verify nonce for search!

includes/model/class-follower.php

@@ -315,7 +315,7 @@ class Follower extends Actor {
 		$object->set_id( $post->guid );
 		$object->set_name( $post->post_title );
 		$object->set_summary( $post->post_excerpt );
-		$object->set_published( gmdate( 'Y-m-d H:i:s', strtotime( $post->post_published ) ) );
+		$object->set_published( gmdate( 'Y-m-d H:i:s', strtotime( $post->post_date ) ) );
 		$object->set_updated( gmdate( 'Y-m-d H:i:s', strtotime( $post->post_modified ) ) );
 
 		return $object;

includes/table/class-followers.php

@@ -30,19 +30,24 @@ class Followers extends WP_List_Table {
 
 	public function get_columns() {
 		return array(
-			'cb'           => '<input type="checkbox" />',
-			'avatar'       => \__( 'Avatar', 'activitypub' ),
-			'name'         => \__( 'Name', 'activitypub' ),
-			'username'     => \__( 'Username', 'activitypub' ),
-			'url'          => \__( 'URL', 'activitypub' ),
-			'updated'      => \__( 'Last updated', 'activitypub' ),
-			//'errors'       => \__( 'Errors', 'activitypub' ),
-			//'latest-error' => \__( 'Latest Error Message', 'activitypub' ),
+			'cb'         => '<input type="checkbox" />',
+			'avatar'     => \__( 'Avatar', 'activitypub' ),
+			'post_title' => \__( 'Name', 'activitypub' ),
+			'username'   => \__( 'Username', 'activitypub' ),
+			'url'        => \__( 'URL', 'activitypub' ),
+			'published'  => \__( 'Followed', 'activitypub' ),
+			'modified'   => \__( 'Last updated', 'activitypub' ),
 		);
 	}
 
 	public function get_sortable_columns() {
-		return array();
+		$sortable_columns = array(
+			'post_title' => array( 'post_title', true ),
+			'modified'   => array( 'modified', false ),
+			'published'  => array( 'published', false ),
+		);
+
+		return $sortable_columns;
 	}
 
 	public function prepare_items() {
@@ -55,8 +60,32 @@ class Followers extends WP_List_Table {
 		$page_num = $this->get_pagenum();
 		$per_page = 20;
 
-		$followers = FollowerCollection::get_followers( $this->user_id, $per_page, $page_num );
-		$counter   = FollowerCollection::count_followers( $this->user_id );
+		$args = array();
+
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['orderby'] ) ) {
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$args['orderby'] = sanitize_text_field( wp_unslash( $_GET['orderby'] ) );
+		}
+
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['order'] ) ) {
+			// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+			$args['order'] = sanitize_text_field( wp_unslash( $_GET['order'] ) );
+		}
+
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		if ( isset( $_GET['s'] ) && isset( $_REQUEST['_wpnonce'] ) ) {
+			$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
+			if ( wp_verify_nonce( $nonce, 'bulk-' . $this->_args['plural'] ) ) {
+				// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+				$args['s'] = sanitize_text_field( wp_unslash( $_GET['s'] ) );
+			}
+		}
+
+		$followers_with_count = FollowerCollection::get_followers_with_count( $this->user_id, $per_page, $page_num, $args );
+		$followers            = $followers_with_count['followers'];
+		$counter              = $followers_with_count['total'];
 
 		$this->items = array();
 		$this->set_pagination_args(
@@ -69,14 +98,13 @@ class Followers extends WP_List_Table {
 
 		foreach ( $followers as $follower ) {
 			$item = array(
-				'icon'         => esc_attr( $follower->get_icon_url() ),
-				'name'         => esc_attr( $follower->get_name() ),
-				'username'     => esc_attr( $follower->get_preferred_username() ),
-				'url'          => esc_attr( $follower->get_url() ),
-				'identifier'   => esc_attr( $follower->get_id() ),
-				'updated'      => esc_attr( $follower->get_updated() ),
-				'errors'       => $follower->count_errors(),
-				'latest-error' => $follower->get_latest_error_message(),
+				'icon'       => esc_attr( $follower->get_icon_url() ),
+				'post_title' => esc_attr( $follower->get_name() ),
+				'username'   => esc_attr( $follower->get_preferred_username() ),
+				'url'        => esc_attr( $follower->get_url() ),
+				'identifier' => esc_attr( $follower->get_id() ),
+				'published'  => esc_attr( $follower->get_published() ),
+				'modified'   => esc_attr( $follower->get_updated() ),
 			);
 
 			$this->items[] = $item;
@@ -116,11 +144,11 @@ class Followers extends WP_List_Table {
 	}
 
 	public function process_action() {
-		if ( ! isset( $_REQUEST['followers'] ) || ! isset( $_REQUEST['_apnonce'] ) ) {
+		if ( ! isset( $_REQUEST['followers'] ) || ! isset( $_REQUEST['_wpnonce'] ) ) {
 			return false;
 		}
-		$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_apnonce'] ) );
-		if ( ! wp_verify_nonce( $nonce, 'activitypub-followers-list' ) ) {
+		$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
+		if ( ! wp_verify_nonce( $nonce, 'bulk-' . $this->_args['plural'] ) ) {
 			return false;
 		}
 

templates/blog-user-followers-list.php

@@ -21,8 +21,8 @@ $followers_template = _n( 'Your blog profile currently has %s follower.', 'Your
 		<input type="hidden" name="tab" value="followers" />
 		<?php
 		$table->prepare_items();
+		$table->search_box( 'Search', 'search' );
 		$table->display();
 		?>
-		<?php wp_nonce_field( 'activitypub-followers-list', '_apnonce' ); ?>
 		</form>
 </div>

templates/user-followers-list.php

@@ -14,8 +14,8 @@ $followers_template = _n( 'Your author profile currently has %s follower.', 'You
 		<input type="hidden" name="page" value="activitypub-followers-list" />
 		<?php
 		$table->prepare_items();
+		$table->search_box( 'Search', 'search' );
 		$table->display();
 		?>
-		<?php wp_nonce_field( 'activitypub-followers-list', '_apnonce' ); ?>
 		</form>
 </div>