From 69b887a96a572ed467734be81e17e99ba6054829 Mon Sep 17 00:00:00 2001 From: Jonathan Champ Date: Thu, 12 Feb 2026 16:14:25 +0100 Subject: [PATCH 1/6] security: avoid extract(), use variables explicitly --- src/Utils/Helper.php | 6 ------ templates/google-login-button.php | 5 +++++ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/Utils/Helper.php b/src/Utils/Helper.php index 86b2bcd4..59b2981e 100644 --- a/src/Utils/Helper.php +++ b/src/Utils/Helper.php @@ -41,12 +41,6 @@ public static function render_template( $template_path, $variables = [], $should return ''; } - if ( ! empty( $variables ) ) { - // This will needed for provide variables to the template. - // Will skips those variables, those already defined. - extract( $variables, EXTR_SKIP ); // phpcs:ignore - } - if ( true === $should_echo ) { // Load template and output the data. diff --git a/templates/google-login-button.php b/templates/google-login-button.php index c7817fca..8f324311 100644 --- a/templates/google-login-button.php +++ b/templates/google-login-button.php @@ -8,6 +8,11 @@ use RtCamp\GoogleLogin\Utils\Helper; +// Variables for rendering the template. +$login_url = $variables['login_url'] ?? null; +$button_text = $variables['button_text'] ?? null; +$custom_btn_text = $variables['custom_btn_text'] ?? null; + if ( isset( $custom_btn_text ) && $custom_btn_text ) { $button_text = esc_html( $custom_btn_text ); } else { From a44fe312a0a590bd62fb735df3a82e9167e0074c Mon Sep 17 00:00:00 2001 From: Jonathan Champ Date: Thu, 12 Feb 2026 16:18:07 +0100 Subject: [PATCH 2/6] template: fix argument names and defaults --- src/Modules/Block.php | 8 ++++---- src/Modules/Shortcode.php | 6 ++---- tests/php/Unit/Modules/ShortCodeTest.php | 6 +++--- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/src/Modules/Block.php b/src/Modules/Block.php index 617ef9e5..b38b53c4 100644 --- a/src/Modules/Block.php +++ b/src/Modules/Block.php @@ -140,9 +140,9 @@ public function render_login_button( array $attributes ): string { ) { $markup = $this->markup( [ - 'login_url' => $this->client->authorization_url(), - 'custom_btn_text' => $attributes['buttonText'] ?? false, - 'force_display_block' => $attributes['forceDisplay'] ?? false, + 'login_url' => $this->client->authorization_url(), + 'custom_btn_text' => $attributes['buttonText'] ?? '', + 'force_display' => $force_display, ] ); @@ -174,7 +174,7 @@ private function markup( array $args = [] ): string { [ 'login_url' => '#', 'custom_btn_text' => '', - 'forceDisplay' => false, + 'force_display' => false, ] ); diff --git a/src/Modules/Shortcode.php b/src/Modules/Shortcode.php index 02931959..939790a8 100644 --- a/src/Modules/Shortcode.php +++ b/src/Modules/Shortcode.php @@ -95,12 +95,10 @@ public function init(): void { * @return string */ public function callback( $attrs = [] ): string { - $redirect_to = Helper::get_redirect_url(); - $attrs = shortcode_atts( + $attrs = shortcode_atts( [ - 'button_text' => __( 'Login with google', 'login-with-google' ), + 'button_text' => '', 'force_display' => 'no', - 'redirect_to' => $redirect_to, ], $attrs, self::TAG diff --git a/tests/php/Unit/Modules/ShortCodeTest.php b/tests/php/Unit/Modules/ShortCodeTest.php index 0d1f270a..eec2f366 100644 --- a/tests/php/Unit/Modules/ShortCodeTest.php +++ b/tests/php/Unit/Modules/ShortCodeTest.php @@ -103,7 +103,7 @@ public function testCallbackWhenUserIsLoggedIn() { [ 'args' => [ [ - 'button_text' => __( 'Login with google', 'login-with-google' ), + 'button_text' => '', 'force_display' => 'no', 'redirect_to' => 'https://example.com/', ], @@ -137,7 +137,7 @@ public function testCallbackWhenUserIsLoggedOut() { [ 'args' => [ [ - 'button_text' => __( 'Login with google', 'login-with-google' ), + 'button_text' => '', 'force_display' => 'no', 'redirect_to' => null, ], @@ -184,7 +184,7 @@ public function testCallbackWhenUserIsLoggedOut() { [ '/some/path/templates/google-login-button.php', [ - 'button_text' => 'Login with google', + 'button_text' => '', 'force_display' => 'no', 'redirect_to' => null, 'login_url' => 'https://google.com/auth/', From a65b81dc87a7199ec8cb7deaac75f72e88080e67 Mon Sep 17 00:00:00 2001 From: Jonathan Champ Date: Thu, 12 Feb 2026 16:20:38 +0100 Subject: [PATCH 3/6] template: simplify logic --- templates/google-login-button.php | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/templates/google-login-button.php b/templates/google-login-button.php index 8f324311..ea6d41b3 100644 --- a/templates/google-login-button.php +++ b/templates/google-login-button.php @@ -9,35 +9,30 @@ use RtCamp\GoogleLogin\Utils\Helper; // Variables for rendering the template. -$login_url = $variables['login_url'] ?? null; -$button_text = $variables['button_text'] ?? null; +$login_url = $variables['login_url'] ?? null; +$button_text = $variables['button_text'] ?? null; $custom_btn_text = $variables['custom_btn_text'] ?? null; -if ( isset( $custom_btn_text ) && $custom_btn_text ) { - $button_text = esc_html( $custom_btn_text ); -} else { - $button_text = ( ! empty( $button_text ) ) ? $button_text : __( 'Login with Google', 'login-with-google' ); -} - if ( empty( $login_url ) ) { return; } -$button_url = $login_url; - if ( is_user_logged_in() ) { - $button_text = __( 'Log out', 'login-with-google' ); - $redirect_url = Helper::get_redirect_url(); - $button_url = wp_logout_url( $redirect_url ); + $button_text = __( 'Log out', 'login-with-google' ); + $button_url = wp_logout_url( Helper::get_redirect_url() ); +} else { + $button_url = $login_url; + + if ( ! empty( $custom_btn_text ) ) { + $button_text = $custom_btn_text; + } elseif ( empty( $button_text ) ) { + $button_text = __( 'Login with Google', 'login-with-google' ); + } } ?>