More thangs.

2018-12-17 23:55:34 +00:00 · 2018-12-17 23:55:34 +00:00 · 88f936b51a
commit 88f936b51a
parent 0ad2452196
5 changed files with 168 additions and 47 deletions
--- a/ContentSubmitter.php
+++ b/ContentSubmitter.php
@ -1,5 +1,7 @@
 <?php

+require_once(ABSPATH . 'wp-admin/includes/post.php');
+
 class ContentSubmitter
 {
    public static function submit(ContentSubmission $submission)
@ -9,11 +11,11 @@ class ContentSubmitter
        }

        // Validation
-        if (self::is_title_valid($submission->title))
+        if (!self::is_title_valid($submission->title))
            throw new InvalidSubmissionTitleException();
-        if (self::is_content_valid($submission->content))
+        if (!self::is_content_valid($submission->content))
            throw new InvalidSubmissionContentException();
-        if (self::is_creators_valid($submission->content))
+        if (!self::is_creators_valid($submission->content))
            throw new InvalidSubmissionCreatorsException();
        if (self::is_title_in_use($submission->title))
            throw new SubmissionTitleExistsException();
@ -23,9 +25,10 @@ class ContentSubmitter
            'post_title' => $submission->title,
            'post_content' => $submission->content,
            'post_status' => 'publish',
-            'post_author' => get_current_user_id()
+            'post_author' => get_current_user_id(),
+            'post_type' => 'content_submission'
        );
-   
+
        $post_id = wp_insert_post($submission_post);

        update_post_meta($post_id, 'garchive_metabox_creators', $submission->creators);
@ -59,7 +62,8 @@ class ContentSubmitter
    {
        if (empty($title))
            return false;
-        return false;
+
+        return true;
    }
 }

@ -70,13 +74,55 @@ class ContentSubmission
    public $creators;
    public $source;

-    public function __construct($title, $content, $creators, $source)
+    public function __construct($title, $content, $creators, $source = '')
    {
-        $this->title = trim(wp_strip_all_tags($title));
-        $this->content = trim(esc_html($content));
+        $this->title = trim(sanitize_text_field($title));
+        $this->content = trim(self::sanitize_content($content));
        $this->creators = trim(sanitize_text_field($creators));
        $this->source = trim(esc_url($source));
    }
+
+    private static function sanitize_content($title) {
+        $allowd_title_tags = array(
+            'h2' => array(),
+            'h3' => array(),
+            'h4' => array(),
+            'h5' => array(),
+            'h6' => array(),
+            'ul' => array(),
+            'li' => array(),
+            'ol' => array(),
+            'p' => array(),
+            'a' => array(
+                'href' => true,
+                'title' => true,
+            ),
+            'abbr' => array(
+                'title' => true,
+            ),
+            'acronym' => array(
+                'title' => true,
+            ),
+            'b' => array(),
+            'blockquote' => array(
+                'cite' => true,
+            ),
+            'cite' => array(),
+            'code' => array(),
+            'del' => array(
+                'datetime' => true,
+            ),
+            'em' => array(),
+            'i' => array(),
+            'q' => array(
+                'cite' => true,
+            ),
+            'strike' => array(),
+            'strong' => array(),
+        );
+
+        return wp_kses($title, $allowd_title_tags);
+    }
 }

 class InvalidSubmissionTitleException extends Exception
--- a/functions.php
+++ b/functions.php
@ -42,7 +42,8 @@ add_action('admin_init', function () {
 });

 add_action('template_redirect', function () {
-    if (!wp_get_current_user()) {
+
+    if (!is_user_logged_in()) {
        if (is_page_template('template-submit-content.php')) {
            wp_redirect(esc_url(home_url('/register')), 302);
        }
@ -86,7 +87,7 @@ add_action('init', function () {
        'label' => __('Content Submission', 'garchive'),
        'description' => __('A content submission.', 'garchive'),
        'labels' => $labels,
-        'supports' => array('title', 'editor'),
+        'supports' => array('title', 'editor', 'author', 'custom-fields'),
        'taxonomies' => array('category', 'post_tag'),
        'hierarchical' => false,
        'public' => true,
--- a/metabox.php
+++ b/metabox.php
@ -5,7 +5,7 @@ add_filter('rwmb_meta_boxes', function ($meta_boxes) {
    $meta_boxes[] = array(
        'id' => 'extra_post_options',
        'title' => __('Extra Post Options', 'garchive'),
-        'post_types' => array('post'),
+        'post_types' => array('post', 'page'),
        'context' => 'normal',
        'priority' => 'high',
        'autosave' => 'false',
--- a/scripts/main.js
+++ b/scripts/main.js
@ -41,7 +41,23 @@
            return;

        tinymce.init({
-            selector: editorSelector
+            selector: editorSelector,
+            menu: {},
+            style_formats: [
+                {title: 'Heading 2', format: 'h2'},
+                {title: 'Heading 3', format: 'h3'},
+                {title: 'Heading 4', format: 'h4'},
+                {title: 'Heading 5', format: 'h5'},
+                {title: 'Heading 6', format: 'h6'},
+                {title: 'Normal', block: 'p'}
+            ],
+            toolbar: 'undo redo | styleselect | bold italic | link | numlist bullist',
+            plugins: ['lists', 'link'],
+            setup: function (editor) {
+                editor.on('change', function () {
+                    editor.save();
+                });
+            }
        });
    }
 })(jQuery);
--- a/template-submit-content.php
+++ b/template-submit-content.php
@ -6,6 +6,54 @@

 get_header();

+require_once 'FormHelper.php';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    require_once 'ContentSubmitter.php';
+
+    $errors = array();
+
+    if (empty($_POST['title'])) 
+        $errors[] = 'Your must provide a title.';
+
+    if (empty($_POST['content'])) 
+        $errors[] = 'Your must provide some content.';
+
+    if (empty($_POST['creators'])) 
+        $errors[] = 'You must provide the creators.';
+
+    if (count($errors) === 0) {
+        try
+        {
+            $submission = new ContentSubmission(
+                $_POST['title'],
+                $_POST['content'],
+                $_POST['creators']
+            );
+
+            ContentSubmitter::submit($submission);
+
+            $success = true;
+        }
+        catch (InvalidSubmissionTitleException $ex)
+        {
+            $errors[] = 'Your submission title is invalid. Please provide a title.';
+        }
+        catch (InvalidSubmissionContentException $ex)
+        {
+            $errors[] = 'Your submission title is invalid. Please provide some content.';
+        }
+        catch (InvalidSubmissionCreatorsException $ex)
+        {
+            $errors[] = 'Your submitted creators field is invalid. Please provide the creators.';
+        }
+        catch (SubmissionTitleExistsException $ex)
+        {
+            $errors[] = 'A post already exists with the name \'' . $submission->title . '\', please choose another.';
+        }
+    }
+}
+
 ?>

 <?php while(have_posts()): the_post() ?>
@ -14,46 +62,56 @@ get_header();
    <h1><?php the_title() ?></h1>
    <div><?php the_content(); ?></div>
    <hr/>
-    <form action="">
-        <div class="form-group">
-            <label for="title">Title</label>
-            <input name="title" type="text" class="form-control" required maxlength="30" />
-            <small class="form-text text-muted">Please provide a short title. It may be no longer than 30 characters.</small>
-        </div>
+    <?php if (isset($success) && $success === true): ?>
+        <div class="alert alert-success">Thank you! Your submission is now with us. You will be notified of any updates to your submission via email.</div>
+    <?php else: ?>
+        <?php if (isset($errors)): ?>
+            <?php foreach ($errors as $error): ?>
+                <div class="alert alert-danger"><?php echo sanitize_text_field($error) ?></div>
+            <?php endforeach; ?>
+        <?php endif; ?>

-        <div class="form-group">
-            <label for="title">Body</label>
-            <div class="alert alert-info">
-               <small>This is the main content of the submission. Please describe the content and provide any guides/sources.</small>
+        <form action="" method="POST">
+            <div class="form-group">
+                <label for="title">Title</label>
+                <input name="title" type="text" class="form-control" required maxlength="30" />
+                <small class="form-text text-muted">Please provide a short title. It may be no longer than 30 characters.</small>
            </div>
-            <textarea name="content" class="rte" required></textarea>
-        </div>

-         <div class="form-group">
-            <label for="title">Creators</label>
-            <input type="text" name="creators" class="form-control" required></textarea>
-            <small class="form-text text-muted">
-               Provide a list of the original creators in a comma-separated format. For example: <i>Emera, Astram</i>
-            </small>
-        </div>
-
-        <div class="form-group">
-            <label for="title">Source</label>
-            <div class="input-group">
-                <div class="input-group-prepend">
-                    <div class="input-group-text"><i class="fa fa-link"></i></div>
+            <div class="form-group">
+                <label for="content">Body</label>
+                <div class="alert alert-info">
+                <small>This is the main content of the submission. Please describe the content and provide any guides/sources.</small>
                </div>
-                <input type="url" name="creators" class="form-control" id="inlineFormInputGroupUsername" />
+                <textarea name="content" class="rte" required></textarea>
            </div>
-            <small class="form-text text-muted">
-               If applicable, please provide a link to the original source. For example, if your content was originally posted on a forum, you would enter the thread URL here.
-            </small>
-        </div>

-        <div class="form-group">
-            <button type="submit" class="gar-btn">Submit</button>
-        </div>
-    </form>
+            <div class="form-group">
+                <label for="creators">Creators</label>
+                <input type="text" name="creators" class="form-control" required></textarea>
+                <small class="form-text text-muted">
+                Provide a list of the original creators in a comma-separated format. For example: <i>Emera, Astram</i>
+                </small>
+            </div>
+
+            <div class="form-group">
+                <label for="source">Source</label>
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <div class="input-group-text"><i class="fa fa-link"></i></div>
+                    </div>
+                    <input type="url" name="source" class="form-control" id="inlineFormInputGroupUsername" />
+                </div>
+                <small class="form-text text-muted">
+                If applicable, please provide a link to the original source. For example, if your content was originally posted on a forum, you would enter the thread URL here.
+                </small>
+            </div>
+
+            <div class="form-group">
+                <input type="submit" class="gar-btn" value="Submit"/>
+            </div>
+        </form>
+    <?php endif; ?>
 </div>

 <?php endwhile; ?>