protected function sanitize_field_input($value, $instance) { $sanitized_value = trim($value); if (preg_match('/^post\\: *([0-9]+)/', $sanitized_value, $matches)) { $sanitized_value = 'post: ' . $matches[1]; } else { $sanitized_value = sow_esc_url_raw($sanitized_value); } return $sanitized_value; }
/** * Sanitize all the widget values. Should be used before saving widget into the database. * * @param $instance * @param $fields */ public function sanitize($instance, $fields = false) { if ($fields === false) { $fields = $this->form_options(); } // There is nothing to sanitize if (empty($fields)) { return $instance; } foreach ($fields as $name => $field) { if (empty($instance[$name])) { $instance[$name] = false; } switch ($field['type']) { case 'select': case 'radio': $keys = array_keys($field['options']); if (!in_array($instance[$name], $keys)) { $instance[$name] = isset($field['default']) ? $field['default'] : false; } break; case 'number': case 'slider': $instance[$name] = (double) $instance[$name]; break; case 'textarea': case 'text': $instance[$name] = wp_kses_post($instance[$name]); $instance[$name] = balanceTags($instance[$name], true); break; case 'color': if (!preg_match('|^#([A-Fa-f0-9]{3}){1,2}$|', $instance[$name])) { // 3 or 6 hex digits, or the empty string. $instance[$name] = false; } break; case 'media': // Media values should be integer $instance[$name] = intval($instance[$name]); if (!empty($field['fallback']) && !empty($instance[$name . '_fallback'])) { $instance[$name . '_fallback'] = esc_url_raw($instance[$name . '_fallback']); } break; case 'link': $instance[$name] = trim($instance[$name]); if (preg_match('/^post\\: *([0-9]+)/', $instance[$name], $matches)) { $instance[$name] = 'post: ' . $matches[1]; } else { $instance[$name] = sow_esc_url_raw($instance[$name]); } break; case 'checkbox': $instance[$name] = !empty($instance[$name]); break; case 'widget': if (!empty($field['class']) && class_exists($field['class'])) { $the_widget = new $field['class'](); if (is_a($the_widget, 'SiteOrigin_Widget')) { $instance[$name] = $the_widget->update($instance[$name], $instance[$name]); } } break; case 'repeater': if (!empty($instance[$name])) { foreach ($instance[$name] as $i => $sub_instance) { $instance[$name][$i] = $this->sanitize($sub_instance, $field['fields']); } } break; case 'section': $instance[$name] = $this->sanitize($instance[$name], $field['fields']); break; default: $instance[$name] = sanitize_text_field($instance[$name]); break; } if (isset($field['sanitize'])) { // This field also needs some custom sanitization switch ($field['sanitize']) { case 'url': $instance[$name] = sow_esc_url_raw($instance[$name]); break; case 'email': $instance[$name] = sanitize_email($instance[$name]); break; default: // This isn't a built in sanitization. Maybe it's handled elsewhere. $instance[$name] = apply_filters('siteorigin_widgets_sanitize_field_' . $field['sanitize'], $instance[$name]); break; } } } // Also let other plugins also sanitize the instance $instance = apply_filters('siteorigin_widgets_sanitize_instance', $instance, $fields, $this); $instance = apply_filters('siteorigin_widgets_sanitize_instance_' . $this->id_base, $instance, $fields, $this); return $instance; }
public function sanitize_instance($instance) { $fallback_name = $this->get_fallback_field_name($this->base_name); if (!empty($this->fallback) && !empty($instance[$fallback_name])) { $instance[$fallback_name] = sow_esc_url_raw($instance[$fallback_name]); } return $instance; }
/** * The default sanitization function. * * @param $value mixed The value to be sanitized. * @return mixed|string|void */ public function sanitize($value) { $value = $this->sanitize_field_input($value); if (isset($this->sanitize)) { // This field also needs some custom sanitization switch ($this->sanitize) { case 'url': $value = sow_esc_url_raw($value); break; case 'email': $value = sanitize_email($value); break; default: // This isn't a built in sanitization. Maybe it's handled elsewhere. $value = apply_filters('siteorigin_widgets_sanitize_field_' . $this->sanitize, $value); break; } } return $value; }
/** * The default sanitization function. * * @param $value mixed The value to be sanitized. * @param $instance array The widget instance. * @param $old_value The old value of this field. * * @return mixed|string|void */ public function sanitize($value, $instance = array(), $old_value = null) { $value = $this->sanitize_field_input($value, $instance); if (isset($this->sanitize)) { // This field also needs some custom sanitization switch ($this->sanitize) { case 'url': $value = sow_esc_url_raw($value); break; case 'email': $value = sanitize_email($value); break; default: // This isn't a built in sanitization. Maybe it's handled elsewhere. if (is_callable($this->sanitize)) { $value = call_user_func($this->sanitize, $value, $old_value); } else { if (is_string($this->sanitize)) { $value = apply_filters('siteorigin_widgets_sanitize_field_' . $this->sanitize, $value); } } break; } } return $value; }