Fix always show "the link you followed has expired" error page

public_html/wp-content/plugins/wordcamp-payments-network/includes/payment-requests-dashboard.php

@@ -333,7 +333,6 @@ public static function get_current_tab() {
 		$tabs = array(
 			'drafts',
 			'overdue',
-
 			'pending-approval',
 			'approved',
 			'pending-payment',

public_html/wp-content/plugins/wordcamp-payments-network/includes/payment-requests-list-table.php

@@ -71,6 +71,8 @@ public function prepare_items() {
 			$where .= " AND `status` IN ( 'wcb-failed', 'wcb-cancelled' ) ";
 		} elseif ( 'drafts' == $view ) {
 			$where .= " AND `status` = 'draft' ";
+		} elseif ( 'needs-followup' == $view ) {
+			$where .= " AND `status` = 'wcb-needs-followup' ";
 		}
 
 		if ( ! empty( $_REQUEST['s'] ) ) {

public_html/wp-content/plugins/wordcamp-payments/includes/reimbursement-request.php

@@ -163,6 +163,15 @@ function init_meta_boxes() {
 		'high'
 	);
 
+	add_meta_box(
+		'wcbrr_notes',
+		esc_html__( 'Notes', 'wordcamporg' ),
+		__NAMESPACE__ . '\render_notes_metabox',
+		POST_TYPE,
+		'side',
+		'high'
+	);
+
 	add_meta_box(
 		'wcbrr_general_information',
 		esc_html__( 'General Information', 'wordcamporg' ),
@@ -308,6 +317,19 @@ function render_status_metabox( $post ) {
 	require_once dirname( __DIR__ ) . '/views/reimbursement-request/metabox-status.php';
 }
 
+/**
+ * Render the Notes metabox
+ *
+ * @param WP_Post $post
+ */
+function render_notes_metabox( $post ) {
+	wp_nonce_field( 'notes', 'notes_nonce' );
+
+	$existing_notes = get_post_meta( $post->ID, '_wcbrr_notes', true );
+
+	require_once dirname( __DIR__ ) . '/views/reimbursement-request/metabox-notes.php';
+}
+
 /**
  * Render General Information Metabox
  *
@@ -500,6 +522,10 @@ function save_request( $post_id, $post ) {
 
 	verify_metabox_nonces();
 
+	// phpcs:ignore is added because verify_metabox_nonces(); already checks that.
+	// phpcs:ignore WordPress.Security.NonceVerification.Missing
+	validate_and_save_notes( $post, $_POST['wcbrr_new_note'] );
+
 	/*
 	 * We need to determine if the user is allowed to modify the request -- in terms of this plugin's post_status
 	 * restrictions, not in terms of current_user_can( 'edit_post', N ) -- but at this point in the execution
@@ -651,6 +677,7 @@ function render_log_metabox( $post ) {
 function verify_metabox_nonces() {
 	$nonces = array(
 		'status_nonce',
+		'notes_nonce',
 		'general_information_nonce',
 		'payment_details_nonce',
 		'expenses_nonce',
@@ -720,6 +747,101 @@ function validate_and_save_expenses( $post_id, $expenses ) {
 	update_post_meta( $post_id, '_wcbrr_expenses', $expenses );
 }
 
+/**
+ * Validate and save expense data
+ *
+ * @param WP_Post $post
+ * @param string  $new_note_message
+ */
+function validate_and_save_notes( $post, $new_note_message ) {
+
+	// Save incomplete message.
+	// phpcs:ignore is used because verify_metabox_nonces(); already checks that.
+	if ( isset( $_POST['wcp_mark_incomplete_notes'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		$safe_value = '';
+		if ( 'wcb-incomplete' == $post->post_status ) {
+			$safe_value = wp_kses( $_POST['wcp_mark_incomplete_notes'], wp_kses_allowed_html( 'strip' ) ); // phpcs:ignore WordPress.Security.NonceVerification.Missing
+		}
+
+		update_post_meta( $post->ID, '_wcp_incomplete_notes', $safe_value );
+	}
+
+	$new_note_message = sanitize_text_field( wp_unslash( $new_note_message ) );
+
+	if ( empty( $new_note_message ) ) {
+		return;
+	}
+
+	$notes = get_post_meta( $post->ID, '_wcbrr_notes', true );
+	if ( ! is_array( $notes ) ) {
+		$notes = array();
+	}
+
+	$new_note = array(
+		'timestamp' => time(),
+		'author_id' => get_current_user_id(),
+		'message'   => $new_note_message,
+	);
+
+	$notes[] = $new_note;
+
+	update_post_meta( $post->ID, '_wcbrr_notes', $notes );
+	notify_parties_of_new_note( $post, $new_note );
+
+	\WordCamp_Budgets::log(
+		$post->ID,
+		get_current_user_id(),
+		sprintf( 'Note: %s', $new_note_message ),
+		array(
+			'action' => 'note-added',
+		)
+	);
+}
+
+/**
+ * Notify WordCamp Central or the request author when new notes are added
+ *
+ * @param WP_Post $request
+ * @param array   $note
+ */
+function notify_parties_of_new_note( $request, $note ) {
+	$note_author = get_user_by( 'id', $note['author_id'] );
+
+	if ( $note_author->has_cap( 'manage_network' ) ) {
+		$to             = \WordCamp_Budgets::get_requester_formatted_email( $request->post_author );
+		$subject_prefix = sprintf( '[%s] ', get_wordcamp_name() );
+	} else {
+		$to             = '[email protected]';
+		$subject_prefix = '';
+	}
+
+	if ( ! $to ) {
+		return;
+	}
+
+	$subject          = sprintf( '%sNew note on `%s`', $subject_prefix, sanitize_text_field( $request->post_title ) );
+	$note_author_name = \WordCamp_Budgets::get_requester_name( $note['author_id'] );
+	$request_url      = admin_url( sprintf( 'post.php?post=%s&action=edit', $request->ID ) );
+	$headers          = array( 'Reply-To: [email protected]' );
+
+	$message = sprintf( '
+		%s has added the following note on the reimbursement request for %s:
+
+		%s
+
+		You can view the request and respond to their note at:
+
+		%s',
+		sanitize_text_field( $note_author_name ),
+		sanitize_text_field( $request->post_title ),
+		sanitize_text_field( $note['message'] ),
+		esc_url_raw( $request_url )
+	);
+	$message = str_replace( "\t", '', $message );
+
+	wp_mail( $to, $subject, $message, $headers );
+}
+
 /**
  * Notify the organizer when the status of their reimbursement changes or when notes are added
  *