diff options
Diffstat (limited to 'plugins/jetpack/modules/videopress/class.videopress-edit-attachment.php')
| -rw-r--r-- | plugins/jetpack/modules/videopress/class.videopress-edit-attachment.php | 97 |
1 files changed, 70 insertions, 27 deletions
diff --git a/plugins/jetpack/modules/videopress/class.videopress-edit-attachment.php b/plugins/jetpack/modules/videopress/class.videopress-edit-attachment.php index ce4688b0..64b38cbd 100644 --- a/plugins/jetpack/modules/videopress/class.videopress-edit-attachment.php +++ b/plugins/jetpack/modules/videopress/class.videopress-edit-attachment.php @@ -1,4 +1,4 @@ -<?php +<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName use Automattic\Jetpack\Connection\Client; @@ -39,15 +39,17 @@ class VideoPress_Edit_Attachment { } /** - * @param string $post_type - * @param object $post + * Add VideoPress meta box. + * + * @param string $post_type Post type. + * @param object $post Post object. */ public function configure_meta_boxes( $post_type = 'unknown', $post = null ) { - if ( null == $post ) { + if ( null === $post ) { $post = (object) array( 'ID' => 0 ); } - if ( 'attachment' != $post_type ) { + if ( 'attachment' !== $post_type ) { return; } @@ -60,17 +62,17 @@ class VideoPress_Edit_Attachment { } /** - * @param array $post - * @param array|null $attachment + * Filter attachment fields data to save. * - * Disable phpcs rule for nonce verification since it's already done by Core. - * @phpcs:disable WordPress.Security.NonceVerification + * @param array $post Post data. + * @param array|null $attachment Attachment metadata. * * @return array */ public function save_fields( $post, $attachment = null ) { + // phpcs:disable WordPress.Security.NonceVerification.Missing -- Nonce verification already done by core. if ( null === $attachment && isset( $_POST['attachment'] ) ) { - $attachment = $_POST['attachment']; + $attachment = filter_var( wp_unslash( $_POST['attachment'] ) ); } if ( ! isset( $attachment['is_videopress_attachment'] ) || 'yes' !== $attachment['is_videopress_attachment'] ) { @@ -83,11 +85,12 @@ class VideoPress_Edit_Attachment { return $post; } - $post_title = isset( $_POST['post_title'] ) ? $_POST['post_title'] : null; - $post_excerpt = isset( $_POST['post_excerpt'] ) ? $_POST['post_excerpt'] : null; - $rating = isset( $attachment['rating'] ) ? $attachment['rating'] : null; - $display_embed = isset( $attachment['display_embed'] ) ? $attachment['display_embed'] : 0; - $allow_download = isset( $attachment['allow_download'] ) ? $attachment['allow_download'] : 0; + $post_title = isset( $_POST['post_title'] ) ? sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) : null; + $post_excerpt = isset( $_POST['post_excerpt'] ) ? sanitize_textarea_field( wp_unslash( $_POST['post_excerpt'] ) ) : null; + $rating = isset( $attachment['rating'] ) ? $attachment['rating'] : null; + $display_embed = isset( $attachment['display_embed'] ) ? $attachment['display_embed'] : 0; + $allow_download = isset( $attachment['allow_download'] ) ? $attachment['allow_download'] : 0; + $privacy_setting = isset( $attachment['privacy_setting'] ) ? $attachment['privacy_setting'] : VIDEOPRESS_PRIVACY::SITE_DEFAULT; $result = Videopress_Attachment_Metadata::persist_metadata( $post['ID'], @@ -97,7 +100,8 @@ class VideoPress_Edit_Attachment { $post_excerpt, $rating, $this->normalize_checkbox_value( $display_embed ), - $this->normalize_checkbox_value( $allow_download ) + $this->normalize_checkbox_value( $allow_download ), + $privacy_setting ); if ( is_wp_error( $result ) ) { @@ -106,6 +110,7 @@ class VideoPress_Edit_Attachment { } return $post; + // phpcs:enable WordPress.Security.NonceVerification.Missing } /** @@ -122,7 +127,7 @@ class VideoPress_Edit_Attachment { /** * Get the upload api path. * - * @param string $guid + * @param string $guid The guid of the video. * @return string */ public function make_video_api_path( $guid ) { @@ -134,12 +139,11 @@ class VideoPress_Edit_Attachment { ); } - /** * Creates an array of video fields to edit based on transcoded videos. * - * @param array $fields video fields of interest - * @param stdClass $post post object + * @param array $fields video fields of interest. + * @param stdClass $post Post object. * @return array modified version of video fields for administrative interface display */ public function fields_to_edit( $fields, $post ) { @@ -210,11 +214,19 @@ class VideoPress_Edit_Attachment { 'html' => $this->display_rating( $info ), ); + $fields['privacy_setting'] = array( + 'label' => _x( 'Privacy Setting', 'A header for the video privacy setting area.', 'jetpack' ), + 'input' => 'html', + 'html' => $this->display_privacy_setting( $info ), + ); + return $fields; } /** - * @param stdClass $post + * Meta box output. + * + * @param stdClass $post Post object. */ public function videopress_information_box( $post ) { $post_id = absint( $post->ID ); @@ -260,7 +272,7 @@ class VideoPress_Edit_Attachment { </div> HTML; - echo $html; + echo $html; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Variables built above. } /** @@ -285,8 +297,8 @@ HTML; /** * Build HTML to display a form checkbox for embedcode display preference * - * @param object $info database row from the videos table - * @return string input element of type checkbox set to checked state based on stored embed preference + * @param object $info Database row from the videos table. + * @return string Input element of type checkbox set to checked state based on stored embed preference. */ protected function display_embed_choice( $info ) { return $this->create_checkbox_for_option( @@ -308,15 +320,46 @@ HTML; "attachments-{$info->post_id}-allowdownload", "attachments[{$info->post_id}][allow_download]", __( 'Display download option and allow viewers to download this video', 'jetpack' ), - $info->allow_download + isset( $info->allow_download ) && $info->allow_download + ); + } + + /** + * Build HTML to display a form input radio button for video ratings + * + * @param object $info Database row from the videos table. + * + * @return string Input Elements of type radio with existing stored value selected. + */ + protected function display_privacy_setting( $info ) { + $privacy_settings = array( + VIDEOPRESS_PRIVACY::SITE_DEFAULT => __( 'Site Default', 'jetpack' ), + VIDEOPRESS_PRIVACY::IS_PUBLIC => __( 'Public', 'jetpack' ), + VIDEOPRESS_PRIVACY::IS_PRIVATE => __( 'Private', 'jetpack' ), ); + + $displayed_privacy_setting = intval( isset( $info->privacy_setting ) ? $info->privacy_setting : VIDEOPRESS_PRIVACY::SITE_DEFAULT ); + + $out = "<select name='attachments[{$info->post_id}][privacy_setting]'>"; + foreach ( $privacy_settings as $r => $label ) { + $out .= "<option value=\"$r\""; + if ( intval( $r ) === $displayed_privacy_setting ) { + $out .= ' selected'; + } + + $out .= ">$label</option>"; + } + + $out .= '</select>'; + + return $out; } /** * Build HTML to display a form input radio button for video ratings * - * @param object $info database row from the videos table - * @return string input elements of type radio with existing stored value selected + * @param object $info Database row from the videos table. + * @return string Input elements of type radio with existing stored value selected. */ protected function display_rating( $info ) { $out = ''; |