diff --git a/php/class-customize-snapshot-back-compat.php b/php/class-customize-snapshot-back-compat.php index 5de40fdd..2afa58d4 100644 --- a/php/class-customize-snapshot-back-compat.php +++ b/php/class-customize-snapshot-back-compat.php @@ -226,7 +226,9 @@ function( $sanitized ) { 'unauthorized_settings', /* translators: %s is the list of unauthorized setting ids */ sprintf( __( 'Unauthorized settings: %s', 'customize-snapshots' ), join( ',', $unauthorized_setting_ids ) ), - array( 'setting_ids' => $unauthorized_setting_ids ) + array( + 'setting_ids' => $unauthorized_setting_ids, + ) ); } if ( ! empty( $unrecognized_setting_ids ) ) { @@ -234,7 +236,9 @@ function( $sanitized ) { 'unrecognized_settings', /* translators: %s is the list of unrecognized setting ids */ sprintf( __( 'Unrecognized settings: %s', 'customize-snapshots' ), join( ',', $unrecognized_setting_ids ) ), - array( 'setting_ids' => $unrecognized_setting_ids ) + array( + 'setting_ids' => $unrecognized_setting_ids, + ) ); } if ( 0 !== count( $invalid_setting_ids ) ) { diff --git a/php/class-customize-snapshot-manager-back-compat.php b/php/class-customize-snapshot-manager-back-compat.php index 3136c036..43980075 100644 --- a/php/class-customize-snapshot-manager-back-compat.php +++ b/php/class-customize-snapshot-manager-back-compat.php @@ -33,7 +33,7 @@ function init() { $this->hooks(); if ( $this->read_current_snapshot_uuid() ) { $this->load_snapshot(); - } elseif ( is_customize_preview() && isset( $_REQUEST['wp_customize_preview_ajax'] ) && 'true' === $_REQUEST['wp_customize_preview_ajax'] ) { + } elseif ( is_customize_preview() && isset( $_REQUEST['wp_customize_preview_ajax'] ) && 'true' === $_REQUEST['wp_customize_preview_ajax'] ) { // WPCS: input var ok; CSRF ok. add_action( 'wp_loaded', array( $this, 'setup_preview_ajax_requests' ), 12 ); } } @@ -491,7 +491,7 @@ public function override_request_method() { global $wp; // Skip of X-HTTP-Method-Override request header is not present. - if ( ! isset( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ) ) { + if ( ! isset( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ) || ! isset( $_SERVER['REQUEST_METHOD'] ) ) { // WPCS: input var ok. return false; } @@ -501,8 +501,8 @@ public function override_request_method() { } // Skip if the request method is not GET or POST, or the override is the same as the original. - $original_request_method = $_SERVER['REQUEST_METHOD']; - $override_request_method = strtoupper( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ); + $original_request_method = strtoupper( sanitize_key( $_SERVER['REQUEST_METHOD'] ) ); // WPCS: input var ok. + $override_request_method = strtoupper( sanitize_key( $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ) ); // WPCS: input var ok. if ( ! in_array( $override_request_method, array( 'GET', 'POST' ), true ) || $original_request_method === $override_request_method ) { return false; } @@ -510,8 +510,8 @@ public function override_request_method() { // Convert a POST request into a GET request. if ( 'GET' === $override_request_method && 'POST' === $original_request_method ) { $_SERVER['REQUEST_METHOD'] = $override_request_method; - $_GET = array_merge( $_GET, $_POST ); - $_SERVER['QUERY_STRING'] = build_query( array_map( 'rawurlencode', wp_unslash( $_GET ) ) ); + $_GET = array_merge( $_GET, $_POST ); // WPCS: input var ok; CSRF ok. + $_SERVER['QUERY_STRING'] = build_query( array_map( 'rawurlencode', wp_unslash( $_GET ) ) ); // WPCS: input var ok. CSRF ok. return true; } @@ -570,7 +570,9 @@ function( $value ) { }, $this->customize_manager->unsanitized_post_values() ); - $result = $this->snapshot->set( $settings_data, array( 'skip_validation' => true ) ); + $result = $this->snapshot->set( $settings_data, array( + 'skip_validation' => true, + ) ); if ( ! empty( $result['errors'] ) ) { add_filter( 'customize_save_response', function( $response ) use ( $result, $that ) { $response['snapshot_errors'] = $that->prepare_errors_for_response( $result['errors'] ); @@ -590,8 +592,11 @@ function( $value ) { $args['date_gmt'] = current_time( 'mysql', true ); } - if ( isset( $_POST['title'] ) && '' !== trim( $_POST['title'] ) ) { - $args['post_title'] = sanitize_text_field( wp_unslash( $_POST['title'] ) ); + if ( isset( $_POST['title'] ) ) { // WPCS: input var ok. CSRF ok because customize_save_after happens after nonce check. + $title = sanitize_text_field( wp_unslash( $_POST['title'] ) ); // WPCS: Input var ok. CSRF ok because customize_save_after happens after nonce check. + if ( ! empty( $title ) ) { + $args['post_title'] = $title; + } } $r = $this->snapshot->save( $args ); @@ -682,7 +687,7 @@ public function save_settings_with_publish_snapshot( $new_status, $old_status, $ do_action( 'customize_register', $this->customize_manager ); // undefine( 'DOING_AJAX' )... just kidding. This is the end of the unfortunate hack and it should be fixed in Core. - unset( $_REQUEST['action'] ); + unset( $_REQUEST['action'] ); // WPCS: Input var ok. } if ( method_exists( $this->customize_manager, 'validate_setting_values' ) ) { @@ -822,7 +827,7 @@ public function handle_update_snapshot_request() { } if ( isset( $_POST['status'] ) ) { // WPCS: input var ok. - $status = sanitize_key( $_POST['status'] ); + $status = sanitize_key( $_POST['status'] ); // WPCS: input var ok. } else { $status = 'draft'; } @@ -834,7 +839,7 @@ public function handle_update_snapshot_request() { status_header( 400 ); wp_send_json_error( 'customize_not_allowed' ); } - $publish_date = isset( $_POST['date'] ) ? $_POST['date'] : ''; + $publish_date = isset( $_POST['date'] ) ? sanitize_text_field( wp_unslash( $_POST['date'] ) ) : ''; // WPCS: input var ok. if ( 'future' === $status ) { $publish_date_obj = new \DateTime( $publish_date ); $current_date = new \DateTime( current_time( 'mysql' ) ); @@ -899,8 +904,11 @@ function( $value ) { $args = array( 'status' => $status, ); - if ( isset( $_POST['title'] ) && '' !== trim( $_POST['title'] ) ) { - $args['post_title'] = sanitize_text_field( wp_unslash( $_POST['title'] ) ); + if ( isset( $_POST['title'] ) ) { // WPCS: input var ok. + $title = sanitize_text_field( wp_unslash( $_POST['title'] ) ); // WPCS: input var ok. + if ( '' !== $title ) { + $args['post_title'] = $title; + } } if ( isset( $publish_date_obj ) && 'future' === $status ) { diff --git a/php/class-customize-snapshot-manager.php b/php/class-customize-snapshot-manager.php index ee05b00a..95b1d465 100644 --- a/php/class-customize-snapshot-manager.php +++ b/php/class-customize-snapshot-manager.php @@ -152,18 +152,16 @@ public function add_snapshot_var_to_customize_save( $response, $customize_manage public function read_current_snapshot_uuid() { $customize_arg = $this->get_customize_uuid_param(); $frontend_arg = $this->get_front_uuid_param(); - if ( isset( $_REQUEST[ $customize_arg ] ) ) { - $uuid = $_REQUEST[ $customize_arg ]; // WPCS: input var ok. - } elseif ( isset( $_REQUEST[ $frontend_arg ] ) ) { - $uuid = $_REQUEST[ $frontend_arg ]; // WPCS: input var ok. + $uuid = null; + if ( isset( $_REQUEST[ $customize_arg ] ) ) { // WPCS: input var ok. CSRF ok. + $uuid = sanitize_key( wp_unslash( $_REQUEST[ $customize_arg ] ) ); // WPCS: input var ok. CSRF ok. + } elseif ( isset( $_REQUEST[ $frontend_arg ] ) ) { // WPCS: input var ok. CSRF ok. + $uuid = sanitize_key( wp_unslash( $_REQUEST[ $frontend_arg ] ) ); // WPCS: input var ok. CSRF ok. } - if ( isset( $uuid ) ) { - $uuid = sanitize_key( wp_unslash( $uuid ) ); - if ( static::is_valid_uuid( $uuid ) ) { - $this->current_snapshot_uuid = $uuid; - return true; - } + if ( $uuid && static::is_valid_uuid( $uuid ) ) { + $this->current_snapshot_uuid = $uuid; + return true; } $this->current_snapshot_uuid = null; return false; @@ -175,7 +173,7 @@ public function read_current_snapshot_uuid() { * @return bool True if it's an Ajax request, false otherwise. */ public function doing_customize_save_ajax() { - return isset( $_REQUEST['action'] ) && wp_unslash( $_REQUEST['action'] ) === 'customize_save'; + return isset( $_REQUEST['action'] ) && sanitize_key( wp_unslash( $_REQUEST['action'] ) ) === 'customize_save'; // WPCS: input var ok. CSRF ok. } /** @@ -188,7 +186,9 @@ public function ensure_customize_manager() { if ( empty( $wp_customize ) || ! ( $wp_customize instanceof \WP_Customize_Manager ) ) { require_once( ABSPATH . WPINC . '/class-wp-customize-manager.php' ); if ( null !== $this->current_snapshot_uuid ) { - $wp_customize = new \WP_Customize_Manager( array( 'changeset_uuid' => $this->current_snapshot_uuid ) ); // WPCS: override ok. + $wp_customize = new \WP_Customize_Manager( array( + 'changeset_uuid' => $this->current_snapshot_uuid, + ) ); // WPCS: override ok. } else { $wp_customize = new \WP_Customize_Manager(); // WPCS: override ok. } @@ -473,6 +473,7 @@ public function customize_menu( $wp_admin_bar ) { * Print admin bar styles. */ public function print_admin_bar_styles() { + // @codingStandardsIgnoreStart A WordPress-VIP sniff has false positive on admin bar being hidden. ?> href = add_query_arg( - array( $this->get_customize_uuid_param() => $this->current_snapshot_uuid ), + array( + $this->get_customize_uuid_param() => $this->current_snapshot_uuid, + ), $customize_node->href ); @@ -873,7 +877,9 @@ public function get_month_choices() { $months[ $i ]['text'] = sprintf( __( '%1$s-%2$s', 'customize-snapshots' ), $month_number, $month_text ); $months[ $i ]['value'] = $month_number; } - return array( 'month_choices' => $months ); + return array( + 'month_choices' => $months, + ); } /** diff --git a/php/class-migrate.php b/php/class-migrate.php index ea90191f..a07b4b81 100644 --- a/php/class-migrate.php +++ b/php/class-migrate.php @@ -66,7 +66,7 @@ public function maybe_migrate() { */ public function handle_migrate_changeset_request() { check_ajax_referer( 'customize-snapshot-migration', 'nonce' ); - $limit = isset( $_REQUEST['limit'] ) ? absint( $_REQUEST['limit'] ) : 20; + $limit = isset( $_REQUEST['limit'] ) ? absint( $_REQUEST['limit'] ) : 20; // WPCS: input var ok. $found_posts = $this->changeset_migrate( $limit ); $remaining_post = ( $found_posts < $limit ) ? 0 : $found_posts - $limit; $data = array( @@ -223,14 +223,15 @@ public function migrate_post( $id ) { $post_data[ $prefixed_setting_id ]['type'] = $setting->type; } } - $maybe_updated = $wpdb->update( $wpdb->posts, array( + $maybe_updated = $wpdb->update( $wpdb->posts, + array( 'post_type' => 'customize_changeset', 'post_content' => Customize_Snapshot_Manager::encode_json( $post_data ), ), array( 'ID' => $post->ID, ) - ); + ); // WPCS: DB call ok and cache ok, because doing update query, and using direct DB call to bypass weight of triggered hooks. clean_post_cache( $post ); $wp_customize = $original_manager; // Restore previous manager. WPCS: override ok. diff --git a/php/class-plugin-base.php b/php/class-plugin-base.php index 77a745aa..00fcf8bc 100644 --- a/php/class-plugin-base.php +++ b/php/class-plugin-base.php @@ -201,7 +201,7 @@ public function is_wpcom_vip_prod() { */ public function trigger_warning( $message, $code = \E_USER_WARNING ) { if ( ! $this->is_wpcom_vip_prod() ) { - trigger_error( esc_html( get_class( $this ) . ': ' . $message ), $code ); + trigger_error( esc_html( get_class( $this ) . ': ' . $message ), $code ); // @codingStandardsIgnoreLine because this line will not get run on WordPress.com per the condition. } } @@ -214,7 +214,10 @@ public function trigger_warning( $message, $code = \E_USER_WARNING ) { * * @return mixed */ - public function add_filter( $name, $callback, $args = array( 'priority' => 10, 'arg_count' => PHP_INT_MAX ) ) { + public function add_filter( $name, $callback, $args = array( + 'priority' => 10, + 'arg_count' => PHP_INT_MAX, + ) ) { return $this->_add_hook( 'filter', $name, $callback, $args ); } @@ -227,7 +230,10 @@ public function add_filter( $name, $callback, $args = array( 'priority' => 10, ' * * @return mixed */ - public function add_action( $name, $callback, $args = array( 'priority' => 10, 'arg_count' => PHP_INT_MAX ) ) { + public function add_action( $name, $callback, $args = array( + 'priority' => 10, + 'arg_count' => PHP_INT_MAX, + ) ) { return $this->_add_hook( 'action', $name, $callback, $args ); } @@ -262,7 +268,7 @@ public function add_doc_hooks( $object = null ) { if ( isset( $this->_called_doc_hooks[ $class_name ] ) ) { $notice = sprintf( 'The add_doc_hooks method was already called on %s. Note that the Plugin_Base constructor automatically calls this method.', $class_name ); if ( ! $this->is_wpcom_vip_prod() ) { - trigger_error( esc_html( $notice ), \E_USER_NOTICE ); + trigger_error( esc_html( $notice ), \E_USER_NOTICE ); // @codingStandardsIgnoreLine because this line will not get run on WordPress.com per the condition. } return; } diff --git a/php/class-plugin.php b/php/class-plugin.php index 86959f05..60e2b12f 100644 --- a/php/class-plugin.php +++ b/php/class-plugin.php @@ -47,7 +47,7 @@ class Plugin extends Plugin_Base { */ public function __construct() { // Parse plugin version. - if ( preg_match( '/Version:\s*(\S+)/', file_get_contents( __DIR__ . '/../customize-snapshots.php' ), $matches ) ) { + if ( preg_match( '/Version:\s*(\S+)/', file_get_contents( __DIR__ . '/../customize-snapshots.php' ), $matches ) ) { // @codingStandardsIgnoreLine because file_get_contents() is not requesting a URL. $this->version = $matches[1]; } $this->compat = is_back_compat(); @@ -161,10 +161,10 @@ public function register_styles( \WP_Styles $wp_styles ) { * Continue allowing support of param customize_snapshot_uuid in 4.7+. */ public function param_back_compat() { - if ( isset( $_REQUEST['customize_snapshot_uuid'] ) && ! $this->compat ) { - $_REQUEST['customize_changeset_uuid'] = $_REQUEST['customize_snapshot_uuid']; - $_GET['customize_changeset_uuid'] = $_REQUEST['customize_snapshot_uuid']; - $_POST['customize_changeset_uuid'] = $_REQUEST['customize_snapshot_uuid']; + if ( isset( $_REQUEST['customize_snapshot_uuid'] ) && ! $this->compat ) { // WPCS: input var ok. CSRF ok. + $_REQUEST['customize_changeset_uuid'] = $_REQUEST['customize_snapshot_uuid']; // WPCS: input var ok. CSRF ok. Sanitization ok. + $_GET['customize_changeset_uuid'] = $_REQUEST['customize_snapshot_uuid']; // WPCS: input var ok. CSRF ok. Sanitization ok. + $_POST['customize_changeset_uuid'] = $_REQUEST['customize_snapshot_uuid']; // WPCS: input var ok. CSRF ok. Sanitization ok. } } } diff --git a/php/class-post-type-back-compat.php b/php/class-post-type-back-compat.php index 9d5cae3e..f1c1f4fb 100644 --- a/php/class-post-type-back-compat.php +++ b/php/class-post-type-back-compat.php @@ -133,11 +133,14 @@ public function snapshot_merge_print_script() { public function handle_snapshot_merge_workaround() { $wp_list_table = _get_list_table( 'WP_Posts_List_Table' ); $action = $wp_list_table->current_action(); - if ( 'merge_snapshot' !== $action || ( isset( $_REQUEST['post_type'] ) && static::SLUG !== wp_unslash( $_REQUEST['post_type'] ) ) ) { + if ( 'merge_snapshot' !== $action || ( isset( $_REQUEST['post_type'] ) && static::SLUG !== sanitize_key( wp_unslash( $_REQUEST['post_type'] ) ) ) ) { // WPCS: input var ok. CSRF ok. + return; + } + if ( ! isset( $_REQUEST['post'] ) || ! is_array( $_REQUEST['post'] ) ) { // WPCS: input var ok. CSRF ok. return; } check_admin_referer( 'bulk-posts' ); - $post_ids = array_map( 'intval', $_REQUEST['post'] ); + $post_ids = array_map( 'intval', $_REQUEST['post'] ); // WPCS: input var ok. CSRF ok. if ( empty( $post_ids ) ) { return; } @@ -226,7 +229,7 @@ public function show_publish_error_admin_notice() { if ( ! $current_screen || static::SLUG !== $current_screen->id || 'post' !== $current_screen->base ) { return; } - if ( ! isset( $_REQUEST['snapshot_error_on_publish'] ) ) { + if ( ! isset( $_REQUEST['snapshot_error_on_publish'] ) ) { // WPCS: input var ok. CSRF ok. return; } ?> diff --git a/php/class-post-type.php b/php/class-post-type.php index 4b834f70..a33df21f 100644 --- a/php/class-post-type.php +++ b/php/class-post-type.php @@ -131,8 +131,12 @@ public function add_admin_menu_item() { $page_title = $post_type_object->labels->name; $menu_title = $post_type_object->labels->name; $menu_slug = 'edit.php?post_type=' . static::SLUG; - if ( current_user_can( 'customize' ) ) { - $customize_url = add_query_arg( 'return', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), 'customize.php' ); + if ( current_user_can( 'customize' ) && isset( $_SERVER['REQUEST_URI'] ) ) { // WPCS: input var ok. + $customize_url = add_query_arg( + 'return', + rawurlencode( wp_validate_redirect( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ), // WPCS: input var ok. + 'customize.php' + ); // Remove exiting menu from appearance as it will require 'edit_theme_options' cap. remove_submenu_page( 'themes.php', esc_url( $customize_url ) ); @@ -155,7 +159,9 @@ public function add_admin_menu_item() { public function filter_post_type_link( $url, $post ) { if ( static::SLUG === $post->post_type ) { $url = add_query_arg( - array( static::FRONT_UUID_PARAM_NAME => $post->post_name ), + array( + static::FRONT_UUID_PARAM_NAME => $post->post_name, + ), home_url( '/' ) ); } @@ -219,10 +225,10 @@ public function remove_slug_metabox() { * @codeCoverageIgnore */ function suspend_kses_for_snapshot_revision_restore() { - if ( ! isset( $_GET['revision'] ) ) { // WPCS: input var ok. + if ( ! isset( $_GET['revision'] ) ) { // WPCS: input var ok. CSRF ok. return; } - if ( ! isset( $_GET['action'] ) || 'restore' !== $_GET['action'] ) { // WPCS: input var ok, sanitization ok. + if ( ! isset( $_GET['action'] ) || 'restore' !== $_GET['action'] ) { // WPCS: input var ok, sanitization ok. CSRF ok. return; } $revision_post_id = intval( $_GET['revision'] ); // WPCS: input var ok. @@ -695,7 +701,11 @@ public function handle_snapshot_merge( $redirect_to, $do_action, $post_ids ) { $posts = array_map( 'get_post', $post_ids ); $posts = array_filter( $posts ); if ( count( $posts ) <= 1 ) { - return empty( $redirect_to ) ? add_query_arg( array( 'merge-error' => 1 ) ) : add_query_arg( array( 'merge-error' => 1 ), $redirect_to ); + return empty( $redirect_to ) ? add_query_arg( array( + 'merge-error' => 1, + ) ) : add_query_arg( array( + 'merge-error' => 1, + ), $redirect_to ); } $post_id = $this->merge_snapshots( $posts ); $redirect_to = get_edit_post_link( $post_id, 'raw' ); @@ -777,13 +787,13 @@ public function merge_snapshots( $post_ids ) { * Show admin notice in case of merge error */ public function admin_show_merge_error() { - if ( ! isset( $_REQUEST['merge-error'] ) ) { + if ( ! isset( $_REQUEST['merge-error'] ) ) { // WPCS: input var ok. CSRF ok. return; } $error = array( 1 => __( 'At-least two snapshot required for merge.', 'customize-snapshots' ), ); - $error_code = intval( $_REQUEST['merge-error'] ); + $error_code = intval( $_REQUEST['merge-error'] ); // WPCS: input var ok. if ( ! isset( $error[ $error_code ] ) ) { return; } @@ -795,7 +805,7 @@ public function admin_show_merge_error() { * * In each snapshot's edit page, there are JavaScript-controlled links to remove each setting. * On clicking a setting, the JS sets a hidden input field with that setting's ID. - * And these settings appear in $_REQUEST as the array 'customize_snapshot_remove_settings.' + * And these settings appear in $_POST as the array 'customize_snapshot_remove_settings.' * So look for these removed settings in that array, on saving. * And possibly filter out those settings from the post content. * @@ -816,13 +826,13 @@ public function filter_out_settings_if_removed_in_metabox( $content ) { && ( static::SLUG === $post->post_type ) && - ! empty( $_REQUEST[ $key_for_settings ] ) + ! empty( $_POST[ $key_for_settings ] ) // WPCS: input var ok. && - is_array( $_REQUEST[ $key_for_settings ] ) + is_array( $_POST[ $key_for_settings ] ) // WPCS: input var ok. CSRF ok. && - isset( $_REQUEST[ static::SLUG ] ) + isset( $_POST[ static::SLUG ] ) // WPCS: input var ok. && - wp_verify_nonce( $_REQUEST[ static::SLUG ], static::SLUG . '_settings' ) + wp_verify_nonce( sanitize_key( wp_unslash( $_POST[ static::SLUG ] ) ), static::SLUG . '_settings' ) // WPCS: input var ok. && ! ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) ); @@ -831,10 +841,9 @@ public function filter_out_settings_if_removed_in_metabox( $content ) { return $content; } - $setting_ids_to_unset = $_REQUEST[ $key_for_settings ]; $data = json_decode( wp_unslash( $content ), true ); - foreach ( $setting_ids_to_unset as $setting_id ) { - unset( $data[ $setting_id ] ); + foreach ( $_POST[ $key_for_settings ] as $setting_id_to_unset ) { // WPCS: input var ok. Sanitization ok, since array items only to be used to unset array keys. + unset( $data[ $setting_id_to_unset ] ); } $content = Customize_Snapshot_Manager::encode_json( $data ); diff --git a/php/class-snapshot-rest-api-controller.php b/php/class-snapshot-rest-api-controller.php index f04ea024..0b9b3fc5 100644 --- a/php/class-snapshot-rest-api-controller.php +++ b/php/class-snapshot-rest-api-controller.php @@ -101,7 +101,9 @@ public function parse_author_list( $author_list ) { */ protected function check_initial_access_permission() { if ( ! current_user_can( 'customize' ) ) { - return new \WP_Error( 'rest_customize_unauthorized', __( 'Sorry, Customizer snapshots require proper authentication (the customize capability).', 'customize-snapshots' ), array( 'status' => rest_authorization_required_code() ) ); + return new \WP_Error( 'rest_customize_unauthorized', __( 'Sorry, Customizer snapshots require proper authentication (the customize capability).', 'customize-snapshots' ), array( + 'status' => rest_authorization_required_code(), + ) ); } return true; } @@ -169,7 +171,9 @@ public function prepare_item_for_response( $post, $request ) { */ public function create_item( $request ) { unset( $request ); - return new \WP_Error( 'rest_cannot_create', __( 'Now allowed to create post', 'customize-snapshots' ), array( 'status' => rest_authorization_required_code() ) ); + return new \WP_Error( 'rest_cannot_create', __( 'Now allowed to create post', 'customize-snapshots' ), array( + 'status' => rest_authorization_required_code(), + ) ); } /** @@ -181,7 +185,9 @@ public function create_item( $request ) { public function update_item( $request ) { unset( $request ); /* translators: %s is the method name */ - return new \WP_Error( 'invalid-method', sprintf( __( "Method '%s' not yet implemented.", 'customize-snapshots' ), __METHOD__ ), array( 'status' => 405 ) ); + return new \WP_Error( 'invalid-method', sprintf( __( "Method '%s' not yet implemented.", 'customize-snapshots' ), __METHOD__ ), array( + 'status' => 405, + ) ); } /** @@ -193,6 +199,8 @@ public function update_item( $request ) { public function delete_item( $request ) { unset( $request ); /* translators: %s is the method name */ - return new \WP_Error( 'invalid-method', sprintf( __( "Method '%s' not yet implemented.", 'customize-snapshots' ), __METHOD__ ), array( 'status' => 405 ) ); + return new \WP_Error( 'invalid-method', sprintf( __( "Method '%s' not yet implemented.", 'customize-snapshots' ), __METHOD__ ), array( + 'status' => 405, + ) ); } }