/** * This function saves the different user params * * @param WP_User $user_id User_id to set information to. * @return bool */ function save_extra_user_profile_fields($user_id) { if (!current_user_can('edit_user', $user_id)) { return false; } foreach ($this->custom_user_fields as $user_field) { $new_meta = $_POST[$user_field['name']]; // Input var okay. if ($new_meta == null) { $custom = array(); } else { $custom = sanitize_text_field_recursively($new_meta); } update_user_meta($user_id, $user_field['name'], $custom); } }
/** * Summary. * * Description. * * @since x.x.x * @access (for functions: only use if private) * * @see Function/method/class relied on * @link URL * @global type $varname Description. * @global type $varname Description. * * @param type $var Description. * @param type $var Optional. Description. * @return type Description. */ public function update_conditions($id, $field_type, $conditions, $group_conditions = false) { /* * Group Conditions */ if ($group_conditions) { $sanitized_conditions = sanitize_text_field_recursively($conditions); // restore condition operators (lost through sanitize_text_field_recursively()) $sanitized_conditions['conditions'] = $this->wpcf_conditions_restore_original_operators($sanitized_conditions['conditions'], $conditions['conditions']); update_post_meta($id, '_wpcf_conditional_display', $sanitized_conditions); /* * Field Conditions */ } else { $field = wpcf_fields_get_field_by_slug($id); if (empty($field)) { return; } $sanitized_conditions =& $field['data']['conditional_display']; $sanitized_conditions = sanitize_text_field_recursively($conditions); // restore condition operators (lost through sanitize_text_field_recursively()) $sanitized_conditions['conditions'] = $this->wpcf_conditions_restore_original_operators($sanitized_conditions['conditions'], $conditions['conditions']); $all_types_fields = get_option('wpcf-fields', array()); $all_types_fields[$id] = $field; update_option('wpcf-fields', $all_types_fields); } }
/** * Use sanitize_text_field recursively. * * @since 1.9.0 * * @param mixed $data data to sanitize_text_field * @return mixed sanitized input */ function sanitize_text_field_recursively($data) { if (empty($data)) { return $data; } if (is_array($data)) { foreach ($data as $key => $value) { if (is_array($value)) { $value = sanitize_text_field_recursively($value); } else { $value = sanitize_text_field($value); } $data[$key] = $value; } return $data; } return sanitize_text_field($data); }
/** * Save group action hook. * * @param type $group */ function wpcf_cd_save_group_action($group) { if (!empty($group['conditional_display']) && is_array($group['conditional_display'])) { $group['conditional_display'] = sanitize_text_field_recursively($group['conditional_display']); update_post_meta($group['id'], '_wpcf_conditional_display', $group['conditional_display']); } elseif (isset($group['id'])) { delete_post_meta($group['id'], '_wpcf_conditional_display'); } }
/** * Summary. * * Description. * * @since x.x.x * @access (for functions: only use if private) * * @see Function/method/class relied on * @link URL * @global type $varname Description. * @global type $varname Description. * * @param type $var Description. * @param type $var Optional. Description. * @return type Description. */ public function update_conditions($id, $field_type, $conditions, $group_conditions = false) { /* * Group Conditions */ if ($group_conditions) { // See the comment below $conditions['custom'] = $this->transform_operators_to_text_equivalents(wpcf_getarr($conditions, 'custom')); $sanitized_conditions = sanitize_text_field_recursively($conditions); // restore condition operators (lost through sanitize_text_field_recursively()) $sanitized_conditions['conditions'] = $this->wpcf_conditions_restore_original_operators($sanitized_conditions['conditions'], $conditions['conditions']); update_post_meta($id, '_wpcf_conditional_display', $sanitized_conditions); /* * Field Conditions */ } else { $field = wpcf_fields_get_field_by_slug($id); if (empty($field)) { return; } // We're running into problems with oversanitizing comparison operators like <, >, <=, >= and <>. // For conditions defined in the "simple" mode, this is easy to revert because they're unfolded // into tokens from the very beginning and we can handle just the operators. // // For custom conditions, however, this is more difficult to do while keeping the effect of sanitization and // not breaking the expression. That is why we're going to use the Toolset_Tokenizer to break down the // expression, replace problematic operators by their text-only equivalents and glue the expression back // together. Then we can pass it through sanitize_text_field without further issues. // // Note that this method has side-effects and limitations, see transform_operators_to_text_equivalents() // for details. $conditions['custom'] = $this->transform_operators_to_text_equivalents(wpcf_getarr($conditions, 'custom')); $sanitized_conditions = sanitize_text_field_recursively($conditions); // restore condition operators (lost through sanitize_text_field_recursively()) $sanitized_conditions['conditions'] = $this->wpcf_conditions_restore_original_operators($sanitized_conditions['conditions'], $conditions['conditions']); // Store the sanitized conditions. $field['data']['conditional_display'] = $sanitized_conditions; $all_types_fields = get_option('wpcf-fields', array()); $all_types_fields[$id] = $field; update_option('wpcf-fields', $all_types_fields); } }