From 0ae0e8f820ad999b1a716ebb46e2858c8c6ff7af Mon Sep 17 00:00:00 2001
From: jdub233 <tamlin@mac.com>
Date: Tue, 15 Nov 2016 16:51:19 -0500
Subject: [PATCH 1/5] mini form function

---
 bu-liaison-inquiry.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bu-liaison-inquiry.php b/bu-liaison-inquiry.php
index 623bac6..457caf3 100644
--- a/bu-liaison-inquiry.php
+++ b/bu-liaison-inquiry.php
@@ -154,7 +154,7 @@ function liaison_inquiry_form( $atts ) {
 			}
 		}
 
-		$inquiry_form = $this->process_form_definition( $inquiry_form_decode->data, $field_ids, $presets );
+		$inquiry_form = $this->minify_form_definition( $inquiry_form_decode->data, $field_ids, $presets );
 
 		// Setup nonce for form to protect against various possible attacks.
 		$nonce = wp_nonce_field( 'liaison_inquiry', 'liaison_inquiry_nonce', false, false );
@@ -176,7 +176,7 @@ function liaison_inquiry_form( $atts ) {
 	 * @param array $presets Array of preset field ids and values.
 	 * @return array Returns a data array of the processed form data to be passed to the template
 	 */
-	function process_form_definition( $inquiry_form, $field_ids, $presets ) {
+	function minify_form_definition( $inquiry_form, $field_ids, $presets ) {
 		// If field_ids are specified, remove any fields that aren't in the specified set.
 		if ( 0 < count( $field_ids ) ) {
 			foreach ( $inquiry_form->sections as $section ) {
@@ -187,6 +187,7 @@ function process_form_definition( $inquiry_form, $field_ids, $presets ) {
 						if ( '1' != $field->required ) {
 							unset( $section->fields[ $field_key ] );
 						} else {
+							// If a field isn't listed but is required, set the hidden flag and preset the value.
 							$field->hidden = true;
 							if ( isset( $presets[ $field->id ] ) ) {
 								$field->hidden_value = $presets[ $field->id ];

From 414245e8abaee76e1c39ace753fb815178b8e71b Mon Sep 17 00:00:00 2001
From: jdub233 <tamlin@mac.com>
Date: Wed, 16 Nov 2016 17:11:37 -0500
Subject: [PATCH 2/5] fix field data preparation

---
 bu-liaison-inquiry.php | 78 +++++++++++++++++++++++++-----------------
 1 file changed, 46 insertions(+), 32 deletions(-)

diff --git a/bu-liaison-inquiry.php b/bu-liaison-inquiry.php
index 457caf3..24679e5 100644
--- a/bu-liaison-inquiry.php
+++ b/bu-liaison-inquiry.php
@@ -101,12 +101,14 @@ function liaison_inquiry_form( $atts ) {
 		$api_key = $options['APIKey'];
 		$client_id = $options['ClientID'];
 
-		// Assign any preset field ids in the shortcode attributes.
-		$presets = array();
-		foreach ( $atts as $att_key => $att ) {
-			// Look for integer numbers, these are field ids.
-			if ( intval( $att_key ) === $att_key ) {
-				$presets[ $att_key ] = $att;
+		if ( $atts ) {
+			// Assign any preset field ids in the shortcode attributes.
+			$presets = array();
+			foreach ( $atts as $att_key => $att ) {
+				// Look for integer numbers, these are field ids.
+				if ( intval( $att_key ) === $att_key ) {
+					$presets[ $att_key ] = $att;
+				}
 			}
 		}
 
@@ -137,7 +139,7 @@ function liaison_inquiry_form( $atts ) {
 		wp_enqueue_script( 'field_rules_form_library' );
 		wp_enqueue_script( 'field_rules_handler' );
 
-		// Enqueue form specific CSS
+		// Enqueue form specific CSS.
 		wp_enqueue_style( 'liason-form-style' );
 		wp_enqueue_style( 'jquery-ui-css' );
 
@@ -159,7 +161,7 @@ function liaison_inquiry_form( $atts ) {
 		// Setup nonce for form to protect against various possible attacks.
 		$nonce = wp_nonce_field( 'liaison_inquiry', 'liaison_inquiry_nonce', false, false );
 
-		// Include a template file like bu-navigation does.
+		// Include template file.
 		ob_start();
 		include( self::$plugin_dir . '/templates/form-template.php' );
 		$form_html = ob_get_contents();
@@ -169,7 +171,7 @@ function liaison_inquiry_form( $atts ) {
 	}
 
 	/**
-	 * Takes the form definition returned by the Liaison API, strips out any unspecified fields for the mini form, and applies other formatting
+	 * Takes the form definition returned by the Liaison API, strips out any unspecified fields for the mini form, and sets hidden defaults for required fields
 	 *
 	 * @param array $inquiry_form Parsed JSON data from Liaison API.
 	 * @param array $field_ids List of fields to show. If not specified, the full form is returned.
@@ -230,31 +232,15 @@ function handle_liaison_inquiry() {
 			return;
 		}
 
-		//@todo the example operates directly on the $_POST array, which seems contrary to the best practice of sanitizing $_POST first
-		$_POST['IQS-API-KEY'] = $options['APIKey'];
-
-		// From EMP API example.
-		$phone_fields = $_POST['phone_fields'];
+		// Phone number fields are given special formatting, phone field ids are passed as a hidden field in the form.
+		$phone_fields = sanitize_text_field( $_POST['phone_fields'] );
 		$phone_fields = explode( ',', $phone_fields );
 		unset( $_POST['phone_fields'] );
 
+		$post_vars = $this->prepare_form_post( $_POST, $phone_fields );
 
-		$post_vars = array();
-		foreach ($_POST as $k => $v) {
-			if ( in_array( $k, $phone_fields ) ) {
-				$v = preg_replace( '/[^0-9]/', '', $v );
-				$v = '%2B1' . $v;		// Append +1 for US, but + needs to be %2B for posting.
-			}
-			// if this checkbox field is set then it was checked
-			if (stripos($k, '-text-opt-in') !== false) {
-				$v = '1';
-			}
-		}
-
-		// Shim.
-		$post_vars = $_POST;
-
-		// End EMP API Example segment.
+		// Set the API Key from the site options.
+		$post_vars['IQS-API-KEY'] = $options['APIKey'];
 
 		// Setup arguments for the external API call.
 		$post_args = array( 'body' => $post_vars );
@@ -276,6 +262,36 @@ function handle_liaison_inquiry() {
 		// Return a JSON encoded reply for the validation javascript.
 		echo json_encode( $return );
 	}
+
+	/**
+	 * Sanitize and format post data for submission
+	 *
+	 * @param array $incoming_post_vars $_POST values as submitted.
+	 * @param array $phone_fields Array of phone field ids.
+	 * @return array Returns an array of sanitized and prepared post values.
+	 */
+	function prepare_form_post( $incoming_post_vars, $phone_fields ) {
+		// Process all of the existing values into a new array.
+		$post_vars = array();
+		foreach ( $incoming_post_vars as $key => $value ) {
+			if ( in_array( $key, $phone_fields ) ) {
+				// If it is a phone field, apply special formatting.
+				// Strip out everything except numerals.
+				$value = preg_replace( '/[^0-9]/', '', $value );
+				$value = '%2B1' . $value;		// Append +1 for US, but + needs to be %2B for posting.
+
+			} elseif ( stripos( $key, '-text-opt-in' ) !== false ) {
+				// If this checkbox field is set then it was checked.
+				$value = '1';
+			} else {
+				// Apply basic field sanitization.
+				$value = sanitize_text_field( $value );
+			}
+
+			$post_vars[ $key ] = $value;
+		}
+		return $post_vars;
+	}
 }
 
 // Instantiate plugin (only once).
@@ -289,8 +305,6 @@ function handle_liaison_inquiry() {
 wp_register_script( 'jquery-pubsub', plugin_dir_url( __FILE__ ) . 'assets/js/jquery/jquery-pubsub.js', array( 'jquery' ) );
 wp_register_script( 'iqs-validate', plugin_dir_url( __FILE__ ) . 'assets/js/iqs/validate.js', array( 'jquery' ) );
 
-//should register jquery-ui css styles too?
-
 wp_register_script( 'field_rules_form_library', plugin_dir_url( __FILE__ ) . 'assets/js/field_rules_form_library.js', array( 'jquery' ) );
 wp_register_script( 'field_rules_handler', plugin_dir_url( __FILE__ ) . 'assets/js/field_rules_handler.js', array( 'jquery' ) );
 

From fcabde984ba469803b5d0a47270731d92d530db2 Mon Sep 17 00:00:00 2001
From: jdub233 <tamlin@mac.com>
Date: Wed, 16 Nov 2016 17:36:05 -0500
Subject: [PATCH 3/5] improve jQuery reference

---
 assets/js/main.js | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/assets/js/main.js b/assets/js/main.js
index 0cba8a9..443a472 100755
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -1,11 +1,8 @@
-//Enable $ alias to jQuery
-$ = jQuery;
-
-$(document).ready(function () {
-	main();
+jQuery(document).ready(function () {
+	main(jQuery);
 });
 
-function main() {
+function main($) {
 	
 	var that = [];
 	

From 2d3191841bc633933c9bc3edb301293f20586aa2 Mon Sep 17 00:00:00 2001
From: jdub233 <tamlin@mac.com>
Date: Thu, 17 Nov 2016 22:40:32 -0500
Subject: [PATCH 4/5] spacing, doc fixes

---
 bu-liaison-inquiry.php      |  1 -
 templates/form-template.php | 89 ++++++++++++++++++++-----------------
 2 files changed, 47 insertions(+), 43 deletions(-)

diff --git a/bu-liaison-inquiry.php b/bu-liaison-inquiry.php
index 24679e5..ae55efe 100644
--- a/bu-liaison-inquiry.php
+++ b/bu-liaison-inquiry.php
@@ -251,7 +251,6 @@ function handle_liaison_inquiry() {
 		// Decode the response and activate redirect to the personal url on success.
 		$resp = json_decode( $remote_submit['body'] );
 
-		// From EMP API example.
 		$return = array();
 		$return['status'] = 0;
 
diff --git a/templates/form-template.php b/templates/form-template.php
index 618d75b..f6eaa14 100644
--- a/templates/form-template.php
+++ b/templates/form-template.php
@@ -7,10 +7,10 @@
 	};
 </script>
 
-<form id="form_example" action="<?php echo esc_url( admin_url('admin-post.php') ); ?>" method="post">
+<form id="form_example" action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post">
 
 <?php
-	// Initialize modal and phone fields. 
+	// Initialize modal and phone fields.
 	$modals = array();
 	$phone_fields = array();
 ?>
@@ -22,7 +22,7 @@
 			<?php foreach ( $section->fields as $field_index => $field ) : ?>
 
 			<?php
-			//setup
+			// Setup address field labels.
 			$label = $field->displayName;
 
 			if ( 6 == $field->id ) {
@@ -32,7 +32,7 @@
 				// Address Line 2.
 				$label = '';
 			}
-			//end setup
+			// End address field labels.
 			?>
 
 			<?php
@@ -40,9 +40,9 @@
 			if ( isset( $field->hidden ) && $field->hidden ) : ?>
 				<input type="hidden" name="<?php echo $field->id;?>" value="<?php echo $field->hidden_value;?>">
 			<?php
-			//begin 2 types of html elements: input-text or select
-			elseif ( $field->htmlElement == 'input-text' ) :
-				//begin input text
+			// Begin handler for two types of html elements: input-text or select.
+			elseif ( 'input-text' == $field->htmlElement ) :
+				// Begin input text handler.
 				$class = '';
 
 				if ( stripos( $field->description, 'phone number' ) !== false ) {
@@ -55,50 +55,54 @@
 
 				<div class="row">
 					<div class="form-group">
-						<label for="<?php echo $field->id; ?>" class="col-sm-4 control-label"><?php echo $label . (($field->required) ? ' <span class="asterisk">*</span>' : ''); ?></label>
+						<label for="<?php echo $field->id; ?>" class="col-sm-4 control-label"><?php echo $label . ( ( $field->required ) ? ' <span class="asterisk">*</span>' : '' ); ?></label>
 						<div class="col-sm-6 col-md-5">
 							<input type="text"
 								name="<?php echo $field->id; ?>"
 								id="<?php echo $field->id; ?>"
-								class="form-control<?php echo (($field->required) ? ' required' : '') . $class; ?>" placeholder="<?php echo $field->displayName; ?>" />
+								class="form-control<?php echo ( ( $field->required ) ? ' required' : '' ) . $class; ?>" placeholder="<?php echo $field->displayName; ?>" />
 			
-			<?php
-			if ($class == ' iqs-form-phone-number' && isset($section->fields[$field_index + 1])
-				&& ($section->fields[$field_index]->order + 0.1) == $section->fields[$field_index + 1]->order) :
-					//begin iqs-form-phone-number
-					$element_id = $section->fields[$field_index + 1]->id;
-					$label_text = trim($section->fields[$field_index + 1]->displayName);
-					$opt_in_text = '<a href="#text-message-opt-in-modal" id="opt-in-trigger">opt-in policy</a>';
-					$label_text = str_ireplace('opt-in policy', $opt_in_text, $label_text);
-					
-					$modals[] = '
-						<div id="text-message-opt-in-modal" title="Text Message Opt-in Policy" class="modal">
-							<div class="modal-body">
-										 ' . $section->fields[$field_index + 1]->helpText . '
+				<?php
+				// Begin phone field specific handler.
+				if ( ' iqs-form-phone-number' == $class && isset( $section->fields[ $field_index + 1 ] )
+					&& ( $section->fields[ $field_index ]->order + 0.1 ) == $section->fields[ $field_index + 1 ]->order ) :
+						// Inject opt-in message and modal for phone number field.
+						$element_id = $section->fields[ $field_index + 1 ]->id;
+						$label_text = trim( $section->fields[ $field_index + 1 ]->displayName );
+						$opt_in_text = '<a href="#text-message-opt-in-modal" id="opt-in-trigger">opt-in policy</a>';
+						$label_text = str_ireplace( 'opt-in policy', $opt_in_text, $label_text );
+
+						$modals[] = '
+							<div id="text-message-opt-in-modal" title="Text Message Opt-in Policy" class="modal">
+								<div class="modal-body">
+											 ' . $section->fields[ $field_index + 1 ]->helpText . '
+								</div>
 							</div>
-						</div>
-					';
-			?>
+						';
+				?>
 					
 						<input type="checkbox" name="<?php echo $element_id; ?>" id="<?php echo $element_id; ?>">
 						<label id="label-<?php echo $element_id;?>" for="<?php $element_id; ?>"><?php echo $label_text; ?></label>
 					
-			<?php endif; //end iqs-form-phone number ?>
+				<?php endif;
+				// End phone field specific handler.
+				?>
 			
 			
-			<?php if ($field->helpText !== '') : ?>
-				<p class="help-block"><?php echo $field->helpText; ?></p>
-			<?php endif; ?>
+				<?php if ( '' !== $field->helpText ) :?>
+					<p class="help-block"><?php echo $field->helpText; ?></p>
+				<?php endif; ?>
 			
 			
 						</div>
 					</div><!-- end class="form-group" -->
 				</div><!-- end class="row" -->
 			
-			<?php //end input txt ?>
-			<?php elseif ($field->htmlElement == 'select') : ?>
-			
-			<?php //begin select
+			<?php
+			// End input text handler.
+			?>
+			<?php elseif ( 'select' == $field->htmlElement ) :
+			// Begin select handler.
 			$class = ' iqs-form-single-select';
 			?>
 			
@@ -108,25 +112,26 @@ class="form-control<?php echo (($field->required) ? ' required' : '') . $class;
 						<div class="col-sm-6 col-md-5">
 							<select
 								name="<?php echo $field->id; ?>"
-								id="<?php $field->id; ?>"
+								id="<?php echo $field->id; ?>"
 								class="input-sm form-control<?php echo (($field->required) ? ' required' : '') . $class; ?>">
 								<option value=""></option>
 			
-			<?php if ($field->id == 9) : // State ?>
+			<?php // Add extra option to the state or region field.
+			if ( 9 == $field->id ) :  ?>
 				<option value="Outside US & Canada">Outside US & Canada</option>
 			<?php endif; ?>
 			
-			<?php foreach ($field->options as $option) : ?>
-				<?php if (isset($option->options)) : ?>
+			<?php foreach ( $field->options as $option ) : ?>
+				<?php if ( isset( $option->options ) ) : ?>
 					<optgroup label="<?php echo $option->label; ?>">
 					
-					<?php foreach ($option->options as $sub_option) : ?>
+					<?php foreach ( $option->options as $sub_option ) : ?>
 						<option value="<?php echo $sub_option->id; ?>"><?php echo $sub_option->value; ?></option>
 					<?php endforeach; ?>
 					
 					</optgroup>
 					
-				<?php else: ?>
+				<?php else : ?>
 					<option value="<?php echo $option->id; ?>"><?php echo $option->value; ?></option>
 				<?php endif; ?>
 			<?php endforeach; ?>
@@ -137,13 +142,13 @@ class="input-sm form-control<?php echo (($field->required) ? ' required' : '') .
 					</div><!-- end class="form-group" -->
 				</div><!-- end class="row" -->
 			
-		<?php endif; //end select ?>
-	<?php endforeach; //end field ?>
+		<?php endif; // End select field handler.?>
+	<?php endforeach; // End field handler.?>
 
 	
 		</div><!-- end class="section" -->
 	
-<?php endforeach; //end section ?>
+<?php endforeach; // End section handler.?>
 
 
 	<div class="clear"></div>

From 94e559106202951704676ce44ea7062de138f392 Mon Sep 17 00:00:00 2001
From: jdub233 <tamlin@mac.com>
Date: Fri, 18 Nov 2016 11:00:09 -0500
Subject: [PATCH 5/5] version bump

---
 bu-liaison-inquiry.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bu-liaison-inquiry.php b/bu-liaison-inquiry.php
index ae55efe..4415c98 100644
--- a/bu-liaison-inquiry.php
+++ b/bu-liaison-inquiry.php
@@ -6,7 +6,7 @@
 Author: Boston University IS&T (Jonathan Williams)
 Author URI: http://developer.bu.edu
 Description: Provide a form to send data to the Liaison SpectrumEMP API
-Version: 0.1
+Version: 0.4
 */