Skip to content

fix: bugfix/pcp-issues-sept-2025 #1709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
+332 −275
Open

fix: bugfix/pcp-issues-sept-2025 #1709

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bd4fd56
fix: bugfix/pcp-issues-sept-2025
arifulhoque7 Sep 26, 2025
272187f
fix: issues
arifulhoque7 Sep 26, 2025
c58bbc0
fix: coderabbit issues
arifulhoque7 Sep 26, 2025
62c0b33
Merge branch 'develop' into bugfix/pcp-issues-sept-2025
arifulhoque7 Oct 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Lib/Appsero/License.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,7 +272,7 @@ public function menu_output() {

<div class="appsero-license-details">
<p>
<?php printf( wp_kses_post( $this->client->__trans( 'Activate <strong>%s</strong> by your license key to get professional support and automatic update from your WordPress dashboard.' ) ), $this->client->name ); ?>
<?php printf( wp_kses_post( $this->client->__trans( 'Activate <strong>%s</strong> by your license key to get professional support and automatic update from your WordPress dashboard.' ) ), esc_html( $this->client->name ) ); ?>
</p>
<form method="post" novalidate="novalidate" spellcheck="false">
<input type="hidden" name="_action" value="<?php echo esc_attr( $action ); ?>">
Expand Down
1 change: 1 addition & 0 deletions Lib/Gateway/Bank.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ public function order_notify_user( $transaction, $order_id ) {
$msg = sprintf(
// translators: %s is displayname
__( 'Hello %s,', 'wp-user-frontend' ), $user->display_name ) . "\r\n";
// translators: %s is the payment amount
$msg .= sprintf( __( 'We have received your payment amount of %s through bank . ', 'wp-user-frontend' ), $transaction['cost'] ) . "\r\n\r\n";
$msg .= __( 'Thanks for being with us.', 'wp-user-frontend' ) . "\r\n";

Expand Down
8 changes: 4 additions & 4 deletions Lib/Gateway/Paypal.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ public function paypal_settings_update_notice() {
type: 'POST',
data: {
action: 'wpuf_dismiss_paypal_notice',
nonce: '<?php echo wp_create_nonce( 'wpuf_dismiss_paypal_notice' ); ?>'
nonce: '<?php echo esc_js( wp_create_nonce( 'wpuf_dismiss_paypal_notice' ) ); ?>'
},
success: function(response) {
// Handle success if needed
Expand Down Expand Up @@ -465,7 +465,7 @@ public function handle_webhook_request() {

$acknowledged = true;
} catch ( \Exception $e ) {
throw new \Exception( 'Webhook processing failed: ' . $e->getMessage() );
throw new \Exception( 'Webhook processing failed: ' . esc_html( $e->getMessage() ) );
}

// Always acknowledge to PayPal
Expand Down Expand Up @@ -1522,7 +1522,7 @@ function( $hosts ) {
exit();
}
} catch ( \Exception $e ) {
wp_die( $e->getMessage() );
wp_die( esc_html( $e->getMessage() ) );
}
}

Expand Down Expand Up @@ -2066,7 +2066,7 @@ private function handle_subscription_activated( $subscription ) {
}
}
} catch ( \Exception $e ) {
throw new \Exception( 'Error handling subscription activation: ' . $e->getMessage() );
throw new \Exception( 'Error handling subscription activation: ' . esc_html( $e->getMessage() ) );
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion Lib/invisible_recaptcha.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,17 @@
*
* Description: This is an unofficial version of google Invisible reCAPTCHA PHP Library
*
*/

Check failure on line 17 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Additional blank lines found at end of doc comment

class Invisible_Recaptcha {

private static $_signupUrl = "https://www.google.com/recaptcha/admin";

Check failure on line 21 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

String "https://www.google.com/recaptcha/admin" does not require double quotes; use single quotes instead

Check failure on line 21 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Member variable "$_signupUrl" is not in valid snake_case format, try "$_signup_url"

Check warning on line 21 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Property name "$_signupUrl" should not be prefixed with an underscore to indicate visibility

public function __construct( $site_key, $secret_key ){

Check failure on line 23 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Expected 1 space before opening brace; found 0

if ( $secret_key == null || $secret_key == "" ) {

Check failure on line 25 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

String "" does not require double quotes; use single quotes instead

Check warning on line 25 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Loose comparisons are not allowed. Expected: "==="; Found: "=="

Check warning on line 25 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Loose comparisons are not allowed. Expected: "==="; Found: "=="
die("To use reCAPTCHA you must get an API key from <a href='"

Check failure on line 26 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Opening parenthesis of a multi-line function call must be the last content on the line
. self::$_signupUrl . "'>" . self::$_signupUrl . "</a>");
. esc_url( self::$_signupUrl ) . "'>" . esc_html( self::$_signupUrl ) . "</a>");

Check failure on line 27 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

String "</a>" does not require double quotes; use single quotes instead

Check failure on line 27 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Object property "$_signupUrl" is not in valid snake_case format, try "$_signup_url"

Check failure on line 27 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Object property "$_signupUrl" is not in valid snake_case format, try "$_signup_url"

Check failure on line 27 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Multi-line function call not indented correctly; expected 12 spaces but found 16
}
$this->config = array(
'client-key' => $site_key,
Expand Down Expand Up @@ -56,7 +56,7 @@
// get reCAPTCHA server response
$responses = json_decode($getResponse, true);

if (isset($responses['success']) and $responses['success'] == true) {

Check warning on line 59 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Loose comparisons are not allowed. Expected: "==="; Found: "=="
$status = true;
} else {
$status = false;
Expand All @@ -78,11 +78,11 @@
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];

Check warning on line 81 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found precision alignment of 1 spaces.
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];

Check warning on line 85 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found precision alignment of 2 spaces.
}

return $ip;
Expand All @@ -91,7 +91,7 @@
private function getHTTP($data){

$url = 'https://www.google.com/recaptcha/api/siteverify?'.http_build_query($data);
$response = file_get_contents($url);

Check warning on line 94 in Lib/invisible_recaptcha.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

file_get_contents() is discouraged. Use wp_remote_get() for remote URLs instead.

return $response;
}
Expand Down
22 changes: 20 additions & 2 deletions Lib/recaptchalib.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,9 +122,27 @@ function recaptcha_get_html ($pubkey, $enable_no_captcha = false, $error = null,


if ( $enable_no_captcha == true ) {
$return_var = '<div class="g-recaptcha" data-sitekey="'.$pubkey.'"></div><script src="https://www.google.com/recaptcha/api.js"></script>';
wp_enqueue_script( 'wpuf-recaptcha', 'https://www.google.com/recaptcha/api.js', array(), null, true );
$return_var = '<div class="g-recaptcha" data-sitekey="'.esc_attr($pubkey).'"></div>';
} else {
$return_var = '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>';
wp_enqueue_script( 'wpuf-recaptcha-legacy', $server . '/challenge?k=' . $pubkey . $errorpart, array(), null, true );
$container_id = 'wpuf-recaptcha-legacy-' . uniqid();
$return_var = '<div id="' . esc_attr($container_id) . '" class="wpuf-recaptcha-legacy-container"></div>
<script>
(function() {
var container = document.getElementById("' . esc_js($container_id) . '");
if (container) {
var originalWrite = document.write;
document.write = function(content) {
container.innerHTML = content;
};
// Reset document.write after a short delay to avoid interfering with other scripts
setTimeout(function() {
document.write = originalWrite;
}, 100);
}
})();
</script>';
Comment on lines +129 to +145
Copy link

@coderabbitai coderabbitai bot Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Legacy challenge still renders in the footer and corrupts document.write.

The temporary document.write override drops after 100 ms, but the enqueued challenge.js often executes later, so it reverts to the original document.write and still writes the widget in the footer—regressing to the exact bug we’re trying to fix. With multiple legacy widgets, the chained overrides also leave document.write pointing at an earlier container, breaking unrelated scripts. Please restore inline loading (or keep the override active until the script fires a load event and then safely unwind it) so the v1 widget renders in place without clobbering document.write.

-        wp_enqueue_script( 'wpuf-recaptcha-legacy', $server . '/challenge?k=' . $pubkey . $errorpart, array(), null, true );
-        $container_id = 'wpuf-recaptcha-legacy-' . uniqid();
-        $return_var = '<div id="' . esc_attr($container_id) . '" class="wpuf-recaptcha-legacy-container"></div>
-<script>
-(function() {
-    var container = document.getElementById("' . esc_js($container_id) . '");
-    if (container) {
-        var originalWrite = document.write;
-        document.write = function(content) {
-            container.innerHTML = content;
-        };
-        // Reset document.write after a short delay to avoid interfering with other scripts
-        setTimeout(function() {
-            document.write = originalWrite;
-        }, 100);
-    }
-})();
-</script>';
+        $return_var = '<script src="' . esc_url( $server . '/challenge?k=' . rawurlencode( $pubkey ) . $errorpart ) . '"></script>';
🤖 Prompt for AI Agents 
In Lib/recaptchalib.php around lines 129 to 145, the temporary document.write
override currently restores after a fixed 100ms which often reverts before the
enqueued challenge.js runs and can leave document.write pointing at the wrong
container when multiple widgets exist; replace the fixed timeout approach by
creating and injecting the challenge script element inline, keep document.write
overridden until that specific script fires its load (or readyState) or an
explicit timeout fallback, then restore the original document.write in the
script's onload/onerror/onreadystatechange handlers so the widget is written
into its intended container and unrelated scripts are not broken; ensure each
widget uses its own uniquely-scoped override closure that captures and restores
the original document.write to avoid cross-widget interference.

}

return $return_var.'
Expand Down
46 changes: 19 additions & 27 deletions Lib/recaptchalib_noCaptcha.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ function __construct($secret)
{
if ($secret == null || $secret == "") {
die("To use reCAPTCHA you must get an API key from <a href='"
. self::$_signupUrl . "'>" . self::$_signupUrl . "</a>");
. esc_url( self::$_signupUrl ) . "'>" . esc_html( self::$_signupUrl ) . "</a>");
}
$this->_secret=$secret;
}
Expand Down Expand Up @@ -95,35 +95,27 @@ private function _submitHTTPGet($path, $data)
$req = $this->_encodeQS($data);
$url = $path . $req;

// Use curl if possible because allow_url_fopen is off in many
// environments, making file_get_contents fail.
if (function_exists('curl_init')) {
$response = $this->_curl($url);
} else {
$response = file_get_contents($url);
// Use WordPress HTTP API instead of cURL
$response = wp_remote_get($url, array(
'timeout' => 3,
'sslverify' => true
));

if (is_wp_error($response)) {
return false;
}

$response_code = wp_remote_retrieve_response_code($response);
$response_body = wp_remote_retrieve_body($response);

// Return false for non-200 responses or empty bodies
if ($response_code !== 200 || empty($response_body)) {
return false;
}
return $response;

return $response_body;
}

private function _curl($url)
{
// Initiate curl.
$c = curl_init();
// Set timeout.
$timeout = 3;
curl_setopt($c, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
// Set url for call.
curl_setopt($c, CURLOPT_URL, $url);

// Execute curl call.
$response = curl_exec($c);

// Close curl.
curl_close($c);

return $response;
}

/**
* Calls the reCAPTCHA siteverify API to verify whether the user passes
Expand Down
6 changes: 3 additions & 3 deletions admin/form-builder/assets/js/components/builder-stage-v4-1/template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<div id="form-preview-stage" class="wpuf-h-[70vh]">
<div v-if="!form_fields.length" class="wpuf-flex wpuf-flex-col wpuf-items-center wpuf-justify-center wpuf-h-[80vh]">
<img src="<?php echo WPUF_ASSET_URI . '/images/form-blank-state.svg'; ?>" alt="">
<img src="<?php echo esc_url( WPUF_ASSET_URI . '/images/form-blank-state.svg' ); ?>" alt="">
<h2 class="wpuf-text-lg wpuf-text-gray-800 wpuf-mt-8 wpuf-mb-2"><?php esc_html_e( 'Add fields and build your desired form', 'wp-user-frontend' ); ?></h2>

<p class="wpuf-text-sm wpuf-text-gray-500"><?php esc_html_e( 'Add the necessary field and build your form.', 'wp-user-frontend' ); ?></p>
Expand Down Expand Up @@ -49,7 +49,7 @@ class="wpuf-relative"
<label class="wpuf-pro-text-alert">
<a :href="pro_link" target="_blank"
class="wpuf-text-gray-700 wpuf-text-base"><strong>{{ get_field_name( field.template )
}}</strong> <?php _e( 'is available in Pro Version', 'wp-user-frontend' ); ?></a>
}}</strong> <?php esc_html_e( 'is available in Pro Version', 'wp-user-frontend' ); ?></a>
</label>
</div>
</div>
Expand Down Expand Up @@ -111,7 +111,7 @@ class="fa fa-clone control-button-disabled wpuf--ml-1"></i>
:href="pro_link"
target="_blank"
class="wpuf-rounded-r-md hover:wpuf-bg-slate-500 hover:wpuf-cursor-pointer wpuf-transition wpuf-duration-150 wpuf-ease-out hover:wpuf-transition-all">
<img src="<?php esc_attr_e( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="">
<img src="<?php echo esc_attr( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="">
</a>
</span>
</div>
Expand Down
2 changes: 1 addition & 1 deletion admin/form-builder/assets/js/components/field-option-pro-feature-alert/template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@
<label
class="wpuf-pro-text-alert wpuf-ml-2 wpuf-tooltip-top"
data-tip="<?php esc_attr_e( 'Available in PRO version', 'wp-user-frontend' ); ?>">
<a :href="pro_link" target="_blank"><img src="<?php echo wpuf_get_pro_icon() ?>" alt="pro icon"></a>
<a :href="pro_link" target="_blank"><img src="<?php echo esc_url( wpuf_get_pro_icon() ) ?>" alt="pro icon"></a>
</label>
</div>
4 changes: 2 additions & 2 deletions admin/form-builder/assets/js/components/field-visibility/template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ class="wpuf-block wpuf-my-1 wpuf-mr-2 wpuf-font-medium wpuf-text-gray-900">
$partially_filtered = preg_replace('/(<input[^>]+)/', '$1 ' . $attr, $partially_filtered, 1);
}

echo $partially_filtered;
echo esc_html( $partially_filtered );
}
Comment on lines +84 to 85
Copy link

@coderabbitai coderabbitai bot Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Stop escaping the rendered role/subscription markup

esc_html() turns the already-sanitized markup into a literal string, so the <input> elements render as plain text and the visibility checkboxes/radios become unusable. We need the HTML to pass through exactly as filtered by wp_kses() (plus the reinstated Vue bindings).

-                    echo esc_html( $partially_filtered );
+                    echo $partially_filtered;
...
-                            echo esc_html( $partially_filtered );
+                            echo $partially_filtered;

Also applies to: 132-133

🤖 Prompt for AI Agents 
In admin/form-builder/assets/js/components/field-visibility/template.php around
lines 84-85 (also apply same fix at 132-133), the code calls esc_html() on
markup that was already sanitized with wp_kses(), which escapes HTML and renders
inputs as literal text; remove esc_html() and output the filtered markup
directly so the sanitized HTML (including inputs and Vue bindings) is rendered
as intended, ensuring you only echo the wp_kses()-filtered variable (or use echo
wp_kses_post()/wp_kses() result) without additional escaping.

?>
</ul>
Expand Down Expand Up @@ -129,7 +129,7 @@ class="wpuf-block wpuf-my-1 wpuf-mr-2 wpuf-font-medium wpuf-text-gray-900">
$partially_filtered = preg_replace('/(<input[^>]+)/', '$1 ' . $attr, $partially_filtered, 1);
}

echo $partially_filtered;
echo esc_html( $partially_filtered );
}
} else {
esc_html_e( 'No subscription plan found.', 'wp-user-frontend' );
Expand Down
2 changes: 1 addition & 1 deletion admin/form-builder/assets/js/components/form-column_field/template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ class="hover:wpuf-bg-green-700">
:href="pro_link"
target="_blank"
class="wpuf-rounded-r-md hover:wpuf-bg-slate-500 hover:wpuf-cursor-pointer wpuf-transition wpuf-duration-150 wpuf-ease-out hover:wpuf-transition-all">
<img src="<?php esc_attr_e( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="">
<img src="<?php echo esc_attr( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="">
</a>
</span>
</div>
Expand Down
2 changes: 1 addition & 1 deletion admin/form-builder/assets/js/components/form-fields-v4-1/template.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ class="wpuf-shrink-0 wpuf-mr-2 wpuf-text-gray-400">
</div>
<div
class="wpuf-absolute wpuf-top-4 wpuf-right-4 wpuf-opacity-0 group-hover/pro-field:wpuf-opacity-100 wpuf-transition-all">
<img src="<?php esc_attr_e( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="">
<img src="<?php echo esc_attr( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="">
</div>
</div>
<div
Expand Down
13 changes: 9 additions & 4 deletions admin/form-builder/views/form-builder-v4.1.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<div class="wpuf-bg-white wpuf-p-8 wpuf-justify-between wpuf-items-center wpuf-pb-7">
<div class="wpuf-flex wpuf-justify-between">
<div class="wpuf-flex">
<img src="<?php echo WPUF_ASSET_URI . '/images/wpuf-icon-circle.svg'; ?>" alt="WPUF Icon" class="wpuf-mr-2">
<img src="<?php echo esc_url( WPUF_ASSET_URI . '/images/wpuf-icon-circle.svg' ); ?>" alt="WPUF Icon" class="wpuf-mr-2">
<nav class="wpuf-flex wpuf-items-center" aria-label="Tabs">
<div class="wpuf-relative wpuf-flex">
<div class="wpuf-flex wpuf-items-center">
Expand Down Expand Up @@ -51,15 +51,20 @@
</nav>

<?php
$form_id = isset( $_GET['id'] ) ? intval( wp_unslash( $_GET['id'] ) ) : 0;

Check warning on line 54 in admin/form-builder/views/form-builder-v4.1.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.

Check warning on line 54 in admin/form-builder/views/form-builder-v4.1.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Processing form data without nonce verification.

if ( count( $shortcodes ) > 1 && isset( $shortcodes[0]['type'] ) ) {
foreach ( $shortcodes as $shortcode ) {
?>
<?php
// translators: %s is the shortcode type (e.g., form, post, profile)
$title = sprintf( __( 'Click to copy %s shortcode', 'wp-user-frontend' ), esc_attr( $shortcode['type'] ) );
$clipboard = sprintf( '[%s type="%s" id="%s"]', $shortcode['name'], esc_attr( $shortcode['type'] ), esc_attr( $form_id ) );
?>
<span
class="form-id wpuf-group wpuf-flex wpuf-items-center wpuf-px-[18px] wpuf-py-[10px] wpuf-rounded-md wpuf-border wpuf-border-gray-300 hover:wpuf-cursor-pointer wpuf-ml-6 wpuf-text-gray-700 wpuf-text-base wpuf-leading-none wpuf-shadow-sm"
title="<?php printf( esc_attr( __( 'Click to copy %s shortcode', 'wp-user-frontend' ) ), $shortcode['type'] ); ?>"
data-clipboard-text="<?php printf( esc_attr( '[' . $shortcode['name'] . ' type="' . esc_attr( $shortcode['type'] ) . '" id="' . esc_attr( $form_id ) . '"]' ) ); ?>"><?php echo esc_attr( ucwords( $shortcode['type'] ) ); ?>: #{{ post.ID }}
title="<?php echo esc_attr( $title ); ?>"
data-clipboard-text="<?php echo esc_attr( $clipboard ); ?>"><?php echo esc_attr( ucwords( $shortcode['type'] ) ); ?>: #{{ post.ID }}
<span id="default-icon" class="wpuf-ml-2">
<svg
class="group-hover:wpuf-rotate-6 group-hover:wpuf-stroke-gray-500 wpuf-stroke-gray-400"
Expand Down Expand Up @@ -106,7 +111,7 @@
</div>
<div class="wpuf-flex wpuf-space-x-4">
<a
:href="'<?php echo get_wpuf_preview_page(); ?>?wpuf_preview=1&form_id=' + post.ID"
:href="'<?php echo esc_url( get_wpuf_preview_page() ); ?>?wpuf_preview=1&form_id=' + post.ID"
target="_blank"
class="wpuf-inline-flex wpuf-items-center wpuf-gap-x-3 wpuf-rounded-md wpuf-px-[18px] wpuf-py-[10px] wpuf-text-base wpuf-text-gray-700 hover:wpuf-text-gray-700 hover:wpuf-bg-gray-50 wpuf-ring-1 wpuf-ring-inset wpuf-ring-gray-300 focus:wpuf-shadow-none focus:wpuf-border-none wpuf-leading-none wpuf-shadow-sm"><?php esc_html_e( 'Preview', 'wp-user-frontend' ); ?>
<svg width="20" height="14" viewBox="0 0 20 14" fill="none" xmlns="http://www.w3.org/2000/svg">
Expand Down Expand Up @@ -140,7 +145,7 @@
class="wpuf-nav-tab wpuf-nav-tab-active wpuf-py-2 wpuf-px-4 wpuf-text-base hover:wpuf-bg-white hover:wpuf-text-gray-800 hover:wpuf-rounded-md hover:wpuf-drop-shadow-sm focus:wpuf-shadow-none wpuf-mr-2 hover:wpuf-cursor-pointer">
<?php esc_html_e( 'Settings', 'wp-user-frontend' ); ?>
</a>
<?php do_action( "wpuf-form-builder-tabs-{$form_type}" ); ?>

Check warning on line 148 in admin/form-builder/views/form-builder-v4.1.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_tabs_{$form_type}", but found: "wpuf-form-builder-tabs-{$form_type}".
</div>
</div>
</div>
Expand Down
Loading
Loading