`FILTER_UNSAFE_RAW` doesn't strip HTML tags like `FILTER_SANITIZE_STRING` did, but some of these are being run through `sanitize_text_field` as well, and the others aren't being output or saved to the database.
See https://stackoverflow.com/a/69207369/450127
* Rename generic "frontend" file to dialog
* Add a "remove pledge" action
* Process pledge deactivation
* Trigger an email on user-initiated pledge deactivation
* Show an error when trying to manage a deactivated pledge
* Add a label for "deactivated" pledges
This adds the ability to deactivate/reactivate pledges from the wp-admin list table. Once deactivated, the pledge is removed from the "published" list, as if it were trashed. It is not rendered in the frontend pledge list either. You can still access the edit screen, but no edits can be made (saving the pledge is disabled by JS, as otherwise it would reactivate itself). This way we can remove a pledge, but still see the activity log.
Fixes#112
The docs were not exactly correct for this function, and it is called both on update and creation - causing two emails to go out. The email sent from this function uses the wrong page for a new pledge, so we'll keep the current email in `create_new_pledge`, and only send this email on `updated_postmeta`.
* Add the admin email field to the manage form
* Fix admin email processing: When the email is changed, the pledge needs to be set back to pending, until the email is re-confirmed
* Send confirmation emails for existing pledges to the "Manage Pledge" page
* Process the email confirmation & resending emails actions on both shortcodes
* Add a message for unconfirmed pledges
* Add contributor management to manage form
* Check `pledge_id` to prevent returning all contributors
* Return a plain text error string – this is used in an alert box, so it can't contain HTML
* Hide confirmation when pledge is a draft
* Only enqueue script if the user is authorized
* Fix issue with fetching data in `get_pledge_meta` when no submission has been POST'd
* Rename to `subset`, since `context` is also used elsewhere
* Show form content when there are form errors
* Fix warnings on new pledge form
* Skip wpautop before save, so editors don’t need to edit HTML unless they want to
* Use a unique text-domain, wporg-5ftf
* Fix plugin i18n strings
* Remove unwanted text-domains from WPCS checks and fix missed old text-domains
* Remove type=array from phpcs
* Re-add type=array
* Small WPCS fix
* WPCS: replace var with
This updates the display of contributors into a table view, and adds the ability to add and remove contributors to existing pledges.
The display has been refactored to use JS templates & JSON contributor data– the data is output onto the page when loaded from the server, and rendered when the page finishes loading. Adding & removing contributors now submits to an admin-ajax.php endpoint, which, if successful, return the new list of contributors. This ensures the display is always up to date.
Fixes#3
* Split Auth functionality out to new file
* Move email-related code into the email file
* Use `assertFalse` for boolean assertions
* Add `can_manage_pledge` to check user or token against a given pledge
Pulled out of e9763f6678
* Remove duplicate test
This includes autofixes, along with some manual fixes; mostly syntax-related. Some `phpcs:ignore` comments were added for overzealous rules that don't apply.
Uses action hooks to capture relevant events as log entries on a per-pledge basis. This provides a running history of a pledge and can be used as an audit log if questions arise about changes to a pledge or there are weird bugs.
Fixes#39
This will be more accurate and avoid confusion that could arise if the self-reported "Number of Employees Being Sponsored" didn't match the number of confirmed contributors listed on the pledge.
Having that counted number stored in post meta is still useful, though, so this also adds/updates that number for a pledge whenever a Contributor post changes its status.
Fixes#48
Having both the input for adding a comma separated list of contributors
to a new pledge and the UI for managing the contributors on an existing
pledge in the same file was confusing and it conflated two different
pieces of functionality. It also caused `undefined index` errors in some
views because `'pledge-contributors'` only exists when submitting the
new pledge form.
Contributors associated with pledges have a state: they can be confirmed or unconfirmed. They also have some important meta data, namely when they were confirmed. Thus, managing contributor data for pledges is more robust if we treat them as their own post type instead of as a multidimensional array of post meta data.
This also reorganizes some of the functions related to pledges so that things are more consistent between the pledge CPT and the contributior CPT.
Fixes#11
Ensures that a submission to the new pledge form has:
* A unique email address compared to existing pledges
* A unique domain in the URL, compared to existing pledges
* Has at least one valid contributor listed
Error messages when one or more of these conditions isn't met are descriptive so that the submitter can correct the issue.
Fixes#15
This broadly enables & styles the pledge forms across the frontend and wp-admin.
- Switches field `readonly` control to a variable called `$readonly`
- Create `PledgeMeta\get_pledge_meta()` which will fetch data from `$_POST`, a pledge post, or defaults.
- Add Number of Employees field
- Update form content to match mockup:
- fields now have help text
- success message uses content from mockup
- logo field is moved to the "org info" section
- Style form in theme, add some similar styles to the admin
Fixes#7, fixes#28
This starts to address several items in the roadmap, but probably doesn't fully address any of them. It takes the plugin code that was written several months ago, before the scope of this project was fully sorted out, and refactors it to be a starting point for the roadmap.
* Adds template files for form inputs that can be used to both create new pledges and manage existing pledges
* Does some validation and sanitization work on form submissions
* Adds a custom post status for deactivated pledges
