter_Embedded_HTML_Objects', 'maybe_create_links' ), 100 );
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This function provides number input for settings fields
|
|
*
|
|
* @param array $args Array of arguments (field, value, min, max, step, rows, class, description).
|
|
*/
|
|
public function number_field_render( $args ) {
|
|
if ( empty( $args ) ) {
|
|
return;
|
|
}
|
|
|
|
// Set defaults and sanitize values.
|
|
$field = isset( $args['field'] ) ? $args['field'] : '';
|
|
$field_id = isset( $args['label_for'] ) ? $args['label_for'] : $field;
|
|
$field_class = isset( $args['class'] ) ? $args['class'] : '';
|
|
$value = isset( $args['value'] ) ? $args['value'] : 0;
|
|
$min = isset( $args['min'] ) ? $args['min'] : 0;
|
|
$max = isset( $args['max'] ) ? $args['max'] : 100;
|
|
$step = isset( $args['step'] ) ? $args['step'] : 1;
|
|
|
|
// Compose input HTML.
|
|
$html = sprintf(
|
|
'<input type="number" name="%1$s" id="%2$s" value="%3$s" class="%4$s" min="%5$s" max="%6$s" step="%7$s" />',
|
|
esc_attr( $field ), // 1
|
|
esc_attr( $field_id ), // 2
|
|
intval( $value ), // 3
|
|
esc_attr( $field_class ), // 4
|
|
intval( $min ), // 5
|
|
intval( $max ), // 6
|
|
intval( $step ) // 7
|
|
);
|
|
|
|
// Append description if exists.
|
|
if ( ! empty( $args['description'] ) ) {
|
|
$html .= sprintf( '<p class="description">%s</p>', $args['description'] );
|
|
}
|
|
|
|
// Filter allowed HTML tags and attributes.
|
|
echo wp_kses( $html, $this->form_allowed_html );
|
|
}
|
|
|
|
/**
|
|
* This function provides checkbox group for settings fields
|
|
*
|
|
* @param array $args Array of arguments (items, value, field, class, description).
|
|
*/
|
|
public function checkbox_group_field_render( $args ) {
|
|
if ( empty( $args ) || ! isset( $args['items'] ) ) {
|
|
return;
|
|
}
|
|
|
|
// Set defaults and sanitize values.
|
|
$field = isset( $args['field'] ) ? $args['field'] : '';
|
|
$field_class = isset( $args['class'] ) ? $args['class'] : '';
|
|
$values = isset( $args['value'] ) ? (array) $args['value'] : array();
|
|
|
|
// Checkbox items.
|
|
$html = '<fieldset>';
|
|
|
|
foreach ( $args['items'] as $key => $label ) {
|
|
$item_id = $this->generate_clean_id( $field, $key );
|
|
$checked = checked( in_array( $key, $values, true ), true, false );
|
|
|
|
// Output filtered checkbox field.
|
|
$html .= sprintf(
|
|
'<label for="%1$s"><input type="checkbox" name="%2$s[]" id="%1$s" value="%3$s" class="%4$s" %5$s />%6$s</label><br>',
|
|
esc_attr( $item_id ), // 1
|
|
esc_attr( $field ), // 2
|
|
esc_attr( $key ), // 3
|
|
esc_attr( $field_class ), // 4
|
|
$checked, // 5
|
|
esc_html( $label ) // 6
|
|
);
|
|
}
|
|
|
|
// Append description if exists.
|
|
if ( ! empty( $args['description'] ) ) {
|
|
$html .= sprintf( '<p class="description">%s</p>', $args['description'] );
|
|
}
|
|
|
|
$html .= '</fieldset>';
|
|
|
|
// Filter allowed HTML tags and attributes.
|
|
echo wp_kses( $html, $this->form_allowed_html );
|
|
}
|
|
|
|
/**
|
|
* This function provides select for settings fields
|
|
*
|
|
* @param array $args Array of field arguments (class, field, items, value, description).
|
|
*/
|
|
public function select_field_render( $args ) {
|
|
if ( empty( $args ) ) {
|
|
return;
|
|
}
|
|
|
|
// Set defaults and sanitize values.
|
|
$field = isset( $args['field'] ) ? esc_attr( $args['field'] ) : '';
|
|
$field_id = isset( $args['label_for'] ) ? esc_attr( $args['label_for'] ) : $field;
|
|
$field_class = isset( $args['class'] ) ? esc_attr( $args['class'] ) : 'regular-text';
|
|
$current_val = isset( $args['value'] ) ? $args['value'] : '';
|
|
|
|
// Open SELECT tag.
|
|
$html = sprintf(
|
|
'<select id="%1$s" name="%2$s" class="%3$s">',
|
|
$field_id, // 1
|
|
$field, // 2
|
|
$field_class // 3
|
|
);
|
|
|
|
// Append OPTIONS.
|
|
foreach ( $args['items'] as $key => $val ) {
|
|
// Determine if this dropdown option is selected or not.
|
|
$selected = selected( $current_val, $key, false );
|
|
|
|
$html .= sprintf(
|
|
'<option %1$s value="%2$s">%3$s</option>',
|
|
$selected, // 1
|
|
esc_attr( $key ), // 2
|
|
esc_html( $val ) // 3
|
|
);
|
|
}
|
|
|
|
// Close SELECT tag.
|
|
$html .= '</select>';
|
|
|
|
// Append description if exists.
|
|
if ( ! empty( $args['description'] ) ) {
|
|
$html .= sprintf( '<p class="description">%s</p>', $args['description'] );
|
|
}
|
|
|
|
// Filter allowed HTML tags and attributes.
|
|
echo wp_kses( $html, $this->form_allowed_html );
|
|
}
|
|
|
|
/**
|
|
* Print description for site-wide section
|
|
*/
|
|
public function sitewide_settings_section_description() {
|
|
echo '<p>' . esc_html__( 'Define site-wide code and behavior. You can Add custom content like JavaScript, CSS, HTML meta and link tags, Google Analytics, site verification, etc.', 'head-footer-code' ) . '</p>';
|
|
}
|
|
|
|
/**
|
|
* Print description for homepage section
|
|
*/
|
|
public function homepage_settings_section_description() {
|
|
echo '<p>' . esc_html__( 'Define code and behavior for the Homepage in Blog Posts mode.', 'head-footer-code' ) . '</p>';
|
|
}
|
|
|
|
/**
|
|
* Print description for article section
|
|
*/
|
|
public function article_settings_section_description() {
|
|
echo '<p>' . esc_html__( 'Define what post types will support article specific features, and which non-priviledged user roles will have access to it.', 'head-footer-code' ) . '</p>';
|
|
}
|
|
|
|
/**
|
|
* Print settings page from template
|
|
*/
|
|
public function options_page() {
|
|
if ( ! current_user_can( 'manage_options' ) ) {
|
|
wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'head-footer-code' ) );
|
|
}
|
|
// Render the settings template.
|
|
include $this->plugin->dir . '/templates/settings.php';
|
|
}
|
|
|
|
/**
|
|
* Append Settings link for Plugins page
|
|
*
|
|
* @param array $links Array of default plugin links
|
|
*
|
|
* @return array Array of plugin links with appended link for Settings page
|
|
*/
|
|
public function plugin_settings_link( $links ) {
|
|
$settings_link = '<a href="' . esc_url( admin_url( 'tools.php?page=' . $this->plugin->slug ) ) . '">' . esc_html__( 'Settings', 'head-footer-code' ) . '</a>';
|
|
array_unshift( $links, $settings_link );
|
|
return $links; // Return updated array of links
|
|
}
|
|
|
|
/**
|
|
* Add link to plugin community support
|
|
*
|
|
* @param array $links Array of default plugin meta links
|
|
* @param string $file Current hook file path
|
|
*
|
|
* @return array Array of default plugin meta links with appended link for Support community forum
|
|
*/
|
|
public function add_plugin_meta_links( $links, $file ) {
|
|
if ( $this->plugin->basename === $file ) {
|
|
$links[] = '<a href="https://wordpress.org/support/plugin/head-footer-code/" target="_blank">' . esc_html__( 'Support', 'head-footer-code' ) . '</a>';
|
|
}
|
|
|
|
// Return updated array of links
|
|
return $links;
|
|
}
|
|
|
|
/**
|
|
* Set custom footer thankyou text on plugin settings page
|
|
*
|
|
* @param string $text Default WordPress admin footer thankyou text
|
|
*
|
|
* @return string Custom Head & Footer Code review CTA text
|
|
*/
|
|
public function custom_footer_thankyou( $text ) {
|
|
return '<span id="footer-thankyou">If you ♥ <strong>Head & Footer Code</strong> please leave us a <a target="_blank" rel="nofollow" href="https://wordpress.org/support/plugin/head-footer-code/reviews/#new-post">★★★★★</a> rating. A huge thanks in advance!</span>';
|
|
}
|
|
|
|
/**
|
|
* Function to print note for head section
|
|
*/
|
|
public function head_note() {
|
|
return '<p class="notice">' . sprintf(
|
|
/* translators: 1: italicized 'unseen elements', 2: <script>, 3: <style>, 4: italicized sentence 'could break layouts or lead to unexpected situations' */
|
|
esc_html__( 'Usage of this field should be reserved for output of %1$s like %2$s and %3$s tags or additional metadata. It should not be used to add arbitrary HTML content to a page that %4$s.', 'head-footer-code' ),
|
|
'<em>' . esc_html__( 'unseen elements', 'head-footer-code' ) . '</em>',
|
|
Common::format_as_code( '<script>' ),
|
|
Common::format_as_code( '<style>' ),
|
|
'<em>' . esc_html__( 'could break layouts or lead to unexpected situations', 'head-footer-code' ) . '</em>'
|
|
) . '</p>';
|
|
}
|
|
|
|
|
|
/**
|
|
* Sanitize SiteWide settings
|
|
*
|
|
* @param array $options
|
|
* @return array $sanitized
|
|
*/
|
|
public function sanitize_sitewide( $options ) {
|
|
// Sanitize SiteWide HEAD/BODY/FOOTER code and behavior
|
|
$sanitized = Common::sanitize_hfc_data( $options );
|
|
|
|
// Sanitize SiteWide Priority
|
|
$sanitized['priority_h'] = isset( $options['priority_h'] ) ? absint( $options['priority_h'] ) : 10;
|
|
$sanitized['priority_b'] = isset( $options['priority_b'] ) ? absint( $options['priority_b'] ) : 10;
|
|
$sanitized['priority_f'] = isset( $options['priority_f'] ) ? absint( $options['priority_f'] ) : 10;
|
|
|
|
// Sanitize SiteWide shortcodes
|
|
$allowed_do_shortcode = array( 'y', 'n' );
|
|
$sanitized['do_shortcode_h'] = ( isset( $options['do_shortcode_h'] ) && in_array( $options['do_shortcode_h'], $allowed_do_shortcode, true ) ) ? $options['do_shortcode_h'] : 'n';
|
|
$sanitized['do_shortcode_b'] = ( isset( $options['do_shortcode_b'] ) && in_array( $options['do_shortcode_b'], $allowed_do_shortcode, true ) ) ? $options['do_shortcode_b'] : 'n';
|
|
$sanitized['do_shortcode_f'] = ( isset( $options['do_shortcode_f'] ) && in_array( $options['do_shortcode_f'], $allowed_do_shortcode, true ) ) ? $options['do_shortcode_f'] : 'n';
|
|
|
|
return $sanitized;
|
|
}
|
|
|
|
/**
|
|
* Sanitize Homepage settings
|
|
*
|
|
* @param array $options
|
|
* @return array $sanitized
|
|
*/
|
|
public function sanitize_homepage( $options ) {
|
|
// Sanitize SiteWide HFC code
|
|
$sanitized = Common::sanitize_hfc_data( $options );
|
|
// Sanitize Homepage Paged
|
|
$allowed_paged = array( 'yes', 'no' );
|
|
$sanitized['paged'] = ( isset( $options['paged'] ) && in_array( $options['paged'], $allowed_paged, true ) ) ? $options['paged'] : 'yes';
|
|
|
|
return $sanitized;
|
|
}
|
|
|
|
/**
|
|
* Sanitize Article settings
|
|
*
|
|
* @param array $options
|
|
* @return array $sanitized
|
|
*/
|
|
public function sanitize_article( $options ) {
|
|
$sanitized = array(
|
|
'post_types' => array(),
|
|
'taxonomies' => array(),
|
|
'allowed_roles' => array(),
|
|
);
|
|
|
|
// Sanitize Article Post Types (allow only registered public post types)
|
|
if ( ! empty( $options['post_types'] ) && is_array( $options['post_types'] ) ) {
|
|
$registered_post_types = get_post_types( array( 'public' => true ) );
|
|
|
|
foreach ( $options['post_types'] as $post_type ) {
|
|
$post_type = sanitize_key( $post_type );
|
|
if ( isset( $registered_post_types[ $post_type ] ) ) {
|
|
$sanitized['post_types'][] = $post_type;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Sanitize Article Taxonomies (allow only registered public taxonomies)
|
|
if ( ! empty( $options['taxonomies'] ) && is_array( $options['taxonomies'] ) ) {
|
|
$registered_taxonmies = get_taxonomies( array( 'public' => true ) );
|
|
|
|
foreach ( $options['taxonomies'] as $taxonomy ) {
|
|
$taxonomy = sanitize_key( $taxonomy );
|
|
if ( isset( $registered_taxonmies[ $taxonomy ] ) ) {
|
|
$sanitized['taxonomies'][] = $taxonomy;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Sanitize Article Allowed Roles (allow only existing WP roles on this site)
|
|
if ( ! empty( $options['allowed_roles'] ) && is_array( $options['allowed_roles'] ) ) {
|
|
$wp_roles = wp_roles()->get_names();
|
|
|
|
foreach ( $options['allowed_roles'] as $role ) {
|
|
$role = sanitize_key( $role );
|
|
if ( isset( $wp_roles[ $role ] ) ) {
|
|
$sanitized['allowed_roles'][] = $role;
|
|
}
|
|
}
|
|
}
|
|
|
|
return $sanitized;
|
|
}
|
|
}
|