/** * Update a release's property. * * @since 1.0 * * @param Release $release * @param string $prop * @param string $val * @param string $nonce * * @return Release */ public function do_update(Release $release, $prop, $val, $nonce) { if (!wp_verify_nonce($nonce, "itelic-update-release-{$release->get_pk()}")) { throw new \InvalidArgumentException(__("Sorry, this page has expired. Please refresh and try again.", Plugin::SLUG)); } if (!current_user_can('manage_options')) { throw new \InvalidArgumentException(__("Sorry, you don't have permission to do this.", Plugin::SLUG)); } switch ($prop) { case 'status': $release->set_status($val); break; case 'type': $release->set_type($val); break; case 'version': $release->set_version(sanitize_text_field($val)); break; case 'download': $release->set_download(intval($val)); break; case 'changelog': $val = stripslashes($val); if (!current_user_can('unfiltered_html')) { $val = wp_kses($val, wp_kses_allowed_html()); } $release->set_changelog($val); break; case 'security-message': $val = stripslashes($val); if (!current_user_can('unfiltered_html')) { $val = wp_kses($val, wp_kses_allowed_html()); } $release->update_meta('security-message', $val); break; default: throw new \InvalidArgumentException("Invalid prop."); } return $release; }