`FILTER_UNSAFE_RAW` doesn't strip HTML tags like `FILTER_SANITIZE_STRING` did, but some of these are being run through `sanitize_text_field` as well, and the others aren't being output or saved to the database.
See https://stackoverflow.com/a/69207369/450127
When a pledge is selected but the auth token is missing/incorrect, show the email form. Like on the pledge page, submitting the correct email will trigger a new auth token + link to be emailed to the pledge manager. This makes for a clearer path for re-requesting a valid link.
Fixes#114
* Rename generic "frontend" file to dialog
* Add a "remove pledge" action
* Process pledge deactivation
* Trigger an email on user-initiated pledge deactivation
* Show an error when trying to manage a deactivated pledge
* Add a label for "deactivated" pledges
* Add the admin email field to the manage form
* Fix admin email processing: When the email is changed, the pledge needs to be set back to pending, until the email is re-confirmed
* Send confirmation emails for existing pledges to the "Manage Pledge" page
* Process the email confirmation & resending emails actions on both shortcodes
* Add a message for unconfirmed pledges
* Add contributor management to manage form
* Check `pledge_id` to prevent returning all contributors
* Return a plain text error string – this is used in an alert box, so it can't contain HTML
* Hide confirmation when pledge is a draft
* Only enqueue script if the user is authorized
- Add logo display & field to manage form
- Save the new logo if submitted (do nothing if not)
- Delete the original logo when a new one is uploaded, checking that the attachment parent is the pledge (just in case of changes via Media Library)
* Fix issue with fetching data in `get_pledge_meta` when no submission has been POST'd
* Rename to `subset`, since `context` is also used elsewhere
* Show form content when there are form errors
* Fix warnings on new pledge form
* Skip wpautop before save, so editors don’t need to edit HTML unless they want to
* Use a unique text-domain, wporg-5ftf
* Fix plugin i18n strings
* Remove unwanted text-domains from WPCS checks and fix missed old text-domains
* Remove type=array from phpcs
* Re-add type=array
* Small WPCS fix
* WPCS: replace var with
Add an admin-ajax endpoint to request an authorized email to edit an existing pledge. The email submitted needs to match the submitted organizer email for the given pledge. If it does, an email will be sent out with the link to the pledge management form. If not, it will return an error.
See #98.
This updates the display of contributors into a table view, and adds the ability to add and remove contributors to existing pledges.
The display has been refactored to use JS templates & JSON contributor data– the data is output onto the page when loaded from the server, and rendered when the page finishes loading. Adding & removing contributors now submits to an admin-ajax.php endpoint, which, if successful, return the new list of contributors. This ensures the display is always up to date.
Fixes#3
* Split Auth functionality out to new file
* Move email-related code into the email file
* Use `assertFalse` for boolean assertions
* Add `can_manage_pledge` to check user or token against a given pledge
Pulled out of e9763f6678
* Remove duplicate test
* Tests: Move tests infrastructure, set up travis
Consolidates the composer files so we can run install once in travis.
* Return empty array if no values are $_POST'ed to the form
Fixes an issue with tests + null values in logs
* Clean up some naming & create helper functions for tests
* Debug travis
* Remove debug
* Fix notices on form
* Turn on multisite flag
This includes autofixes, along with some manual fixes; mostly syntax-related. Some `phpcs:ignore` comments were added for overzealous rules that don't apply.
df78e3de80 started allowing `user_nicename`s in the form field, but we need to always create the contributor posts with the `user_login`, because there are many other places in the code that expect the `post_title` to be the `user_login` and not the `user_nicename`.
See #57
Uses action hooks to capture relevant events as log entries on a per-pledge basis. This provides a running history of a pledge and can be used as an audit log if questions arise about changes to a pledge or there are weird bugs.
Fixes#39
* Allow image uploads
* Add the logo as "generated" meta
This will be attached after we've processed the `$_FILES` object into an upload.
* Load image into media library, attach to the submitted pledge as a featured image.
* Move where image handling happens so we can pass back errors
* Pass back error if upload fails
* Create a validation function to do basic checking of form data
* Move logo uploading to a separate function, and rely on core checks for mime & filesize checking
* Tweak function name to be more clear
* Remove bmp, tiff, and ico file types
The link that they're emailed is to confirm their address, rather than to manage the pledge.
Their pledge will be published once the address is confirmed and contributors have confirmed their participation, rather than after moderation.
Contributors associated with pledges have a state: they can be confirmed or unconfirmed. They also have some important meta data, namely when they were confirmed. Thus, managing contributor data for pledges is more robust if we treat them as their own post type instead of as a multidimensional array of post meta data.
This also reorganizes some of the functions related to pledges so that things are more consistent between the pledge CPT and the contributior CPT.
Fixes#11
Ensures that a submission to the new pledge form has:
* A unique email address compared to existing pledges
* A unique domain in the URL, compared to existing pledges
* Has at least one valid contributor listed
Error messages when one or more of these conditions isn't met are descriptive so that the submitter can correct the issue.
Fixes#15
This broadly enables & styles the pledge forms across the frontend and wp-admin.
- Switches field `readonly` control to a variable called `$readonly`
- Create `PledgeMeta\get_pledge_meta()` which will fetch data from `$_POST`, a pledge post, or defaults.
- Add Number of Employees field
- Update form content to match mockup:
- fields now have help text
- success message uses content from mockup
- logo field is moved to the "org info" section
- Style form in theme, add some similar styles to the admin
Fixes#7, fixes#28
This starts to address several items in the roadmap, but probably doesn't fully address any of them. It takes the plugin code that was written several months ago, before the scope of this project was fully sorted out, and refactors it to be a starting point for the roadmap.
* Adds template files for form inputs that can be used to both create new pledges and manage existing pledges
* Does some validation and sanitization work on form submissions
* Adds a custom post status for deactivated pledges
