diff --git a/modules/editorial-comments/editorial-comments.php b/modules/editorial-comments/editorial-comments.php
index 5b6bb425..1280188d 100644
--- a/modules/editorial-comments/editorial-comments.php
+++ b/modules/editorial-comments/editorial-comments.php
@@ -6,117 +6,118 @@
* @author batmoo
*/
-if ( !class_exists( 'EF_Editorial_Comments' ) ) {
-
-class EF_Editorial_Comments extends EF_Module
-{
- // This is comment type used to differentiate editorial comments
- const comment_type = 'editorial-comment';
-
- function __construct() {
-
- $this->module_url = $this->get_module_url( __FILE__ );
- // Register the module with Edit Flow
- $args = array(
- 'title' => __( 'Editorial Comments', 'edit-flow' ),
- 'short_description' => __( 'Share internal notes with your team.', 'edit-flow' ),
- 'extended_description' => __( 'Use editorial comments to hold a private discussion about a post. Communicate directly with your writers or editors about what works and what needs to be improved for each piece.', 'edit-flow' ),
- 'module_url' => $this->module_url,
- 'img_url' => $this->module_url . 'lib/editorial_comments_s128.png',
- 'slug' => 'editorial-comments',
- 'default_options' => array(
- 'enabled' => 'on',
- 'post_types' => array(
- 'post' => 'on',
- 'page' => 'on',
+if ( ! class_exists( 'EF_Editorial_Comments' ) ) {
+
+ class EF_Editorial_Comments extends EF_Module {
+
+ // This is comment type used to differentiate editorial comments
+ // phpcs:ignore Generic.NamingConventions.UpperCaseConstantName.ClassConstantNotUpperCase
+ const comment_type = 'editorial-comment';
+
+ public function __construct() {
+
+ $this->module_url = $this->get_module_url( __FILE__ );
+ // Register the module with Edit Flow
+ $args = array(
+ 'title' => __( 'Editorial Comments', 'edit-flow' ),
+ 'short_description' => __( 'Share internal notes with your team.', 'edit-flow' ),
+ 'extended_description' => __( 'Use editorial comments to hold a private discussion about a post. Communicate directly with your writers or editors about what works and what needs to be improved for each piece.', 'edit-flow' ),
+ 'module_url' => $this->module_url,
+ 'img_url' => $this->module_url . 'lib/editorial_comments_s128.png',
+ 'slug' => 'editorial-comments',
+ 'default_options' => array(
+ 'enabled' => 'on',
+ 'post_types' => array(
+ 'post' => 'on',
+ 'page' => 'on',
+ ),
),
- ),
- 'configure_page_cb' => 'print_configure_view',
- 'configure_link_text' => __( 'Choose Post Types', 'edit-flow' ),
- 'autoload' => false,
- 'settings_help_tab' => array(
- 'id' => 'ef-editorial-comments-overview',
- 'title' => __('Overview', 'edit-flow'),
- 'content' => __('
Editorial comments help you cut down on email overload and keep the conversation close to where it matters: your content. Threaded commenting in the admin, similar to what you find at the end of a blog post, allows writers and editors to privately leave feedback and discuss what needs to be changed before publication.
Anyone with access to view the story in progress will also have the ability to comment on it. If you have notifications enabled, those following the post will receive an email every time a comment is left.
Editorial comments help you cut down on email overload and keep the conversation close to where it matters: your content. Threaded commenting in the admin, similar to what you find at the end of a blog post, allows writers and editors to privately leave feedback and discuss what needs to be changed before publication.
Anyone with access to view the story in progress will also have the ability to comment on it. If you have notifications enabled, those following the post will receive an email every time a comment is left.
@@ -200,250 +201,272 @@ function the_comment_form( ) {
-
+
- module_enabled( 'notifications' ) || ! apply_filters( 'ef_editorial_comments_show_notified_users', true ) ) {
- return;
- }
-
- $notification = get_comment_meta( $comment_id, 'notification_list', true );
-
- if ( empty( $notification ) ) {
- $message = esc_html__( 'No users or groups were notified.', 'edit-flow' );
- } else {
- $message = ''. esc_html__( 'Notified', 'edit-flow' ) . ': ' . esc_html( $notification );
+ ' . $message . '';
- }
-
- /**
- * Displays a single comment
- */
- function the_comment($comment, $args, $depth) {
- global $current_user, $userdata;
-
- // Get current user
- wp_get_current_user() ;
-
- $GLOBALS['comment'] = $comment;
+ /**
+ * Maybe display who was notified underneath an editorial comment.
+ *
+ * @param int $comment_id
+ * @return void
+ */
+ public function maybe_output_comment_meta( $comment_id ) {
+ if ( ! $this->module_enabled( 'notifications' ) || ! apply_filters( 'ef_editorial_comments_show_notified_users', true ) ) {
+ return;
+ }
- $actions = array();
+ $notification = get_comment_meta( $comment_id, 'notification_list', true );
- $actions_string = '';
- // Comments can only be added by users that can edit the post
- if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
- $actions['reply'] = '' . __( 'Reply', 'edit-flow' ) . '';
+ if ( empty( $notification ) ) {
+ $message = esc_html__( 'No users or groups were notified.', 'edit-flow' );
+ } else {
+ $message = '' . esc_html__( 'Notified', 'edit-flow' ) . ': ' . esc_html( $notification );
+ }
- $sep = ' ';
- $i = 0;
- foreach ( $actions as $action => $link ) {
- ++$i;
- // Reply and quickedit need a hide-if-no-js span
- if ( 'reply' == $action || 'quickedit' == $action )
- $action .= ' hide-if-no-js';
+ // It's already been escaped above.
+ // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+ echo '
' . $message . '
';
+ }
- $actions_string .= "$sep$link";
+ /**
+ * Displays a single comment
+ */
+ public function the_comment( $comment, $args, $depth ) {
+ global $current_user, $userdata;
+
+ // Get current user
+ wp_get_current_user();
+
+ // Without this, the comment will not appear.
+ // ToDo: Find an alternative so we don't override global variables
+ // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
+ $GLOBALS['comment'] = $comment;
+
+ $actions = array();
+
+ $actions_string = '';
+ // Comments can only be added by users that can edit the post
+ if ( current_user_can( 'edit_post', $comment->comment_post_ID ) ) {
+ // The output for this has been individually escaped. Escaping the entire string will break comment reply functionality.
+ // ToDo: Use wp_kses with a custom set of allowed tags instead.
+ $actions['reply'] = '' . esc_html__( 'Reply', 'edit-flow' ) . '';
+
+ $sep = ' ';
+ $i = 0;
+ foreach ( $actions as $action => $link ) {
+ ++$i;
+ // Reply and quickedit need a hide-if-no-js span
+ if ( 'reply' == $action || 'quickedit' == $action ) {
+ $action .= ' hide-if-no-js';
+ }
+
+ $actions_string .= "$sep$link";
+ }
}
- }
- ?>
+ ?>
-
- %1$s said on %2$s at %3$s', 'edit-flow'), - comment_author_email_link( $comment->comment_author ), - get_comment_date( get_option( 'date_format' ) ), - get_comment_time() ); ?> + %1$s said on %2$s at %3$s', 'edit-flow' ) ), + wp_kses_post( comment_author_email_link( $comment->comment_author ) ), + esc_attr( get_comment_date( get_option( 'date_format' ) ) ), + esc_attr( get_comment_time() ) ); + ?>
- maybe_output_comment_meta( $comment->comment_ID ); ?> - - + maybe_output_comment_meta( $comment->comment_ID ); ?> +