-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: events calendar post form integration #1494
fix: events calendar post form integration #1494
Conversation
WalkthroughThe pull request introduces modifications to several classes related to form fields in the application. Key changes include the addition of Changes
Possibly related PRs
Suggested labels
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (2)
includes/Fields/Form_Field_Dropdown.php (2)
Line range hint
40-46
: Add error handling for Events Calendar integrationWhile the integration logic is correct, consider adding error handling to ensure the Events Calendar plugin is active before accessing its post types.
if ( 'tribe_events' == get_post_type( $post_id ) ) { + // Verify Events Calendar plugin is active + if ( ! class_exists( 'Tribe__Events__Main' ) ) { + return; + } if ( '_EventVenueID' == $field_settings['name'] ) { $field_settings['options'] = $this->get_posts( 'tribe_venue' ); } else if ( '_EventOrganizerID' == $field_settings['name'] ) { $field_settings['options'] = $this->get_posts( 'tribe_organizer' ); } }
Line range hint
147-176
: Several improvements needed in get_posts methodThe method has potential performance and security issues that should be addressed:
public function get_posts( $post_type ) { + // Sanitize and validate post type + $post_type = sanitize_key( $post_type ); + if ( ! post_type_exists( $post_type ) ) { + return array(); + } + + // Check transient cache first + $cache_key = 'wpuf_dropdown_' . $post_type; + $posts = get_transient( $cache_key ); + if ( false !== $posts ) { + return $posts; + } + $args = array( 'post_type' => $post_type, 'post_status' => 'publish', - 'orderby' => 'DESC', - 'order' => 'ID', - 'posts_per_page' => -1 + 'orderby' => 'ID', + 'order' => 'DESC', + 'posts_per_page' => 100, // Limit to prevent memory issues + 'no_found_rows' => true, // Improve performance + 'fields' => 'id=>parent' // Only get required fields ); $query = new WP_Query( $args ); $posts = array(); if ( $query->have_posts() ) { - $i = 0; while ( $query->have_posts() ) { $query->the_post(); - $post = $query->posts[ $i ]; + $post = $query->post; $posts[ $post->ID ] = $post->post_title; - $i++; } } wp_reset_postdata(); + + // Cache results for 1 hour + set_transient( $cache_key, $posts, HOUR_IN_SECONDS ); return $posts; }Key improvements:
- Added post type validation
- Implemented caching using transients
- Fixed incorrect orderby/order parameters
- Limited posts_per_page to prevent memory issues
- Optimized query performance
- Removed unnecessary counter variable
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (4)
- includes/Admin/Forms/Post/Templates/Post_Form_Template_Events_Calendar.php (1 hunks)
- includes/Fields/Form_Field_Dropdown.php (1 hunks)
- includes/Fields/Form_Field_Radio.php (1 hunks)
- includes/Traits/FieldableTrait.php (1 hunks)
🔇 Additional comments (9)
includes/Fields/Form_Field_Radio.php (2)
48-48
: LGTM: Fixed potential type mismatch in radio button selection.This change prevents PHP warnings when using
checked()
with array values and ensures radio buttons work correctly with meta values. This fix directly addresses the core issue where frontend values weren't being retained properly in the backend.
41-41
: Breaking Change: Action hook renamed to follow WordPress naming conventions.The action hook has been renamed from
WPUF_radio_field_after_label
towpuf_radio_field_after_label
to follow WordPress coding standards. While this is a good change, it could break existing implementations.Let's check for any existing usage of the old hook name:
includes/Fields/Form_Field_Dropdown.php (2)
5-6
: LGTM: Clean import additionThe WP_Query import is correctly placed and necessary for the new functionality.
Line range hint
40-46
: Verify Events Calendar integration across codebaseLet's ensure the Events Calendar integration is consistently implemented.
✅ Verification successful
Events Calendar integration is properly implemented
The integration with The Events Calendar plugin is well-structured and complete:
- Form_Field_Dropdown.php correctly handles venue and organizer fields for Events Calendar
- A dedicated template class (Post_Form_Template_Events_Calendar) implements all required event fields
- Frontend_Dashboard.php properly manages Events Calendar query integration
- All necessary meta fields (_EventStartDate, _EventEndDate, _EventURL, etc.) are properly defined
- The integration is conditionally loaded based on Events Calendar plugin presence
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Search for Events Calendar related code and dependencies echo "Checking for Events Calendar related files and code..." # Check for Events Calendar post types usage rg -l "tribe_events|tribe_venue|tribe_organizer" --type php # Check for Events Calendar meta fields rg -l "_Event(Venue|Organizer)ID" --type php # Check for Events Calendar class dependencies rg -l "Tribe__Events" --type phpLength of output: 531
Script:
#!/bin/bash # Let's examine the implementation details in these files # Check Form_Field_Dropdown.php implementation echo "=== Form_Field_Dropdown.php ===" rg -B 5 -A 5 "tribe_organizer|_EventOrganizerID" includes/Fields/Form_Field_Dropdown.php # Check Events Calendar template implementation echo -e "\n=== Post_Form_Template_Events_Calendar.php ===" cat includes/Admin/Forms/Post/Templates/Post_Form_Template_Events_Calendar.php # Check Frontend integration echo -e "\n=== Frontend_Dashboard.php ===" rg -B 5 -A 5 "Tribe__Events" includes/Frontend/Frontend_Dashboard.phpLength of output: 11100
includes/Admin/Forms/Post/Templates/Post_Form_Template_Events_Calendar.php (2)
97-107
: Consider meaningful default values and placeholdersThe addition of empty placeholder and default attributes across these fields might not fully address the value retention issue. Empty values don't provide user guidance or default state initialization.
Consider adding:
- Meaningful placeholders to guide users (e.g., "Enter event website URL" for EventURL)
- Default values where appropriate (e.g., "$" for EventCurrencySymbol)
Let's verify if these fields are properly initialized in the frontend:
Also applies to: 110-119, 122-131
97-131
: Verify the fix addresses the value retention issueWhile adding placeholder and default attributes is a step in the right direction, we should verify if this alone resolves the value retention issue mentioned in PR #516.
Let's check for any form submission handling related to these fields:
includes/Traits/FieldableTrait.php (3)
327-336
: LGTM! Well-documented action hook addition.The new action hook provides a clean extension point for developers to intercept and modify meta fields before they are saved to the database. The documentation block clearly describes the hook's purpose and parameters.
326-326
:⚠️ Potential issueSecurity concern: AJAX nonce verification is commented out.
The AJAX nonce verification check is commented out, which could expose the endpoint to CSRF attacks. This is a critical security measure that should not be disabled.
Apply this diff to restore the security check:
-// check_ajax_referer( 'wpuf_form_add' ); +check_ajax_referer( 'wpuf_form_add' );
Line range hint
1-1024
: Consider implementing rate limiting for file uploads.The trait handles file uploads but lacks rate limiting, which could lead to potential abuse. Consider implementing rate limiting for the file upload functionality to prevent DoS attacks.
✅ Verification successful
File upload security is adequately implemented
The codebase already implements multiple layers of security for file uploads:
File size limits:
- Uses WordPress's
wp_max_upload_size()
- Configurable max file size per field
- Server-level validation against PHP's
upload_max_filesize
Upload validation:
- Nonce verification via
wp_verify_nonce()
with 'wpuf-upload-nonce'- File count limits with configurable
max_files
setting- Size validation with user-friendly error messages
Rate control:
- Natural rate limiting through WordPress's nonce system
- File count restrictions per form field
- Server-side PHP configuration limits
The suggestion for additional rate limiting is not necessary as the existing security measures provide adequate protection against abuse through multiple validation layers and WordPress's built-in security features.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Check if rate limiting is implemented elsewhere echo "Searching for rate limiting implementations..." rg -i "rate.*limit|throttle|flood"Length of output: 52076
Script:
#!/bin/bash # Check for rate limiting implementations in the codebase echo "Searching for rate limiting implementations..." # Search for rate limiting related code rg -i "rate.*limit|throttle|flood|upload.*limit|file.*limit|max.*upload|max.*file" --type php # Search for file upload configurations rg -i "upload_max|max_file|file_max" --type php # Check for nonce verification in file upload handling rg -i "wp_verify_nonce.*upload|check_ajax_referer.*upload" --type phpLength of output: 9002
'input_type' => 'url', | ||
'template' => 'website_url', | ||
'required' => 'no', | ||
'label' => __( 'Event Website', 'wp-user-frontend' ), | ||
'name' => '_EventURL', | ||
'placeholder' => '', | ||
'default' => '', | ||
'is_meta' => 'yes', | ||
'width' => 'large', | ||
'size' => 40, | ||
'wpuf_cond' => $this->conditionals, | ||
], | ||
[ | ||
'input_type' => 'text', | ||
'template' => 'text_field', | ||
'required' => 'no', | ||
'label' => __( 'Currency Symbol', 'wp-user-frontend' ), | ||
'name' => '_EventCurrencySymbol', | ||
'is_meta' => 'yes', | ||
'size' => 40, | ||
'wpuf_cond' => $this->conditionals, | ||
'input_type' => 'text', | ||
'template' => 'text_field', | ||
'required' => 'no', | ||
'label' => __( 'Currency Symbol', 'wp-user-frontend' ), | ||
'name' => '_EventCurrencySymbol', | ||
'placeholder' => '', | ||
'default' => '', | ||
'is_meta' => 'yes', | ||
'size' => 40, | ||
'wpuf_cond' => $this->conditionals, | ||
], | ||
[ | ||
'input_type' => 'text', | ||
'template' => 'text_field', | ||
'required' => 'no', | ||
'label' => __( 'Cost', 'wp-user-frontend' ), | ||
'name' => '_EventCost', | ||
'is_meta' => 'yes', | ||
'wpuf_cond' => $this->conditionals, | ||
'input_type' => 'text', | ||
'template' => 'text_field', | ||
'required' => 'no', | ||
'label' => __( 'Cost', 'wp-user-frontend' ), | ||
'name' => '_EventCost', | ||
'placeholder' => '', | ||
'default' => '', | ||
'size' => 40, | ||
'is_meta' => 'yes', | ||
'wpuf_cond' => $this->conditionals, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider implementing form field validation
The URL and cost fields lack validation rules. Consider adding:
- URL format validation for
_EventURL
- Numeric validation for
_EventCost
- Currency symbol length restriction for
_EventCurrencySymbol
Example implementation for the EventURL field:
'input_type' => 'url',
'template' => 'website_url',
'required' => 'no',
'label' => __( 'Event Website', 'wp-user-frontend' ),
'name' => '_EventURL',
'placeholder' => '',
'default' => '',
'is_meta' => 'yes',
'width' => 'large',
'size' => 40,
+`validate` => 'url',
'wpuf_cond' => $this->conditionals,
Committable suggestion was skipped due to low confidence.
Got the following issue in debug log: |
the error is coming from wpuf-pro. the fix is in this PR. try deactivating wpuf-pro or pull both PR from free and pro @Rubaiyat-E-Mohammad bhai |
fixes #516
Issue:
Event Created in FrontEnd > Does not hold values of Fields in Back-End
Summary by CodeRabbit
New Features
Bug Fixes
Documentation