Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

enhance: add form modal #1504

Open
wants to merge 29 commits into
base: develop
Choose a base branch
from

Conversation

sapayth
Copy link
Member

@sapayth sapayth commented Nov 27, 2024

fixes #643, fixes #654

The add form template modal where the user can select a pre-defined template or a blank form template.
Image:
image

Summary by CodeRabbit

Release Notes

  • New Features

    • Integrated Tailwind CSS into the build process for improved styling.
    • Added new form field types: Time and Phone fields.
    • Enhanced the form builder interface with a new modal for selecting post form templates.
  • Improvements

    • Updated various form components for better responsiveness and user interaction.
    • Improved error handling and validation in several functions.
    • Enhanced clipboard functionality for user feedback on shortcode copying.
  • Bug Fixes

    • Fixed issues with the rendering of help text across multiple form fields.
  • Documentation

    • Updated language files for improved localization and clarity.
  • Chores

    • Cleaned up unused code and improved overall code maintainability.

sapayth added 29 commits October 7, 2024 17:59
commit daae343
Author: Sapayth Hossain <[email protected]>
Date:   Fri Oct 25 10:21:05 2024 +0600

    fix logo, minor css

commit 7590512
Author: Sapayth Hossain <[email protected]>
Date:   Thu Oct 17 13:00:12 2024 +0600

    pro icon and link

commit b720564
Author: Sapayth Hossain <[email protected]>
Date:   Wed Oct 16 17:31:46 2024 +0600

    action buttons

commit 743860f
Author: Sapayth Hossain <[email protected]>
Date:   Wed Oct 16 13:10:14 2024 +0600

    various fields

    time, phone field, pro fields, image, file, recaptcha, hidden fields

commit e58e788
Merge: 2b12da4 f92a621
Author: Sapayth Hossain <[email protected]>
Date:   Tue Oct 15 17:25:44 2024 +0600

    Merge remote-tracking branch 'upstream/develop' into enhance/form_builder_content_body_ui_redesign

commit 2b12da4
Author: Sapayth Hossain <[email protected]>
Date:   Tue Oct 15 17:24:24 2024 +0600

    column field, section break

commit 63f6663
Author: Sapayth Hossain <[email protected]>
Date:   Mon Oct 14 21:47:26 2024 +0600

    regular fields
Copy link

coderabbitai bot commented Nov 27, 2024

Walkthrough

The pull request introduces significant enhancements to the form builder interface, primarily integrating Tailwind CSS for improved styling and responsiveness. A new tailwindFileMap is created in the Gruntfile.js to facilitate the mapping of PHP files to their corresponding CSS files. Additionally, various Vue.js components are modified to enhance layout and interaction, including updates to templates for form fields and the addition of new field types. The changes also include updates to JavaScript functionality, CSS styles, and the introduction of new dependencies in package.json.

Changes

File Path Change Summary
Gruntfile.js Added tailwindFileMap for CSS mapping; introduced tailwind tasks in watch and shell configurations.
admin/form-builder/assets/js/components/builder-stage/template.php Simplified HTML structure; updated rendering logic for form fields with new classes.
admin/form-builder/assets/js/components/form-checkbox_field/template.php Changed layout from <ul> to <div> for checkbox options; improved semantic structure.
admin/form-builder/assets/js/components/form-column_field/index.js Added computed property action_button_classes; modified event handling for mouse interactions.
admin/form-builder/assets/js/components/form-column_field/template.php Updated structure for rendering columns; improved class bindings for responsiveness.
admin/form-builder/assets/js/components/form-custom_hidden_field/template.php Changed class binding for input element and updated help text display.
admin/form-builder/assets/js/components/form-dropdown_field/template.php Updated class attributes for <select> element and changed help text to a <p> element.
admin/form-builder/assets/js/components/form-email_address/template.php Updated class binding for email input and changed help text display.
admin/form-builder/assets/js/components/form-featured_image/template.php Modified upload button structure and help text styling.
admin/form-builder/assets/js/components/form-image_upload/template.php Updated file selector structure and help text display.
admin/form-builder/assets/js/components/form-multiple_select/template.php Added new class attribute for <select>; maintained existing functionality.
admin/form-builder/assets/js/components/form-post_excerpt/template.php Enhanced styling for <textarea> and updated help text display.
admin/form-builder/assets/js/components/form-post_tags/template.php Updated class binding for input and help text display.
admin/form-builder/assets/js/components/form-post_title/template.php Enhanced styling for input field and help text display.
admin/form-builder/assets/js/components/form-radio_field/template.php Changed layout from <ul> to <div> for radio buttons; updated help text display.
admin/form-builder/assets/js/components/form-recaptcha/template.php Updated conditional rendering logic for reCAPTCHA field.
admin/form-builder/assets/js/components/form-section_break/template.php Modified structure for section rendering based on field.divider.
admin/form-builder/assets/js/components/form-taxonomy/template.php Updated class bindings for select elements and improved help text display.
admin/form-builder/assets/js/components/form-text_field/template.php Updated class binding for input element and help text display.
admin/form-builder/assets/js/components/form-textarea_field/template.php Updated class binding for textarea and corrected attribute.
admin/form-builder/assets/js/components/form-website_url/template.php Updated class binding for URL input and help text display.
admin/form-builder/assets/js/form-builder.js Added new data properties and refactored settings tab handling.
admin/form-builder/assets/js/mixins/add-form-field.js Introduced new computed property action_button_classes.
admin/form-builder/assets/js/mixins/form-field.js Added method builder_class_names for dynamic class generation.
admin/form-builder/assets/less/form-builder.less Modified styles for modal visibility and components.
admin/form-builder/views/form-builder-old.php Introduced a new Vue.js-based form builder interface.
admin/form-builder/views/form-builder.php Restructured layout and updated navigation for form builder.
assets/css/admin.css Adjusted styles for admin components and interactions.
assets/css/frontend-forms.css Refined styles for frontend forms and improved responsiveness.
assets/css/wpuf-form-builder.css Removed modal base styles while preserving functionality.
assets/js-templates/form-components.php Updated structure and styling for form components.
assets/js/wpuf-form-builder-components.js Enhanced functionality of Vue components related to form building.
assets/js/wpuf-form-builder-mixins.js Added new computed property and method for class management.
assets/js/wpuf-form-builder.js Enhanced state management and user feedback in form builder.
assets/less/admin.less Updated styles for admin components and layout.
assets/less/frontend-forms.less Streamlined styles for frontend forms and improved layout.
includes/Admin/Forms/Admin_Form.php Enhanced interactivity with Vue.js directives.
includes/Admin/Forms/Admin_Form_Builder.php Added version checks for template inclusion.
includes/Admin/Forms/Post/Templates/Form_Template.php Modified rendering logic for post form templates.
includes/Admin/Forms/Post/Templates/Post_Form_Template_Events_Calendar.php Changed image asset from PNG to SVG format.
includes/Admin/Forms/Post/Templates/Post_Form_Template_Post.php Changed image asset from PNG to SVG format.
includes/Admin/Forms/Post/Templates/Post_Form_Template_WooCommerce.php Changed image asset from PNG to SVG format.
includes/Admin/Forms/Post/Templates/Pro_Form_Preview_EDD.php Changed image asset from PNG to SVG format.
includes/Admin/Menu.php Enhanced functionality for displaying post form templates.
includes/Admin/Posting.php Improved asset management with version checks.
includes/Admin/template-parts/modal.php Overhauled modal structure for improved user interaction.
includes/Admin/views/post-form.php Conditional rendering based on version checks.
includes/Assets.php Adjusted array formatting for style definitions.
includes/Fields/Form_Field_SectionBreak.php Added new property to field props.
includes/Fields/Form_Field_reCaptcha.php Introduced method for full-width indication.
includes/Fields/Form_Pro_Upgrade_Fields.php Added new field types for time and phone inputs.
includes/Setup_Wizard.php Updated methods for admin bar styles and user insights.
languages/wp-user-frontend.pot Updated translation strings for localization.
package.json Added new development dependencies for Tailwind CSS.
src/css/admin/form-builder.css Introduced new CSS file for Tailwind styles.
tailwind.config.js Expanded content paths and added new color definitions.
tests/chrome_recordings/post form templates.json Introduced new JSON file for automated testing.
wpuf-functions.php Enhanced functionality and error handling in various functions.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant FormBuilder
    participant Tailwind
    participant VueComponents

    User->>FormBuilder: Interacts with form
    FormBuilder->>VueComponents: Update field display
    VueComponents->>Tailwind: Apply styles
    Tailwind-->>FormBuilder: Return styled component
    FormBuilder-->>User: Display updated form
Loading

Assessment against linked issues

Objective Addressed Explanation
Ensure frontend post form works for all users (including contributors) (#643) The changes do not explicitly address user permissions for frontend post forms.

Possibly related PRs

Suggested labels

QA Approved, Ready to Merge

🐇 In the fields where forms grow,
🐇 New styles and tasks in tow.
🐇 With Tailwind's flair, we leap and bound,
🐇 A better builder now is found!
🐇 So hop along, let's make it bright,
🐇 For forms that shine, oh what a sight!


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 48

🧹 Outside diff range and nitpick comments (51)
includes/Admin/views/post-form.php (1)

1-11: Consider addressing access control at a different layer

While this file handles the admin form builder view, the PR objective mentions addressing the issue of forms being accessible only to admin users. This template-level change might not be the appropriate place to handle user role restrictions.

Consider:

  1. Moving access control logic to a middleware or capability check layer
  2. Implementing a separate frontend template for non-admin users
  3. Using WordPress capabilities API to manage access levels

Would you like assistance in designing a more robust access control solution?

admin/form-builder/assets/js/components/form-post_title/template.php (1)

7-8: Consider consolidating class bindings for better maintainability

The combination of dynamic :class binding and static class attribute makes the styling logic harder to maintain. Consider moving all classes to the class_names helper function.

-:class="class_names('textfield')"
-class="wpuf-block wpuf-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm   placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300"
+:class="class_names(
+  'textfield',
+  'wpuf-block wpuf-w-full wpuf-rounded-md wpuf-py-1.5',
+  'wpuf-text-gray-900 wpuf-shadow-sm',
+  'placeholder:wpuf-text-gray-400',
+  'sm:wpuf-text-sm sm:wpuf-leading-6',
+  'wpuf-border wpuf-border-gray-300'
+)"
admin/form-builder/assets/js/components/form-textarea_field/template.php (1)

11-14: Improve code readability and consistency

Consider these style improvements:

  1. Use positive conditions for better readability
  2. Maintain consistent indentation
-    <text-editor
-        v-if="'no' !== field.rich"
-        :default_text="field.default"
-        :rich="field.rich"></text-editor>
+    <text-editor
+        v-if="field.rich === 'yes'"
+        :default_text="field.default"
+        :rich="field.rich"
+    ></text-editor>
admin/form-builder/assets/js/components/form-dropdown_field/template.php (1)

13-13: Improved semantic HTML structure

Good improvement changing from <span> to <p> for help text, as it better represents the content semantically and improves accessibility.

Consider adding ARIA attributes for better screen reader support:

-    <p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-html="field.help"></p>
+    <p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-html="field.help" role="note" aria-describedby="field_{{ field.name }}"></p>
admin/form-builder/assets/js/components/form-section_break/template.php (1)

9-18: Consider enhancing color contrast for better accessibility.

The dashed divider implementation is well-structured with balanced layout. However, the text color text-gray-400 for the description might not provide sufficient contrast for accessibility.

Consider adjusting the description text color for better readability:

-        <div class="wpuf-section-details wpuf-text-gray-400 wpuf-text-center wpuf-mt-2">{{ field.description }}</div>
+        <div class="wpuf-section-details wpuf-text-gray-600 wpuf-text-center wpuf-mt-2">{{ field.description }}</div>
includes/Admin/Forms/Post/Templates/Pro_Form_Preview_EDD.php (1)

30-30: Consider documenting recommended image dimensions.

To maintain visual consistency across template previews, it would be helpful to add a comment specifying the recommended dimensions for the SVG file.

-        $this->image    = WPUF_ASSET_URI . '/images/templates/edd.svg';
+        // Template preview image (recommended size: 300x200 px)
+        $this->image    = WPUF_ASSET_URI . '/images/templates/edd.svg';
admin/form-builder/assets/js/components/form-featured_image/template.php (1)

4-5: Consider adding ARIA attributes for better accessibility.

The button styling looks good with Tailwind classes, but since this is an interactive element for file upload, we should enhance its accessibility.

 <a class="wpuf-inline-flex wpuf-items-center wpuf-gap-x-1.5"
-   :class="builder_class_names('upload_btn')" href="#">
+   :class="builder_class_names('upload_btn')" 
+   href="#"
+   role="button"
+   aria-label="Upload featured image">
admin/form-builder/assets/js/components/form-image_upload/template.php (1)

8-10: Consider optimizing the SVG code.

While the SVG implementation is good, consider extracting repeated SVG code into a reusable component since the same icon is used in both templates.

+ <!-- Create a new component: plus-icon.php -->
+ <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="wpuf-size-5">
+     <path d="M8.75 3.75a.75.75 0 0 0-1.5 0v3.5h-3.5a.75.75 0 0 0 0 1.5h3.5v3.5a.75.75 0 0 0 1.5 0v-3.5h3.5a.75.75 0 0 0 0-1.5h-3.5v-3.5Z" />
+ </svg>

- <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="wpuf-size-5">
-     <path d="M8.75 3.75a.75.75 0 0 0-1.5 0v3.5h-3.5a.75.75 0 0 0 0 1.5h3.5v3.5a.75.75 0 0 0 1.5 0v-3.5h3.5a.75.75 0 0 0 0-1.5h-3.5v-3.5Z" />
- </svg>
+ <?php include('plus-icon.php'); ?>
admin/form-builder/assets/js/components/form-radio_field/template.php (1)

1-34: Consider enhancing component architecture

To improve the component's reusability and functionality, consider these architectural improvements:

  1. Add form validation support with error states
  2. Extract common radio button logic into a separate component
  3. Implement proper form field wrapping for consistent validation handling

Example implementation structure:

<template>
  <wpuf-form-field
    :name="field.name"
    :label="field.label"
    :required="field.required"
    :help="field.help"
    :error="field.error">
    <wpuf-radio-group
      v-model="field.value"
      :name="field.name"
      :options="field.options"
      :inline="field.inline === 'yes'"
      :disabled="field.disabled"
      @change="handleChange" />
  </wpuf-form-field>
</template>
package.json (1)

39-41: Consider updating to latest stable versions

The Tailwind CSS related packages are slightly outdated. Consider updating to the latest stable versions for bug fixes and improvements:

  • tailwindcss: ^3.4.1
  • postcss: ^8.4.35
admin/form-builder/assets/js/components/form-checkbox_field/template.php (2)

2-18: Enhance accessibility and avoid CSS important flags

While the layout structure is good, consider these improvements:

  1. Add ARIA attributes for better screen reader support
  2. Avoid using the ! important flag in Tailwind classes

Consider this enhancement:

 <div
     v-if="field.inline !== 'yes'"
     class="wpuf-space-y-2">
     <div
         v-if="has_options" v-for="(label, val) in field.options"
         class="wpuf-relative wpuf-flex wpuf-items-center">
         <div class="wpuf-flex wpuf-items-center">
             <input
                 type="checkbox"
                 :value="val"
                 :checked="is_selected(val)"
                 :class="class_names('checkbox_btns')"
-                class="wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 !wpuf-mt-0.5"
+                class="wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 wpuf-translate-y-[2px]"
+                :aria-label="label"
+                :aria-describedby="field.help ? 'help-' + field.name : undefined">
             <label class="wpuf-ml-3 wpuf-text-sm wpuf-font-medium wpuf-text-gray-900">{{ label }}</label>
         </div>
     </div>
 </div>

20-35: Maintain consistency between vertical and horizontal layouts

The inline layout should maintain consistent spacing and styling with the vertical layout.

Apply these changes for consistency:

 <div
     v-else
     class="wpuf-flex"
 >
     <div
         v-if="has_options" v-for="(label, val) in field.options"
         class="wpuf-relative wpuf-flex wpuf-items-center wpuf-mr-4">
         <input
             type="checkbox"
             :value="val"
             :checked="is_selected(val)"
             :class="class_names('checkbox_btns')"
-            class="!wpuf-mt-[.5px] wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600"
+            class="wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 wpuf-translate-y-[2px]"
+            :aria-label="label"
+            :aria-describedby="field.help ? 'help-' + field.name : undefined">
-        <label class="wpuf-ml-1 wpuf-text-sm wpuf-font-medium wpuf-text-gray-900">{{ label }}</label>
+        <label class="wpuf-ml-3 wpuf-text-sm wpuf-font-medium wpuf-text-gray-900">{{ label }}</label>
     </div>
 </div>
admin/form-builder/assets/js/mixins/form-field.js (2)

36-60: Consider extracting Tailwind classes into a configuration object

While the implementation correctly adds Tailwind CSS classes for consistent styling, the long string of classes could be harder to maintain.

Consider refactoring to improve maintainability:

 wpuf_mixins.form_field_mixin = {
+    // Define classes configuration at the top level
+    tailwindClasses: {
+        input: 'wpuf-block wpuf-min-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 !wpuf-shadow-sm placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300 wpuf-max-w-full',
+        upload: 'file-selector wpuf-rounded-md wpuf-btn-secondary'
+    },
     methods: {
         builder_class_names: function(type_class) {
-            var commonClasses = '';
+            var commonClasses = this.getTailwindClasses(type_class);
+            return [
+                type_class,
+                this.required_class(),
+                'wpuf_' + this.field.name + '_' + this.form_id,
+                commonClasses
+            ];
+        },
 
-            switch (type_class) {
-                case 'text':
-                case 'url':
-                case 'email':
-                case 'textareafield':
-                case 'textfield':
-                case 'select':
-                    commonClasses = 'wpuf-block wpuf-min-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 !wpuf-shadow-sm placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300 wpuf-max-w-full';
-                    break;
-
-                case 'upload_btn':
-                    commonClasses = 'file-selector  wpuf-rounded-md wpuf-btn-secondary';
-                    break;
-            }
-
-            return [
-                type_class,
-                this.required_class(),
-                'wpuf_' + this.field.name + '_' + this.form_id,
-                commonClasses
-            ];
-        },
+        getTailwindClasses: function(type) {
+            const inputTypes = ['text', 'url', 'email', 'textareafield', 'textfield', 'select'];
+            if (inputTypes.includes(type)) {
+                return this.tailwindClasses.input;
+            }
+            if (type === 'upload_btn') {
+                return this.tailwindClasses.upload;
+            }
+            return '';
+        }

This refactoring:

  1. Improves maintainability by centralizing Tailwind classes
  2. Makes it easier to update styles across components
  3. Reduces code duplication
  4. Makes the code more testable

46-46: Ensure consistent spacing in class strings

There's an extra space in the upload button classes but not in the input classes.

Apply this fix:

-                    commonClasses = 'file-selector  wpuf-rounded-md wpuf-btn-secondary';
+                    commonClasses = 'file-selector wpuf-rounded-md wpuf-btn-secondary';

Also applies to: 50-50

includes/Fields/Form_Field_SectionBreak.php (1)

92-92: Document the new divider property

A new 'divider' property has been added with a default value of 'regular'. Please add PHPDoc comments explaining:

  • The purpose of this property
  • The possible values it can take (e.g., 'regular', 'dashed')
  • How it affects the section break rendering
includes/Admin/Forms/Post/Templates/Form_Template.php (1)

112-114: Consider making the modal template path configurable

The modal template path is hardcoded. Consider:

  1. Making it configurable through class constants or settings
  2. Adding path existence verification

Example improvement:

-        $modal = WPUF_ROOT . '/includes/Admin/template-parts/modal.php';
-
-        wpuf_include_once( $modal );
+        $modal_path = apply_filters(
+            'wpuf_form_template_modal_path',
+            WPUF_ROOT . '/includes/Admin/template-parts/modal.php'
+        );
+
+        if ( file_exists( $modal_path ) ) {
+            wpuf_include_once( $modal_path );
+        } else {
+            error_log( 'WPUF: Modal template file not found at ' . $modal_path );
+        }
Gruntfile.js (3)

246-249: Add error handling to tailwind shell command

The current implementation lacks error handling and path validation. Consider enhancing the command function:

 tailwind: {
     command: function ( input, output ) {
-        return `npx tailwindcss -i ${input} -o ${output}`;
+        return `
+            if [ ! -f "${input}" ]; then
+                echo "Error: Input file ${input} does not exist"
+                exit 1
+            fi
+            mkdir -p $(dirname "${output}")
+            npx tailwindcss -i ${input} -o ${output}
+        `;
     }
 }

279-283: Optimize watch event handling

The current implementation runs the full tailwind task for any file change. Consider processing only the affected files:

 grunt.event.on('watch', function(action, filepath, target) {
     if (target === 'tailwind') {
-        grunt.task.run('tailwind');
+        // Process only the affected file if it's in the mapping
+        const relativeFilePath = filepath.replace(/^.*?admin\//, 'admin/');
+        if (tailwindFileMap[relativeFilePath]) {
+            const cssFile = tailwindFileMap[relativeFilePath];
+            grunt.task.run(`shell:tailwind:src/css/${cssFile}:assets/css/${cssFile}`);
+        }
     }
 });

285-301: Enhance tailwind task robustness

The task implementation could benefit from better error handling and logging:

 grunt.registerTask('tailwind', function() {
     const done = this.async();
+    let hasErrors = false;
 
     // Process each file mapping
     Object.entries(tailwindFileMap).forEach(([phpFile, cssFile]) => {
         const inputFile = `src/css/${cssFile}`;
         const outputFile = `assets/css/${cssFile}`;
 
         // Ensure the input file exists
         if (grunt.file.exists(inputFile)) {
+            grunt.log.writeln(`Processing ${inputFile} -> ${outputFile}`);
             // Run the tailwind command
             grunt.task.run(`shell:tailwind:${inputFile}:${outputFile}`);
+        } else {
+            grunt.log.error(`Input file ${inputFile} not found`);
+            hasErrors = true;
         }
     });
 
+    if (hasErrors) {
+        grunt.fail.warn('Some files could not be processed');
+    }
     done();
 });
assets/js/wpuf-form-builder-mixins.js (1)

52-57: LGTM! Consider standardizing button styles.

The computed property provides consistent hover states and padding for action buttons. However, consider extracting these classes into a shared constant or configuration to maintain consistency across all button styles in the application.

// Consider creating a shared button styles configuration
const BUTTON_STYLES = {
  action: 'wpuf-p-2 hover:wpuf-cursor-pointer hover:wpuf-text-white',
  // Add other button variants as needed
};
admin/form-builder/assets/js/components/form-column_field/index.js (3)

Line range hint 1-400: Consider architectural improvements for better maintainability

The component handles multiple complex responsibilities (drag-and-drop, column resizing, field management). Consider breaking it down into smaller, focused components for better maintainability.

Suggestions for improvement:

  1. Extract column resizing logic into a separate component or composable
  2. Move field validation logic into a dedicated service
  3. Consider using Vue 3's Composition API for better code organization
  4. Replace jQuery UI dependencies with native Vue.js alternatives

Would you like assistance in implementing any of these architectural improvements?


Line range hint 38-125: Replace jQuery event handlers with Vue native events

The component heavily relies on jQuery for DOM manipulation and event handling. Consider refactoring to use Vue's native event system for better integration and maintainability.

Example refactor for the mouseenter/mouseleave events:

- columnFieldArea.mouseenter(function() {
-     self.resizeColumns(self.field.columns);
- });
- 
- columnFieldArea.mouseleave(function() {
-     columnFields.unbind( "mouseup" );
-     columnFields.unbind( "mousemove" );
- });

+ <template>
+   <div @mouseenter="handleMouseEnter" @mouseleave="handleMouseLeave">
+     <!-- existing template -->
+   </div>
+ </template>
+ 
+ methods: {
+   handleMouseEnter() {
+     this.resizeColumns(this.field.columns);
+   },
+   handleMouseLeave() {
+     // Use Vue refs instead of jQuery unbind
+     this.clearEventListeners();
+   }
+ }

Line range hint 264-299: Improve error handling and user feedback

The error handling for field restrictions could be more informative and user-friendly.

Consider this improvement:

- Swal.fire({
-     title: "Oops...",
-     text: "You cannot add this field as inner column field"
- });

+ Swal.fire({
+     title: "Invalid Field Type",
+     text: `This field type (${data.field_template}) cannot be added as an inner column field. Please choose a different field type.`,
+     icon: 'warning',
+     showCancelButton: false,
+     confirmButtonText: 'OK',
+     customClass: {
+         confirmButton: 'btn btn-primary'
+     }
+ });
includes/Admin/Menu.php (1)

119-134: LGTM with suggestions for improved error handling

The implementation looks good overall, with proper security measures for URL construction and template inclusion. Consider adding:

  • Error handling for missing modal template file
  • Validation of template data structure before usage
 $registry       = wpuf_get_post_form_templates();
 $pro_templates  = wpuf_get_pro_form_previews();
 $blank_form_url = admin_url( 'admin.php?page=wpuf-post-forms&action=add-new' );
 $action_name    = 'post_form_template';
 $footer_help    = sprintf(
     // translators: %s: mailto link
     __( 'Want a new integration? <a href="%s" target="_blank">Let us know</a>.', 'wp-user-frontend' ), 'mailto:[email protected]?subject=WPUF Custom Post Template Integration Request'
 );

-if ( ! $registry ) {
+if ( ! is_array( $registry ) || empty( $registry ) ) {
     break;
 }

+$modal_path = WPUF_ROOT . '/includes/Admin/template-parts/modal.php';
+if ( ! file_exists( $modal_path ) ) {
+    wp_die( esc_html__( 'Modal template file is missing.', 'wp-user-frontend' ) );
+}
+
-require_once WPUF_ROOT . '/includes/Admin/template-parts/modal.php';
+require_once $modal_path;
includes/Admin/Forms/Admin_Form.php (2)

199-219: Consider enhancing tab accessibility

While the Vue.js integration for tab switching is well-implemented, consider improving accessibility by:

  1. Adding role="tabpanel" to content divs
  2. Including aria-labelledby attributes that reference their corresponding tab buttons
  3. Managing focus when switching tabs

Example implementation:

-        <div v-show="active_settings_tab === '#wpuf-metabox-settings'" id="wpuf-metabox-settings" class="group">
+        <div v-show="active_settings_tab === '#wpuf-metabox-settings'" 
+             id="wpuf-metabox-settings" 
+             class="group"
+             role="tabpanel"
+             aria-labelledby="tab-wpuf-metabox-settings">

290-292: Move inline styles to CSS classes

The inline style should be moved to a CSS class for better maintainability and consistency.

-        <div v-show="active_tab === 'notification'" id="wpuf-form-builder-notification" class="group wpuf-nav-tab" style="padding: 2rem">
+        <div v-show="active_tab === 'notification'" id="wpuf-form-builder-notification" class="group wpuf-nav-tab wpuf-tab-content">

Add to your CSS:

.wpuf-tab-content {
    padding: 2rem;
}
tests/chrome_recordings/post form templates.json (1)

4-12: Consider adding mobile viewport test scenarios

The current test only covers desktop viewport (1280x934). Since form templates should be accessible across different devices, consider adding additional test recordings with mobile viewport settings.

 {
     "type": "setViewport",
     "width": 1280,
     "height": 934,
     "deviceScaleFactor": 1,
-    "isMobile": false,
-    "hasTouch": false,
+    "isMobile": true,
+    "hasTouch": true,
     "isLandscape": false
 }
includes/Admin/Posting.php (2)

35-35: Update the @SInCE tag with actual version number.

The @SInCE tag uses a placeholder 'WPUF_SINCE' which should be replaced with the actual version number.


39-43: Add enqueued check before dequeuing styles.

Consider checking if the styles are actually enqueued before attempting to dequeue them to avoid unnecessary operations.

 public function dequeue_assets() {
-    wp_dequeue_style( 'wpuf-form-builder' );
+    if ( wp_style_is( 'wpuf-form-builder', 'enqueued' ) ) {
+        wp_dequeue_style( 'wpuf-form-builder' );
+    }
     if ( defined( 'WPUF_PRO_VERSION' ) && version_compare( WPUF_PRO_VERSION, '4.0.13', '<' ) ) {
-        wp_dequeue_style( 'wpuf-form-builder-pro' );
+        if ( wp_style_is( 'wpuf-form-builder-pro', 'enqueued' ) ) {
+            wp_dequeue_style( 'wpuf-form-builder-pro' );
+        }
     }
 }
admin/form-builder/assets/js/form-builder.js (1)

480-486: Consider using Vue's native event handling

Instead of using jQuery for tab click handling, consider using Vue's native event handling system for better maintainability and consistency with the Vue architecture.

-var settings_tabs = $('#wpuf-form-builder-settings-tabs .nav-tab');
-var self = this;
-settings_tabs.each(function () {
-    $(this).bind('click', self.setActiveSettingsTab );
-});
+<template>
+  <div id="wpuf-form-builder-settings-tabs">
+    <a 
+      v-for="tab in tabs" 
+      :key="tab.id"
+      class="nav-tab"
+      @click="setActiveSettingsTab"
+      :href="tab.href"
+    >
+      {{ tab.label }}
+    </a>
+  </div>
+</template>
assets/js/wpuf-form-builder.js (1)

480-486: Consider using Vue's native event handling

Instead of using jQuery for tab handling, consider using Vue's native event handling system for better integration with the Vue ecosystem.

-var settings_tabs = $('#wpuf-form-builder-settings-tabs .nav-tab');
-var self = this;
-settings_tabs.each(function () {
-    $(this).bind('click', self.setActiveSettingsTab );
-});
+<template>
+  <div id="wpuf-form-builder-settings-tabs">
+    <a v-for="tab in tabs" 
+       :key="tab.id" 
+       class="nav-tab"
+       @click="setActiveSettingsTab">
+      {{ tab.name }}
+    </a>
+  </div>
+</template>
assets/js/wpuf-form-builder-components.js (1)

926-929: LGTM! Consider adding a documentation comment.

The computed property correctly implements Tailwind CSS classes for button hover states.

Add a documentation comment to explain the purpose:

+        /**
+         * Returns Tailwind CSS classes for action button hover states
+         * @returns {string}
+         */
         action_button_classes: function() {
             return 'hover:wpuf-cursor-pointer hover:wpuf-text-white';
         }
admin/form-builder/assets/js/components/form-column_field/template.php (2)

64-64: Check the usage of hover:!wpuf-cursor-move

The class hover:!wpuf-cursor-move may not be valid if wpuf-cursor-move is not a defined utility class in your Tailwind CSS setup. Additionally, the ! prefix in Tailwind CSS is used to apply !important to a utility class. Ensure that this class is correctly defined and that the use of ! is necessary.


81-81: Possible typo in class name wpuf--ml-1

The class wpuf--ml-1 contains a double hyphen --, which may be a typo. If the intended class is wpuf-ml-1, please correct the extra hyphen to avoid any issues with styling.

includes/Admin/template-parts/modal.php (1)

30-30: Avoid using <br> tags for spacing; use CSS for layout

Using <br> tags for adding vertical spacing is generally discouraged as it can lead to inconsistent layouts. Instead, use CSS margins or padding to control spacing between elements.

Also applies to: 74-74

admin/form-builder/assets/js/components/builder-stage/template.php (4)

6-7: Consider combining static and dynamic classes for consistency

Currently, there is a mix of :class and class attributes. Combining them into a single :class binding enhances readability and prevents potential class overriding issues.

Refactor the code as follows:

-<ul
-    :class="['form-label-' + label_type]"
-    class="wpuf-form sortable-list wpuf-py-8">
+<ul
+    :class="['wpuf-form', 'sortable-list', 'wpuf-py-8', 'form-label-' + label_type]">

17-17: Specify radix parameter in parseInt function

When using parseInt, it's a good practice to specify the radix to avoid unexpected results due to leading zeros.

Update the parseInt calls:

-parseInt(editing_form_id) === parseInt(field.id)
+parseInt(editing_form_id, 10) === parseInt(field.id, 10)

96-97: Combine :class and class attributes for better clarity

Having both :class and class can lead to confusion and potential CSS conflicts. Combining them into a single :class ensures all classes are managed consistently.

Refactor as follows:

-:class="action_button_classes" class="hover:wpuf-bg-green-700">
+:class="[action_button_classes, 'hover:wpuf-bg-green-700']">

22-46: Enhance accessibility by adding ARIA attributes

To improve accessibility, especially for screen readers, consider adding appropriate ARIA attributes to interactive elements and ensure labels are properly associated.

For example, associate labels with inputs and add aria-label or role where necessary.

admin/form-builder/views/form-builder.php (4)

85-105: Accessibility Improvement: Button States and ARIA Attributes

The save button's loading state could be enhanced for better accessibility. Providing appropriate ARIA attributes helps assistive technologies convey the button's state to users.

Consider adding aria-disabled and aria-busy attributes:

<button
    v-if="!is_form_saving"
    @click="save_form_builder"
    type="button"
    :disabled="is_form_saving"
+   :aria-disabled="is_form_saving"
+   aria-busy="false"
    :class="is_form_saving ? 'wpuf-cursor-wait' : 'wpuf-cursor-pointer'"
    class="wpuf-btn-primary"><?php esc_html_e( 'Save Form', 'wp-user-frontend' ); ?></button>
<button
    v-else
    type="button"
    class="button button-primary button-ajax-working"
    disabled
+   aria-disabled="true"
+   aria-busy="true">
    <span class="loader"></span> <?php esc_html_e( 'Saving Form Data', 'wp-user-frontend' ); ?>
</button>

130-145: Clarify Switch Accessibility Labels

The multistep toggle switch lacks clear accessibility labels, which can be confusing for screen reader users.

Ensure the switch communicates its state clearly by updating the aria-checked attribute and using a visible label.


150-173: Enhancement: Responsive Design Considerations

Ensure that the layout adjusts gracefully on smaller screens. The fixed width classes may cause horizontal scrolling on mobile devices.

Consider using responsive utility classes to adjust the layout based on screen size.


1-183: Offer Assistance: Unit Tests and Documentation

Noticed several new and modified components. To maintain code quality, it's important to update unit tests and documentation accordingly.

Would you like assistance in generating unit tests or updating the documentation for these changes?

🧰 Tools
🪛 GitHub Check: Run PHPCS inspection

[warning] 54-54:
Processing form data without nonce verification.


[warning] 54-54:
Processing form data without nonce verification.


[failure] 63-63:
Missing $domain parameter in function call to esc_html_e().


[failure] 63-63:
The $text parameter must be a single text string literal. Found: __( 'Click to copy shortcode', 'wp-user-frontend' )


[failure] 63-63:
Missing $domain parameter in function call to esc_attr_e().


[failure] 63-63:
The $text parameter must be a single text string literal. Found: $shortcodes[0]['name']


[warning] 126-126:
Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_tabs_{$form_type}", but found: "wpuf-form-builder-tabs-{$form_type}".

assets/js-templates/form-components.php (4)

541-548: Improve accessibility by associating labels with inputs

To enhance accessibility, associate each <label> with its corresponding <input> using the for and id attributes. This ensures assistive technologies can correctly interpret the form controls.

Apply this diff to associate labels with inputs:

             <div class="wpuf-flex wpuf-items-center">
-                <input
-                    type="checkbox"
-                    :value="val"
-                    :checked="is_selected(val)"
-                    :class="class_names('checkbox_btns')"
-                    class="wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 !wpuf-mt-0.5">
-                <label class="wpuf-ml-3 wpuf-text-sm wpuf-font-medium wpuf-text-gray-900">{{ label }}</label>
+                <input
+                    type="checkbox"
+                    :id="'checkbox_' + val"
+                    :value="val"
+                    :checked="is_selected(val)"
+                    :class="[class_names('checkbox_btns'), 'wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 !wpuf-mt-0.5']">
+                <label
+                    :for="'checkbox_' + val"
+                    class="wpuf-ml-3 wpuf-text-sm wpuf-font-medium wpuf-text-gray-900">{{ label }}</label>
             </div>

954-984: Ensure radio buttons are accessible by linking labels and inputs

Similar to the checkboxes, the radio buttons should have labels associated with their inputs using for and id attributes for better accessibility.

Apply this diff:

            <div
                v-if="has_options" v-for="(label, val) in field.options"
-                class="wpuf-flex wpuf-items-center">
-                <input
-                    type="radio"
-                    class="wpuf-border-gray-300 wpuf-text-indigo-600 !wpuf-m-0">
-                <label
-                    :value="val"
-                    :checked="is_selected(val)"
-                    :class="class_names('radio_btns')"
-                    class="wpuf-ml-3 wpuf-block wpuf-text-sm wpuf-font-medium wpuf-leading-6 wpuf-text-gray-900">{{ label }}</label>
+                class="wpuf-flex wpuf-items-center">
+                <input
+                    type="radio"
+                    :id="'radio_' + val"
+                    :value="val"
+                    :checked="is_selected(val)"
+                    :class="[class_names('radio_btns'), 'wpuf-border-gray-300 wpuf-text-indigo-600 !wpuf-m-0']">
+                <label
+                    :for="'radio_' + val"
+                    class="wpuf-ml-3 wpuf-block wpuf-text-sm wpuf-font-medium wpuf-leading-6 wpuf-text-gray-900">{{ label }}</label>
            </div>

55-96: Refactor repetitive control button code into a reusable component

The control buttons code is repeated multiple times, which can lead to maintenance challenges. Consider creating a reusable component for the control buttons to DRY up the code.


763-771: Optimize SVG usage by externalizing icons

To improve performance and maintainability, consider externalizing SVG icons or using an icon library. This reduces redundancy and improves rendering efficiency.

wpuf-functions.php (4)

Line range hint 1575-1581: Potential security issue with using file_get_contents on SVG files

Directly outputting the contents of SVG files using file_get_contents without proper sanitization can introduce security vulnerabilities if the SVG files are manipulated. Consider sanitizing the SVG content or using safer methods to include icons, such as embedding sanitized SVG code or using image tags with securely sourced URLs.


Line range hint 1591-1622: Ensure secure handling of SVG files to prevent XSS vulnerabilities

Using file_get_contents to output SVG contents directly can lead to Cross-Site Scripting (XSS) risks if SVG files are tampered with. It's recommended to sanitize SVG content before outputting or use alternative methods like embedding sanitized SVG markup or referencing the SVG via an <img> tag with a safe URL.


Line range hint 1679-1695: Enhance username generation to ensure uniqueness

The wpuf_guess_username function may not always generate a unique username, especially if appending a random number still results in an existing username. Consider implementing a loop to generate and check usernames until a unique one is found, or use a more robust method to ensure uniqueness.

Suggested code:

function wpuf_guess_username( $email ) {
    // username from email address
    $username = sanitize_user( substr( $email, 0, strpos( $email, '@' ) ) );

    if ( ! username_exists( $username ) ) {
        return $username;
    }

    // Generate a unique username
+   $original_username = $username;
+   $suffix = 1;
+   while ( username_exists( $username ) ) {
+       $username = $original_username . $suffix;
+       $suffix++;
+   }

    return $username;
}

Line range hint 1718-1723: Caution when removing all admin notices

The wpuf_remove_admin_notices function removes all admin notices, which might suppress critical alerts from WordPress core or other plugins. It is advisable to target only specific notices or allow users to manage which notices are hidden to prevent missing important information.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 9801b41 and 9b4437f.

⛔ Files ignored due to path filters (9)
  • assets/images/templates/blank.svg is excluded by !**/*.svg
  • assets/images/templates/edd.png is excluded by !**/*.png
  • assets/images/templates/edd.svg is excluded by !**/*.svg
  • assets/images/templates/event.svg is excluded by !**/*.svg
  • assets/images/templates/post.png is excluded by !**/*.png
  • assets/images/templates/post.svg is excluded by !**/*.svg
  • assets/images/templates/woocommerce.png is excluded by !**/*.png
  • assets/images/templates/woocommerce.svg is excluded by !**/*.svg
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (58)
  • Gruntfile.js (5 hunks)
  • admin/form-builder/assets/js/components/builder-stage/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-checkbox_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-column_field/index.js (1 hunks)
  • admin/form-builder/assets/js/components/form-column_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-custom_hidden_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-dropdown_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-email_address/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-featured_image/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-image_upload/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-multiple_select/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-post_excerpt/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-post_tags/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-post_title/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-radio_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-recaptcha/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-section_break/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-taxonomy/template.php (3 hunks)
  • admin/form-builder/assets/js/components/form-text_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-textarea_field/template.php (1 hunks)
  • admin/form-builder/assets/js/components/form-website_url/template.php (1 hunks)
  • admin/form-builder/assets/js/form-builder.js (5 hunks)
  • admin/form-builder/assets/js/mixins/add-form-field.js (1 hunks)
  • admin/form-builder/assets/js/mixins/form-field.js (1 hunks)
  • admin/form-builder/assets/less/form-builder.less (0 hunks)
  • admin/form-builder/views/form-builder-old.php (1 hunks)
  • admin/form-builder/views/form-builder.php (1 hunks)
  • assets/css/admin.css (0 hunks)
  • assets/css/frontend-forms.css (0 hunks)
  • assets/css/wpuf-form-builder.css (0 hunks)
  • assets/js-templates/form-components.php (10 hunks)
  • assets/js/wpuf-form-builder-components.js (1 hunks)
  • assets/js/wpuf-form-builder-mixins.js (2 hunks)
  • assets/js/wpuf-form-builder.js (5 hunks)
  • assets/less/admin.less (0 hunks)
  • assets/less/frontend-forms.less (0 hunks)
  • includes/Admin/Forms/Admin_Form.php (4 hunks)
  • includes/Admin/Forms/Admin_Form_Builder.php (3 hunks)
  • includes/Admin/Forms/Post/Templates/Form_Template.php (3 hunks)
  • includes/Admin/Forms/Post/Templates/Post_Form_Template_Events_Calendar.php (1 hunks)
  • includes/Admin/Forms/Post/Templates/Post_Form_Template_Post.php (1 hunks)
  • includes/Admin/Forms/Post/Templates/Post_Form_Template_WooCommerce.php (1 hunks)
  • includes/Admin/Forms/Post/Templates/Pro_Form_Preview_EDD.php (1 hunks)
  • includes/Admin/Menu.php (1 hunks)
  • includes/Admin/Posting.php (2 hunks)
  • includes/Admin/template-parts/modal.php (1 hunks)
  • includes/Admin/views/post-form.php (1 hunks)
  • includes/Assets.php (1 hunks)
  • includes/Fields/Form_Field_SectionBreak.php (1 hunks)
  • includes/Fields/Form_Field_reCaptcha.php (1 hunks)
  • includes/Fields/Form_Pro_Upgrade_Fields.php (2 hunks)
  • includes/Setup_Wizard.php (0 hunks)
  • languages/wp-user-frontend.pot (24 hunks)
  • package.json (2 hunks)
  • src/css/admin/form-builder.css (1 hunks)
  • tailwind.config.js (1 hunks)
  • tests/chrome_recordings/post form templates.json (1 hunks)
  • wpuf-functions.php (1 hunks)
💤 Files with no reviewable changes (7)
  • admin/form-builder/assets/less/form-builder.less
  • assets/css/admin.css
  • assets/css/frontend-forms.css
  • assets/css/wpuf-form-builder.css
  • assets/less/admin.less
  • assets/less/frontend-forms.less
  • includes/Setup_Wizard.php
✅ Files skipped from review due to trivial changes (5)
  • admin/form-builder/assets/js/components/form-multiple_select/template.php
  • includes/Admin/Forms/Post/Templates/Post_Form_Template_Events_Calendar.php
  • includes/Admin/Forms/Post/Templates/Post_Form_Template_Post.php
  • includes/Admin/Forms/Post/Templates/Post_Form_Template_WooCommerce.php
  • includes/Assets.php
🧰 Additional context used
🪛 GitHub Check: Run PHPCS inspection
admin/form-builder/views/form-builder-old.php

[warning] 12-12:
Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_tabs_{$form_type}", but found: "wpuf-form-builder-tabs-{$form_type}".


[warning] 42-42:
Processing form data without nonce verification.


[warning] 42-42:
Processing form data without nonce verification.


[warning] 59-59:
Processing form data without nonce verification.


[warning] 100-100:
Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_settings_tabs_{$form_type}", but found: "wpuf-form-builder-settings-tabs-{$form_type}".


[warning] 104-104:
Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_settings_tab_contents_{$form_type}", but found: "wpuf-form-builder-settings-tab-contents-{$form_type}".


[warning] 109-109:
Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_tab_contents_{$form_type}", but found: "wpuf-form-builder-tab-contents-{$form_type}".

admin/form-builder/views/form-builder.php

[warning] 54-54:
Processing form data without nonce verification.


[warning] 54-54:
Processing form data without nonce verification.


[failure] 63-63:
Missing $domain parameter in function call to esc_html_e().


[failure] 63-63:
The $text parameter must be a single text string literal. Found: __( 'Click to copy shortcode', 'wp-user-frontend' )


[failure] 63-63:
Missing $domain parameter in function call to esc_attr_e().


[failure] 63-63:
The $text parameter must be a single text string literal. Found: $shortcodes[0]['name']


[warning] 126-126:
Words in hook names should be separated using underscores. Expected: "wpuf_form_builder_tabs_{$form_type}", but found: "wpuf-form-builder-tabs-{$form_type}".

🪛 Biome (1.9.4)
src/css/admin/form-builder.css

[error] 46-46: Unexpected shorthand property background after background-color

(lint/suspicious/noShorthandPropertyOverrides)

🔇 Additional comments (75)
includes/Admin/views/post-form.php (2)

4-6: Verify styling compatibility with removed wrapper

The removal of the div.wrap class for newer versions might affect the styling of the form builder. Ensure that the new view implementation maintains consistent styling.

✅ Verification successful

Based on the search results, I can now generate the final response since we have enough context about the form builder implementation and wrapper usage.

The wrap class removal is safe - no styling dependencies found

The form builder's styling is self-contained within its own component CSS and does not rely on the .wrap class. The wrapper div was only used as a standard WordPress admin page container and its removal won't affect the form builder's styling because:

  1. The form builder is rendered via the wpuf_admin_form_builder action hook which has its own styling scope
  2. No CSS rules were found that depend on the .wrap class for form builder styling
  3. The .wrap class is only used as a generic admin page wrapper across different views
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any CSS dependencies on the wrap class

# Look for CSS rules targeting .wrap
rg -g "*.css" "\.wrap"

# Check for any inline styles in PHP files
rg -g "*.php" "\.wrap.*style"

Length of output: 1617


Script:

#!/bin/bash
# Let's check for more context about the form builder styling and implementation

# Check for any form builder related CSS classes and styles
rg -g "*.css" "form-builder|wpuf.*form"

# Check how the form builder is implemented in other files
rg -g "*.php" "wpuf_admin_form_builder"

# Check for any wrapper related classes in the form builder context
rg -g "*.{php,css}" -C 2 "wpuf.*wrap|form-builder.*wrap"

Length of output: 142421


Script:

#!/bin/bash
# Let's check for any form builder related markup and styling to understand the wrapper context

# Check for form builder template files
rg -g "*.php" -B 2 -A 2 "wpuf_admin_form_builder"

# Check for any form builder related div wrappers
rg -g "*.php" -B 2 -A 2 "class=\"wrap\""

# Check for any form builder specific CSS that may depend on the wrap class
rg -g "*.css" "\.wrap.*form-builder|form-builder.*\.wrap"

Length of output: 3933


2-10: Verify the implementation of the new form builder view

The conditional rendering based on version looks correct, but we should verify that the new action hook properly implements the form template modal functionality mentioned in the PR objectives.

Let's verify the implementation:

✅ Verification successful

Let me gather more information about the form builder implementation to verify the template modal functionality.


Let me check the implementation of the form builder and template modal functionality.


Based on the code analysis, I can now provide a final response about the form builder view implementation:

The form builder view and template modal are properly implemented

The conditional rendering in post-form.php is working as intended:

  • For older versions (< 4.0.12): Uses wpuf_admin_form_builder action with a div wrapper
  • For newer versions: Uses wpuf_admin_form_builder_view action directly

The implementation includes:

  1. Template modal functionality is properly included via modal.php
  2. Form builder view is loaded through Admin_Form_Builder class
  3. All necessary assets and scripts are enqueued correctly
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the implementation of wpuf_admin_form_builder_view action
# and related template modal functionality

# Find where the new action is added
rg -A 5 "add_action.*wpuf_admin_form_builder_view"

# Look for template modal implementation
ast-grep --pattern 'class TemplateModal {
  $$$
}'

# Check for form template related files
fd -e php template

Length of output: 3703


Script:

#!/bin/bash
# Check the implementation of form builder include method
ast-grep --pattern 'include_form_builder() {
  $$$
}'

# Look for template modal related code
rg -A 5 "template.*modal" -i

# Check the content of Admin_Template.php
cat "includes/Admin/Forms/Admin_Template.php"

Length of output: 130538


Script:

#!/bin/bash
# Check the form builder implementation
cat "includes/Admin/Forms/Admin_Form_Builder.php"

# Check if template modal is included in the form builder view
rg -A 5 "include.*modal" includes/Admin/Forms/Admin_Form_Builder.php

# Check the template modal implementation
cat "includes/Admin/template-parts/modal.php"

Length of output: 23214

admin/form-builder/assets/js/components/form-website_url/template.php (2)

9-9: LGTM! Improved semantic HTML and consistent styling

The changes improve both semantics and styling:

  • Using <p> instead of <span> is more semantic for help text
  • Tailwind classes ensure consistent styling across the form builder

4-4: Verify the builder_class_names implementation

The change from class_names to builder_class_names looks good, as it provides more specific context for form builder styling.

Let's verify the implementation of this method:

✅ Verification successful

Change from class_names to builder_class_names is correct and properly implemented

The change is verified and correct. The builder_class_names method is properly defined in both wpuf-form-builder-mixins.js and form-field.js mixins. The new method adds Tailwind CSS classes based on the input type, providing enhanced styling while maintaining the original functionality. For URL inputs, it adds appropriate classes like wpuf-block, wpuf-rounded-md, and other Tailwind utilities.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the builder_class_names method implementation and usage
# Expected: Find the method definition and consistent usage across components

# Check for the method definition
ast-grep --pattern 'builder_class_names'

# Check for consistent usage across components
rg -g '*/template.php' 'builder_class_names'

Length of output: 85


Script:

#!/bin/bash
# Let's try a broader search for both the old and new method names
# First, let's find all Vue-related files that might contain these methods
fd -e js -e vue . | xargs rg -l "class_names|builder_class_names"

# Then, let's look for any mixins or utility files that might define these methods
rg -g '*.{js,vue}' -l "methods.*class_names|methods.*builder_class_names"

# Finally, let's check the specific directory for related files
ls -la admin/form-builder/assets/js/

Length of output: 789


Script:

#!/bin/bash
# Let's examine the content of the mixin files that might define these methods
cat assets/js/wpuf-form-builder-mixins.js
cat admin/form-builder/assets/js/mixins/form-field.js

# Also check for any references to these methods in the form builder main file
rg -A 3 "class_names|builder_class_names" admin/form-builder/assets/js/form-builder.js

Length of output: 12703

admin/form-builder/assets/js/components/form-text_field/template.php (2)

9-9: LGTM! Improved semantic structure and styling

The changes enhance accessibility and visual consistency by:

  • Using semantic <p> tag for help text
  • Applying Tailwind utility classes for consistent spacing and typography
  • Maintaining proper text color hierarchy with gray-500

7-7: Verify the builder_class_names implementation

The change from class_names to builder_class_names appears to be part of standardizing class assignments across field types.

Let's verify the implementation and usage of this method:

✅ Verification successful

Change to builder_class_names is consistent with codebase patterns

The verification shows that:

  1. builder_class_names is properly implemented in the form builder mixins at admin/form-builder/assets/js/mixins/form-field.js
  2. The method is consistently used across multiple form field components for class assignments
  3. The change aligns with the standardized approach used in other components like email, url, textarea, taxonomy fields etc.
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the implementation and usage of builder_class_names

# Check for the implementation of builder_class_names
echo "Checking for builder_class_names implementation..."
rg -A 5 "builder_class_names"

# Check for consistent usage across other field components
echo "Checking usage in other field components..."
fd -e php -e vue . admin/form-builder/assets/js/components --exec rg -l "class_names\(" {} \;

Length of output: 16616

admin/form-builder/assets/js/components/form-custom_hidden_field/template.php (2)

9-9: LGTM! Improved semantic HTML and consistent styling

Good improvements:

  • Using <p> instead of <span> for help text is more semantic
  • Tailwind utility classes provide consistent spacing (wpuf-mt-2), text size (wpuf-text-sm), and color (wpuf-text-gray-500)

4-4: Verify the builder_class_names implementation

The change from class_names('textfield') to builder_class_names('text_hidden') suggests a move to a more semantic naming convention. Let's verify the implementation and styling.

✅ Verification successful

The builder_class_names implementation is verified and working as expected

The search results confirm that:

  1. The builder_class_names function is properly implemented in the form-field mixin (admin/form-builder/assets/js/mixins/form-field.js and assets/js/wpuf-form-builder-mixins.js)
  2. The function is consistently used across multiple form field components, including the custom hidden field
  3. The change from class_names('textfield') to builder_class_names('text_hidden') aligns with the codebase's pattern where:
    • class_names is used for basic class assignments
    • builder_class_names is used for enhanced styling with additional utility classes based on field type

The change is part of a broader pattern of semantic improvements in the form builder components and follows the established conventions in the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for builder_class_names implementation and usage
ast-grep --pattern 'builder_class_names'

# Search for text_hidden class styling
rg -g '*.css' -g '*.scss' 'text_hidden'

Length of output: 80


Script:

#!/bin/bash
# Search for builder_class_names or class_names function definitions and usages with more context
rg -A 5 "builder_class_names|class_names" --type js --type php

# Search for text_hidden or textfield class usage in any file
rg "text_hidden|textfield" --type js --type php --type css --type scss

Length of output: 30281

admin/form-builder/assets/js/components/form-email_address/template.php (2)

9-9: LGTM! Improved accessibility with semantic HTML

The change from <span> to <p> for help text improves semantic structure. The added Tailwind classes (wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500) provide consistent styling and better readability.


4-4: Verify the builder_class_names function implementation

The addition of builder_class_names('text') appears to be part of the Tailwind CSS integration. Let's ensure this function is properly implemented.

✅ Verification successful

Let me gather more information about the builder_class_names function definition since it wasn't found in the previous search.


Let me try one more search strategy to find the function definition.


Based on the search results, I found the builder_class_names function is being used consistently across multiple form components and templates, but I need to check one more specific location to verify its implementation.


The builder_class_names function is properly implemented and used correctly

The builder_class_names function is implemented in the form field mixin (wpuf_mixins.form_field_mixin) and returns appropriate Tailwind CSS classes based on the field type. For text inputs like email fields, it returns proper styling classes including border, padding, and text styles. The usage in the email component is correct and consistent with the implementation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for the builder_class_names function definition and its usage
ast-grep --pattern 'function builder_class_names($_) {
  $$$
}'

# Also check for any existing usage patterns
rg "builder_class_names\(" -A 2

Length of output: 7840


Script:

#!/bin/bash
# Search for any JavaScript/PHP files that might contain the builder_class_names definition
fd -e js -e php | xargs rg "builder_class_names\s*=|function\s+builder_class_names" -A 5

# Also check for any mixins or utility files that might contain this function
fd -e js -e php | xargs rg "mixin.*builder_class_names|export.*builder_class_names" -A 5

Length of output: 181


Script:

#!/bin/bash
# Look for Vue component or mixin files that might contain the builder_class_names
fd -e vue -e js | xargs rg "methods:|mixins:" -A 10 -B 2

# Also check for any class-related utility files
fd "class|util" -e js | xargs cat

# Check package.json to understand the project structure
cat package.json 2>/dev/null || true

Length of output: 131185


Script:

#!/bin/bash
# Check the mixins file specifically for builder_class_names implementation
cat assets/js/wpuf-form-builder-mixins.js 2>/dev/null || cat admin/form-builder/assets/js/wpuf-form-builder-mixins.js 2>/dev/null

Length of output: 10360

admin/form-builder/assets/js/components/form-post_tags/template.php (2)

11-11: LGTM! Semantic HTML improvement

The change from <span> to <p> for help text improves semantic structure and accessibility. The Tailwind classes provide consistent spacing and styling.


4-5: Review the use of !important flag in Tailwind classes

While the transition to Tailwind CSS and the new builder_class_names method improves styling consistency, the use of ! (important) flag in !wpuf-border-gray-300 might cause specificity issues.

Let's check if this pattern is consistent across other components:

Consider removing the ! flag if possible and managing specificity through proper class ordering or component-specific styles:

-class="wpuf-block wpuf-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm   placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300"
+class="wpuf-block wpuf-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm   placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border wpuf-border-gray-300"
✅ Verification successful

The use of !important flag in border classes appears to be a deliberate pattern

The verification shows that the !wpuf-border-gray-300 class with the important flag is consistently used across multiple form components:

  • form-post_tags/template.php
  • form-post_excerpt/template.php
  • form-multiple_select/template.php
  • form-post_title/template.php
  • form-dropdown_field/template.php

This consistent implementation across form input components suggests it's an intentional design decision to ensure border styling consistency, likely to override any default styles. The pattern is part of a standardized approach to form field styling.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for similar border class usage patterns across components
rg -g '*.php' -g '*.vue' '!wpuf-border-gray-300' admin/form-builder/

Length of output: 1468

admin/form-builder/assets/js/components/form-recaptcha/template.php (2)

7-9: LGTM! Clean improvements to type safety and responsive design.

The changes improve the code in two ways:

  1. Using !== for stricter type comparison
  2. Adding responsive width classes for better layout control across screen sizes

Line range hint 7-13: Verify reCAPTCHA accessibility settings for non-admin users

Since one of the PR objectives is to improve form accessibility for non-admin users, ensure that the reCAPTCHA integration doesn't create any barriers.

✅ Verification successful

Let me analyze the reCAPTCHA implementation further to verify accessibility concerns.


Based on the analysis of the reCAPTCHA implementation, I can now provide a final response regarding accessibility concerns.

reCAPTCHA implementation has adequate accessibility considerations

The implementation includes both standard and invisible reCAPTCHA options with proper error handling and validation:

  • The reCAPTCHA is implemented using official Google reCAPTCHA API which includes built-in accessibility features
  • Error messages are properly displayed when validation fails
  • The invisible reCAPTCHA option provides a less intrusive experience for users while maintaining security
  • The implementation includes proper fallback mechanisms and error states
  • The reCAPTCHA container uses standard HTML elements that work with screen readers
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for reCAPTCHA configuration and accessibility settings

# Search for reCAPTCHA configuration files
echo "Searching for reCAPTCHA configuration files..."
fd -e php -e js | rg -l "recaptcha"

# Look for any user role checks related to reCAPTCHA
echo "Checking for user role restrictions..."
rg -A 3 "current_user_can|user_can|capability" $(fd -e php)

# Check for any accessibility-related settings
echo "Checking for accessibility settings..."
rg -i "accessibility|aria|role" $(fd -e php -e js | rg "recaptcha")

Length of output: 57077


Script:

#!/bin/bash
# Check reCAPTCHA implementation details and accessibility features

# Look for reCAPTCHA configuration and initialization code
echo "Checking reCAPTCHA implementation..."
rg -A 5 "recaptcha_type|sitekey|data-sitekey|g-recaptcha" $(fd -e php -e js)

# Search for any accessibility-related attributes or ARIA labels
echo "Checking for accessibility attributes..."
rg -i "aria-label|role=|tabindex" $(fd -e php -e js | rg "recaptcha")

# Look for any error handling or validation messages
echo "Checking error handling..."
rg "recaptcha.*error|invalid.*recaptcha" $(fd -e php -e js)

Length of output: 121589

admin/form-builder/assets/js/components/form-textarea_field/template.php (1)

16-16: LGTM! Well-structured help text implementation

The help text implementation:

  • Uses semantic HTML with <p> tag
  • Follows Tailwind CSS conventions for styling
  • Properly handles HTML content with v-html
admin/form-builder/assets/js/components/form-post_excerpt/template.php (2)

5-5: LGTM! Verify consistent styling across components.

The Tailwind CSS classes enhance the textarea's visual appearance while maintaining functionality.

Let's verify consistent styling across other form components:

✅ Verification successful

Styling is consistent across form components

The Tailwind CSS classes are consistently applied across multiple form components including post title, post tags, post excerpt, and other form components. The styling maintains a uniform appearance with the same set of classes:

  • All components use the same wpuf- prefixed Tailwind classes
  • Identical styling for input/textarea elements including padding, colors, borders, and responsive behavior
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistent textarea styling across components
# Look for any textareas that might have different styling

rg -g '*.php' -g '*.vue' 'class=".*textareafield.*"' --type-add 'vue:*.vue'

Length of output: 2596


Script:

#!/bin/bash
# Let's check the actual class_names and builder_class_names functions to understand the styling
ast-grep --pattern 'class_names'

Length of output: 32


Script:

#!/bin/bash
# Let's try a different approach to find the class_names function definition
rg -g '*.{js,vue,php}' "function.*class_names|methods.*class_names" -B 2 -A 5

Length of output: 79


Script:

#!/bin/bash
# Let's check the actual implementation of the textarea components to compare styling
rg -g '*.php' -g '*.vue' 'wpuf-block wpuf-w-full wpuf-rounded-md' --type-add 'vue:*.vue'

Length of output: 1630


Line range hint 1-14: Verify if changes address admin-only access issue.

While the styling improvements are welcome, the changes in this file appear to be purely cosmetic and don't address the core issue mentioned in #643 regarding admin-only access to the frontend post form. Consider adding role-based visibility controls or documenting how this fits into the larger solution.

Let's check for any role-based access controls:

tailwind.config.js (2)

Line range hint 1-28: Document prefix usage and review DaisyUI configuration.

A few suggestions for improving the configuration:

  1. Consider documenting the wpuf- prefix purpose and usage in a comment
  2. The empty DaisyUI themes array might indicate unused functionality. Consider either configuring themes or removing the plugin if not needed.

Let's check the DaisyUI usage:

✅ Verification successful

DaisyUI plugin is actively used and prefix is documented

Based on the verification results:

  1. DaisyUI is properly configured and actively used:

    • It's a dev dependency in package.json ("daisyui": "^4.12.2")
    • Several DaisyUI classes like btn-, modal-, and drawer- are found in use across multiple files
  2. The wpuf- prefix is well documented and used:

    • Found in documentation with shortcode examples like [wpuf-login], [wpuf-registration]
    • Consistently used across the codebase in class names and identifiers
    • Helps prevent style conflicts with other plugins/themes as intended

The configuration is well-structured and both the DaisyUI plugin and prefix are being utilized effectively. No changes needed.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for DaisyUI class usage
rg "data-theme|btn-|modal-|drawer-" --type=php --type=vue

# Check if the prefix is consistently used
rg "class=[\"\'](?!wpuf-)[^\"\']+" --type=php --type=vue

Length of output: 252


Script:

#!/bin/bash
# Search for DaisyUI class usage with fixed regex and file types
rg -t js -t jsx -t ts -t tsx -t html -t php "(data-theme|btn-|modal-|drawer-)"

# Check for class attributes that don't start with wpuf- prefix
rg -t js -t jsx -t ts -t tsx -t html -t php 'class="[^"]*[^w]puf-|class="(?!wpuf-)[^"]+"|class=\'(?!wpuf-)[^\']+\''

# Look for any documentation about the prefix
rg -t md -t txt "wpuf-" 

# Check if daisyui is actually imported/used in the JavaScript/TypeScript files
rg "daisyui" -t js -t jsx -t ts -t tsx

Length of output: 407


Script:

#!/bin/bash
# Search for DaisyUI class usage with simpler pattern and correct file types
rg -t js -t html -t php "(data-theme|btn-|modal-|drawer-)"

# Look for any documentation about the prefix in README or docs
fd -e md -e txt -x cat {} | rg "wpuf-"

# Check if daisyui is actually used in the codebase
rg -t js -t html -t php "daisyui"

# Check package.json for daisyui dependency
fd "package.json" -x cat {}

Length of output: 48394


12-17: Verify color accessibility and consider semantic naming.

The chosen colors need to be verified for accessibility:

  • primary (#166534) is a deep green
  • primaryHover (#15803d) is a slightly lighter green

Consider:

  1. Verifying these colors meet WCAG 2.1 contrast requirements for text and interactive elements
  2. Using more semantic names like brand-primary and brand-primary-hover to better indicate their purpose

Let's check if these colors are used consistently across the codebase:

admin/form-builder/assets/js/components/form-dropdown_field/template.php (1)

4-4: Ensure consistent class naming convention across components

The Tailwind classes follow the wpuf- prefix convention, which is good for preventing conflicts. However, verify that this naming pattern is consistently applied across all form components.

✅ Verification successful

All Tailwind classes follow the wpuf- prefix convention

Looking at the dropdown field template code, all Tailwind utility classes consistently use the wpuf- prefix, including:

  • Layout classes: wpuf-block, wpuf-w-full, wpuf-min-w-full
  • Spacing: wpuf-py-1.5
  • Typography: wpuf-text-gray-900, wpuf-text-sm
  • Visual styles: wpuf-rounded-md, wpuf-shadow-sm, wpuf-border
  • Responsive prefixes: sm:wpuf-text-sm, sm:wpuf-leading-6
  • States: placeholder:wpuf-text-gray-400

The naming convention is properly maintained throughout the component, preventing potential CSS conflicts.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistency in Tailwind class prefix usage across components
# Expected: All Tailwind classes should have 'wpuf-' prefix

# Search for Tailwind classes without 'wpuf-' prefix in component templates
rg 'class="[^"]*(?<!wpuf-)(flex|w-|text-|border|rounded|shadow|py-|px-|mt-|mb-|mr-|ml-)[^"]*"' "admin/form-builder/assets/js/components/"

Length of output: 443


Script:

#!/bin/bash
# Let's try a simpler approach to check class patterns across components
# Look for class attributes in component files
rg -B1 -A1 'class="[^"]*"' "admin/form-builder/assets/js/components/" --type php

Length of output: 83190


Script:

#!/bin/bash
# Let's check for any Tailwind classes without wpuf- prefix in the dropdown field template specifically
rg -A2 -B2 'class="[^"]*"' "admin/form-builder/assets/js/components/form-dropdown_field/template.php"

Length of output: 642

admin/form-builder/assets/js/components/form-section_break/template.php (2)

1-8: LGTM! Clean implementation of the regular divider.

The implementation maintains backward compatibility while enhancing the visual presentation with a clean border element. The conditional rendering is well-structured.


1-18: Verify integration with form template modal.

The section break component enhancements align well with the PR objectives. Please ensure that these visual improvements are consistently applied when rendering both pre-defined templates and blank form templates in the new modal.

✅ Verification successful

Let me gather more information about the form template modal integration.


Based on the search results, I can see that the section break component is consistently implemented across both the form builder interface and the form rendering logic. The divider styles are properly handled in both template files and the core rendering classes. Let me verify the template modal integration specifically.


Let me check the actual modal template implementation to verify the integration.


Based on the verification results, I can now provide a conclusive response:

Section break component is properly integrated with form template modal

The implementation shows consistent handling of section breaks across both the form builder and template rendering:

  1. The section break styles are properly defined in the template modal (includes/Admin/template-parts/modal.php)
  2. The core rendering classes (class/render-form.php and includes/Render_Form.php) handle both regular and dashed divider styles
  3. The section break component is consistently implemented in both pre-defined templates and blank form templates
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistent usage of section break styles across template files

# Search for section break usage in template files
rg -A 5 "wpuf-section-wrap" --type php

# Check for divider property usage in form templates
ast-grep --pattern 'field.divider'

Length of output: 4587


Script:

#!/bin/bash
# Check for form template modal implementation and section break field handling
rg -A 5 "form.*template.*modal" --type php --type js

# Search for section break field type definitions and configurations
rg -A 5 "section_break|sectionBreak" --type js --type php

# Look for template rendering logic
rg -A 5 "renderTemplate|render.*template" --type js --type php

Length of output: 146997


Script:

#!/bin/bash
# Check for form template modal implementation and section break handling
rg -A 5 "form.*template.*modal.*section" --type php --type js

# Look for section break field handling in template-related code
rg -A 5 "section_break.*template" --type php --type js

# Check template modal HTML structure
rg -l "wpuf-form-template-modal" --type php

Length of output: 204


Script:

#!/bin/bash
# Check the modal template content
cat includes/Admin/template-parts/modal.php

# Look for form template rendering logic
rg -A 5 "render.*template" --type php --type js

# Check for section break field registration in form builder
rg -A 5 "registerField.*section_break|addField.*section_break" --type js

Length of output: 124715

includes/Admin/Forms/Post/Templates/Pro_Form_Preview_EDD.php (1)

30-30: LGTM! Verify consistency across other templates.

The switch to SVG format aligns with modern web practices for better scaling across different screen sizes.

Let's verify the consistency of this change across other template files:

✅ Verification successful

All template files consistently use SVG format

The verification confirms that all template preview images across different template files are using SVG format consistently:

  • Post template: post.svg
  • WooCommerce template: woocommerce.svg
  • EDD template: edd.svg
  • Events Calendar template: post.svg

Additionally, the edd.svg file exists in the correct location at assets/images/templates/.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if all template preview images use SVG format consistently

# Search for template image assignments in all PHP files
rg -t php "WPUF_ASSET_URI.*templates/.*\.(png|svg)" includes/Admin/Forms/Post/Templates/

# Verify the existence of the SVG file
fd -t f "edd.svg$" assets/images/templates/

Length of output: 881

admin/form-builder/assets/js/components/form-featured_image/template.php (3)

10-12: LGTM! Well-structured SVG icon implementation.

The SVG icon implementation follows best practices:

  • Uses semantic viewBox and stroke attributes
  • Includes proper path descriptions
  • Maintains consistent sizing with Tailwind classes

19-19: Good semantic improvement with paragraph element.

The change from <span> to <p> improves semantic structure and readability. The Tailwind classes provide consistent spacing and typography.


1-20: Verify integration with the new form template modal.

While the component changes look good, we should verify that this featured image upload component works correctly within the new form template modal context.

✅ Verification successful

Featured image component is properly integrated with form template modal

The verification shows that the featured image component is well integrated within the form builder system:

  1. The component is properly registered in the form builder (includes/Admin/Forms/Field_Manager.php)
  2. It's included in the default templates (includes/Admin/Forms/Post/Templates/Post_Form_Template_Post.php)
  3. The template modal (includes/Admin/template-parts/modal.php) correctly loads form templates
  4. The component's template (assets/js-templates/form-components.php) matches the implementation in the reviewed file

The changes to the featured image component's template align with the modal's styling and accessibility improvements, maintaining consistency across the form builder interface.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for related template modal components and their interaction
rg -l "form-template-modal" --type php
rg -l "featured_image.*template-modal" --type php

Length of output: 130


Script:

#!/bin/bash
# Let's check the modal implementation and form builder integration
cat includes/Admin/template-parts/modal.php

# Check for featured image component registration and integration
rg -A 5 "featured_image" --type php

Length of output: 29061

admin/form-builder/assets/js/components/form-image_upload/template.php (2)

14-16: Duplicate implementation noted.

This segment will be improved by the previous SVG optimization suggestion.


23-23: ⚠️ Potential issue

Security: Ensure help text is sanitized before v-html rendering.

Using v-html with unsanitized content can expose the application to XSS attacks. Verify that field.help is properly sanitized before rendering.

src/css/admin/form-builder.css (3)

1-3: LGTM: Tailwind imports are correctly structured.

The Tailwind CSS layers are imported in the correct order: base, components, and utilities.


15-31: LGTM: Well-structured transition utilities.

The transition utilities are well-defined with appropriate values for smooth animations and follow Tailwind's naming conventions.


33-40: LGTM: Clean dropdown transition implementation.

The dropdown transitions effectively combine opacity and scale transforms for a smooth animation effect.

admin/form-builder/assets/js/components/form-taxonomy/template.php (5)

10-12: LGTM!

The class binding implementation is consistent and well-structured.


21-21: LGTM!

The class binding implementation maintains consistency with other select elements.


40-46: Verify builder_class_names implementation for consistency.

The changes improve accessibility and styling, but we should verify the builder_class_names implementation for consistent class generation across different field types.

✅ Verification successful

Let me analyze the results and generate a final response.

builder_class_names implementation is consistent across form components

The implementation of builder_class_names is consistently used across different form components for class generation:

  • It's defined in the form-field mixin and handles various field types (text, url, select, etc.)
  • All form components (text_field, textarea_field, taxonomy, email_address, etc.) use it with appropriate type parameters
  • The class generation follows a consistent pattern for similar field types (e.g., text inputs share common classes)
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for builder_class_names implementation and usage
rg -A 5 "builder_class_names" 

# Check for any existing class name patterns in text inputs
ast-grep --pattern 'class="$_"' 

Length of output: 15201


4-6: Fix spacing in v-html directive and verify term data sanitization.

The spacing in the v-html directive is inconsistent. Additionally, using v-html with unsanitized term data could pose security risks.

Apply this spacing fix:

-        v-html ="get_term_dropdown_options()">
+        v-html="get_term_dropdown_options()">

Let's verify the term sanitization:

✅ Verification successful

Let me analyze the implementation of get_term_dropdown_options to verify term data handling. I'll check how the term data is processed before being rendered.


Based on the code analysis, I can now generate the final response:

Fix spacing in v-html directive - XSS concerns are addressed.

The spacing issue should be fixed, but the XSS concern is not a problem here. The get_term_dropdown_options() implementation shows proper handling of term data:

  • It only uses sanitized term properties (id, name)
  • Constructs HTML options with proper value escaping
  • No user-provided content is directly rendered
  • Fix the spacing:
-        v-html ="get_term_dropdown_options()">
+        v-html="get_term_dropdown_options()">
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for term sanitization in the codebase
rg -A 5 "get_term_dropdown_options" 

Length of output: 5854


Script:

#!/bin/bash
# Search for term data source and processing
rg -A 10 "term\." admin/form-builder/assets/js/components/form-taxonomy/index.js

Length of output: 2593


Line range hint 1-46: Consider user role access implementation.

While the template improvements enhance the UI, the changes don't address the core issue mentioned in #643 regarding admin-only access to the frontend post form. Consider implementing role-based access control or documenting how this will be addressed in subsequent changes.

package.json (1)

Line range hint 29-41: Review build tooling complexity

The project is using both Grunt and Vite as build tools, with PostCSS processing now added through Grunt. This dual build system could lead to maintenance complexity and potential conflicts.

Consider:

  1. Consolidating the build process under Vite, which has built-in PostCSS support
  2. Or documenting the specific responsibilities of each build tool

Let's check the build configuration:

admin/form-builder/assets/js/mixins/add-form-field.js (2)

Line range hint 1-54: LGTM - Changes align with PR objectives

The addition of styled action buttons through the computed property supports the PR's goal of enhancing the form template modal interface. The existing form field addition logic remains intact while the UI receives a consistent styling upgrade.


49-54: Verify Tailwind CSS class consistency and accessibility

The new computed property adds Tailwind CSS classes for action buttons. While the implementation is clean, consider the following suggestions:

Run this script to verify class consistency across components:

Consider:

  1. Document these classes in a shared design system file if not already done
  2. Add focus states for keyboard navigation (focus: variants)
  3. Ensure color contrast ratios meet WCAG guidelines for hover states
✅ Verification successful

Based on the results, I can now provide a final response:

Tailwind CSS classes are consistently used across components

The implementation of action_button_classes follows the established pattern of using prefixed Tailwind CSS classes (wpuf-) that is consistently used across the codebase. The hover states and padding values match other button implementations. Focus states for keyboard navigation are also properly handled in other components.

Key findings:

  • Consistent use of wpuf- prefix across components
  • Similar hover patterns (hover:wpuf-cursor-pointer, hover:wpuf-text-white) used in multiple components
  • Padding class wpuf-p-2 matches other button implementations
  • Focus states (focus:wpuf-) are implemented in related components like Header.vue
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistent usage of Tailwind classes and prefixes

# Search for similar button class patterns
echo "Checking button class patterns:"
rg -g '*.{js,vue}' "wpuf-p-[0-9]|wpuf-cursor-pointer|wpuf-text-white"

# Check for other hover implementations
echo -e "\nChecking hover implementations:"
rg -g '*.{js,vue}' "hover:wpuf-"

# Look for potential design system definitions
echo -e "\nChecking for design system definitions:"
fd -e js -e vue -e css | xargs rg "tailwind|theme|design-system"

Length of output: 142849

admin/form-builder/assets/js/mixins/form-field.js (1)

36-60: Verify accessibility of styled form elements

The new Tailwind classes affect the visual presentation of form elements. Let's ensure they maintain proper accessibility.

✅ Verification successful

Let me try another search strategy to verify accessibility concerns.


Based on the verification results, I can now provide a final response:

Form elements maintain proper accessibility standards

The new Tailwind classes for form elements are complemented by:

  • Proper label associations using for attributes
  • ARIA attributes on interactive elements (role, aria-checked, etc.)
  • Semantic HTML structure with labels and form controls
  • Screen reader support through aria-hidden and wpuf-sr-only classes

The styling changes maintain accessibility while improving visual presentation. The form builder implements accessibility best practices for form controls.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential accessibility issues in form templates

# Search for aria attributes and roles in form templates
echo "Checking for ARIA attributes in form templates..."
rg -l "aria-|role=" "admin/form-builder/assets/js/components/form-*"

# Check contrast ratio requirements in Tailwind config
echo "Checking Tailwind configuration for contrast settings..."
fd -t f "tailwind.config" -x cat {} \; 

Length of output: 1066


Script:

#!/bin/bash
# Search for form field components and templates
echo "Searching for form field components..."
fd -t f "form-field" -x cat {} \;

# Search for any accessibility-related attributes in the entire codebase
echo "Checking for accessibility attributes in the codebase..."
rg -A 2 "aria-|role=|tabindex|alt=|title=" "admin/form-builder"

# Check for label associations
echo "Checking for label associations..."
rg -A 2 "<label|:for=|v-bind:for" "admin/form-builder"

Length of output: 23803

includes/Fields/Form_Field_SectionBreak.php (1)

92-92: Verify the template implementation of the divider property

The new 'divider' property should have corresponding handling in the Vue.js template.

✅ Verification successful

The divider property is properly implemented in the template

The template correctly handles the divider property with appropriate conditional rendering:

  • Default/regular divider: v-if="!field.divider || field.divider === 'regular'"
  • Dashed divider: v-else-if="field.divider === 'dashed'"
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for usage of the divider property in Vue templates
rg -t php -t vue "field\.divider" admin/form-builder/assets/

Length of output: 90


Script:

#!/bin/bash
# Search for divider-related code in all files under admin/form-builder/assets
rg "divider" admin/form-builder/assets/

Length of output: 291


Script:

#!/bin/bash
# Get more context around the divider usage in the template
rg -B 2 -A 2 "divider" admin/form-builder/assets/js/components/form-section_break/template.php

Length of output: 463

includes/Fields/Form_Pro_Upgrade_Fields.php (2)

13-14: LGTM! Field registration follows established patterns

The new field registrations maintain consistency with existing code structure and are logically placed in the fields array.


Line range hint 1-91: Verify integration with form accessibility improvements

While the new field types enhance the form builder's capabilities, please clarify how these changes relate to the form accessibility issue (#643) mentioned in the PR objectives. Are there additional changes needed to ensure these fields work correctly for non-admin users?

includes/Fields/Form_Field_reCaptcha.php (2)

190-198: LGTM! Clean implementation of the full-width property.

The new is_full_width() method is well-documented and follows the class's existing coding style. This change aligns with the broader styling improvements being made across the project.


Line range hint 1-198: Consider addressing the admin-only access issue.

While the styling changes are good, the core issue mentioned in #643 about the form being accessible only to admin users isn't addressed in this file. The reCAPTCHA field's rendering logic might need to be reviewed for any role-based restrictions.

Let's verify if there are any role-based restrictions in the codebase:

includes/Admin/Forms/Post/Templates/Form_Template.php (2)

Line range hint 1-248: Verify alignment with PR objectives

While the changes enhance the form template modal, they don't appear to directly address the frontend form accessibility issue mentioned in #643 (frontend post form working only for admin users). Please clarify how these changes contribute to resolving that issue.


19-19: Verify the new location for rendering post form templates

The action hook for rendering post form templates in the admin footer has been commented out. Please verify:

  1. Where is the template rendering functionality moved to?
  2. Is this change intentional as part of the form modal enhancement?
✅ Verification successful

Let me analyze the search results to verify the template rendering functionality.

The search results show:

  1. The commented out line is in includes/Admin/Forms/Post/Templates/Form_Template.php:
// add_action( 'admin_footer', [ $this, 'render_post_form_templates' ] );
  1. The render_post_form_templates() method is still present in the same file and is responsible for rendering form templates in a modal dialog.

  2. The modal template rendering is now handled through:

$modal = WPUF_ROOT . '/includes/Admin/template-parts/modal.php';
wpuf_include_once( $modal );
  1. The modal template is loaded from includes/Admin/template-parts/modal.php which contains the template selection UI.

Based on this evidence, I can generate the final response:

The template rendering has been moved from admin footer to a dedicated modal component

The action hook for rendering templates in admin footer was intentionally commented out as the functionality has been moved to a dedicated modal component at includes/Admin/template-parts/modal.php. This is an architectural improvement that:

  1. Better encapsulates the template selection UI
  2. Uses a proper modal dialog instead of injecting into admin footer
  3. Still provides the same template selection functionality
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for alternative template rendering implementations
rg -A 5 "render_post_form_templates" --type php

# Search for any new modal or template rendering hooks
rg -A 5 "add_action.*modal|template" --type php

Length of output: 131170

Gruntfile.js (2)

121-133: Verify watch patterns align with tailwind processing needs

The watch task monitors a broad range of files (src/css/**/*.css, PHP files in multiple directories), but the tailwindFileMap only processes one file. This mismatch could lead to unnecessary task triggers.

Consider:

  1. Aligning watch patterns with actual files that need Tailwind processing
  2. Or expanding tailwindFileMap to cover all watched files

3-5: 🛠️ Refactor suggestion

Consider expanding the tailwind file mapping

The tailwindFileMap only includes mapping for form-builder.php, but the watch task monitors multiple PHP files. Consider adding mappings for other PHP files that require Tailwind processing.

includes/Admin/Forms/Admin_Form_Builder.php (3)

269-273: LGTM: Clean version-based template inclusion

The version check provides a clean way to handle backward compatibility with older pro versions.


277-277: LGTM: Improved documentation clarity

The updated documentation better describes the purpose of the i18n strings.


51-51: Verify the necessity of dual action hooks

The same method include_form_builder is now hooked to both wpuf_admin_form_builder and wpuf_admin_form_builder_view. Please verify if both hooks are necessary or if this is potentially redundant.

✅ Verification successful

Let me gather more context about the form builder implementation to understand if these hooks serve different purposes.


Both action hooks are necessary for version compatibility

The dual hooks are intentionally implemented as part of a version compatibility check. The code in post-form.php shows that:

  • wpuf_admin_form_builder is used for versions before WPUF PRO 4.0.12
  • wpuf_admin_form_builder_view is used for version 4.0.12 and above

The different hooks also serve different HTML structures:

  • The older hook is wrapped in a div with class wrap
  • The newer hook is used directly without the wrapper
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for usages of both action hooks to understand their contexts
rg "do_action\(\s*['\"]wpuf_admin_form_builder['\"]" -A 2
rg "do_action\(\s*['\"]wpuf_admin_form_builder_view['\"]" -A 2

Length of output: 474


Script:

#!/bin/bash
# Check the content of the post-form.php file to understand the context
cat includes/Admin/views/post-form.php

# Look for any conditional logic around these hooks
rg -B 3 -A 3 "wpuf_admin_form_builder"

# Check the include_form_builder method implementation
ast-grep --pattern 'function include_form_builder() {
  $$$
}'

Length of output: 1911

admin/form-builder/assets/js/components/form-column_field/index.js (1)

122-125: Verify Tailwind CSS integration across components

The new computed property introduces Tailwind CSS classes. While the implementation is correct, ensure consistent usage of Tailwind CSS across other components for maintainable styling.

includes/Admin/Menu.php (1)

120-121: Verify template data sanitization

Ensure that the template data retrieved from wpuf_get_post_form_templates() and wpuf_get_pro_form_previews() is properly sanitized before use in the modal.

✅ Verification successful

Let me verify the template data sanitization by checking the implementation of these functions.


Let me check how these templates are used in the form builder and if there's any sanitization before display.


Let me check the Form_Template base class and how the template data is handled before display.


Based on the code analysis, I can now provide a final response about the template data sanitization:

Template data is properly sanitized and escaped

The template data is handled securely through multiple layers:

  1. The template registry is populated through proper class instantiation and filtered through WordPress hooks
  2. Template data display is properly escaped:
    • Template titles are escaped with esc_html()
    • Template values in select options use esc_attr()
    • Template descriptions use esc_html_e()
  3. User input when selecting templates is sanitized using sanitize_text_field()

The implementation follows WordPress security best practices for both data sanitization on input and escaping on output.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for sanitization in template retrieval functions

# Search for template retrieval function definitions
ast-grep --pattern 'function wpuf_get_post_form_templates() {
  $$$
}'

ast-grep --pattern 'function wpuf_get_pro_form_previews() {
  $$$
}'

# Search for any sanitization functions used with templates
rg -A 5 'sanitize_[^(]+\(' --type php

Length of output: 131256


Script:

#!/bin/bash
# Search for template retrieval functions
rg -A 10 "function wpuf_get_post_form_templates" --type php
rg -A 10 "function wpuf_get_pro_form_previews" --type php

Length of output: 1115


Script:

#!/bin/bash
# Search for where templates are used and any sanitization
rg -A 5 "wpuf_get_post_form_templates|wpuf_get_pro_form_previews" --type php

# Search for Post_Form_Template_Post class implementation
rg -A 10 "class Post_Form_Template_Post" --type php

Length of output: 5557


Script:

#!/bin/bash
# Search for Form_Template class implementation and template rendering
rg -B 5 -A 15 "class Form_Template" --type php

# Search for template data escaping in template files
rg -A 5 "esc_|sanitize_" includes/Admin/Forms/Post/Templates/ --type php

Length of output: 11977

includes/Admin/Forms/Admin_Form.php (1)

Line range hint 1-1: Verify alignment with PR objectives

While the UI improvements are valuable, the changes don't appear to address the core issue mentioned in #643 regarding admin-only access to the frontend post form. Consider adding the necessary access control modifications to resolve this issue.

Let's verify the current access control implementation:

includes/Admin/Posting.php (1)

25-25: LGTM: Action hook registration is correct.

The new action hook is properly registered using admin_enqueue_scripts for managing admin-side assets.

admin/form-builder/assets/js/form-builder.js (4)

413-418: LGTM: New data properties enhance state management

The new data properties improve the form builder's state management by tracking:

  • Form changes with isDirty
  • Multistep functionality with enableMultistep
  • UI feedback with shortcodeCopied
  • Tab navigation with active_tab and active_settings_tab

456-456: LGTM: Meta field key computation fix

The addition of the closing brace fixes the syntax error in the meta_field_key computed property.


494-503: LGTM: Improved clipboard feedback

The enhancement provides better user feedback when copying shortcodes by:

  • Updating tooltip text
  • Managing tooltip visibility
  • Resetting state after delay

893-897: LGTM: Clean up commented code

Good practice to remove commented-out code that's no longer needed.

assets/js/wpuf-form-builder.js (4)

413-418: LGTM: New Vue instance data properties are well-structured

The new data properties are properly initialized and follow Vue.js best practices. They enhance the form builder's functionality by tracking form state and UI elements.


456-456: LGTM: Meta field key computation fix

The closing brace addition fixes the syntax and properly closes the computed property block.


494-503: LGTM: Improved clipboard feedback mechanism

The clipboard functionality now provides better user feedback with proper tooltip management and state handling.


517-518: LGTM: Clean implementation of settings tab handler

The setActiveSettingsTab method is concise and follows the single responsibility principle.

languages/wp-user-frontend.pot (3)

Line range hint 1-24: LGTM! File header and metadata are properly updated.

The POT file header contains all required metadata including updated creation date, proper charset, and translation configuration.


356-359: LGTM! New translation strings are properly formatted.

The new strings for multistep form functionality are well-formatted and provide clear context for translators.


Line range hint 1-7899: LGTM! Translation file follows WordPress i18n best practices.

The POT file is well-organized with:

  • Proper grouping of related strings
  • Consistent msgid/msgstr formatting
  • Helpful translator comments
admin/form-builder/assets/js/components/builder-stage/template.php (2)

129-131: Ensure data displayed is properly escaped

While Vue.js templates are generally safe, ensure that field.name and field.meta_value are sanitized to prevent any potential security issues if these fields contain untrusted data.

[security]

Verify that field.name and field.meta_value contain safe values or apply appropriate sanitization.


106-108: Validate SVG content for security and performance

Embedded SVGs should be reviewed to ensure they do not contain malicious content and are optimized for performance.

[security]
[performance]

Confirm that the SVG paths are safe and consider optimizing the SVG code to remove unnecessary data.

assets/js-templates/form-components.php (3)

Line range hint 997-1003: Check for reCAPTCHA API keys before rendering

The template checks for has_recaptcha_api_keys, but ensure that this condition accurately reflects the availability of the keys and that appropriate user feedback is provided if keys are missing.


535-551: Consistent handling of inline forms

There are conditional checks for field.inline !== 'yes' and field.inline === 'yes'. Ensure that the logic is consistent across different field types and that the styling matches the intended design.

Also applies to: 954-984


546-547: ⚠️ Potential issue

Fix the syntax error in the <input> element's :class binding

The :class binding is missing a closing quotation mark, and the <input> tag is improperly closed, resulting in invalid template syntax.

Apply this diff to fix the syntax error:

-                        :class="class_names('checkbox_btns')
-                        class="wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 !wpuf-mt-0.5">
+                        :class="[class_names('checkbox_btns'), 'wpuf-h-4 wpuf-w-4 wpuf-rounded wpuf-border-gray-300 wpuf-text-indigo-600 focus:wpuf-ring-indigo-600 !wpuf-mt-0.5']"
+                    >

Likely invalid or redundant comment.

wpuf-functions.php (3)

985-988: Appropriate check before calling render_field_data method

The addition ensures that $wpuf_field is not empty and the method render_field_data exists before calling it, which prevents potential errors.


Line range hint 1527-1566: Helper function for retrieving image sizes added correctly

The function wpuf_get_image_sizes_array effectively collects image size information, handling both standard and additional image sizes.


Line range hint 1633-1650: Function wpuf_get_post_forms successfully relocated

The wpuf_get_post_forms function has been moved to wpuf-functions.php, improving code organization and maintainability.

>
<span v-if="field.help" class="wpuf-help" v-html="field.help" />
<p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-html="field.help"></p>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Sanitize HTML content to prevent XSS attacks

The use of v-html directive with potentially user-provided help text could expose the application to XSS attacks. Consider using a sanitization library or switch to v-text if HTML rendering isn't required.

-<p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-html="field.help"></p>
+<p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-text="field.help"></p>

If HTML rendering is necessary, consider using a sanitization library:

import DOMPurify from 'dompurify';

// In your component
computed: {
  sanitizedHelp() {
    return this.field.help ? DOMPurify.sanitize(this.field.help) : '';
  }
}

Then use it in the template:

-<p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-html="field.help"></p>
+<p v-if="field.help" class="wpuf-mt-2 wpuf-text-sm wpuf-text-gray-500" v-html="sanitizedHelp"></p>

Comment on lines +5 to +8
:default="field.default"
:rows="field.rows"
:cols="field.cols"
>{{ field.default }}</textarea>
:class="builder_class_names('textareafield')">{{ field.default }}</textarea>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove redundant default value initialization

The textarea has both a :default binding and interpolated content {{ field.default }}, which could lead to duplicate initialization. Consider using only one method to set the default value.

    <textarea
        v-if="'no' === field.rich"
        :placeholder="field.placeholder"
-        :default="field.default"
        :rows="field.rows"
        :cols="field.cols"
-        :class="builder_class_names('textareafield')">{{ field.default }}</textarea>
+        :class="builder_class_names('textareafield')"
+        v-model="field.default"></textarea>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
:default="field.default"
:rows="field.rows"
:cols="field.cols"
>{{ field.default }}</textarea>
:class="builder_class_names('textareafield')">{{ field.default }}</textarea>
:placeholder="field.placeholder"
:rows="field.rows"
:cols="field.cols"
:class="builder_class_names('textareafield')"
v-model="field.default"></textarea>

Comment on lines +4 to +10
content: [
'./assets/**/*.{js,jsx,ts,tsx,vue,html}',
'./includes/Admin/views/*.php',
'./includes/Admin/template-parts/*.php',
'./admin/form-builder/views/*.php',
'./admin/form-builder/assets/js/**/*.php',
],
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

The ./admin/form-builder/assets/js/**/*.php pattern is valid and necessary. Consider adding frontend template paths.

The verification shows:

  1. The broad PHP pattern in the JS directory is justified as there are numerous PHP template files for form builder components.
  2. There are frontend templates in ./templates and ./includes/Frontend that could benefit from Tailwind processing.

Suggested paths to add:

  • ./templates/**/*.php
  • ./includes/Frontend/*.php
🔗 Analysis chain

Consider adding frontend template paths and optimizing glob patterns.

While the paths cover admin and form builder components, there are two considerations:

  1. Given that the PR objectives mention improving frontend form access, consider adding paths for frontend template files.
  2. The pattern ./admin/form-builder/assets/js/**/*.php seems overly broad for PHP files within a JS directory.

Let's verify the existence and necessity of PHP files in the JS directory:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if there are any PHP files in the JS directory
fd -e php . "./admin/form-builder/assets/js"

# Find all template files in the frontend directory that might need Tailwind processing
fd -e php . "./templates" "./frontend" "./includes/Frontend"

Length of output: 4196

Comment on lines 2 to 11
<select
:class="class_names('select_lbl')"
>
class="wpuf-block wpuf-w-full wpuf-min-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300">
<option v-if="field.first" value="">{{ field.first }}</option>

<option
v-if="has_options"
v-for="(label, val) in field.options"
:value="label"
:selected="is_selected(label)"
>{{ label }}</option>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance accessibility for non-admin users

Given that issue #643 mentions form accessibility for non-admin users, consider adding proper ARIA attributes and labels to the select element.

Apply these accessibility improvements:

     <select
         :class="class_names('select_lbl')"
         class="wpuf-block wpuf-w-full wpuf-min-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm   placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300"
+        :aria-label="field.label"
+        :aria-required="field.required ? 'true' : 'false'"
+        :aria-describedby="field.help ? 'help_' + field.name : undefined"
+        :id="'field_' + field.name"
     >
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<select
:class="class_names('select_lbl')"
>
class="wpuf-block wpuf-w-full wpuf-min-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300">
<option v-if="field.first" value="">{{ field.first }}</option>
<option
v-if="has_options"
v-for="(label, val) in field.options"
:value="label"
:selected="is_selected(label)"
>{{ label }}</option>
<select
:class="class_names('select_lbl')"
class="wpuf-block wpuf-w-full wpuf-min-w-full wpuf-rounded-md wpuf-py-1.5 wpuf-text-gray-900 wpuf-shadow-sm placeholder:wpuf-text-gray-400 sm:wpuf-text-sm sm:wpuf-leading-6 wpuf-border !wpuf-border-gray-300"
:aria-label="field.label"
:aria-required="field.required ? 'true' : 'false'"
:aria-describedby="field.help ? 'help_' + field.name : undefined"
:id="'field_' + field.name"
>
<option v-if="field.first" value="">{{ field.first }}</option>
<option
v-if="has_options"
v-for="(label, val) in field.options"
:value="label"
:selected="is_selected(label)"
>{{ label }}</option>

Comment on lines +4 to +6
<a
class="wpuf-inline-flex wpuf-items-center wpuf-gap-x-1.5"
:class="builder_class_names('upload_btn')" href="#">
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Add role="button" and aria-label for better accessibility

The upload button should include proper accessibility attributes since it's an interactive element. The form builder already uses accessibility attributes in other components as shown in the search results. Add the following attributes:

  • role="button" - To explicitly define the semantic role
  • aria-label - To provide a descriptive label for screen readers

Example:

<a
    class="wpuf-inline-flex wpuf-items-center wpuf-gap-x-1.5"
    :class="builder_class_names('upload_btn')"
    role="button"
    aria-label="Upload image"
    href="#">
🔗 Analysis chain

LGTM! Verify accessibility attributes.

The transition to Tailwind utility classes and the use of dynamic class binding looks good. However, since this is an interactive element, ensure it maintains proper accessibility.


Based on the search results, I can see that accessibility attributes are primarily used in vendor libraries like SweetAlert2 and SelectWoo, but I need to check if there are any accessibility attributes specifically in the form builder components or related Vue templates.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if aria attributes or role attributes are defined in the builder_class_names method
ast-grep --pattern 'builder_class_names($$$) {
  $$$
  role: $$$
  $$$
}'

# Check for other accessibility-related attributes in the codebase
rg -g '*.{js,php,vue}' -i 'aria-label|role=|aria-describedby'

Length of output: 129230


Script:

#!/bin/bash
# Check for accessibility attributes in Vue templates and form builder components
rg -g '*.{php,vue}' -i 'aria-|role=' admin/form-builder/

# Check for any accessibility-related methods or classes in form builder
ast-grep --pattern 'class $_ {
  $$$
  aria$_($$$) {
    $$$
  }
  $$$
}'

Length of output: 3170

</nav>

<?php
$form_id = isset( $_GET['id'] ) ? intval( wp_unslash( $_GET['id'] ) ) : 0;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security Issue: Processing User Input Without Nonce Verification

Processing $_GET['id'] without nonce verification can lead to security vulnerabilities such as unauthorized access or injection attacks. It's crucial to verify nonces when accepting user input to ensure the request's authenticity.

Apply the following change to include nonce verification:

- $form_id = isset( $_GET['id'] ) ? intval( wp_unslash( $_GET['id'] ) ) : 0;
+ if ( isset( $_GET['id'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'wpuf_form_builder_nonce' ) ) {
+     $form_id = intval( wp_unslash( $_GET['id'] ) );
+ } else {
+     $form_id = 0;
+ }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
$form_id = isset( $_GET['id'] ) ? intval( wp_unslash( $_GET['id'] ) ) : 0;
if ( isset( $_GET['id'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'wpuf_form_builder_nonce' ) ) {
$form_id = intval( wp_unslash( $_GET['id'] ) );
} else {
$form_id = 0;
}
🧰 Tools
🪛 GitHub Check: Run PHPCS inspection

[warning] 54-54:
Processing form data without nonce verification.


[warning] 54-54:
Processing form data without nonce verification.

Comment on lines +87 to +89
:href="'<?php echo get_wpuf_preview_page(); ?>?wpuf_preview=1&form_id=' + post.ID"
target="_blank"
class="wpuf-inline-flex wpuf-items-center wpuf-gap-x-2 wpuf-rounded-md wpuf-px-3 wpuf-py-2 wpuf-text-sm wpuf-bg-white wpuf-text-gray-700 hover:wpuf-text-gray-700 hover:wpuf-bg-gray-50 wpuf-ring-1 wpuf-ring-inset wpuf-ring-gray-300"><?php esc_html_e( 'Preview', 'wp-user-frontend' ); ?>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Security Enhancement: Add Nonce to Preview URL

The preview link includes form_id without nonce verification, which could be exploited. Incorporate a nonce to secure the preview URL.

Modify the preview URL generation:

- :href="'<?php echo get_wpuf_preview_page(); ?>?wpuf_preview=1&form_id=' + post.ID"
+ :href="'<?php echo wp_nonce_url( get_wpuf_preview_page() . '?wpuf_preview=1&form_id=', 'wpuf_preview_nonce' ); ?>' + post.ID"

Ensure to verify the nonce on the server side when processing the preview request.

Committable suggestion skipped: line range outside the PR's diff.

}
} else {
?>
<span class="form-id wpuf-group wpuf-flex wpuf-items-center wpuf-px-2 wpuf-rounded-md wpuf-border wpuf-border-gray-300 hover:wpuf-cursor-pointer wpuf-ml-6" title="<?php esc_html_e( __( 'Click to copy shortcode', 'wp-user-frontend' ) ); ?>" data-clipboard-text="<?php '[' . esc_attr_e( $shortcodes[0]['name'] ) . ' id="' . esc_attr( $form_id ) . '"]'; ?>">#{{ post.ID }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Correct the Use of Translation and Escaping Functions

There are issues with the use of esc_html_e() and esc_attr_e() functions. The $domain parameter is missing, and these functions are intended for direct output, not within attribute contexts or concatenations.

Apply the following changes to fix the function usage:

- title="<?php esc_html_e( __( 'Click to copy shortcode', 'wp-user-frontend' ) ); ?>"
+ title="<?php echo esc_attr__( 'Click to copy shortcode', 'wp-user-frontend' ); ?>"

For the data-clipboard-text attribute:

- data-clipboard-text="<?php '[' . esc_attr_e( $shortcodes[0]['name'] ) . ' id="' . esc_attr( $form_id ) . '"]'; ?>"
+ data-clipboard-text="<?php echo esc_attr( '[' . esc_attr( $shortcodes[0]['name'] ) . ' id="' . esc_attr( $form_id ) . '"]' ); ?>"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<span class="form-id wpuf-group wpuf-flex wpuf-items-center wpuf-px-2 wpuf-rounded-md wpuf-border wpuf-border-gray-300 hover:wpuf-cursor-pointer wpuf-ml-6" title="<?php esc_html_e( __( 'Click to copy shortcode', 'wp-user-frontend' ) ); ?>" data-clipboard-text="<?php '[' . esc_attr_e( $shortcodes[0]['name'] ) . ' id="' . esc_attr( $form_id ) . '"]'; ?>">#{{ post.ID }}
<span class="form-id wpuf-group wpuf-flex wpuf-items-center wpuf-px-2 wpuf-rounded-md wpuf-border wpuf-border-gray-300 hover:wpuf-cursor-pointer wpuf-ml-6" title="<?php echo esc_attr__( 'Click to copy shortcode', 'wp-user-frontend' ); ?>" data-clipboard-text="<?php echo esc_attr( '[' . esc_attr( $shortcodes[0]['name'] ) . ' id="' . esc_attr( $form_id ) . '"]' ); ?>">#{{ post.ID }}
🧰 Tools
🪛 GitHub Check: Run PHPCS inspection

[failure] 63-63:
Missing $domain parameter in function call to esc_html_e().


[failure] 63-63:
The $text parameter must be a single text string literal. Found: __( 'Click to copy shortcode', 'wp-user-frontend' )


[failure] 63-63:
Missing $domain parameter in function call to esc_attr_e().


[failure] 63-63:
The $text parameter must be a single text string literal. Found: $shortcodes[0]['name']

<div v-if="!(is_full_width(field.template) || is_pro_feature(field.template))" class="wpuf-w-1/4">
<label
v-if="!is_invisible(field)"
:for="'wpuf-' + field.name ? field.name : 'cls'"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix the potentially incorrect ternary operator in :for binding

The expression in the :for binding may not evaluate as intended due to operator precedence. The current code could result in unexpected values for the for attribute.

Apply this diff to correct the logic:

-            :for="'wpuf-' + field.name ? field.name : 'cls'"
+            :for="field.name ? 'wpuf-' + field.name : 'cls'"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
:for="'wpuf-' + field.name ? field.name : 'cls'"
:for="field.name ? 'wpuf-' + field.name : 'cls'"

Comment on lines +1097 to +1100
:default="field.default"
:rows="field.rows"
:cols="field.cols"
>{{ field.default }}</textarea>
:class="builder_class_names('textareafield')">{{ field.default }}</textarea>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Use v-model instead of :default for textarea default value

The textarea element uses :default, which is not a valid attribute. To bind the default value, use v-model.

Apply this diff to fix the binding:

         <textarea
             v-if="'no' === field.rich"
             :placeholder="field.placeholder"
-            :default="field.default"
+            v-model="field.default"
             :rows="field.rows"
             :cols="field.cols"
             :class="builder_class_names('textareafield')">{{ field.default }}</textarea>

Committable suggestion skipped: line range outside the PR's diff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant