Fixed echo in five files

[DAnn2012]

Fixed echo in five files

Summary by CodeRabbit

Summary by CodeRabbit

• Bug Fixes
  • Event widget messages now render correctly on the page.
  • Cloudflare integration instructions now display as intended.
  • Setup/ready screen message now appears properly in the onboarding flow.
  • Pricing table currency symbol now shows in the UI.
  • Confirmation email greeting now displays the customer name.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Five view templates were changed to actually render previously prepared/sanitized strings by adding echo before the expressions, altering control flow from no-output expressions to active HTML/text rendering.

Changes

Cohort / File(s)	Summary
Widget message rendering views/events/widget-message.php	Added echo before wp_kses($object->get_message(), wu_kses_allowed_html()) so the sanitized message is output to the page.
Cloudflare instructions rendering views/wizards/host-integrations/cloudflare-instructions.php	Added echo before wp_kses_post(...) so the sanitized/prepared HTML notice is rendered in the view.
Ready wizard message rendering views/wizards/host-integrations/ready.php	Added echo before esc_html(sprintf(...)) so the translated/escaped string is printed in the template.
Pricing table currency symbol views/checkout/templates/pricing-table/legacy.php	Added echo when rendering the currency symbol so it appears in the price markup (superscript left-position case).
Email greeting rendering views/emails/customer/confirm-email-address.php	Added echo before esc_html(...) to ensure the customer name greeting is output in the email template.

Sequence Diagram(s)

sequenceDiagram
    participant Template as View Template
    participant Sanitizer as wp_kses / wp_kses_post / esc_html
    participant Browser as Browser / Email

    Note over Template,Sanitizer: Previous flow (prepared but not output)
    Template->>Sanitizer: prepare sanitized/escaped string
    Sanitizer-->>Template: sanitized string (returned)
    Note right of Template: No echo — nothing sent to Browser/Email

    rect rgba(100,200,120,0.12)
      Note over Template,Sanitizer: New flow (with echo)
      Template->>Sanitizer: prepare sanitized/escaped string
      Sanitizer-->>Template: sanitized string
      Template->>Browser: echo sanitized string (rendered HTML/text)
      Template->>Email: echo sanitized string (rendered in email)
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Homogeneous change pattern across five templates (adding echo to previously unused sanitized values).
• Quick review items:
  • Confirm correct escaping function used for each context (HTML vs. plain text vs. HTML email).
  • Verify templates’ markup remains valid and no duplicate output occurs.
  • Check email template rendering in an email preview to ensure formatting is correct.

Poem

🐇 I whispered strings that hid away,

Then added echoes to let them play.
Sanitized hops, now clear and bright,
Views sing softly into night. ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title claims to fix echo in 3 files, but the changeset actually modifies 5 files. The title is inaccurate regarding the scope of the changes.	Update the title to accurately reflect that the pull request fixes echo in five files, not three.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0df6d71 and 710ff13.

📒 Files selected for processing (2)

• views/events/widget-message.php (1 hunks)
• views/wizards/host-integrations/cloudflare-instructions.php (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-11-11T20:16:49.880Z

Learnt from: superdav42
Repo: Multisite-Ultimate/ultimate-multisite PR: 256
File: inc/managers/class-membership-manager.php:140-142
Timestamp: 2025-11-11T20:16:49.880Z
Learning: The wu_log_add() function in WP Ultimo accepts both string and \WP_Error for the $message parameter (second parameter). It's valid to pass WP_Error objects directly to wu_log_add() without extracting the error message first, as the Logger::add() method handles both types.

Applied to files:

• views/events/widget-message.php

🧬 Code graph analysis (1)

views/events/widget-message.php (2)

inc/models/class-event.php (1)

• get_message (255-260)

inc/functions/helper.php (1)

• wu_kses_allowed_html (326-589)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: PHP 8.4
• GitHub Check: PHP 7.4
• GitHub Check: cypress (8.2, chrome)
• GitHub Check: cypress (8.1, chrome)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical bug fix - event message is now properly displayed.

The addition of echo ensures the sanitized event message is actually rendered in the widget. Previously, the message was sanitized but never displayed, making this widget non-functional for its intended purpose.

🤖 Prompt for AI Agents

In views/events/widget-message.php around line 16, the sanitized event message
was not being output so the widget showed no message; fix by echoing the
sanitized result returned by $object->get_message() (i.e., ensure the call to
wp_kses(...) is echoed) so the sanitized content is rendered in the widget.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical bug fix - content is now properly displayed.

The addition of echo ensures the sanitized HTML notice is actually rendered on the page. Previously, wp_kses_post() was called but its return value was discarded, making this important preface message invisible to users.

🤖 Prompt for AI Agents

In views/wizards/host-integrations/cloudflare-instructions.php around line 21,
the call to wp_kses_post(...) was returning sanitized HTML but its result was
not echoed, so the message never appeared; fix it by outputting the sanitized
string (prepend echo) so the formatted translated message is rendered to the
page, keeping the existing sprintf(...) parameters and escaping function
unchanged.

---

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify similar patterns in other view files.

Since this was a missing echo statement, check if other view templates have the same issue with sanitization functions being called without outputting their results.

---

🏁 Script executed:

#!/bin/bash
# Description: Search for potential missing echo statements in view files
# Look for wp_kses, wp_kses_post, esc_html, esc_attr calls within PHP tags that lack echo

# Search for wp_kses* calls in view files that might be missing echo
echo "=== Checking for wp_kses calls without echo in PHP view files ==="
rg -n -t php -g 'views/**/*.php' '^\s*<\?php\s+wp_kses(?!.*echo)' -C 2

echo -e "\n=== Checking for wp_kses_post calls without echo in PHP view files ==="
rg -n -t php -g 'views/**/*.php' '^\s*<\?php\s+wp_kses_post\(' -C 2

echo -e "\n=== Checking for sanitization function patterns that might need echo ==="
rg -n -t php -g 'views/**/*.php' -P '^\s*<\?php\s+(?!echo|if|while|for|foreach|switch|return|\$).*(?:wp_kses|esc_html|esc_attr|sanitize_)' -C 2

Length of output: 122403

---

Add missing echo statement and fix similar issue in related file.

The original issue in cloudflare-instructions.php:21 exists as flagged. A similar pattern was found in another integration file that needs correction:

• views/wizards/host-integrations/ready.php:18 — Missing echo before esc_html(sprintf(...)). Should be: <?php echo esc_html(sprintf(...))

Both issues follow the same pattern: non-output-performing sanitization functions (esc_html(), wp_kses_post()) require an explicit echo statement. Functions ending in _e() (e.g., esc_html_e()) handle output automatically.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

views/wizards/host-integrations/ready.php (1)

18-18: LGTM! The echo fix correctly renders the message.

The addition of echo properly fixes the bug where the sanitized and translated string was not being output. The use of esc_html() is appropriate for plain-text content, and the i18n pattern with sprintf() is correct.

Optional: Consider adding a defensive check for the $integration variable.

While WordPress view templates typically receive variables from controllers, adding a check would make the code more resilient:

 	<p class="wu-text-lg wu-text-gray-600 wu-my-4">
 		<?php // translators: % site title ?>
-		<?php echo esc_html(sprintf(__('The integration with %s was correctly setup and is now ready! Now, every time a new domain is added to your platform, Ultimate Multisite will sync that with your application automatically.', 'ultimate-multisite'), $integration->get_title())); ?>
+		<?php echo esc_html(sprintf(__('The integration with %s was correctly setup and is now ready! Now, every time a new domain is added to your platform, Ultimate Multisite will sync that with your application automatically.', 'ultimate-multisite'), isset($integration) ? $integration->get_title() : '')); ?>
 	</p>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 710ff13 and 57284ff.

📒 Files selected for processing (1)

• views/wizards/host-integrations/ready.php (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: cypress (8.1, chrome)
• GitHub Check: cypress (8.2, chrome)

[DAnn2012]

Hello @superdav42

When you can, could you take a look at this PR of mine?

Thanks.

[superdav42]

@DAnn2012 Thanks for the PR! it was spot on.