Strips HTML tags from input. Output is NOT HTML safe.
public static strip_tags ( mixed $data_with_tags ) : mixed | ||
$data_with_tags | mixed | |
return | mixed |
/** * Outputs the HTML for this form field * * @return string HTML */ function render() { global $current_user, $user_identity; $r = ''; $field_id = $this->get_attribute('id'); $field_type = $this->get_attribute('type'); $field_label = $this->get_attribute('label'); $field_required = $this->get_attribute('required'); $placeholder = $this->get_attribute('placeholder'); $class = $this->get_attribute('class'); $field_placeholder = !empty($placeholder) ? "placeholder='" . esc_attr($placeholder) . "'" : ''; $field_class = "class='" . trim(esc_attr($field_type) . " " . esc_attr($class)) . "' "; if (isset($_POST[$field_id])) { if (is_array($_POST[$field_id])) { $this->value = array_map('stripslashes', $_POST[$field_id]); } else { $this->value = stripslashes((string) $_POST[$field_id]); } } elseif (isset($_GET[$field_id])) { $this->value = stripslashes((string) $_GET[$field_id]); } elseif (is_user_logged_in() && (defined('IS_WPCOM') && IS_WPCOM || true === apply_filters('jetpack_auto_fill_logged_in_user', false))) { // Special defaults for logged-in users switch ($this->get_attribute('type')) { case 'email': $this->value = $current_user->data->user_email; break; case 'name': $this->value = $user_identity; break; case 'url': $this->value = $current_user->data->user_url; break; default: $this->value = $this->get_attribute('default'); } } else { $this->value = $this->get_attribute('default'); } $field_value = Grunion_Contact_Form_Plugin::strip_tags($this->value); $field_label = Grunion_Contact_Form_Plugin::strip_tags($field_label); /** * Filter the Contact Form required field text * * @module contact-form * * @since 3.8.0 * * @param string $var Required field text. Default is "(required)". */ $required_field_text = esc_html(apply_filters('jetpack_required_field_text', __("(required)", 'jetpack'))); switch ($field_type) { case 'email': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label email" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='email' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' " . $field_class . $field_placeholder . " " . ($field_required ? "required aria-required='true'" : "") . "/>\n"; $r .= "\t</div>\n"; break; case 'telephone': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label telephone" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='tel' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' " . $field_class . $field_placeholder . "/>\n"; break; case 'textarea': $r .= "\n<div>\n"; $r .= "\t\t<label for='contact-form-comment-" . esc_attr($field_id) . "' class='grunion-field-label textarea" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t\t<textarea name='" . esc_attr($field_id) . "' id='contact-form-comment-" . esc_attr($field_id) . "' rows='20' " . $field_class . $field_placeholder . " " . ($field_required ? "required aria-required='true'" : "") . ">" . esc_textarea($field_value) . "</textarea>\n"; $r .= "\t</div>\n"; break; case 'radio': $r .= "\t<div><label class='grunion-field-label" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; foreach ($this->get_attribute('options') as $option) { $option = Grunion_Contact_Form_Plugin::strip_tags($option); $r .= "\t\t<label class='grunion-radio-label radio" . ($this->is_error() ? ' form-error' : '') . "'>"; $r .= "<input type='radio' name='" . esc_attr($field_id) . "' value='" . esc_attr($option) . "' " . $field_class . checked($option, $field_value, false) . " " . ($field_required ? "required aria-required='true'" : "") . "/> "; $r .= esc_html($option) . "</label>\n"; $r .= "\t\t<div class='clear-form'></div>\n"; } $r .= "\t\t</div>\n"; break; case 'checkbox': $r .= "\t<div>\n"; $r .= "\t\t<label class='grunion-field-label checkbox" . ($this->is_error() ? ' form-error' : '') . "'>\n"; $r .= "\t\t<input type='checkbox' name='" . esc_attr($field_id) . "' value='" . esc_attr__('Yes', 'jetpack') . "' " . $field_class . checked((bool) $field_value, true, false) . " " . ($field_required ? "required aria-required='true'" : "") . "/> \n"; $r .= "\t\t" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t\t<div class='clear-form'></div>\n"; $r .= "\t</div>\n"; break; case 'checkbox-multiple': $r .= "\t<div><label class='grunion-field-label" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; foreach ($this->get_attribute('options') as $option) { $option = Grunion_Contact_Form_Plugin::strip_tags($option); $r .= "\t\t<label class='grunion-checkbox-multiple-label checkbox-multiple" . ($this->is_error() ? ' form-error' : '') . "'>"; $r .= "<input type='checkbox' name='" . esc_attr($field_id) . "[]' value='" . esc_attr($option) . "' " . $field_class . checked(in_array($option, (array) $field_value), true, false) . " /> "; $r .= esc_html($option) . "</label>\n"; $r .= "\t\t<div class='clear-form'></div>\n"; } $r .= "\t\t</div>\n"; break; case 'select': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label select" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t<select name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' " . $field_class . ($field_required ? "required aria-required='true'" : "") . ">\n"; foreach ($this->get_attribute('options') as $option) { $option = Grunion_Contact_Form_Plugin::strip_tags($option); $r .= "\t\t<option" . selected($option, $field_value, false) . ">" . esc_html($option) . "</option>\n"; } $r .= "\t</select>\n"; $r .= "\t</div>\n"; break; case 'date': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label " . esc_attr($field_type) . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='date' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' " . $field_class . ($field_required ? "required aria-required='true'" : "") . "/>\n"; $r .= "\t</div>\n"; wp_enqueue_script('grunion-frontend', plugins_url('js/grunion-frontend.js', __FILE__), array('jquery', 'jquery-ui-datepicker')); break; default: // text field // note that any unknown types will produce a text input, so we can use arbitrary type names to handle // input fields like name, email, url that require special validation or handling at POST $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label " . esc_attr($field_type) . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . $required_field_text . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='text' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' " . $field_class . $field_placeholder . " " . ($field_required ? "required aria-required='true'" : "") . "/>\n"; $r .= "\t</div>\n"; } /** * Filter the HTML of the Contact Form. * * @module contact-form * * @since 2.6.0 * * @param string $r Contact Form HTML output. * @param string $field_label Field label. * @param int|null $id Post ID. */ return apply_filters('grunion_contact_form_field_html', $r, $field_label, in_the_loop() ? get_the_ID() : null); }
/** * Outputs the HTML for this form field * * @return string HTML */ function render() { global $current_user, $user_identity; $r = ''; $field_id = $this->get_attribute('id'); $field_type = $this->get_attribute('type'); $field_label = $this->get_attribute('label'); $field_required = $this->get_attribute('required'); if (isset($_POST[$field_id])) { $this->value = stripslashes((string) $_POST[$field_id]); } elseif (is_user_logged_in()) { // Special defaults for logged-in users switch ($this->get_attribute('type')) { case 'email': $this->value = $current_user->data->user_email; break; case 'name': $this->value = $user_identity; break; case 'url': $this->value = $current_user->data->user_url; break; default: $this->value = $this->get_attribute('default'); } } else { $this->value = $this->get_attribute('default'); } $field_value = Grunion_Contact_Form_Plugin::strip_tags($this->value); $field_label = Grunion_Contact_Form_Plugin::strip_tags($field_label); switch ($field_type) { case 'email': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label email" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='email' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' class='email' />\n"; $r .= "\t</div>\n"; break; case 'textarea': $r .= "\n<div>\n"; $r .= "\t\t<label for='contact-form-comment-" . esc_attr($field_id) . "' class='grunion-field-label textarea" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; $r .= "\t\t<textarea name='" . esc_attr($field_id) . "' id='contact-form-comment-" . esc_attr($field_id) . "' rows='20'>" . esc_textarea($field_value) . "</textarea>\n"; $r .= "\t</div>\n"; break; case 'radio': $r .= "\t<div><label class='grunion-field-label" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; foreach ($this->get_attribute('options') as $option) { $option = Grunion_Contact_Form_Plugin::strip_tags($option); $r .= "\t\t<label class='grunion-radio-label radio" . ($this->is_error() ? ' form-error' : '') . "'>"; $r .= "<input type='radio' name='" . esc_attr($field_id) . "' value='" . esc_attr($option) . "' class='radio' " . checked($option, $field_value, false) . " /> "; $r .= esc_html($option) . "</label>\n"; $r .= "\t\t<div class='clear-form'></div>\n"; } $r .= "\t\t</div>\n"; break; case 'checkbox': $r .= "\t<div>\n"; $r .= "\t\t<label class='grunion-field-label checkbox" . ($this->is_error() ? ' form-error' : '') . "'>\n"; $r .= "\t\t<input type='checkbox' name='" . esc_attr($field_id) . "' value='" . esc_attr__('Yes', 'jetpack') . "' class='checkbox' " . checked((bool) $field_value, true, false) . " /> \n"; $r .= "\t\t" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; $r .= "\t\t<div class='clear-form'></div>\n"; $r .= "\t</div>\n"; break; case 'select': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label select" . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; $r .= "\t<select name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' class='select' >\n"; foreach ($this->get_attribute('options') as $option) { $option = Grunion_Contact_Form_Plugin::strip_tags($option); $r .= "\t\t<option" . selected($option, $field_value, false) . ">" . esc_html($option) . "</option>\n"; } $r .= "\t</select>\n"; $r .= "\t</div>\n"; break; case 'date': $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label " . esc_attr($field_type) . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='date' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' class='" . esc_attr($field_type) . "'/>\n"; $r .= "\t</div>\n"; wp_enqueue_script('grunion-frontend', plugins_url('js/grunion-frontend.js', __FILE__), array('jquery', 'jquery-ui-datepicker')); break; default: // text field // note that any unknown types will produce a text input, so we can use arbitrary type names to handle // input fields like name, email, url that require special validation or handling at POST $r .= "\n<div>\n"; $r .= "\t\t<label for='" . esc_attr($field_id) . "' class='grunion-field-label " . esc_attr($field_type) . ($this->is_error() ? ' form-error' : '') . "'>" . esc_html($field_label) . ($field_required ? '<span>' . __("(required)", 'jetpack') . '</span>' : '') . "</label>\n"; $r .= "\t\t<input type='text' name='" . esc_attr($field_id) . "' id='" . esc_attr($field_id) . "' value='" . esc_attr($field_value) . "' class='" . esc_attr($field_type) . "'/>\n"; $r .= "\t</div>\n"; } return $r; }