Minor admin fixes.

colinmurphy · colinmurphy · commit 102bbdd68256 · 2025-11-03T19:35:00.000Z
diff --git a/plugins/wpgraphql-logging/src/Admin/Settings/Fields/Field/SelectField.php b/plugins/wpgraphql-logging/src/Admin/Settings/Fields/Field/SelectField.php
@@ -52,7 +52,10 @@ public function render_field( array $option_value, string $setting_key, string $
 		$field_value = $this->get_field_value( $option_value, $tab_key, $this->multiple ? [] : '' );
 
 		// Ensure we have the correct format for comparison.
-		$selected_values = $this->multiple ? (array) $field_value : [ (string) $field_value ];
+		$selected_values = $this->multiple ? (array) $field_value : [ sanitize_text_field( (string) $field_value ) ];
+		if ( $this->multiple ) {
+			$selected_values = array_map( 'sanitize_text_field', $selected_values );
+		}
 
 		$html  = '<select ';
 		$html .= 'name="' . esc_attr( $field_name ) . ( $this->multiple ? '[]' : '' ) . '" ';
diff --git a/plugins/wpgraphql-logging/src/Admin/Settings/Fields/Field/TextInputField.php b/plugins/wpgraphql-logging/src/Admin/Settings/Fields/Field/TextInputField.php
@@ -49,7 +49,7 @@ public function __construct(
 	 */
 	public function render_field( array $option_value, string $setting_key, string $tab_key ): string {
 		$field_name  = $this->get_field_name( $setting_key, $tab_key, $this->get_id() );
-		$field_value = $this->get_field_value( $option_value, $tab_key, $this->default_value );
+		$field_value = sanitize_text_field( $this->get_field_value( $option_value, $tab_key, $this->default_value ) );
 
 
 		return sprintf(
diff --git a/plugins/wpgraphql-logging/src/Admin/SettingsPage.php b/plugins/wpgraphql-logging/src/Admin/SettingsPage.php
@@ -159,21 +159,17 @@ public function get_current_tab( array $tabs = [] ): string {
 		if ( empty( $tabs ) ) {
 			return $this->get_default_tab();
 		}
-
-		if ( ! isset( $_GET['tab'] ) || ! is_string( $_GET['tab'] ) ) {
+		if ( ! isset( $_GET['tab'] ) || ! is_string( $_GET['tab'] ) || ! isset( $_GET['wpgraphql_logging_settings_tab_nonce'] ) || ! is_string( $_GET['wpgraphql_logging_settings_tab_nonce'] ) ) {
 			return $this->get_default_tab();
 		}
 
-		if ( ! isset( $_GET['wpgraphql_logging_settings_tab_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['wpgraphql_logging_settings_tab_nonce'] ) ), 'wpgraphql-logging-settings-tab-action' ) ) {
+		$nonce = sanitize_text_field( $_GET['wpgraphql_logging_settings_tab_nonce'] );
+		if ( false === wp_verify_nonce( $nonce, 'wpgraphql-logging-settings-tab-action' ) ) {
 			return $this->get_default_tab();
 		}
 
 		$tab = sanitize_text_field( wp_unslash( $_GET['tab'] ) );
 
-		if ( '' === $tab ) {
-			return $this->get_default_tab();
-		}
-
 		if ( array_key_exists( $tab, $tabs ) ) {
 			return $tab;
 		}
diff --git a/plugins/wpgraphql-logging/src/Admin/ViewLogsPage.php b/plugins/wpgraphql-logging/src/Admin/ViewLogsPage.php
@@ -89,23 +89,23 @@ public function register_settings_page(): void {
 			'manage_options',
 			self::ADMIN_PAGE_SLUG,
 			[ $this, 'render_admin_page' ],
-			'dashicons-list-view',
+			'dashicons-chart-line',
 			25
 		);
 
 		// Updates the list table when filters are applied.
 		add_action( 'load-' . $this->page_hook, [ $this, 'process_page_actions_before_rendering' ], 10, 0 );
 
 		// Enqueue scripts for the admin page.
-		add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_admin_scripts' ] );
+		add_action( 'admin_enqueue_scripts', [ $this, 'enqueue_admin_scripts_styles' ] );
 	}
 
 	/**
 	 * Enqueues scripts and styles for the admin page.
 	 *
 	 * @param string $hook_suffix The current admin page.
 	 */
-	public function enqueue_admin_scripts( string $hook_suffix ): void {
+	public function enqueue_admin_scripts_styles( string $hook_suffix ): void {
 		if ( $hook_suffix !== $this->page_hook ) {
 			return;
 		}
@@ -153,7 +153,6 @@ public function enqueue_admin_scripts( string $hook_suffix ): void {
 	 */
 	public function render_admin_page(): void {
 
-
 		$action = isset( $_REQUEST['action'] ) && is_string( $_REQUEST['action'] )
 			? sanitize_text_field( $_REQUEST['action'] )
 			: 'list';
diff --git a/plugins/wpgraphql-logging/tests/wpunit/Admin/View/ViewLogsPageTest.php b/plugins/wpgraphql-logging/tests/wpunit/Admin/View/ViewLogsPageTest.php
@@ -63,12 +63,12 @@ public function test_init_returns_same_instance_on_multiple_calls(): void {
 		$this->assertSame($instance1, $instance2);
 	}
 
-	public function test_enqueue_admin_scripts_only_on_correct_page(): void {
+	public function test_enqueue_admin_scripts_styles_only_on_correct_page(): void {
 		$this->set_as_admin();
 		$instance = ViewLogsPage::init();
 
 		// Test with wrong hook suffix
-		$instance->enqueue_admin_scripts('different-page');
+		$instance->enqueue_admin_scripts_styles('different-page');
 		$this->assertFalse(wp_script_is('jquery-ui-datepicker', 'enqueued'));
 
 		// Test with correct hook suffix (simulate the page hook)
@@ -77,7 +77,7 @@ public function test_enqueue_admin_scripts_only_on_correct_page(): void {
 		$pageHookProperty->setAccessible(true);
 		$pageHookProperty->setValue($instance, 'test-page-hook');
 
-		$instance->enqueue_admin_scripts('test-page-hook');
+		$instance->enqueue_admin_scripts_styles('test-page-hook');
 		$this->assertTrue(wp_script_is('jquery-ui-datepicker', 'enqueued'));
 		$this->assertTrue(wp_script_is('jquery-ui-slider', 'enqueued'));
 	}

Original file line number	Diff line number	Diff line change
`@@ -159,21 +159,17 @@ public function get_current_tab( array $tabs = [] ): string {`
`159`	`159`	`if ( empty( $tabs ) ) {`
`160`	`160`	`return $this->get_default_tab();`
`161`	`161`	`}`
`162`		`-`
`163`		`- if ( ! isset( $_GET['tab'] ) \|\| ! is_string( $_GET['tab'] ) ) {`
	`162`	`+ if ( ! isset( $_GET['tab'] ) \|\| ! is_string( $_GET['tab'] ) \|\| ! isset( $_GET['wpgraphql_logging_settings_tab_nonce'] ) \|\| ! is_string( $_GET['wpgraphql_logging_settings_tab_nonce'] ) ) {`
`164`	`163`	`return $this->get_default_tab();`
`165`	`164`	`}`
`166`	`165`
`167`		`- if ( ! isset( $_GET['wpgraphql_logging_settings_tab_nonce'] ) \|\| ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['wpgraphql_logging_settings_tab_nonce'] ) ), 'wpgraphql-logging-settings-tab-action' ) ) {`
	`166`	`+ $nonce = sanitize_text_field( $_GET['wpgraphql_logging_settings_tab_nonce'] );`
	`167`	`+ if ( false === wp_verify_nonce( $nonce, 'wpgraphql-logging-settings-tab-action' ) ) {`
`168`	`168`	`return $this->get_default_tab();`
`169`	`169`	`}`
`170`	`170`
`171`	`171`	`$tab = sanitize_text_field( wp_unslash( $_GET['tab'] ) );`
`172`	`172`
`173`		`- if ( '' === $tab ) {`
`174`		`- return $this->get_default_tab();`
`175`		`- }`
`176`		`-`
`177`	`173`	`if ( array_key_exists( $tab, $tabs ) ) {`
`178`	`174`	`return $tab;`
`179`	`175`	`}`