fix: implement code review fixes for form builder
Critical fixes: - Implement get_current_form_data() method for template saving functionality - Add sanitize_field_value() method with comprehensive field sanitization High priority fixes: - Add pagination limits (100) to venue and organizer queries to prevent performance issues - Add capability checks to AJAX template handler for proper access control Medium priority fixes: - Add comprehensive documentation for hvac_event_form_after_basic_fields integration hook - Add debug logging for cache initialization failures when WP_DEBUG is enabled 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
parent
9cc5624d0d
commit
63d7f5efa3
1 changed files with 49 additions and 6 deletions
|
|
@ -127,6 +127,9 @@ class HVAC_Event_Form_Builder extends HVAC_Form_Builder {
|
|||
|
||||
// Initialize cache if available
|
||||
$this->cache = class_exists('HVAC_Event_Cache') ? HVAC_Event_Cache::instance() : null;
|
||||
if (!$this->cache && defined('WP_DEBUG') && WP_DEBUG) {
|
||||
error_log('HVAC Event Cache unavailable - performance may be impacted');
|
||||
}
|
||||
|
||||
$this->init_event_form_hooks();
|
||||
}
|
||||
|
|
@ -169,7 +172,15 @@ class HVAC_Event_Form_Builder extends HVAC_Form_Builder {
|
|||
// Basic event fields
|
||||
$this->add_basic_event_fields();
|
||||
|
||||
// Add TEC ticketing integration hook
|
||||
/**
|
||||
* Action hook for TEC ticketing integration
|
||||
*
|
||||
* Allows other components to add fields after basic event fields
|
||||
* are rendered but before optional field groups like datetime fields.
|
||||
*
|
||||
* @param HVAC_Event_Form_Builder $form_builder Current form instance
|
||||
* @since 3.2.0 (Phase 2B - TEC Integration)
|
||||
*/
|
||||
do_action('hvac_event_form_after_basic_fields', $this);
|
||||
|
||||
// Optional field groups
|
||||
|
|
@ -576,9 +587,35 @@ class HVAC_Event_Form_Builder extends HVAC_Form_Builder {
|
|||
* @return array Current form data
|
||||
*/
|
||||
private function get_current_form_data(): array {
|
||||
// This would typically be called after form submission
|
||||
// For now, return empty array - implement based on specific needs
|
||||
return [];
|
||||
$data = [];
|
||||
foreach ($this->fields as $field) {
|
||||
if (isset($_POST[$field['name']])) {
|
||||
$data[$field['name']] = $this->sanitize_field_value($field, $_POST[$field['name']]);
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitize field value based on field type
|
||||
*
|
||||
* @param array $field Field configuration
|
||||
* @param mixed $value Field value to sanitize
|
||||
* @return mixed Sanitized value
|
||||
*/
|
||||
private function sanitize_field_value(array $field, $value) {
|
||||
$sanitize_type = $field['sanitize'] ?? 'text';
|
||||
|
||||
return match($sanitize_type) {
|
||||
'text' => sanitize_text_field($value),
|
||||
'textarea' => sanitize_textarea_field($value),
|
||||
'int' => absint($value),
|
||||
'float' => floatval($value),
|
||||
'datetime' => sanitize_text_field($value),
|
||||
'url' => esc_url_raw($value),
|
||||
'email' => sanitize_email($value),
|
||||
default => sanitize_text_field($value)
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -779,7 +816,7 @@ class HVAC_Event_Form_Builder extends HVAC_Form_Builder {
|
|||
$venues = get_posts([
|
||||
'post_type' => 'tribe_venue',
|
||||
'post_status' => 'publish',
|
||||
'posts_per_page' => -1,
|
||||
'posts_per_page' => 100, // Limit to prevent performance issues
|
||||
'orderby' => 'title',
|
||||
'order' => 'ASC',
|
||||
]);
|
||||
|
|
@ -816,7 +853,7 @@ class HVAC_Event_Form_Builder extends HVAC_Form_Builder {
|
|||
$organizers = get_posts([
|
||||
'post_type' => 'tribe_organizer',
|
||||
'post_status' => 'publish',
|
||||
'posts_per_page' => -1,
|
||||
'posts_per_page' => 100, // Limit to prevent performance issues
|
||||
'orderby' => 'title',
|
||||
'order' => 'ASC',
|
||||
]);
|
||||
|
|
@ -1167,6 +1204,12 @@ class HVAC_Event_Form_Builder extends HVAC_Form_Builder {
|
|||
return;
|
||||
}
|
||||
|
||||
// Capability check - ensure user can create/edit events
|
||||
if (!current_user_can('edit_posts') && !array_intersect(['hvac_trainer', 'hvac_master_trainer'], wp_get_current_user()->roles)) {
|
||||
wp_send_json_error(['message' => __('Permission denied', 'hvac-community-events')]);
|
||||
return;
|
||||
}
|
||||
|
||||
$template_id = sanitize_text_field($_GET['template_id'] ?? '');
|
||||
if (empty($template_id) || $template_id === '0') {
|
||||
wp_send_json_success(['template_data' => [], 'message' => __('Template cleared', 'hvac-community-events')]);
|
||||
|
|
|
|||
Loading…
Reference in a new issue