Ignore some escaping errors

MultisiteLanguageSwitcher.php

@@ -76,6 +76,7 @@ function get_the_msls( $attr ): string {
 	 * @param string[] $arr
 	 */
 	function the_msls( array $arr = array() ): void {
+        // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
 		echo get_the_msls( $arr );
 	}
 

includes/Component/Wrapper.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace lloc\Msls\Component;
+
+class Wrapper {
+
+	protected string $element;
+
+	protected string $content;
+
+	public function __construct( string $element, string $content ) {
+		$this->element = $element;
+		$this->content = $content;
+	}
+
+	public function render(): string {
+		return sprintf( '<%1$s>%2$s</%1$s>', esc_html( $this->element ), wp_kses_post( $this->content ) );
+	}
+}

includes/ContentImport/ContentImporter.php

@@ -9,6 +9,7 @@
 use lloc\Msls\MslsMain;
 use lloc\Msls\MslsOptionsPost;
 use lloc\Msls\MslsRegistryInstance;
+use lloc\Msls\MslsRequest;
 
 /**
  * Class ContentImporter
@@ -153,7 +154,7 @@
 			return false;
 		}
 
 		if ( ! isset( $_POST['msls_import'] ) ) {
 			return false;
 		}
 
@@ -166,11 +167,12 @@
 	 * @return array|bool
 	 */
 	public function parse_sources() {
-		if ( ! isset( $_POST['msls_import'] ) ) {
+		if ( ! MslsRequest::has_var( 'msls_import' ) ) {
 			return false;
 		}
 
-		$import_data = array_filter( explode( '|', trim( $_POST['msls_import'] ) ), 'is_numeric' );
+		$msls_import = MslsRequest::get_var( 'msls_import' );
+		$import_data = array_filter( explode( '|', trim( $msls_import ) ), 'is_numeric' );
 
 		if ( count( $import_data ) !== 2 ) {
 			return false;
@@ -195,8 +197,9 @@
 			return $id;
 		}
 
-		if ( isset( $_REQUEST['post'] ) && filter_var( $_REQUEST['post'], FILTER_VALIDATE_INT ) ) {
-			return (int) $_REQUEST['post'];
+		$request = MslsRequest::get_request( array( 'post' ) );
+		if ( ! empty( $request['post'] ) ) {
+			return (int) $request['post'];
 		}
 
 		$data = array(
@@ -378,7 +381,7 @@
 			return $empty;
 		}
 
 		if ( ! isset( $_POST['msls_import'] ) ) {
 			return $empty;
 		}
 

includes/ContentImport/Importers/WithRequestPostAttributes.php

@@ -10,6 +10,8 @@
 
 namespace lloc\Msls\ContentImport\Importers;
 
+use lloc\Msls\MslsRequest;
+
 /**
  * Trait WithRequestPostAttributes
  *
@@ -24,14 +26,11 @@ trait WithRequestPostAttributes {
 	 * @param string $default The default post type to return if none is specified in the `$_REQUEST` super-global.
 	 *
 	 * @return string Either the post type read from the `$_REQUEST` super-global, or the default value.
-	 * @since TBD
-	 *
+\    *
 	 */
 	protected function read_post_type_from_request( $default = 'post' ) {
-		if ( ! isset( $_REQUEST['post_type'] ) ) {
-			return $default;
-		}
+		$request = MslsRequest::get_request( array( 'post_type' ), $default );
 
-		return filter_var( $_REQUEST['post_type'], FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?: 'post';
+		return $request['post_type'];
 	}
 }

includes/ContentImport/LogWriters/AdminNoticeLogger.php

@@ -141,7 +141,7 @@ public function show_last_log( $echo = true ): ?string {
 		}
 
 		if ( $echo ) {
-			echo $html;
+			echo wp_kses_post( $html );
 		}
 
 		// we've shown it, no reason to keep it

includes/ContentImport/MetaBox.php

@@ -2,7 +2,7 @@
 
 namespace lloc\Msls\ContentImport;
 
-use lloc\Msls\ContentImport\Importers\ImportersFactory;
+use lloc\Msls\Component\Wrapper;
 use lloc\Msls\ContentImport\Importers\Map;
 use lloc\Msls\MslsBlogCollection;
 use lloc\Msls\MslsFields;
@@ -43,44 +43,50 @@ function ( $lang ) use ( $mydata ) {
 
 			/* translators: %s: language name */
 			$label_template = __( 'Import content from %s', 'multisite-language-switcher' );
-			$output         = '<fieldset>';
-			$output        .= '<legend>'
-								. esc_html__(
-									'Warning! This will override and replace all the post content with the content from the source post!',
-									'multisite-language-switcher'
-								)
-								. '</legend>';
+
+			$warning = esc_html__(
+				'Warning! This will override and replace all the post content with the content from the source post!',
+				'multisite-language-switcher'
+			);
+
+			$legend = ( new Wrapper( 'legend', $warning ) )->render();
+
+			$output = '';
 			foreach ( $languages as $language => $label ) {
 				$id    = $mydata->{$language};
 				$blog  = $blogs->get_blog_id( $language );
 				$label = sprintf( $label_template, $label );
+
 				if ( null === $id && $has_input && $input_lang === $language ) {
 					$id   = $input_id;
 					$blog = $blogs->get_blog_id( $language );
 				}
+
 				if ( null !== $id ) {
 					$this->data = array(
 						'msls_import' => "{$blog}|{$id}",
 					);
-					$output    .= sprintf(
+
+					$output .= sprintf(
 						'<a class="button button-primary thickbox" href="%s" title="%s">%s</a>',
 						$this->inline_thickbox_url( $this->data ),
 						$label,
 						$label
 					);
 				}
 			}
-			$output .= '</fieldset>';
+
+			$output = ( new Wrapper( 'fieldset', $legend . $output ) )->render();
 		} else {
-			$output = '<p>' .
-						esc_html__(
-							'No translated versions linked to this post: import content functionality is disabled.',
-							'multisite-language-switcher'
-						)
-						. '</p>';
+			$warning = esc_html__(
+				'No translated versions linked to this post: import content functionality is disabled.',
+				'multisite-language-switcher'
+			);
+
+			$output = ( new Wrapper( 'p', $warning ) )->render();
 		}
 
-		echo $output;
+		echo wp_kses_post( $output );
 	}
 
 	protected function inline_thickbox_url( array $data = array() ): string {
@@ -100,6 +106,7 @@ protected function inline_thickbox_url( array $data = array() ): string {
 	}
 
 	public function print_modal_html(): void {
+        // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
 		echo $this->inline_thickbox_html( true, $this->data );
 	}
 
@@ -112,145 +119,60 @@ protected function inline_thickbox_html( $echo = true, array $data = array() ):
 
 		ob_start();
 		?>
-		<div style="display: none;" id="msls-import-dialog-
-		<?php
-		echo esc_attr( $slug )
-		?>
-		">
-			<h3>
-			<?php
-				esc_html_e( 'Select what should be imported and how', 'multisite-language-switcher' )
-			?>
-			</h3>
-
-			<form action="
-			<?php
-			echo add_query_arg( array() )
-			?>
-			" method="post">
-
-				<?php
-				wp_nonce_field( MslsPlugin::path(), 'msls_noncename' );
-				?>
-
-				<?php
-				foreach ( $data as $key => $value ) :
-					?>
-					<input type="hidden" name="
-					<?php
-					echo esc_attr( $key )
-					?>
-					" value="
-					<?php
-					echo esc_attr( $value )
-					?>
-					">
-					<?php
-				endforeach;
-				?>
-
-				<?php
-				/** @var ImportersFactory $factory */
-				foreach ( Map::instance()->factories() as $slug => $factory ) :
-					?>
-					<?php
-					$details = $factory->details()
-					?>
-					<h4>
-					<?php
-						echo esc_html( $details->name )
-					?>
-					</h4>
-					<?php
-					if ( empty( $details->importers ) ) :
-						?>
+		<div style="display: none;" id="msls-import-dialog-<?php echo esc_attr( $slug ); ?>">
+			<h3><?php esc_html_e( 'Select what should be imported and how', 'multisite-language-switcher' ); ?></h3>
+			<form action="<?php echo esc_url( add_query_arg( array() ) ); ?>" method="post">
+				<?php wp_nonce_field( MslsPlugin::path(), 'msls_noncename' ); ?>
+				<?php foreach ( $data as $key => $value ) : ?>
+					<input type="hidden" name="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $value ); ?>">
+				<?php endforeach; ?>
+				<?php foreach ( Map::instance()->factories() as $slug => $factory ) : ?>
+					<?php $details = $factory->details(); ?>
+					<h4><?php echo esc_html( $details->name ); ?></h4>
+					<?php if ( empty( $details->importers ) ) : ?>
 						<p>
 						<?php
 							esc_html_e(
 								'No importers available for this type of content.',
 								'multisite-language-switcher'
-							)
+							);
 						?>
-								</p>
-						<?php
-					else :
-						?>
-						<ul>
-							<li>
-								<label>
-									<input type="radio" name="msls_importers[
-									<?php
-									echo esc_attr( $details->slug )
-									?>
-									]">
-									<?php
-									esc_html_e(
-										'Off - Do not import this type of content in the destination post.',
-										'multisite-language-switcher'
-									)
-									?>
-								</label>
-							</li>
-							<?php
-							foreach ( $details->importers as $importer_slug => $importer_info ) :
-								?>
-								<li>
-									<label>
-										<input type="radio" name="msls_importers[
-										<?php
-										echo esc_attr( $details->slug )
-										?>
-										]"
-												value="
-												<?php
-												echo esc_attr( $importer_slug )
-												?>
-												"
-											<?php
-											checked( $details->selected, $importer_slug )
-											?>
-										>
-										<?php
-										echo( esc_html(
-											sprintf(
-												'%s -  %s',
-												$importer_info->name,
-												$importer_info->description
-											)
-										) )
-										?>
-									</label>
-								</li>
+						</p>
+					<?php else : ?>
+					<ul>
+						<li>
+							<label>
+								<input type="radio" name="msls_importers[<?php echo esc_attr( $details->slug ); ?>]">
 								<?php
-							endforeach;
-							?>
-						</ul>
-						<?php
-					endif;
-					?>
-					<?php
-				endforeach;
-				?>
-
+								esc_html_e(
+									'Off - Do not import this type of content in the destination post.',
+									'multisite-language-switcher'
+								);
+								?>
+							</label>
+						</li>
+						<?php foreach ( $details->importers as $importer_slug => $importer_info ) : ?>
+						<li>
+							<label>
+								<input type="radio" name="msls_importers[<?php echo esc_attr( $details->slug ); ?>]" value="<?php echo esc_attr( $importer_slug ); ?>" <?php checked( $details->selected, $importer_slug ); ?>>
+								<?php echo( esc_html( sprintf( '%s - %s', $importer_info->name, $importer_info->description ) ) ); ?>
+							</label>
+						</li>
+						<?php endforeach; ?>
+					</ul>
+					<?php endif; ?>
+				<?php endforeach; ?>
 				<div>
-					<input
-							type="submit"
-							class="button button-primary"
-							value="
-							<?php
-							esc_html_e( 'Import Content', 'multisite-language-switcher' )
-							?>
-							"
-					>
+					<input type="submit" class="button button-primary" value="<?php esc_html_e( 'Import Content', 'multisite-language-switcher' ); ?>">
 				</div>
 			</form>
 		</div>
-
 		<?php
+
 		$html = ob_get_clean();
 
 		if ( $echo ) {
-			echo $html;
+			echo wp_kses_post( $html );
 		}
 
 		return $html;