diff --git a/changelog/fix-lesson-bulk-edit b/changelog/fix-lesson-bulk-edit new file mode 100644 index 0000000000..ee283dddae --- /dev/null +++ b/changelog/fix-lesson-bulk-edit @@ -0,0 +1,4 @@ +Significance: patch +Type: fixed + +Fix lesson bulk edit. diff --git a/includes/class-sensei-lesson.php b/includes/class-sensei-lesson.php index 8ba13b68ae..8e24f4cc50 100755 --- a/includes/class-sensei-lesson.php +++ b/includes/class-sensei-lesson.php @@ -139,7 +139,7 @@ public function __construct() { add_action( 'manage_lesson_posts_custom_column', array( $this, 'set_quick_edit_admin_defaults' ), 11, 2 ); // save bulk edit fields - add_action( 'wp_ajax_save_bulk_edit_book', array( $this, 'save_all_lessons_edit_fields' ) ); + add_action( 'save_post', array( $this, 'save_all_lessons_edit_fields' ) ); add_action( 'admin_head', array( $this, 'add_custom_link_to_course' ) ); @@ -706,7 +706,6 @@ public function meta_box_save( $post_id ) { $this->save_quiz_settings( $post_id, $new_settings ); return $post_id; - } /** @@ -4323,38 +4322,47 @@ public function generate_all_lessons_edit_field( $title, $field ) { } /** - * Respond to the ajax call from the bulk edit save function. This comes - * from the admin all lesson screen. + * Respond to the ajax call from the bulk edit save function. + * This comes from the admin all lesson screen. * * @since 1.8.0 + * + * @internal */ - function save_all_lessons_edit_fields() { - - // verify all the data before attempting to save - if ( ! isset( $_POST['security'] ) || ! check_ajax_referer( 'bulk-edit-lessons', 'security' ) || empty( $_POST['post_ids'] ) || ! is_array( $_POST['post_ids'] ) ) { - die(); - } - - // get our variables - $new_course = isset( $_POST['sensei_edit_lesson_course'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_lesson_course'] ) ) : ''; - $new_complexity = isset( $_POST['sensei_edit_complexity'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_complexity'] ) ) : ''; - $new_pass_required = isset( $_POST['sensei_edit_pass_required'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_pass_required'] ) ) : ''; - $new_pass_percentage = isset( $_POST['sensei_edit_pass_percentage'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_pass_percentage'] ) ) : ''; - $new_enable_quiz_reset = isset( $_POST['sensei_edit_enable_quiz_reset'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_enable_quiz_reset'] ) ) : ''; - $show_questions = isset( $_POST['sensei_edit_show_questions'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_show_questions'] ) ) : ''; - $random_question_order = isset( $_POST['sensei_edit_random_question_order'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_random_question_order'] ) ) : ''; - $quiz_grade_type = isset( $_POST['sensei_edit_quiz_grade_type'] ) ? sanitize_text_field( wp_unslash( $_POST['sensei_edit_quiz_grade_type'] ) ) : ''; - // store the values for all selected posts. - foreach ( $_POST['post_ids'] as $lesson_id ) { - - // do not save the items if the value is -1 as this - // means it was not changed - // update lesson course - if ( - 1 !== $new_course ) { + public function save_all_lessons_edit_fields() { + // Verify all the data before attempting to save. + if ( ! isset( $_REQUEST['_edit_lessons_nonce'] ) + || ! check_ajax_referer( 'bulk-edit-lessons', '_edit_lessons_nonce' ) + || empty( $_REQUEST['post'] ) + || ! is_array( $_REQUEST['post'] ) ) { + return; + } + + // Get our variables. + $new_course = isset( $_REQUEST['lesson_course'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['lesson_course'] ) ) : ''; + $new_complexity = isset( $_REQUEST['lesson_complexity'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['lesson_complexity'] ) ) : ''; + $new_pass_required = isset( $_REQUEST['pass_required'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['pass_required'] ) ) : ''; + $new_pass_percentage = isset( $_REQUEST['quiz_passmark'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['quiz_passmark'] ) ) : ''; + $new_enable_quiz_reset = isset( $_REQUEST['enable_quiz_reset'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['enable_quiz_reset'] ) ) : ''; + $show_questions = isset( $_REQUEST['show_questions'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['show_questions'] ) ) : ''; + $random_question_order = isset( $_REQUEST['random_question_order'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['random_question_order'] ) ) : ''; + $quiz_grade_type = isset( $_REQUEST['quiz_grade_type'] ) ? sanitize_text_field( (string) wp_unslash( $_REQUEST['quiz_grade_type'] ) ) : ''; + + // Store the values for all selected posts. + $lesson_ids = $_REQUEST['post'] ?? array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash -- Input is sanitized in the next lines. + $lesson_ids = array_map( 'wp_unslash', $lesson_ids ); + $lesson_ids = array_map( 'sanitize_text_field', $lesson_ids ); + $lesson_ids = array_map( 'intval', $lesson_ids ); + foreach ( $lesson_ids as $lesson_id ) { + // Do not save the items if the value is -1 as this means it was not changed. + + // Update lesson course. + if ( '-1' !== $new_course ) { update_post_meta( $lesson_id, '_lesson_course', $new_course ); } - // update lesson complexity - if ( -1 !== $new_complexity ) { + + // Update lesson complexity. + if ( '-1' !== $new_complexity ) { update_post_meta( $lesson_id, '_lesson_complexity', $new_complexity ); } @@ -4368,11 +4376,7 @@ function save_all_lessons_edit_fields() { ); $this->save_quiz_settings( $lesson_id, $new_settings ); - } - - die(); - } /**