fix: post description image for block theme

[sapayth]

fixes #524

Testing-flow:

1. Activate a block theme
2. Go to Post Forms
3. Create New Post Form with Post Description-image enabled
4. Goto Frontend > Form Page
5. Enter Details > Add Image to Post description field
6. Submit Form
7. Edit Submitted Form > Issue Found - Post Description Image added is distorted

Actual Result: Image added in Post Description field is distorted

Expected Result: Image should display as it was uploaded when submitting form

---

Screenshot for reference:

Summary by CodeRabbit

• New Features

  • Enhanced support for block themes in the content editor.
  • Improved error handling and feedback for editing posts, including nonce verification and user login status checks.

• Bug Fixes

  • Streamlined logic for handling post publication status and guest submissions.
  • Improved clarity of conditional checks to ensure type safety.

• Refactor

  • Adjusted control flow and conditional checks for better maintainability and clarity.

[coderabbitai]

Walkthrough

The pull request introduces several modifications across multiple files to enhance the functionality and robustness of the Form_Field_Post_Content, Frontend_Form, and Frontend_Render_Form classes. Key changes include the addition of a method for formatting content in the editor, improved error handling and user feedback in post editing, and stricter type checks in conditional statements. These updates aim to ensure compatibility with block themes in WordPress and refine user interactions with forms.

Changes

File	Change Summary
includes/Fields/Form_Field_Post_Content.php	Added method format_for_editor($content, $default_editor) for content formatting in the TinyMCE editor.
includes/Frontend/Frontend_Form.php	Updated edit_post_shortcode($atts) method signature to `false
includes/Frontend_Render_Form.php	Refactored conditional checks in render_form method for strict type comparison, minor formatting adjustments.

Assessment against linked issues

Objective	Addressed	Explanation
Fix placeholder for empty featured image (#524)	❌	Changes do not address the issue regarding the placeholder path.

Possibly related PRs

• fix: admin notification after guest email verified #1320: Enhancements in Frontend_Form.php for guest post submissions may relate to the modifications in Form_Field_Post_Content.
• fix: QR data not showing when post is being draft #1459: Updates in Frontend_Form_Ajax.php regarding content processing may connect with changes in Form_Field_Post_Content.
• enhance: move newsletter subscription to weMail #1472: Changes in support.php related to form structure may relate to enhancements in Form_Field_Post_Content.

Suggested labels

bug, needs: developer feedback

Poem

🐰 In the fields where forms do play,
A new method brightens the day.
With checks so strict and errors few,
TinyMCE now knows what to do!
For every post, a clearer way,
Hooray for changes, hip-hip-hooray! 🎉

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (3)

includes/Fields/Form_Field_Post_Content.php (2)

14-19: LGTM! Consider adding a comment for clarity.

The changes look good and address compatibility with block themes. The use of function_exists() ensures backward compatibility.

Consider adding a brief comment explaining why this check and filter are necessary for block themes. This would improve code maintainability. For example:

// Add content formatting filter for block themes to ensure proper rendering
if ( function_exists( 'wp_is_block_theme' ) && wp_is_block_theme() ) {
    add_filter( 'format_for_editor', [ $this, 'format_for_editor' ], 10, 2 );
}

---

21-34: LGTM! Consider adding type hinting and error handling.

The new format_for_editor method looks good and addresses the specific formatting needs for the TinyMCE editor.

Consider adding type hinting and a null check for improved robustness:

public function format_for_editor( ?string $content, string $default_editor ): string {
    if ( 'tinymce' !== $default_editor ) {
        return $content ?? '';
    }

    return htmlspecialchars_decode( $content ?? '', ENT_NOQUOTES );
}

This change ensures that the method always returns a string, even if $content is null, which could happen in some edge cases.

includes/Frontend_Render_Form.php (1)

225-227: LGTM: Improved type safety and formatting

The changes in this segment enhance code quality:

1. Using === for strict comparison improves type safety.
2. The adjusted indentation of the script tag improves code readability.

These modifications align well with coding best practices.

Consider using template literals for better readability when concatenating strings in the class attribute:

-                <form class="wpuf-form-add wpuf-form-<?php echo esc_attr( $layout ); ?> <?php echo ( 'layout1' === $layout ) ? esc_html( $theme_css ) : 'wpuf-style'; ?>" action="" method="post">
+                <form class="wpuf-form-add wpuf-form-<?php echo esc_attr( $layout ); ?> <?php echo ( 'layout1' === $layout ) ? esc_html( $theme_css ) : 'wpuf-style'; ?>" action="" method="post">

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between f92a621 and 689e03b.

📒 Files selected for processing (3)

• includes/Fields/Form_Field_Post_Content.php (1 hunks)
• includes/Frontend/Frontend_Form.php (2 hunks)
• includes/Frontend_Render_Form.php (2 hunks)

🧰 Additional context used

🔇 Additional comments (4)

includes/Fields/Form_Field_Post_Content.php (1)

Line range hint 1-34: Summary: Changes improve block theme compatibility and content formatting.

The modifications to the Form_Field_Post_Content class effectively address compatibility with block themes and enhance content formatting for the TinyMCE editor. These changes align well with the PR objectives and should improve the overall functionality of the post content field.

To further improve the code:

1. Consider adding explanatory comments for the block theme check in the constructor.
2. Implement type hinting and null checks in the format_for_editor method for increased robustness.

These minor enhancements will contribute to better code maintainability and reliability.

includes/Frontend_Render_Form.php (2)

186-189: LGTM: Improved type safety and security

The changes in this segment enhance both type safety and security:

1. Using !== for strict comparison improves type safety.
2. Wrapping the error message with wp_kses_post() ensures proper sanitization of the output.

These modifications align well with WordPress coding standards and security best practices.

---

Line range hint 1-465: Overall assessment: Improvements in code quality and security

The changes in this file contribute to the overall objectives of the PR by enhancing type safety, security, and code readability. The modifications are in line with WordPress coding standards and best practices. No major issues were identified, and the changes should positively impact the functionality of the form rendering process, especially in the context of block themes.

includes/Frontend/Frontend_Form.php (1)

55-56: Approved: Early return for non-logged-in users.

Adding a return statement after handling non-logged-in users ensures that the function exits gracefully, preventing unauthorized access to subsequent code.

[coderabbitai]

🛠️ Refactor suggestion

Consider adding a return type declaration to the method.

The docblock specifies @return false|string, but the method signature does not include the return type declaration. Adding the return type enhances type safety and keeps the code consistent with modern PHP practices.

Apply this diff to include the return type declaration:

 public function edit_post_shortcode( $atts )
+ : false|string {

Committable suggestion was skipped due to low confidence.

[coderabbitai]

⚠️ Potential issue

Use sanitize_text_field for proper nonce sanitization.

Using sanitize_key may alter the nonce value and cause verification to fail. To preserve the integrity of the nonce, consider using sanitize_text_field instead.

Apply this diff to fix the sanitization:

 $nonce = isset( $_GET['_wpnonce'] ) ? 
-    sanitize_key( wp_unslash( $_GET['_wpnonce'] ) ) : '';
+    sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ) : '';

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	$nonce = isset( $_GET['_wpnonce'] ) ? sanitize_key( wp_unslash( $_GET['_wpnonce'] ) ) : '';
	if ( ! wp_verify_nonce( $nonce, 'wpuf_edit' ) ) {
	return '<div class="wpuf-info">' . __( 'Please re-open the post', 'wp-user-frontend' ) . '</div>';
	$nonce = isset( $_GET['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ) : '';
	if ( ! wp_verify_nonce( $nonce, 'wpuf_edit' ) ) {
	return '<div class="wpuf-info">' . __( 'Please re-open the post', 'wp-user-frontend' ) . '</div>';