Fix always show "the link you followed has expired" error page (#1321)

* Fix always shows "the link you followed has expired" error page.

In the last commit, the "extend the notes field for vendor payments" causes the "The link you followed has expired" message to always appear when saving a post.

Therefore here only retains the part related to adding a new "Needs follow-up" status for payments and removes else.

* PHPCS

* Only shows the Needs Follow-up post under the Needs Follow-up tab.

public_html/wp-content/plugins/wordcamp-payments-network/includes/payment-requests-dashboard.php

@@ -333,7 +333,6 @@ public static function get_current_tab() {
 		$tabs = array(
 			'drafts',
 			'overdue',
-
 			'pending-approval',
 			'approved',
 			'pending-payment',

public_html/wp-content/plugins/wordcamp-payments-network/includes/payment-requests-list-table.php

@@ -71,6 +71,8 @@ public function prepare_items() {
 			$where .= " AND `status` IN ( 'wcb-failed', 'wcb-cancelled' ) ";
 		} elseif ( 'drafts' == $view ) {
 			$where .= " AND `status` = 'draft' ";
+		} elseif ( 'needs-followup' == $view ) {
+			$where .= " AND `status` = 'wcb-needs-followup' ";
 		}
 
 		if ( ! empty( $_REQUEST['s'] ) ) {

public_html/wp-content/plugins/wordcamp-payments/includes/reimbursement-request.php

@@ -163,6 +163,15 @@ function init_meta_boxes() {
 		'high'
 	);
 
+	add_meta_box(
+		'wcbrr_notes',
+		esc_html__( 'Notes', 'wordcamporg' ),
+		__NAMESPACE__ . '\render_notes_metabox',
+		POST_TYPE,
+		'side',
+		'high'
+	);
+
 	add_meta_box(
 		'wcbrr_general_information',
 		esc_html__( 'General Information', 'wordcamporg' ),
@@ -308,6 +317,19 @@ function render_status_metabox( $post ) {
 	require_once dirname( __DIR__ ) . '/views/reimbursement-request/metabox-status.php';
 }
 
+/**
+ * Render the Notes metabox
+ *
+ * @param WP_Post $post
+ */
+function render_notes_metabox( $post ) {
+	wp_nonce_field( 'notes', 'notes_nonce' );
+
+	$existing_notes = get_post_meta( $post->ID, '_wcbrr_notes', true );
+
+	require_once dirname( __DIR__ ) . '/views/reimbursement-request/metabox-notes.php';
+}
+
 /**
  * Render General Information Metabox
  *
@@ -500,6 +522,10 @@ function save_request( $post_id, $post ) {
 
 	verify_metabox_nonces();
 
+	// phpcs:ignore is added because verify_metabox_nonces(); already checks that.
+	// phpcs:ignore WordPress.Security.NonceVerification.Missing
+	validate_and_save_notes( $post, $_POST['wcbrr_new_note'] );
+
 	/*
 	 * We need to determine if the user is allowed to modify the request -- in terms of this plugin's post_status
 	 * restrictions, not in terms of current_user_can( 'edit_post', N ) -- but at this point in the execution
@@ -651,6 +677,7 @@ function render_log_metabox( $post ) {
 function verify_metabox_nonces() {
 	$nonces = array(
 		'status_nonce',
+		'notes_nonce',
 		'general_information_nonce',
 		'payment_details_nonce',
 		'expenses_nonce',
@@ -720,6 +747,101 @@ function validate_and_save_expenses( $post_id, $expenses ) {
 	update_post_meta( $post_id, '_wcbrr_expenses', $expenses );
 }
 
+/**
+ * Validate and save expense data
+ *
+ * @param WP_Post $post
+ * @param string  $new_note_message
+ */
+function validate_and_save_notes( $post, $new_note_message ) {
+
+	// Save incomplete message.
+	// phpcs:ignore is used because verify_metabox_nonces(); already checks that.
+	if ( isset( $_POST['wcp_mark_incomplete_notes'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		$safe_value = '';
+		if ( 'wcb-incomplete' == $post->post_status ) {
+			$safe_value = wp_kses( $_POST['wcp_mark_incomplete_notes'], wp_kses_allowed_html( 'strip' ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		}
+
+		update_post_meta( $post->ID, '_wcp_incomplete_notes', $safe_value );
+	}
+
+	$new_note_message = sanitize_text_field( wp_unslash( $new_note_message ) );
+
+	if ( empty( $new_note_message ) ) {
+		return;
+	}
+
+	$notes = get_post_meta( $post->ID, '_wcbrr_notes', true );
+	if ( ! is_array( $notes ) ) {
+		$notes = array();
+	}
+
+	$new_note = array(
+		'timestamp' => time(),
+		'author_id' => get_current_user_id(),
+		'message'   => $new_note_message,
+	);
+
+	$notes[] = $new_note;
+
+	update_post_meta( $post->ID, '_wcbrr_notes', $notes );
+	notify_parties_of_new_note( $post, $new_note );
+
+	\WordCamp_Budgets::log(
+		$post->ID,
+		get_current_user_id(),
+		sprintf( 'Note: %s', $new_note_message ),
+		array(
+			'action' => 'note-added',
+		)
+	);
+}
+
+/**
+ * Notify WordCamp Central or the request author when new notes are added
+ *
+ * @param WP_Post $request
+ * @param array   $note
+ */
+function notify_parties_of_new_note( $request, $note ) {
+	$note_author = get_user_by( 'id', $note['author_id'] );
+
+	if ( $note_author->has_cap( 'manage_network' ) ) {
+		$to             = \WordCamp_Budgets::get_requester_formatted_email( $request->post_author );
+		$subject_prefix = sprintf( '[%s] ', get_wordcamp_name() );
+	} else {
+		$to             = '[email protected]';
+		$subject_prefix = '';
+	}
+
+	if ( ! $to ) {
+		return;
+	}
+
+	$subject          = sprintf( '%sNew note on `%s`', $subject_prefix, sanitize_text_field( $request->post_title ) );
+	$note_author_name = \WordCamp_Budgets::get_requester_name( $note['author_id'] );
+	$request_url      = admin_url( sprintf( 'post.php?post=%s&action=edit', $request->ID ) );
+	$headers          = array( 'Reply-To: [email protected]' );
+
+	$message = sprintf( '
+		%s has added the following note on the reimbursement request for %s:
+
+		%s
+
+		You can view the request and respond to their note at:
+
+		%s',
+		sanitize_text_field( $note_author_name ),
+		sanitize_text_field( $request->post_title ),
+		sanitize_text_field( $note['message'] ),
+		esc_url_raw( $request_url )
+	);
+	$message = str_replace( "\t", '', $message );
+
+	wp_mail( $to, $subject, $message, $headers );
+}
+
 /**
  * Notify the organizer when the status of their reimbursement changes or when notes are added
  *