Skip to content

enhance: revamp registration template 1 #1723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: develop
Choose a base branch
from
Open

enhance: revamp registration template 1 #1723

wants to merge 9 commits into from

Conversation

@sapayth
Copy link
Member

@sapayth sapayth commented Oct 23, 2025
edited by coderabbitai bot
Loading

Related PR #1202

fixes #1203

Revamp UI-UX of Registration form template 1.

  • change preview on Form Setting > Display Setting > Choose Form Template
  • Render the form using the selected template. we need to align this with Use Theme CSS setting
Image Image

Summary by CodeRabbit

  • New Features

    • Multi-dropdown fields now support custom placeholder text to guide user selections

  • Improvements

    • Profile forms now feature dedicated layout template options
    • Form layout styling now properly respects theme CSS preferences
    • CSS transitions improved with better browser standards compliance

  • Chores

    • Translation catalogs updated

@coderabbitai
Copy link

coderabbitai bot commented Oct 23, 2025
edited
Loading

Walkthrough

This PR refactors form layout rendering to apply conditional styling based on form type (profile vs. regular) and theme CSS settings, adds asset enqueuing for multiselect fields, removes deprecated vendor prefixes from CSS transitions, and updates translation catalog metadata.

Changes

Cohort / File(s) Summary
Form Layout & Rendering
includes/Frontend_Render_Form.php, includes/Render_Form.php		 Added Form class instantiation to determine layout selection; implemented conditional template enqueuing for profile forms (templates 1–5) vs. regular forms, only when use_theme_css is not 'on'; guards layout styles with use_theme_css check
Multiselect Field Enhancements
includes/Fields/Form_Field_MultiDropdown.php		 Introduced enqueue_multiselect_assets() private method to load frontend multiselect script; updated render() to call asset enqueuing, added wpuf-multiselect-field CSS class, data-placeholder attribute, and corrected "mulitple" typo to "multiple"
CSS Vendor Prefix Cleanup
assets/css/admin/form-builder.css, assets/css/ai-form-builder.css		 Removed -webkit-backdrop-filter from transition-property declarations across modals, tooltips, dropdowns, badges, forms, and UI components; standardized to non-prefixed backdrop-filter usage
Utility & Metadata Updates
wpuf-functions.php, .gitignore, languages/wp-user-frontend.pot		 Added spaces after commas in extension strings in wpuf_allowed_extensions; updated POT translation catalog metadata and line number references; minor .gitignore formatting (no-op)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

  • Form rendering logic in Frontend_Render_Form.php introduces conditional branching based on form type and use_theme_css setting—requires verification that profile and regular form layout selection logic is correct and template enqueuing paths are accurate.
  • Multiselect asset enqueuing adds a new private method; verify the frontend script handle (wpuf-custom-multiselect) is properly registered and that the enqueue condition (not in admin) is appropriate.
  • CSS changes are repetitive vendor prefix removals with low complexity; spot-check a few sections to confirm backdrop-filter replacements are consistent.

Possibly related issues

  • weDevsOfficial/wpuf-pro#808 — Changes to form layout template selection and enqueuing in Frontend_Render_Form.php align with registration form template revamp work.
  • weDevsOfficial/wpuf-pro#1185 — Conditional template styling based on form type (profile vs. regular) and use_theme_css setting directly addresses registration template rendering and theme CSS alignment logic.

Possibly related PRs

Poem

🐰 With fields now gleaming, assets in place,
Layout templates render with careful grace,
Vendor prefixes fade to the past,
Each form now styled to perfectly last!

Pre-merge checks and finishing touches

❌ Failed checks (3 warnings, 1 inconclusive)
Check name Status Explanation Resolution
Title check ⚠️ Warning Title references registration template 1 revamp but changes span multiple features including multiselect assets, extension formatting, layout enqueuing, and CSS updates. Revise title to more accurately capture the scope of all changes, such as 'enhance: revamp registration template 1 and improve form rendering' or break into multiple focused PRs.
Linked Issues check ⚠️ Warning Issue #1203 reports inability to save forms and PHP warnings with 'recurring' offset. Changes made address template rendering and asset enqueuing but do not appear to fix the reported subscription/recurring field bug. Verify whether changes to Form class instantiation in Frontend_Render_Form.php resolve the PHP warning in subscription.php. If not, add specific fixes to address the illegal string offset 'recurring' issue.
Docstring Coverage ⚠️ Warning Docstring coverage is 77.78% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Out of Scope Changes check ❓ Inconclusive Changes include CSS vendor prefix removals, extension string formatting, and translation file updates that are peripheral to the main registration template 1 revamp objective. Clarify whether CSS prefix removal and extension formatting changes are required for template 1 revamp or should be separated into distinct PRs for better code review clarity.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2b356ba and aed3391.

📒 Files selected for processing (1)
  • wpuf-functions.php (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • wpuf-functions.php

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 23, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
includes/Fields/Form_Field_MultiDropdown.php (1)

12-12: input_type is inconsistent with props and usages

Constructor sets input_type to "multiple_select" but get_field_props and consumers use "multiselect". Align to "multiselect" to avoid CSS/logic mismatches.

-        $this->input_type = 'multiple_select';
+        $this->input_type = 'multiselect';
🧹 Nitpick comments (1)
includes/Fields/Form_Field_MultiDropdown.php (1)

176-189: Docblock @SInCE placeholder

Replace "@SInCE WPUF_SINCE" with the actual plugin version before release.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f1ba22d and 0ca610b.

⛔ Files ignored due to path filters (2)
  • assets/js/forms-list.min.js is excluded by !**/*.min.js
  • assets/js/forms-list.min.js.map is excluded by !**/*.map, !**/*.min.js.map
📒 Files selected for processing (3)
  • .gitignore (1 hunks)
  • includes/Fields/Form_Field_MultiDropdown.php (3 hunks)
  • wpuf-functions.php (1 hunks)
🔇 Additional comments (1)
.gitignore (1)

58-58: No-op ignore addition is fine

The added path is consistent with nearby e2e artifacts. Nothing else to do.

includes/Fields/Form_Field_MultiDropdown.php
Comment on lines +27 to +29
// Enqueue custom multi-select assets
$this->enqueue_multiselect_assets();

Copy link

@coderabbitai coderabbitai bot Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Asset enqueue is good; ensure handle exists and admin preview needs

Looks good for frontend. Verify the 'wpuf-custom-multiselect' handle is registered and consider enqueueing on form preview pages in admin if the builder preview relies on it.

🏁 Script executed:

#!/bin/bash
# Find where the script handle is registered and confirm a src is set.
rg -nP "wp_(register|enqueue)_script\(\s*['\"]wpuf-custom-multiselect['\"]" -C3

Length of output: 544

🏁 Script executed:

#!/bin/bash
# Search more broadly for where wpuf-custom-multiselect is registered
rg -nP "wpuf-custom-multiselect" -C5

Length of output: 670

🏁 Script executed:

#!/bin/bash
# Search for all wp_register_script calls to find where wpuf-custom-multiselect might be registered
rg -nP "wp_register_script" -C2 -g '*.php'

Length of output: 1545

🏁 Script executed:

#!/bin/bash
# Check Assets.php to understand the script registration and look for custom-multiselect
cat includes/Assets.php | head -120

Length of output: 3573

🏁 Script executed:

#!/bin/bash
# Find the get_scripts() method in Assets.php
rg -nP "get_scripts\(\)" includes/Assets.php -A 200 | head -300

Length of output: 13540

🏁 Script executed:

#!/bin/bash
# Search specifically for custom-multiselect in Assets.php
rg -n "custom-multiselect" includes/Assets.php

Length of output: 0

🏁 Script executed:

#!/bin/bash
# Search entire codebase for custom-multiselect to see if it's registered anywhere
rg -n "custom-multiselect" --type=php

Length of output: 108

Register 'wpuf-custom-multiselect' handle before enqueueing

The script handle 'wpuf-custom-multiselect' is being enqueued at includes/Fields/Form_Field_MultiDropdown.php:187 but is not registered anywhere in the codebase. Register it in Assets.php via the get_scripts() method with the appropriate source file and dependencies, or the asset will fail to load.

Additionally, consider whether this script needs to be enqueued on admin form preview/builder pages if the preview relies on it (currently only enqueued on frontend via if ( ! is_admin() )).

🤖 Prompt for AI Agents 
In includes/Fields/Form_Field_MultiDropdown.php around lines 27-29 the call to
enqueue_multiselect_assets() expects a registered script handle
'wpuf-custom-multiselect' but that handle is not registered; open
includes/Assets.php and add the 'wpuf-custom-multiselect' entry in get_scripts()
registering the correct source path (point to the plugin JS file for the
multi-select), set proper dependencies (e.g., ['jquery','select2'] or whatever
the asset needs), a version (use filemtime or plugin version), and in_footer
flag; also adjust the enqueue condition so the script is registered/queued on
admin preview/builder pages if those previews require it (e.g., remove or extend
the current if ( ! is_admin() ) gating to include specific admin pages or use
is_admin() && $pagenow checks).

includes/Fields/Form_Field_MultiDropdown.php
<?php
return ob_get_clean();
}

Copy link

@coderabbitai coderabbitai bot Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Duplicate multiple="multiple" attribute

The select includes multiple="multiple" twice. Keep one.

-                <select multiple="multiple" class="multiselect wpuf-multiselect-field <?php echo 'wpuf_' . esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" id="<?php echo esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" name="<?php echo esc_attr( $name ); ?>" multiple="multiple" data-required="<?php echo esc_attr( $field_settings['required'] ); ?>" data-type="multiselect" data-placeholder="<?php echo esc_attr( $field_settings['first'] ); ?>">
+                <select multiple="multiple" class="multiselect wpuf-multiselect-field <?php echo 'wpuf_' . esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" id="<?php echo esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" name="<?php echo esc_attr( $name ); ?>" data-required="<?php echo esc_attr( $field_settings['required'] ); ?>" data-type="multiselect" data-placeholder="<?php echo esc_attr( $field_settings['first'] ); ?>">
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<select multiple="multiple" class="multiselect wpuf-multiselect-field <?php echo 'wpuf_' . esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" id="<?php echo esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" name="<?php echo esc_attr( $name ); ?>" multiple="multiple" data-required="<?php echo esc_attr( $field_settings['required'] ); ?>" data-type="multiselect" data-placeholder="<?php echo esc_attr( $field_settings['first'] ); ?>">
<select multiple="multiple" class="multiselect wpuf-multiselect-field <?php echo 'wpuf_' . esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" id="<?php echo esc_attr( $field_settings['name'] ) . '_' . esc_attr( $form_id ); ?>" name="<?php echo esc_attr( $name ); ?>" data-required="<?php echo esc_attr( $field_settings['required'] ); ?>" data-type="multiselect" data-placeholder="<?php echo esc_attr( $field_settings['first'] ); ?>">
🤖 Prompt for AI Agents 
In includes/Fields/Form_Field_MultiDropdown.php around line 53, the <select>
element contains the multiple="multiple" attribute twice; remove the duplicate
so the element only includes a single multiple="multiple" attribute, leaving all
other attributes and echo statements unchanged.

wpuf-functions.php
],
'zip' => [
'ext' => 'zip,gz,gzip,rar,7z',
'ext' => 'zip, gz, gzip, rar, 7z',
Copy link

@coderabbitai coderabbitai bot Oct 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Spaces in extension lists break explode() parsing; normalize and trim during checks

Adding spaces after commas turns items into " mp3", " mp4", etc. Downstream code splits with explode(',') and compares raw $extension, so playable previews/validation can fail. Normalize and trim during parsing and comparison.

Apply this diff to harden parsing at the usage site and avoid future regressions if formatting changes again:

@@
-                            $extension = pathinfo( $path, PATHINFO_EXTENSION );
+                            $extension = strtolower( pathinfo( $path, PATHINFO_EXTENSION ) );
@@
-                                $wpuf_allowed_extensions    = wpuf_allowed_extensions();
-                                $allowed_audio_extensions   = explode( ',', $wpuf_allowed_extensions['audio']['ext'] );
-                                $allowed_video_extensions   = explode( ',', $wpuf_allowed_extensions['video']['ext'] );
-                                $allowed_extenstions        = array_merge( $allowed_audio_extensions, $allowed_video_extensions );
+                                $wpuf_allowed_extensions  = wpuf_allowed_extensions();
+                                $allowed_audio_extensions = array_map( 'strtolower', array_map( 'trim', explode( ',', $wpuf_allowed_extensions['audio']['ext'] ) ) );
+                                $allowed_video_extensions = array_map( 'strtolower', array_map( 'trim', explode( ',', $wpuf_allowed_extensions['video']['ext'] ) ) );
+                                $allowed_extensions       = array_merge( $allowed_audio_extensions, $allowed_video_extensions );
@@
-                                if ( 'yes' === $playable && in_array( $extension, $allowed_extenstions, true ) ) {
-                                    $is_video       = in_array( $extension, $allowed_video_extensions, true );
-                                    $is_audio       = in_array( $extension, $allowed_audio_extensions, true );
+                                if ( 'yes' === $playable && in_array( $extension, $allowed_extensions, true ) ) {
+                                    $is_video = in_array( $extension, $allowed_video_extensions, true );
+                                    $is_audio = in_array( $extension, $allowed_audio_extensions, true );

Alternatively, revert the formatting in wpuf_allowed_extensions() to keep ext strings comma-without-spaces.

Also applies to: 539-539, 543-543, 551-551, 555-555, 1037-1049

🤖 Prompt for AI Agents 
In wpuf-functions.php around line 534 (and similarly at lines 539, 543, 551, 555
and blocks 1037-1049), the extension lists include spaces after commas which
cause explode(',') to produce values with leading spaces (e.g. " mp3"), breaking
comparisons; update the parsing/validation sites to normalize the extension
string by removing spaces and trimming each item before comparing (for example:
replace spaces around commas or run array_map('trim', explode(',', $extString))
and/or strtolower() on entries) so all comparisons use trimmed, normalized
extensions; alternatively revert the hardcoded extension strings to comma-only
lists without spaces.

coderabbitai[bot]
coderabbitai bot reviewed Oct 29, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
includes/Frontend_Render_Form.php (1)

209-226: Implement whitelisting for profile_form_layout before enqueueing styles; add defensive validation.

The setting profile_form_layout is read from post meta without validation and used directly to enqueue styles. Although no admin UI currently exists to set this value, it could be modified via database, REST API, or future integrations. The recommended whitelisting approach with in_array() is appropriate.

Verified findings:

  • No wp_register_style() calls for wpuf-reg-template-{1,2,3,4} handles in codebase
  • No CSS files matching pattern; handles are enqueued but unregistered (silent no-op or loaded externally)
  • Profile form layout setting is only read in this single location and never programmatically set
  • Whitelisting to layout1–layout4 prevents potential issues if the setting is ever exposed to user control

Apply the suggested diff to add validation:

-            $layout = isset( $this->form_settings['profile_form_layout'] ) ? $this->form_settings['profile_form_layout'] : 'layout1';
+            $profile_layout = isset( $this->form_settings['profile_form_layout'] ) ? $this->form_settings['profile_form_layout'] : 'layout1';
+            $allowed_layouts = [ 'layout1', 'layout2', 'layout3', 'layout4' ];
+            $layout = in_array( $profile_layout, $allowed_layouts, true ) ? $profile_layout : 'layout1';
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ca610b and 9df56a2.

📒 Files selected for processing (2)
  • includes/Frontend_Render_Form.php (2 hunks)
  • includes/Render_Form.php (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • includes/Render_Form.php
🧰 Additional context used
🧬 Code graph analysis (1)
includes/Frontend_Render_Form.php (1)
includes/Admin/Forms/Form.php (1)
  • Form (5-372)
🔇 Additional comments (1)
includes/Frontend_Render_Form.php (1)

5-5: Import is correct.

Namespace/alias is accurate; enables safe access to form post_type.

includes/Frontend_Render_Form.php
Comment on lines +201 to 203
$layout = 'layout1';

$theme_css = isset( $this->form_settings['use_theme_css'] ) ? $this->form_settings['use_theme_css'] : 'wpuf-style';
Copy link

@coderabbitai coderabbitai bot Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

“Use Theme CSS” emits raw setting as a CSS class and is layout-inconsistent.

Currently the class attribute may become “on/off” (or similar), and esc_html is used in a class attribute. Compute a boolean and derive the skin class; use esc_attr.

Apply a minimal fix by computing the class at render-time:

<?php
$skin_class = ( 'layout1' === $layout )
    ? ( isset( $this->form_settings['use_theme_css'] ) && wpuf_is_checkbox_or_toggle_on( $this->form_settings['use_theme_css'] ) ? '' : 'wpuf-style' )
    : 'wpuf-style';
?>
<form class="wpuf-form-add wpuf-form-<?php echo esc_attr( $layout ); ?> <?php echo esc_attr( $skin_class ); ?>" action="" method="post">

Optional cleanup: remove the now-unused $theme_css variable.

Also applies to: 261-263

includes/Frontend_Render_Form.php
Comment on lines 207 to 213
$form = new Form($form_id);

if ( 'wpuf_profile' === $form->data->post_type ) {
$layout = isset( $this->form_settings['profile_form_layout'] ) ? $this->form_settings['profile_form_layout'] : 'layout1';
switch ( $layout ) {
case 'layout2':
wp_enqueue_style( 'wpuf-reg-template-2' );
Copy link

@coderabbitai coderabbitai bot Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Don’t shadow $form; avoid hook BC break; add null-guard.

Overwriting the $form parameter with a Form instance changes the type passed to the wpuf_form_fields_top hook. Rename locally and pass the intended object explicitly; also guard $form_obj->data.

Apply this diff:

-        $form = new Form($form_id);
+        $form_obj = new Form( $form_id );
 
-        if ( 'wpuf_profile' === $form->data->post_type ) {
+        if ( $form_obj->data && 'wpuf_profile' === $form_obj->data->post_type ) {

And update the hook invocation to avoid ambiguity and preserve compatibility (pass the Form instance, plus $form_id for convenience):

do_action( 'wpuf_form_fields_top', $form_obj, $this->form_fields, $form_id );

Verify existing listeners don’t rely on the old argument type/count:

Also applies to: 296-296

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# List listeners and their accepted args for this hook
rg -nP -C2 "add_action\(\s*['\"]wpuf_form_fields_top['\"]" || true
# Show any type assumptions inside callbacks
rg -nP -C2 "\bfunction\s+\w+\s*\(\s*\$form\b" || true

Length of output: 0

I need to gather more information about the actual code state and hook usage. Let me run additional verification scripts.

is not applicable here - we need file access.

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1. Show the actual code at the flagged lines
echo "=== Code at lines 200-320 of Frontend_Render_Form.php ==="
rg -n -A 120 'public function' includes/Frontend_Render_Form.php | head -150 || echo "Not found via pattern"

# 2. Find all do_action calls in the file
echo "=== All do_action calls in Frontend_Render_Form.php ==="
rg -n "do_action" includes/Frontend_Render_Form.php || echo "No do_action found"

# 3. Show context around line 207
echo "=== Lines 195-225 ==="
sed -n '195,225p' includes/Frontend_Render_Form.php || echo "File not accessible"

Length of output: 421

Let me locate the correct file path first:

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Find the file
echo "=== Searching for Frontend_Render_Form.php ==="
fd -i "Frontend_Render_Form" --type f || echo "File not found"

# Also search for similar patterns
echo "=== Searching for Render_Form files ==="
fd "Render_Form" --type f || echo "No match"

# List directory structure
echo "=== Checking includes directory ==="
find . -type d -name "includes" | head -5

echo "=== Listing PHP files that might match ==="
find . -type f -name "*.php" | grep -i "form" | head -20

Length of output: 1724

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Lines 195-225 (context for line 207-213) ==="
sed -n '195,225p' ./includes/Frontend_Render_Form.php

echo ""
echo "=== Lines 285-310 (context for line 296) ==="
sed -n '285,310p' ./includes/Frontend_Render_Form.php

echo ""
echo "=== Search for do_action with wpuf_form_fields_top ==="
rg -n "do_action.*wpuf_form_fields_top" ./includes/Frontend_Render_Form.php -A 2 -B 2

echo ""
echo "=== Find method containing line 207 and see full scope ==="
sed -n '180,350p' ./includes/Frontend_Render_Form.php | head -100

Length of output: 7213

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== All usages of \$form after line 207 in render_form method ==="
sed -n '207,400p' ./includes/Frontend_Render_Form.php | grep -n '\$form' | head -30

echo ""
echo "=== Check for null-safety of \$form->data ==="
sed -n '207,220p' ./includes/Frontend_Render_Form.php

echo ""
echo "=== Search for render_form() calls with 4 arguments ==="
rg -n "render_form\s*\(" --type php -A 1 -B 1 | grep -v "function render_form" | head -40

echo ""
echo "=== Check what type of object Form class returns for ->data ==="
rg -n "class Form\b" ./includes --type php -A 20 | head -40

Length of output: 5146

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Verify Form->data can be null ==="
sed -n '1,50p' ./includes/Admin/Forms/Form.php | grep -A 5 "public \$data"

echo ""
echo "=== Check if Form constructor can fail or set data to null ==="
sed -n '25,100p' ./includes/Admin/Forms/Form.php

echo ""
echo "=== Look for any listeners in entire codebase (broader search) ==="
rg -n "wpuf_form_fields_top" --type php -C 2 || echo "No matches found"

echo ""
echo "=== Confirm $form is passed from Frontend_Form.php ==="
sed -n '130,145p' ./includes/Frontend/Frontend_Form.php
sed -n '310,325p' ./includes/Frontend/Frontend_Form.php

Length of output: 2968

Verify and apply variable renaming, null-guard, and explicit hook parameter.

The review correctly identifies three real issues:

  1. Variable shadowing: Line 207 unconditionally overwrites the $form parameter (callers in Frontend_Form.php intentionally pass a Form object at lines 140 and 320, which is immediately lost).

  2. Null-safety bug: Line 210 accesses $form->data->post_type without checking if $data is null. The Form constructor can result in null $data when get_post() fails, causing a fatal error.

  3. Hook parameter clarity: Line 296 passes the newly-created Form instance to the hook, not the original parameter. Renaming to $form_obj and passing both the Form object and $form_id explicitly preserves BC intent.

Apply the suggested diff to rename the local variable, add the null-guard, and update the hook invocation accordingly.

🤖 Prompt for AI Agents 
In includes/Frontend_Render_Form.php around lines 207 to 213 (and adjust related
hook at ~296), the method currently overwrites the incoming $form parameter,
dereferences $form->data without a null check, and later passes the wrong
variable to the hook; rename the local variable created from the form ID to
$form_obj (or similar) so you don’t shadow the original parameter, add a
null-guard before accessing $form_obj->data (return early or handle the missing
data when get_post() yields null), and update the hook invocation to pass both
the original $form parameter (or $form_id if callers expect that) and the new
$form_obj explicitly to preserve BC behavior.

includes/Frontend_Render_Form.php
Comment on lines 227 to 231
$layout = isset( $this->form_settings['form_layout'] ) ? $this->form_settings['form_layout'] : 'layout1';

if ( ! empty( $layout ) ) {
wp_enqueue_style( 'wpuf-' . $layout );
}
Copy link

@coderabbitai coderabbitai bot Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Sanitize standard form layout and enqueue only known handles.

Prevent arbitrary handle construction; enforce a known set.

Apply this diff:

-            $layout = isset( $this->form_settings['form_layout'] ) ? $this->form_settings['form_layout'] : 'layout1';
-
-            if ( ! empty( $layout ) ) {
-                wp_enqueue_style( 'wpuf-' . $layout );
-            }
+            $chosen_layout = isset( $this->form_settings['form_layout'] ) ? $this->form_settings['form_layout'] : 'layout1';
+            $allowed_layouts = [ 'layout1', 'layout2', 'layout3', 'layout4' ];
+            $layout = in_array( $chosen_layout, $allowed_layouts, true ) ? $chosen_layout : 'layout1';
+            wp_enqueue_style( 'wpuf-' . $layout );

Confirm handles exist:

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Verify registration of standard layout styles
rg -nP "wp_register_style\s*\(\s*['\"]wpuf-layout(1|2|3|4)['\"]" -S || true
rg -nP "wp_enqueue_style\s*\(\s*['\"]wpuf-layout(1|2|3|4)['\"]" -S || true

Length of output: 72

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# More comprehensive search for wpuf style registrations
echo "=== Searching for all wpuf-layout style registrations ==="
rg -nP "wp_register_style\s*\(\s*['\"]wpuf-layout" -S || true

echo -e "\n=== Searching for all wpuf-layout style enqueuing ==="
rg -nP "wp_enqueue_style\s*\(\s*['\"]wpuf-layout" -S || true

echo -e "\n=== Checking Frontend_Render_Form.php lines around 227-231 ==="
rg -nP "form_layout|wpuf-" includes/Frontend_Render_Form.php -B2 -A2 || true

echo -e "\n=== Search for all layout values being set or validated ==="
rg -nP "form_layout['\"]?\s*=>|allowed.*layout|layout.*whitelist" -S || true

Length of output: 7309

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Checking form_layout definition in Free_Loader.php around line 1702 ==="
rg -nP "form_layout" includes/Free/Free_Loader.php -B5 -A10 || true

echo -e "\n=== Searching for ALL wp_register_style calls (not just wpuf-layout) ==="
rg -nP "wp_register_style\s*\(" -S -A1 || true

echo -e "\n=== Searching for layout1, layout2, layout3, layout4 references ==="
rg -nP "(layout1|layout2|layout3|layout4)" -S --type=php | grep -v "^Binary" || true

Length of output: 6609

Validate form layout to prevent arbitrary handle construction; issue exists in multiple files.

The security concern is valid. While layout1-4 are defined as styles in includes/Assets.php:115-125, the form_layout setting lacks validation before use in dynamic handle construction. The issue exists in multiple locations beyond the flagged code:

  • includes/Frontend_Render_Form.php:227-231 (flagged)
  • includes/class-frontend-render-form.php:302
  • includes/Render_Form.php:249, 950
  • includes/class/render-form.php:392, 1088

The profile form section (includes/Frontend_Render_Form.php:210-225) correctly uses a switch statement. Apply similar validation to all non-profile form layout assignments before enqueuing styles.

🤖 Prompt for AI Agents 
In includes/Frontend_Render_Form.php around lines 227-231 (and likewise for
includes/class-frontend-render-form.php:302, includes/Render_Form.php:249,950
and includes/class/render-form.php:392,1088), the code builds a dynamic style
handle from the unvalidated form_layout setting and enqueues it; replace this
with a whitelist check: accept only the known layout values (e.g., layout1,
layout2, layout3, layout4) — either via a switch or in_array against an allowed
array — and default to a safe layout if the value is not allowed, then call
wp_enqueue_style using the validated handle; apply the same whitelist validation
in all listed locations.

coderabbitai[bot]
coderabbitai bot reviewed Oct 29, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (2)
includes/Frontend_Render_Form.php (2)

207-209: Critical: Variable shadowing and missing null-guard (previously flagged).

This code still has the critical issues identified in the previous review:

  1. Line 207 shadows the $form parameter, discarding the value passed by callers
  2. Line 209 accesses $form->data->post_type without checking if $data is null (the Form constructor can set data to null when get_post() fails)
  3. Line 302 passes the new Form instance to wpuf_form_fields_top, potentially breaking backward compatibility

Apply the previously suggested fix: rename the local variable to $form_obj, add a null-guard, and update the hook call.

233-237: Major: Unvalidated input used in style handle construction (previously flagged).

The form_layout setting is not validated before being used in wp_enqueue_style('wpuf-' . $layout). This allows arbitrary handle construction and should use a whitelist of allowed layouts (layout1, layout2, layout3, layout4) as suggested in the previous review.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9df56a2 and fe5c351.

📒 Files selected for processing (1)
  • includes/Frontend_Render_Form.php (2 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
includes/Frontend_Render_Form.php (1)
includes/Admin/Forms/Form.php (1)
  • Form (5-372)
🔇 Additional comments (1)
includes/Frontend_Render_Form.php (1)

5-5: LGTM! Import is correct.

The Form class import is necessary for the instantiation at line 207.

@Rubaiyat-E-Mohammad
Copy link
Contributor

Rubaiyat-E-Mohammad commented Nov 6, 2025

Please watch the comment @sapayth vai
https://github.com/weDevsOfficial/wpuf-pro/pull/1212#issuecomment-3496093978

coderabbitai[bot]
coderabbitai bot reviewed Nov 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
includes/Admin/Subscription.php (1)

278-283: Consider moving default sort order initialization to avoid side effects in getter.

Setting a default sort order and persisting it to the database within a getter method introduces side effects that can lead to unexpected behavior and performance issues if get_subscriptions is called frequently.

Recommendation:

  • If this is intended as a one-time data migration for existing packs, consider using a dedicated migration script or admin action.
  • For new packs, ensure the default is set during creation (lines 467-471 handle this, but you may want to also set it in register_post_type or initial save).

Apply this diff to move the logic to a one-time initialization or handle it differently:

If this is a migration for existing data, create a separate migration function:

public function migrate_sort_order_defaults() {
    $args = [
        'post_type'      => 'wpuf_subscription',
        'posts_per_page' => -1,
        'post_status'    => 'publish',
        'meta_query'     => [
            'relation' => 'OR',
            [
                'key'     => '_sort_order',
                'compare' => 'NOT EXISTS',
            ],
            [
                'key'     => '_sort_order',
                'value'   => '',
                'compare' => '=',
            ],
        ],
    ];
    
    $posts = get_posts( $args );
    
    foreach ( $posts as $post ) {
        update_post_meta( $post->ID, '_sort_order', 1 );
    }
}

Then remove the side effect from get_subscriptions:

     if ( $posts ) {
         foreach ( $posts as $key => $post ) {
             $post->meta_value = $this->get_subscription_meta( $post->ID, $posts );
-
-            // Set default sort order if not set
-            if ( empty( $post->meta_value['_sort_order'] ) ) {
-                $sort_order = 1;
-                update_post_meta( $post->ID, '_sort_order', $sort_order );
-                $post->meta_value['_sort_order'] = $sort_order;
-            }
         }
     }
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1569809 and ff9d6ad.

📒 Files selected for processing (1)
  • includes/Admin/Subscription.php (6 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
includes/Admin/Subscription.php (1)
wpuf-functions.php (1)
  • wpuf_admin_role (834-836)
🔇 Additional comments (4)
includes/Admin/Subscription.php (4)

467-471: LGTM!

The sort order handling is properly implemented with sanitization and validation to ensure a minimum value of 1.

884-884: LGTM!

Clean initialization of the subscription arguments array.

1221-1223: LGTM! Admin bypass for subscription checks.

The early return for admin users (with manage_options capability) allows administrators to bypass subscription restrictions, which is appropriate for administrative tasks and testing.

278-283: Verify alignment with PR objectives and clarify intentionality of changes.

The changes at lines 278-283 and 467-471 relate to subscription pack sort order initialization, which appears to be a deliberate feature with a dedicated upgrade migration (upgrade-4.1.7.php). The code at lines 1221-1223 is a standard admin permission check using current_user_can(), not a permission bypass.

However, your core concern remains valid: these changes do not appear to address the stated PR objectives of revamping the registration template UI/UX or fixing the 'recurring' string offset warnings from issue #1203. The 'recurring' array access at line 1467 already includes a defensive ! empty() check.

Can you clarify:

  • Are the sort order and admin permission changes intentional additions to this PR, or were they included accidentally?
  • Where are the registration template changes for this revamp?
  • Does issue #1203 need additional fixes beyond the existing ! empty() protection?

Also applies to: 467-471, 1221-1223

@sapayth
fix: Respect use_theme_css and enqueue correct layout template styles
2b356ba 
Fix use_theme_css setting detection and properly map layout values
(layout1, layout2, etc.) to registered style handles (reg-template-1,
reg-template-2, etc.). Remove incorrect style enqueue and debug logging.
coderabbitai[bot]
coderabbitai bot reviewed Nov 17, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (4)
includes/Frontend_Render_Form.php (4)

272-272: Major: Incorrect escaping function and inconsistent theme CSS class logic (duplicate issue).

Line 272 uses esc_html() for a class attribute value (should be esc_attr()) and directly outputs the raw $theme_css setting value, which could be 'on', 'off', or other non-class values. This creates invalid HTML and is inconsistent with the new use_theme_css checks added above (lines 210, 212, 238).

This was flagged in previous reviews. Compute the skin class properly:

-        <form class="wpuf-form-add wpuf-form-<?php echo esc_attr( $layout ); ?> <?php echo ( 'layout1' === $layout ) ? esc_html( $theme_css ) : 'wpuf-style'; ?>" action="" method="post">
+        <?php
+        $skin_class = ( 'layout1' === $layout )
+            ? ( isset( $this->form_settings['use_theme_css'] ) && wpuf_is_checkbox_or_toggle_on( $this->form_settings['use_theme_css'] ) ? '' : 'wpuf-style' )
+            : 'wpuf-style';
+        ?>
+        <form class="wpuf-form-add wpuf-form-<?php echo esc_attr( $layout ); ?> <?php echo esc_attr( $skin_class ); ?>" action="" method="post">

You can then remove the now-unused $theme_css variable (line 203).

207-212: Critical: Variable shadowing, null-safety bug, and hook BC break (duplicate issue).

Line 207 overwrites the $form parameter passed to render_form(), immediately losing the caller's intent (see Frontend_Form.php lines 140 and 320 which pass a Form object). Line 212 then accesses $form->data->post_type without checking if data is null—the Form constructor sets data to null when get_post() fails, causing a fatal error. Finally, line 307 passes the newly-created instance to the wpuf_form_fields_top hook, changing the argument type and breaking backward compatibility.

This issue was already identified in previous reviews. Apply the suggested fix:

-        $form = new Form($form_id);
+        $form_obj = new Form( $form_id );
 
-        // Check if Use Theme CSS is enabled - if so, don't enqueue plugin styles
-        $use_theme_css = isset( $this->form_settings['use_theme_css'] ) ? $this->form_settings['use_theme_css'] : '';
+        // Check if Use Theme CSS is enabled - if so, don't enqueue plugin styles  
+        $use_theme_css = isset( $this->form_settings['use_theme_css'] ) ? $this->form_settings['use_theme_css'] : '';
 
-        if ( 'wpuf_profile' === $form->data->post_type && 'on' !== $use_theme_css ) {
+        if ( $form_obj->data && 'wpuf_profile' === $form_obj->data->post_type && 'on' !== $use_theme_css ) {

And update line 307:

-                    do_action( 'wpuf_form_fields_top', $form, $this->form_fields );
+                    do_action( 'wpuf_form_fields_top', $form_obj, $this->form_fields, $form_id );

213-234: Critical: Enqueueing non-existent style handles for profile layouts.

The switch statement enqueues wpuf-reg-template-1 through wpuf-reg-template-5, but these style handles are never registered. The correct registered handles are wpuf-layout1 through wpuf-layout5 (defined in includes/Assets.php lines 115-125).

This issue was flagged in previous reviews. Apply this fix to use the correct handles:

         if ( 'wpuf_profile' === $form->data->post_type && 'on' !== $use_theme_css ) {
             $layout = isset( $this->form_settings['profile_form_layout'] ) ? $this->form_settings['profile_form_layout'] : 'layout1';
             switch ( $layout ) {
                 case 'layout2':
-                    wp_enqueue_style( 'wpuf-reg-template-2' );
+                    wp_enqueue_style( 'wpuf-layout2' );
                     break;
 
                 case 'layout3':
-                    wp_enqueue_style( 'wpuf-reg-template-3' );
+                    wp_enqueue_style( 'wpuf-layout3' );
                     break;
 
                 case 'layout4':
-                    wp_enqueue_style( 'wpuf-reg-template-4' );
+                    wp_enqueue_style( 'wpuf-layout4' );
                     break;
 
                 case 'layout5':
-                    wp_enqueue_style( 'wpuf-reg-template-5' );
+                    wp_enqueue_style( 'wpuf-layout5' );
                     break;
 
                 default:
-                    wp_enqueue_style( 'wpuf-reg-template-1' );
+                    wp_enqueue_style( 'wpuf-layout1' );
                     break;
             }

236-243: Critical: Arbitrary style handle construction and non-existent base template (duplicate issue).

Lines 236-242 have multiple problems:

  1. Line 236: The form_layout setting is used without validation, allowing arbitrary values to construct style handles dynamically.
  2. Line 240: Enqueues wpuf-reg-template-base which doesn't exist (not registered in Assets.php).
  3. Line 241: Constructs 'wpuf-' . $layout without ensuring $layout is a valid, registered handle.

This security concern was flagged in previous reviews. Apply this fix to validate against a whitelist and remove the non-existent base template:

         } else {
-            $layout = isset( $this->form_settings['form_layout'] ) ? $this->form_settings['form_layout'] : 'layout1';
+            $chosen_layout = isset( $this->form_settings['form_layout'] ) ? $this->form_settings['form_layout'] : 'layout1';
+            $allowed_layouts = [ 'layout1', 'layout2', 'layout3', 'layout4' ];
+            $layout = in_array( $chosen_layout, $allowed_layouts, true ) ? $chosen_layout : 'layout1';
 
             if ( ! empty( $layout ) && 'on' !== $use_theme_css ) {
-                // Always enqueue the base template style
-                wp_enqueue_style( 'wpuf-reg-template-base' );
                 wp_enqueue_style( 'wpuf-' . $layout );
             }
         }
🧹 Nitpick comments (1)
assets/css/admin/form-builder.css (1)

1-10: This is a generated Tailwind CSS file—direct modifications are discouraged.

Line 2 indicates this is an auto-generated file ("! tailwindcss v3.4.11 | MIT License"). Manually editing generated files creates maintenance friction; these changes should ideally be made to your Tailwind configuration or source files and then regenerated.

If you intentionally modified this file, please verify:

  1. Whether a Tailwind config or source SCSS exists that should be updated instead
  2. Whether this file should be in .gitignore to prevent regeneration conflicts

</review_comment_end>

Also applies to: 3025-3025, 3045-3045

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff9d6ad and 2b356ba.

📒 Files selected for processing (5)
  • assets/css/admin/form-builder.css (2 hunks)
  • assets/css/ai-form-builder.css (2 hunks)
  • includes/Frontend_Render_Form.php (2 hunks)
  • includes/Render_Form.php (2 hunks)
  • languages/wp-user-frontend.pot (9 hunks)
✅ Files skipped from review due to trivial changes (1)
  • languages/wp-user-frontend.pot
🚧 Files skipped from review as they are similar to previous changes (1)
  • includes/Render_Form.php
🧰 Additional context used
🧬 Code graph analysis (1)
includes/Frontend_Render_Form.php (1)
includes/Admin/Forms/Form.php (1)
  • Form (5-372)
🔇 Additional comments (2)
assets/css/admin/form-builder.css (1)

3022-3061: Browser compatibility: Verify backdrop-filter vendor prefix removal against your target browsers.

The changes on lines 3025 and 3045 add the standard backdrop-filter property. However, the summary mentions removing -webkit-backdrop-filter from transition-property declarations.

Potential concern: Older Safari versions (pre-2020) require the -webkit- prefix for backdrop-filter. If you support those browsers, you may need to retain vendor prefixes in addition to the standard property.

Recommend verifying your supported browser matrix and either:

  • Keeping both -webkit-backdrop-filter and backdrop-filter in transition properties, or
  • Confirming all target browsers support the standard syntax

</review_comment_end>

assets/css/ai-form-builder.css (1)

3022-3040: Verify browser compatibility after removing -webkit-backdrop-filter from transitions.

The changes correctly use the standard backdrop-filter property for glass-morphism effects. However, confirm that removing the -webkit- prefix from transition-property declarations doesn't degrade support for older browsers (Safari < 15.4, older Chromium browsers).

If older browser support is required, consider:

  • Keeping -webkit-backdrop-filter in the transition-property value alongside the standard property
  • Or document the minimum browser versions supported by this stylesheet

Note: Is this file auto-generated from a Tailwind CSS build? If so, ensure the source configuration (tailwind.config.js or similar) is updated to generate the intended output, rather than manually maintaining this large compiled stylesheet.

@Rubaiyat-E-Mohammad Rubaiyat-E-Mohammad added QA Approved This PR is approved by the QA team and removed bug labels Nov 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

QA Approved This PR is approved by the QA team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sapayth @Rubaiyat-E-Mohammad