Fix color picker PRO badge icon and hover overlay in settings

[arifulhoque7]

Close #1765 ,Related PRO PR
Fix color picker PRO badge icon and hover overlay in settings

Updates:

• Replace old crown.svg icon with new pro-badge.svg for all color picker fields in Login/Registration settings
• Implement proper hover overlay effect for color picker fields with dashed border and "Upgrade to PRO" button
• Wrap color picker fields in dedicated container for proper overlay positioning
• Fix layout issues preventing other PRO preview fields from breaking
• Remove unused $crown_icon variable from settings-options.php

Files modified:

• includes/functions/settings-options.php (11 color fields + 1 layout field)
• Lib/WeDevs_Settings_API.php (callback_color method with wrapper)
• assets/css/admin.css (color picker specific styles)
• assets/less/admin.less (source LESS file for build process)

Technical changes:

• Added .wpuf-color-picker-wrapper container for color fields with is_pro_preview
• Implemented CSS hover states for overlay display
• Prevented pointer-events on disabled color picker
• Added z-index layering for proper overlay appearance
• Updated wp_kses allowed HTML tags to include wrapper div and SVG elements

Result:

• Color pickers now show consistent PRO badge icon matching Avatar Size field
• Hover displays semi-transparent green overlay with dashed border
• Centered "Upgrade to PRO" button appears on hover
• Other PRO preview fields maintain proper layout without extending right
• Changes persist through LESS compilation

Summary by CodeRabbit

• New Features

  • Pro preview for color controls now shows a non-interactive visual preview of premium styling.

• Style

  • Replaced inline SVG badges with a clearer pro badge image across settings and registration UI.
  • Enhanced color picker styling and overlay behavior for the pro preview, improved inline graphic support and hover presentation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates the color-picker rendering to optionally wrap inputs for pro-preview, expands allowed wp_kses tags for inline SVG/div, adds CSS/LESS for a non-interactive pro-preview overlay, and replaces crown SVG file reads with an image reference for the pro badge across admin settings and some front-end templates.

Changes

Cohort / File(s)	Summary
Color picker pro-preview logic Lib/WeDevs_Settings_API.php	callback_color now reads $args['is_pro_preview'] into $is_pro_preview, conditionally wraps the color input in a .wpuf-color-picker-wrapper, appends pro-preview HTML only when previewing, and expands the wp_kses allowlist to include div[style], svg[...], and path[...].
Pro-preview styling (CSS / LESS) assets/css/admin.css, assets/less/admin.less	Add .wpuf-color-picker-wrapper, .pro-field-overlay, pointer-events/cursor rules, hover visibility and z-index layering to render a non-interactive color-picker pro preview overlay.
Pro badge replacement in admin assets includes/functions/settings-options.php, assets/css/registration-forms.css	Remove file_get_contents usage for crown.svg, replace pro-label decorations with an <img src="WPUF_ASSET_URI/images/pro-badge.svg">, and update CSS selectors to target both svg and img children for pro icons.
Pro badge replacement in templates includes/Free/templates/page-registration-form.php	Replace inline SVG (previously injected via file_get_contents + wp_kses) with <img> referencing WPUF_ASSET_URI/images/pro-badge.svg in crown-icon and upgrade button areas.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Replace crown icons with new pro-badge SVG and update branding colors #1734 — Replaces inline crown SVG with pro-badge.svg and updates pro-preview/pro-badge CSS and templates.
• feat: Update settings API for login form layout customization support #1716 — Modifies Lib/WeDevs_Settings_API.php color callback and wp_kses allowlist to permit SVG/div rendering for pro-preview.

Suggested labels

bug

Suggested reviewers

• sapayth

Poem

🐇 I hopped through lines and swapped the crown,
A tiny badge now perches, shiny, round.
I wrapped the colors in a quiet veil,
So previews peek — but painters cannot fail.
🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: replacing the PRO badge icon and adding a hover overlay for color picker fields in settings.
Linked Issues check	✅ Passed	The PR addresses all requirements from issue #1765: replaces old crown.svg with pro-badge.svg, ensures proper badge display based on PRO activation state, and implements an 'Upgrade to PRO' hover overlay for color-choosing inputs.
Out of Scope Changes check	✅ Passed	All changes directly support the linked issue objectives. CSS/styling updates for the color picker wrapper and overlay, HTML structure modifications, badge replacement, and layout fixes are all within scope.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Lib/WeDevs_Settings_API.php (1)

533-547: Consider removing redundant inline styles.

The wrapper logic is correct, but the inline styles on Line 538 are redundant since .wpuf-color-picker-wrapper already has these styles defined in the CSS (lines 895-900 in admin.less).

You can simplify Line 538:

-        $html .= '<div class="wpuf-color-picker-wrapper" style="position: relative; display: inline-block;">';
+        $html .= '<div class="wpuf-color-picker-wrapper">';

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 34f2b63 and 997f5d9.

📒 Files selected for processing (4)

• Lib/WeDevs_Settings_API.php (2 hunks)
• assets/css/admin.css (1 hunks)
• assets/less/admin.less (1 hunks)
• includes/functions/settings-options.php (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

includes/functions/settings-options.php (1)

wpuf-functions.php (1)

• wpuf_is_pro_active (5042-5044)

🔇 Additional comments (3)

assets/less/admin.less (1)

894-945: LGTM! Well-structured pro preview styles.

The color picker pro preview styling is well-implemented with proper layering, hover states, and interaction controls. The use of pointer-events to disable interaction and z-index for overlay positioning follows best practices.

assets/css/admin.css (1)

690-733: LGTM! Compiled CSS matches LESS source.

The compiled CSS correctly reflects the LESS source changes for the color picker pro preview styles. All selectors, properties, and values are properly compiled.

Lib/WeDevs_Settings_API.php (1)

561-572: LGTM! Proper expansion of allowed HTML.

The allowed HTML expansion correctly permits the wrapper div, SVG elements, and path elements needed for the pro preview rendering. All attributes are appropriate and necessary.

[Rubaiyat-E-Mohammad]

Some pro batch got under the reference line @arifulhoque7 vai

[arifulhoque7]

Some pro batch got under the reference line @arifulhoque7 vai

This is expected behavior. Since the label is relatively large, there isn’t enough space for it to remain on the same line. @Rubaiyat-E-Mohammad vai

[anik-fahmid]

We can use "BG" instead of Background

[arifulhoque7]

done @Rubaiyat-E-Mohammad vai, @anik-fahmid vai

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

includes/Free/templates/page-registration-form.php (2)

195-195: Fix the incorrect wp_kses usage and align with the img tag approach.

This line has multiple critical issues:

1. Incorrect sanitization order: wp_kses() is applied to the file path $crown_icon before file_get_contents(). This makes no sense—wp_kses() sanitizes HTML content, not file paths. The current implementation will likely fail to read the file.

2. Security risk: Even if the order were corrected, echoing file_get_contents() output requires proper sanitization of the SVG content to prevent XSS vulnerabilities.

3. Inconsistency: Line 148 correctly uses an <img> tag for the same pro badge, but this line attempts to inline the SVG content using file_get_contents(). The PR objectives indicate a shift to using <img> tags.

🔎 Recommended fix: Use an img tag for consistency and security

Replace the inline SVG approach with an <img> tag matching line 148:

-                        <span class="pro-icon icon-white"> <?php echo file_get_contents( wp_kses($crown_icon, array('svg' => [ 'xmlns' => true, 'width' => true, 'height' => true, 'viewBox' => true, 'fill' => true ], 'path' => [ 'd' => true, 'fill' => true ], 'circle' => [ 'cx' => true, 'cy' => true, 'r' => true ], ) ) ); // @codingStandardsIgnoreLine ?></span>
+                        <span class="pro-icon icon-white">
+                            <img src="<?php echo esc_url( WPUF_ASSET_URI . '/images/pro-badge.svg' ); ?>" alt="<?php esc_attr_e( 'PRO', 'wp-user-frontend' ); ?>">
+                        </span>

If you must inline the SVG, fix the sanitization order:

-                        <span class="pro-icon icon-white"> <?php echo file_get_contents( wp_kses($crown_icon, array('svg' => [ 'xmlns' => true, 'width' => true, 'height' => true, 'viewBox' => true, 'fill' => true ], 'path' => [ 'd' => true, 'fill' => true ], 'circle' => [ 'cx' => true, 'cy' => true, 'r' => true ], ) ) ); // @codingStandardsIgnoreLine ?></span>
+                        <span class="pro-icon icon-white"> <?php echo wp_kses( file_get_contents( $crown_icon ), array('svg' => [ 'xmlns' => true, 'width' => true, 'height' => true, 'viewBox' => true, 'fill' => true ], 'path' => [ 'd' => true, 'fill' => true ], 'circle' => [ 'cx' => true, 'cy' => true, 'r' => true ], ) ); ?></span>

However, the first approach (using <img> tag) is strongly recommended for consistency with the rest of the PR.

---

100-100: Use esc_url() instead of wp_kses() for sanitizing URLs.

The wp_kses() function is designed to sanitize HTML content, not URLs or file paths. For src attributes containing URLs, use esc_url() for proper sanitization.

🔎 Proposed fix

Line 100:

-            <img src="<?php echo wp_kses( WPUF_ASSET_URI . '/images/wpuf-pro-2.svg', array('svg' => [ 'xmlns' => true, 'width' => true, 'height' => true, 'viewBox' => true, 'fill' => true ], 'path' => [ 'd' => true, 'fill' => true ],) ); ?>" alt="WPUF Pro">
+            <img src="<?php echo esc_url( WPUF_ASSET_URI . '/images/wpuf-pro-2.svg' ); ?>" alt="WPUF Pro">

Line 106:

-                    <img src="<?php echo wp_kses( WPUF_ASSET_URI . '/images/doc.svg', array('svg' => [ 'xmlns' => true, 'width' => true, 'height' => true, 'viewBox' => true, 'fill' => true ],  'path' => ['fill-rule' => true, 'clip-rule' => true, 'd' => true, 'fill' => true ] ) ); ?>" alt="">
+                    <img src="<?php echo esc_url( WPUF_ASSET_URI . '/images/doc.svg' ); ?>" alt="">

Lines 135-142:

-        <img src="<?php echo wp_kses( WPUF_ASSET_URI . '/images/form-banner.svg', array(
-                'svg' => [ 'xmlns' => true, 'width' => true, 'height' => true, 'viewBox' => true, 'fill' => true ],
-                'path' => [ 'd' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'clip-rule' => true,],
-                'rect' => [ 'x' => true, 'y' => true, 'width' => true, 'height' => true, 'rx' => true, 'fill' => true, 'stroke' => true, 'stroke-width' => true],
-                'circle' => [ 'cx' => true, 'cy' => true, 'r' => true, 'fill' => true ],
-                'linearGradient' => [ 'id' => true, 'x1' => true, 'y1' => true, 'x2' => true, 'y2' => true, 'gradientUnits' => true ],
-                'stop' => [ 'stop-color' => true, 'offset' => true, 'stop-opacity' => true]
-            )); ?>" alt="WPUF Registration Form">
+        <img src="<?php echo esc_url( WPUF_ASSET_URI . '/images/form-banner.svg' ); ?>" alt="WPUF Registration Form">

Also applies to: 106-106, 135-142

🧹 Nitpick comments (1)

includes/Free/templates/page-registration-form.php (1)

2-2: Consider removing this variable after fixing line 195.

The $crown_icon variable is only used on line 195 in a problematic implementation. If line 195 is updated to use an <img> tag (like line 148), this variable will become unused and should be removed.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 214dac3 and 26f287f.

📒 Files selected for processing (2)

• assets/css/registration-forms.css
• includes/Free/templates/page-registration-form.php

🔇 Additional comments (2)

assets/css/registration-forms.css (1)

110-111: LGTM! Selector correctly supports both SVG and img rendering.

The expansion of the selector to include both svg and img elements appropriately supports the transition from inline SVG to image-based pro badge rendering.

includes/Free/templates/page-registration-form.php (1)

148-148: LGTM! Correct implementation of the pro badge using an img tag.

The use of <img> with esc_url() and a properly escaped alt attribute follows WordPress security best practices and aligns with the PR objectives.