Plugin: Fix all phpcs errors

This includes autofixes, along with some manual fixes; mostly syntax-related. Some `phpcs:ignore` comments were added for overzealous rules that don't apply.

plugins/wporg-5ftf/includes/contributor.php

@@ -66,7 +66,7 @@ function register_custom_post_type() {
 		'publicly_queryable'  => false,
 		'capability_type'     => 'page',
 		'capabilities'        => array(
-			'create_posts' => 'do_not_allow'
+			'create_posts' => 'do_not_allow',
 		),
 		'map_meta_cap'        => true,
 		'show_in_rest'        => false, // todo Maybe turn this on later.
@@ -317,7 +317,7 @@ function process_my_pledges_form() {
 	}
 
 	$contributor_post = get_post( $contributor_post_id );
-	if ( ! isset( $contributor_post->post_type ) || $contributor_post->post_type !== CPT_ID ) {
+	if ( ! isset( $contributor_post->post_type ) || CPT_ID !== $contributor_post->post_type ) {
 		return ''; // Return early, the form was submitted incorrectly.
 	}
 
@@ -326,8 +326,8 @@ function process_my_pledges_form() {
 		return ''; // User doesn't have permission to update this.
 	}
 
-	$pledge  = get_post( $contributor_post->post_parent );
-	$message = '';
+	$pledge     = get_post( $contributor_post->post_parent );
+	$message    = '';
 	$new_status = false;
 
 	if ( filter_input( INPUT_POST, 'join_organization' ) ) {
@@ -335,21 +335,21 @@ function process_my_pledges_form() {
 		wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
 
 		$new_status = 'publish';
-		$message = "You have joined the pledge from {$pledge->post_title}.";
+		$message    = "You have joined the pledge from {$pledge->post_title}.";
 
 	} elseif ( filter_input( INPUT_POST, 'decline_invitation' ) ) {
 		$nonce_action = 'join_decline_organization_' . $contributor_post_id;
 		wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
 
 		$new_status = 'trash';
-		$message = "You have declined the pledge invitation from {$pledge->post_title}.";
+		$message    = "You have declined the pledge invitation from {$pledge->post_title}.";
 
 	} elseif ( filter_input( INPUT_POST, 'leave_organization' ) ) {
 		$nonce_action = 'leave_organization_' . $contributor_post_id;
 		wp_verify_nonce( $unverified_nonce, $nonce_action ) || wp_nonce_ays( $nonce_action );
 
 		$new_status = 'trash';
-		$message = "You have left the {$pledge->post_title} pledge.";
+		$message    = "You have left the {$pledge->post_title} pledge.";
 	}
 
 	if ( 'publish' === $new_status && 'publish' !== $contributor_post->post_status ) {

plugins/wporg-5ftf/includes/email.php

@@ -34,7 +34,8 @@ defined( 'WPINC' ) || die();
 
 const TOKEN_PREFIX = '5ftf_auth_token_';
 
-// Longer than `get_password_reset_key()` just to be safe. See https://core.trac.wordpress.org/ticket/43546#comment:34
+// Longer than `get_password_reset_key()` just to be safe.
+// See https://core.trac.wordpress.org/ticket/43546#comment:34.
 const TOKEN_LENGTH = 32;
 
 add_action( 'wp_head', __NAMESPACE__ . '\prevent_caching_auth_tokens', 99 );
@@ -46,8 +47,9 @@ add_action( 'wp_head', __NAMESPACE__ . '\prevent_caching_auth_tokens', 99 );
  * etc could create situations where they're leaked to others.
  */
 function prevent_caching_auth_tokens() {
+	// phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce not required, not processing form data.
 	if ( isset( $_GET['auth_token'] ) || isset( $_POST['auth_token'] ) ) {
-	    nocache_headers();
+		nocache_headers();
 	}
 }
 
@@ -65,7 +67,6 @@ function send_email( $to, $subject, $message, $pledge_id ) {
 	$headers = array(
 		'From: WordPress - Five for the Future <donotreply@wordpress.org>',
 		'Reply-To: support@wordcamp.org',
-			// todo update address when new one is created
 	);
 
 	$result = wp_mail( $to, $subject, $message, $headers );
@@ -101,12 +102,10 @@ function send_email( $to, $subject, $message, $pledge_id ) {
  */
 function get_authentication_url( $pledge_id, $action, $action_page_id, $use_once = true ) {
 	$auth_token = array(
-		/*
-		 * This will create a CSPRN and is similar to how `get_password_reset_key()` and
-		 * `generate_recovery_mode_token()` work.
-		 */
+		// This will create a CSPRN and is similar to how `get_password_reset_key()` and
+		// `generate_recovery_mode_token()` work.
 		'value'      => wp_generate_password( TOKEN_LENGTH, false ),
-			// todo Ideally should encrypt at rest, see https://core.trac.wordpress.org/ticket/24783.
+		// todo Ideally should encrypt at rest, see https://core.trac.wordpress.org/ticket/24783.
 		'expiration' => time() + ( 2 * HOUR_IN_SECONDS ),
 		'use_once'   => $use_once,
 	);
@@ -132,7 +131,7 @@ function get_authentication_url( $pledge_id, $action, $action_page_id, $use_once
 	);
 
 	// todo include a "this lnk will expire in 10 hours and after its used once" message too?
-		//  probably, but what's the best way to do that DRYly?
+		// probably, but what's the best way to do that DRYly?
 
 	return $auth_url;
 }
@@ -177,7 +176,7 @@ function is_valid_authentication_token( $pledge_id, $action, $unverified_token )
 		$verified = true;
 
 		// Tokens should not be reusable -- to increase security -- unless explicitly required to fulfill their purpose.
-		if ( $valid_token['use_once'] !== false ) {
+		if ( false !== $valid_token['use_once'] ) {
 			delete_post_meta( $pledge_id, TOKEN_PREFIX . $action );
 		}
 	}

plugins/wporg-5ftf/includes/pledge-form.php

@@ -134,7 +134,10 @@ function process_pledge_confirmation_email( $pledge_id, $action, $unverified_tok
 
 	if ( $email_confirmed ) {
 		update_post_meta( $pledge_id, $meta_key, true );
-		wp_update_post( array( 'ID' => $pledge_id, 'post_status' => 'publish' ) );
+		wp_update_post( array(
+			'ID'          => $pledge_id,
+			'post_status' => 'publish',
+		) );
 		send_contributor_confirmation_emails( $pledge_id );
 	}
 
@@ -172,11 +175,11 @@ function send_contributor_confirmation_emails( $pledge_id, $contributor_id = nul
 		 * because there's no expiration.
 		 */
 		$message =
-			"Howdy $name, {$pledge->post_title} has created a Five for the Future pledge on WordPress.org and listed you as one of the contributors that they sponsor to contribute to the WordPress open source project. You can view their pledge at:" . "\n\n" .
+			"Howdy $name, {$pledge->post_title} has created a Five for the Future pledge on WordPress.org and listed you as one of the contributors that they sponsor to contribute to the WordPress open source project. You can view their pledge at:\n\n" .
 
 			get_permalink( $pledge_id ) . "\n\n" .
 
-			"To confirm that they're sponsoring your contributions, please review your pledges at:" . "\n\n" .
+			"To confirm that they're sponsoring your contributions, please review your pledges at:\n\n" .
 
 			get_permalink( get_page_by_path( 'my-pledges' ) ) . "\n\n" .
 
@@ -184,8 +187,7 @@ function send_contributor_confirmation_emails( $pledge_id, $contributor_id = nul
 
 			"https://profiles.wordpress.org/me/profile/edit/group/5/\n\n" .
 
-			"If {$pledge->post_title} isn't sponsoring your contributions, then you can ignore this email, and you won't be listed on their pledge."
-		;
+			"If {$pledge->post_title} isn't sponsoring your contributions, then you can ignore this email, and you won't be listed on their pledge.";
 
 		$user = get_user_by( 'login', $contributor->post_title );
 		Email\send_email( $user->user_email, $subject, $message, $pledge_id );
@@ -267,7 +269,6 @@ function process_manage_link_request() {
 		} else {
 			$result = new WP_Error( 'email_failed', __( 'There was an error while trying to send the email.', 'wporg-5ftf' ) );
 		}
-
 	} else {
 		$error_message = sprintf(
 			__( 'That\'s not the address that we have for this pledge, please try a different one. If none of the addresses you try are working, please <a href="%s">email us</a> for help.', 'wporg-5ftf' ),
@@ -303,11 +304,9 @@ function send_manage_pledge_link( $pledge_id ) {
 			$pledge_id,
 			'manage_pledge',
 			get_page_by_path( 'manage-pledge' )->ID,
-
 			// The token needs to be reused so that the admin can view the form, submit it, and view the result.
 			false
-		)
-	;
+		);
 
 	$result = Email\send_email( $admin_email, $subject, $message, $pledge_id );
 
@@ -327,7 +326,7 @@ function send_manage_pledge_link( $pledge_id ) {
  */
 function process_form_manage() {
 	$submission = get_form_submission();
-	$has_error = check_invalid_submission( $submission );
+	$has_error  = check_invalid_submission( $submission );
 	if ( $has_error ) {
 		return $has_error;
 	}

plugins/wporg-5ftf/includes/pledge-meta.php

@@ -76,7 +76,7 @@ function get_pledge_meta_config( $context = 'all' ) {
 			'sanitize_callback' => 'absint',
 			'show_in_rest'      => false,
 		),
-		'pledge-total-hours' => array(
+		'pledge-total-hours'            => array(
 			'single'            => true,
 			'sanitize_callback' => 'absint',
 			'show_in_rest'      => false,
@@ -259,10 +259,7 @@ function save_pledge( $pledge_id, $pledge ) {
 		return;
 	}
 
-	if ( ! current_user_can( 'edit_pledge', $pledge_id ) ) {
-		// todo re-enable once setup cap mapping or whatever.
-		//return;
-	}
+	// if ( ! current_user_can( 'edit_pledge', $pledge_id ) ) {} -- todo re-enable once setup cap mapping or whatever.
 
 	if ( ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) || 'auto-draft' === $pledge->post_status ) {
 		return;
@@ -388,7 +385,7 @@ function maybe_update_single_cached_pledge_data( $new_status, $old_status, WP_Po
  *
  * This is saved so that it can be easily queried against, and also to make stats calculations easier.
  *
- * @param $pledge_id
+ * @param int $pledge_id
  */
 function update_single_cached_pledge_data( $pledge_id ) {
 	$pledge_data = XProfile\get_aggregate_contributor_data_for_pledge( $pledge_id );

plugins/wporg-5ftf/includes/pledge.php

@@ -95,7 +95,7 @@ function register_custom_post_type() {
 		'publicly_queryable'  => true,
 		'capability_type'     => 'page',
 		'capabilities'        => array(
-			'create_posts' => 'do_not_allow'
+			'create_posts' => 'do_not_allow',
 		),
 		'map_meta_cap'        => true,
 		'show_in_rest'        => false, // todo Maybe turn this on later.
@@ -153,12 +153,16 @@ function add_list_table_columns( $columns ) {
 function populate_list_table_columns( $column, $post_id ) {
 	switch ( $column ) {
 		case 'contributor_counts':
-			$contribs = Contributor\get_pledge_contributors( $post_id, 'all' );
-			printf(
-				wpautop( '%1$d confirmed' . "\n" . '%2$d unconfirmed' ),
-				count( $contribs['publish'] ),
-				count( $contribs['pending'] )
+			$contribs    = Contributor\get_pledge_contributors( $post_id, 'all' );
+			$confirmed   = sprintf(
+				_n( '%s confirmed', '%s confirmed', count( $contribs['publish'] ), 'wporg-5ftf' ),
+				number_format_i18n( count( $contribs['publish'] ) )
 			);
+			$unconfirmed = sprintf(
+				_n( '%s unconfirmed', '%s unconfirmed', count( $contribs['pending'] ), 'wporg-5ftf' ),
+				number_format_i18n( count( $contribs['pending'] ) )
+			);
+			printf( '%s<br />%s', esc_html( $confirmed ), esc_html( $unconfirmed ) );
 			break;
 		case 'domain':
 			$domain = get_post_meta( $post_id, META_PREFIX . 'org-domain', true );
@@ -181,7 +185,6 @@ function create_new_pledge( $name ) {
 		'post_status' => 'draft',
 	);
 
-
 	$pledge_id = wp_insert_post( $args, true );
 	// The pledge's meta data is saved at this point via `save_pledge_meta()`, which is a `save_post` callback.
 
@@ -204,11 +207,10 @@ function create_new_pledge( $name ) {
 function send_pledge_confirmation_email( $pledge_id, $action_page_id ) {
 	$pledge = get_post( $pledge_id );
 
-	$message =
-		"Thanks for pledging your organization's time to contribute to the WordPress open source project! Please confirm this email address in order to publish your pledge:" . "\n\n" .
-
+	$message = sprintf(
+		"Thanks for pledging your organization's time to contribute to the WordPress open source project! Please confirm this email address in order to publish your pledge:\n\n%s",
 		Email\get_authentication_url( $pledge_id, 'confirm_pledge_email', $action_page_id )
-	;
+	);
 
 	return Email\send_email(
 		$pledge->{'5ftf_org-pledge-email'},
@@ -233,12 +235,12 @@ function filter_query( $query ) {
 	$hours_count_key       = META_PREFIX . 'pledge-total-hours';
 
 	// Set up meta queries to include the "valid pledge" check, added to both search and pledge archive requests.
-	$meta_queries = (array) $query->get( 'meta_query' );
+	$meta_queries   = (array) $query->get( 'meta_query' );
 	$meta_queries[] = array(
-		'key' => $contributor_count_key,
-		'value' => 0,
+		'key'     => $contributor_count_key,
+		'value'   => 0,
 		'compare' => '>',
-		'type' => 'NUMERIC',
+		'type'    => 'NUMERIC',
 	);
 
 	// Searching is restricted to pledges with contributors only.
@@ -271,6 +273,7 @@ function filter_query( $query ) {
 		}
 	}
 
-	// todo remove this when `rand` pagination fixed, see https://github.com/WordPress/five-for-the-future/issues/70#issuecomment-549066883
+	// todo remove this when `rand` pagination fixed
+	// see https://github.com/WordPress/five-for-the-future/issues/70#issuecomment-549066883.
 	$query->set( 'posts_per_page', 100 );
 }

plugins/wporg-5ftf/tests/test-email.php

@@ -7,6 +7,7 @@ use const WordPressDotOrg\FiveForTheFuture\Pledge\CPT_ID as PLEDGE_POST_TYPE;
 defined( 'WPINC' ) || die();
 
 class Test_Email extends WP_UnitTestCase {
+	// phpcs:ignore PSR2.Classes.PropertyDeclaration.Multiple
 	protected static $valid_pledge, $valid_action, $valid_action_page, $valid_action_url, $valid_token;
 
 	/**
@@ -29,8 +30,7 @@ class Test_Email extends WP_UnitTestCase {
 
 		self::$valid_pledge = get_post( $valid_pledge_id );
 
-
-		$valid_action_page_id = self::factory()->post->create( $valid_action_page_params );
+		$valid_action_page_id    = self::factory()->post->create( $valid_action_page_params );
 		self::$valid_action_page = get_post( $valid_action_page_id );
 
 		self::$valid_action = 'confirm_pledge_email';
@@ -44,7 +44,7 @@ class Test_Email extends WP_UnitTestCase {
 	/**
 	 * Verify whether or not the fixtures were setup correctly.
 	 *
-	 * @return bool
+	 * @return void
 	 */
 	protected static function verify_before_class_fixtures() {
 		self::assertSame( 'object',         gettype( self::$valid_action_page ) );
@@ -85,7 +85,7 @@ class Test_Email extends WP_UnitTestCase {
 		$this->assertTrue( $verified );
 
 		// todo test that `view` and `update` contexts work as well, when those are added
-			// maybe need to test some failures for that too
+			// maybe need to test some failures for that too.
 	}
 
 	/**
@@ -118,11 +118,11 @@ class Test_Email extends WP_UnitTestCase {
 			'wrong-data-type'    => array( 'this string is not an array' ),
 			'wrong-array-items'  => array( 'this' => "doesn't have `value` and `expiration` items" ),
 
-			'invalid-value' => array(
+			'invalid-value'      => array(
 				array(
 					'value'      => 'Valid tokens will never contain special characters like !@#$%^&*()',
 					'expiration' => time() + HOUR_IN_SECONDS,
-				)
+				),
 			),
 		);
 	}
@@ -167,8 +167,8 @@ class Test_Email extends WP_UnitTestCase {
 	 */
 	public function test_valid_token_rejected_for_other_actions() {
 		// Setup another valid token for the other action.
-		$other_valid_action     = 'confirm_contributor_participation';
-			// todo update this when the action for that step is created, so that they match and show that valid actions
+		$other_valid_action = 'confirm_contributor_participation';
+		// todo update this when the action for that step is created, so that they match and show that valid actions.
 		$other_valid_action_url = get_authentication_url( self::$valid_pledge->ID, $other_valid_action, self::$valid_action_page->ID );
 
 		// Intentionally mismatch the token and action.

plugins/wporg-5ftf/views/form-pledge-confirm-email.php

@@ -18,7 +18,7 @@ use WP_Post;
 			<?php
 			printf(
 				wp_kses_post( __( "Thank you for confirming your address! We've emailed confirmation links to the contributors you mentioned, and your pledge will show up in <a href=\"%s\">the directory</a> once one contributor confirms their participation.", 'wporg' ) ),
-				 esc_url( $directory_url )
+				esc_url( $directory_url )
 			);
 			?>
 		</p>
@@ -45,13 +45,11 @@ use WP_Post;
 	<div class="notice notice-error notice-alt">
 		<p>
 			<?php
-			/*
-			 * There could be other reasons it failed, like an invalid token, but this is the most common reason,
-			 * and the only one that normal users should experience, so we're assuming it in order to provide
-			 * the best UX.
-			 */
+			// There could be other reasons it failed, like an invalid token, but this is the most common reason,
+			// and the only one that normal users should experience, so we're assuming it in order to provide
+			// the best UX.
+			esc_html_e( 'Your confirmation link has expired, please obtain a new one:', 'wporg-5ftf' );
 			?>
-			Your confirmation link has expired, please obtain a new one:
 		</p>
 
 		<form action="" method="get">

plugins/wporg-5ftf/views/form-pledge-request-manage-link.php

@@ -9,6 +9,7 @@ defined( 'WPINC' ) || die();
  */
 
 // Hide it if it hasn't submitted, but show success/error messages if it was submitted.
+// phpcs:ignore
 $hidden = empty( $errors ) && empty( $_POST['get_manage_pledge_link'] ) ? 'hidden' : '';
 
 ?>

plugins/wporg-5ftf/views/log.php

@@ -38,6 +38,7 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
 						$user = get_user_by( 'id', $entry['user_id'] );
 
 						if ( $user ) {
+							// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- sanitize_user prevents unsafe characters.
 							echo sanitize_user( $user->user_login );
 						} elseif ( ! empty( $entry['user_id'] ) ) {
 							echo esc_html( $entry['user_id'] );
@@ -52,9 +53,7 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
 
 	<?php else : ?>
 
-		<p>
-			There are no log entries.
-		</p>
+		<p>There are no log entries.</p>
 
 	<?php endif; ?>
 </div>

plugins/wporg-5ftf/views/partial-result-messages.php

@@ -24,9 +24,9 @@ defined( 'WPINC' ) || die();
 
 	<?php if ( ! empty( $errors ) ) : ?>
 		<div id="error-messages" class="notice notice-error notice-alt">
-			<?php foreach ( $errors as $error ) : ?>
+			<?php foreach ( $errors as $error_message ) : ?>
 				<p>
-					<?php echo wp_kses_post( $error ); ?>
+					<?php echo wp_kses_post( $error_message ); ?>
 				</p>
 			<?php endforeach; ?>
 		</div>