Skip to main content
Code Review

Return to Answer

add link on docblock, in case others aren't famililar with the term
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203

Is it secure?

I don't spot any obvious security holes. It appears that code depends on Wordpress functions for storing data in the database so it would be as secure as the Wordpress core code.

Can it be improved upon?

Yes

  • Use docblocksdocblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

Is it secure?

I don't spot any obvious security holes. It appears that code depends on Wordpress functions for storing data in the database so it would be as secure as the Wordpress core code.

Can it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

Is it secure?

I don't spot any obvious security holes. It appears that code depends on Wordpress functions for storing data in the database so it would be as secure as the Wordpress core code.

Can it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

edited body
Source Link
Mast
Mast
  • 13.8k
  • 12
  • 57
  • 127

isIs it secure?

I don't spot any obvious security holes. It appears that code depends on wordpressWordpress functions for storing data in the database so it would be as secure as the wordpressWordpress core code.

canCan it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

is it secure?

I don't spot any obvious security holes. It appears that code depends on wordpress functions for storing data in the database so it would be as secure as the wordpress core code.

can it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

Is it secure?

I don't spot any obvious security holes. It appears that code depends on Wordpress functions for storing data in the database so it would be as secure as the Wordpress core code.

Can it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

added 770 characters in body
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203

can it be improved upon

is it secure?

I don't spot any obvious security holes. It appears that code depends on wordpress functions for storing data in the database so it would be as secure as the wordpress core code.

can it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

can it be improved upon

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

is it secure?

I don't spot any obvious security holes. It appears that code depends on wordpress functions for storing data in the database so it would be as secure as the wordpress core code.

can it be improved upon?

Yes

  • Use docblocks to document the code

    • above methods to describe the outcome, any parameters, return type, etc.
    • above property/instance variable declarations to note type- this can be useful if the IDE supports it for suggestions

  • use short echo tags - e.g. instead of

    <h2><?php echo $this->menu_options['page_title']; ?></h2>

    It can be simpler:

    <h2><?= $this->menu_options['page_title']; ?></h2>

  • presuming the PHP engine version used is 5.4 or above the arrays can be expressed using a shorter syntax - so instead of:

    array( $this, 'save_settings' )

    It can be simplified to just:

    [ $this, 'save_settings' ]

  • eliminate duplicate code - e.g. the implementations for validate_textarea and validate_wpeditor appear to be identical, and the same is true for validate_select and validate_radio. A single function in each case could be used and called by the two functions, or the code could be altered to call one of those functions (perhaps renamed) instead of having two separate functions. I see those functions are called dynamically by the save_settings() method but perhaps a mapping of types to function names could be used instead of having duplicate functions.

added 19 characters in body
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203
deleted 16 characters in body
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203
added 239 characters in body
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203
Source Link
Sᴀᴍ Onᴇᴌᴀ
Sᴀᴍ Onᴇᴌᴀ
  • 29.6k
  • 16
  • 46
  • 203