/** * Allow only certain tags and attributes in a string. */ function weaverx_cz_sanitize_css($string) { return weaverx_filter_code($string); }
function weaverx_validate_all_options($in) { /* validation for all options */ $err_msg = ''; // no error message yet if (empty($in)) { wp_die(__('You attempted to save options, but something has gone wrong. Please be sure you are logged in and your host is correctly configured. See the "Weaver Doesn\'t Save Settings" FAQ on weavertheme.com.', 'weaver-xtreme')); } if (!current_user_can('edit_theme_options')) { wp_die(__('You do not have sufficient permissions to manage options for this site.', 'weaver-xtreme')); } $wvr_last = ''; foreach ($in as $key => $value) { switch ($key) { /* -------- integer -------- */ case 'excerpt_length': if (!empty($value) && (!is_numeric($value) || !is_int((int) $value))) { $opt_id = str_replace('', '', $key); $opt_id = str_replace('_', ' ', $opt_id); $err_msg .= __('Option must be an integer value: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '".' . __(' Value has been cleared to blank value', 'weaver-xtreme') . '<br />'; $in[$key] = ''; } break; /* ---------- text ----------- */ /* ---------- text ----------- */ case 'excerpt_more_msg': case 'header_maxwidth': if (!empty($value)) { $in[$key] = weaverx_filter_textarea($value); } break; case 'themename': // can't be empty! if (empty($value)) { $in[$key] = 'please-give-this-a-name'; } else { $in[$key] = weaverx_filter_textarea($value); } break; /* code */ /* code */ case 'copyright': // Alternate copyright // Alternate copyright case '_css_rows': if (!empty($value)) { $in[$key] = weaverx_filter_code($value); } break; case '_perpagewidgets': // Add widget areas for per page - names must be lower case if (!empty($value)) { $in[$key] = strtolower(str_ireplace(' ', '', weaverx_filter_code($value))); } break; case '_althead_opts': case 'head_opts': if (!empty($value)) { $in[$key] = weaverx_filter_head($value); } break; case 'wvrx_css_saved': if (!empty($value)) { $in[$key] = weaverx_filter_code($value); //$in[$key] = wp_filter_post_kses( trim(stripslashes($value)) ); } break; /* must not have <style .... </style> */ /* must not have <style .... </style> */ case 'add_css': // Add CSS Rules to Weaver Xtreme's style rules if (!empty($value)) { $val = weaverx_filter_code($value); $in[$key] = $val; if (stripos($val, '<style') !== false || stripos($val, '</style') !== false || stripos($val, '<script') !== false || stripos($val, '</script') !== false) { $err_msg .= __('<style> or <script> tags have been automatically stripped from your "Add CSS Rules"!', 'weaver-xtreme') . ' ' . __('Please correct your entry.', 'weaver-xtreme') . '<br />'; $in[$key] = wp_filter_post_kses(trim(stripslashes($val))); } } break; case '_fonts_google': $in[$key] = $value; break; case 'last_option': // check for last_option... if (!empty($value)) { $wvr_last = $value; } break; default: /* to here, then colors, _css, or checkbox/selectors */ $keylen = strlen($key); if (strrpos($key, '_css') == $keylen - 4) { // all _css settings if (!empty($value)) { $val = weaverx_filter_code($value); if (stripos($val, '<style') !== false || stripos($val, '</style') !== false || stripos($val, '<script') !== false || stripos($val, '</script') !== false) { $err_msg .= __('<style> or <script> tags have been automatically stripped from your CSS+ rules,', 'weaver-xtreme') . ' ' . __('Please correct your entry.', 'weaver-xtreme') . '<br />'; $val = wp_filter_post_kses(trim($val)); } $in[$key] = $val; if (strpos($val, '{') === false || strpos($val, '}') === false) { $opt_id = str_replace('_css', '', $key); // kill _css $opt_id = str_replace('', '', $opt_id); $opt_id = str_replace('_', ' ', $opt_id); $err_msg .= __('CSS options must be enclosed in {}\'s: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '". ' . __('Please correct your entry.', 'weaver-xtreme') . '<br />'; } } break; } // _css if (strrpos($key, '_insert') == $keylen - 7) { // all _insert settings if (!empty($value)) { $val = weaverx_filter_code($value); $in[$key] = $val; } break; } // _insert if (strrpos($key, '_url') == $keylen - 4) { // all _url settings if (!empty($value)) { $val = weaverx_filter_code($value); // can't use esc_url because that forces a leading html{background-image: url(%template_directory%assets/images/addon_themes.png);} $in[$key] = $val; } break; } // _insert if (strrpos($key, '_dec') == $keylen - 4) { if (!empty($value) && !is_numeric($value)) { $opt_id = str_replace('', '', $key); $opt_id = str_replace('_dec', '', $opt_id); $opt_id = str_replace('_', ' ', $opt_id); $err_msg .= __('Option must be a numeric value: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '". ' . __('Value has been cleared to blank value.', 'weaver-xtreme') . '<br />'; $in[$key] = ''; } break; } if (strrpos($key, '_int') == $keylen - 4 || strrpos($key, '_X') == $keylen - 2 || strrpos($key, '_Y') == $keylen - 2 || strrpos($key, '_L') == $keylen - 2 || strrpos($key, '_R') == $keylen - 2 || strrpos($key, '_T') == $keylen - 2 || strrpos($key, '_B') == $keylen - 2) { if (!empty($value) && (!is_numeric($value) || !is_int((int) $value))) { $opt_id = str_replace('', '', $key); $opt_id = str_replace('_int', '', $opt_id); $opt_id = str_replace('_', ' ', $opt_id); $err_msg .= __('Option must be a numeric value: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '". ' . __('Value has been cleared to blank value.', 'weaver-xtreme') . '<br />'; $in[$key] = ''; } break; } if (strrpos($key, 'color') == $keylen - 5) { // _bgcolor and _color (order here important - after _css, etc.) if (!empty($value)) { $val = trim(weaverx_filter_code($value)); if (preg_match('/^#?+[0-9a-f]{3}(?:[0-9a-f]{3})?$/i', $val)) { // hex value $val = strtoupper($val); // force hex values to upper case, just to be tidy if ($val[0] != '#') { $val = '#' . $val; } $in[$key] = $val; } else { if (preg_match("/^([a-zA-Z])+\$/i", $val)) { // name - all letters $in[$key] = $val; } else { // only legal things left are rgb and rgba $isrgb = strpos($val, 'rgb'); $ishsa = strpos($val, 'hsl'); if ($isrgb === false && $ishsa === false) { if ($value == ' ') { $in[$key] = ''; } else { $err_msg .= __('Color must be a valid # hex value, rgb value, or color name (a-z): ', 'weaver-xtreme') . '"' . $key . '" = "' . bin2hex($value) . '". ' . __('Value has been cleared to blank value.', 'weaver-xtreme') . '<br />'; } $in[$key] = ''; } else { $in[$key] = $val; } } } } break; } if (!empty($value) && is_string($value) && !is_numeric($value)) { $in[$key] = weaverx_filter_textarea($value); } break; } } if (false && $wvr_last != 'Weaver Xtreme') { $err_msg .= __('Warning - your host may be configured to limit how many input var options you are allowed to pass via PHP. Unfortunately, this means your settings may not be saved correctly. See the "Weaver II Doesn\'t Save Settings" FAQ on weavertheme.com.<br />', 'weaver-xtreme'); } if (!empty($err_msg)) { add_settings_error('weaverx_settings', 'settings_error', $err_msg, 'error'); } else { add_settings_error('weaverx_settings', 'settings_updated', __('Weaver Xtreme Settings Saved.', 'weaver-xtreme'), 'updated'); } return $in; }
function weaverx_filter_textarea($text) { // virtually all option text input from Weaver Xtreme can be code, and thus must not be // content filtered. Treat like code for now.... return weaverx_filter_code($text); }