/** * Loads the Hybrid theme settings once and allows the input of the specific field the user would * like to show. Hybrid theme settings are added with 'autoload' set to 'yes', so the settings are * only loaded once on each page load. * * @since 0.7.0 * @access public * @uses get_option() Gets an option from the database. * @uses hybrid_get_prefix() Gets the prefix of the theme. * @global object $hybrid The global Hybrid object. * @param string $option The specific theme setting the user wants. * @return mixed $settings[$option] Specific setting asked for. */ function hybrid_get_setting($option = '') { global $hybrid; /* If no specific option was requested, return false. */ if (!$option) { return false; } /* Get the default settings. */ $defaults = hybrid_get_default_theme_settings(); /* If the settings array hasn't been set, call get_option() to get an array of theme settings. */ if (!isset($hybrid->settings) || !is_array($hybrid->settings)) { $hybrid->settings = get_option(hybrid_get_prefix() . '_theme_settings', $defaults); } /* If the option isn't set but the default is, set the option to the default. */ if (!isset($hybrid->settings[$option]) && isset($defaults[$option])) { $hybrid->settings[$option] = $defaults[$option]; } /* If no option is found at this point, return false. */ if (!isset($hybrid->settings[$option])) { return false; } /* If the specific option is an array, return it. */ if (is_array($hybrid->settings[$option])) { return $hybrid->settings[$option]; } else { return wp_kses_stripslashes($hybrid->settings[$option]); } }
/** * Handles the sections for * both quizzes and surveys. * * @since 2.0 */ public function _doSections() { if ($_SERVER['REQUEST_METHOD'] == "POST") { $nameNeeded = array(); for ($row = 0; $row < intval($_POST['row_count']); $row++) { if (!isset($_POST['section_name'][$row]) || $_POST['section_name'][$row] == "") { $nameNeeded[] = $row; continue; } $sectionName = wp_kses_stripslashes($_POST['section_name'][$row]); if (!isset($_POST['number'][$row]) || $_POST['number'][$row] == "") { $_POST['number'][$row] = 0; } if (!isset($_POST['sectionid'][$row]) || empty($_POST['sectionid'][$row])) { $difficulty = isset($_POST['difficulty'][$row]) ? $_POST['difficulty'][$row] : false; Wpsqt_System::insertSection($_GET['id'], $sectionName, $_POST['number'][$row], $_POST['order'][$row], $difficulty); continue; } if (isset($_POST['delete'][$row]) && !empty($_POST['delete'][$row])) { Wpsqt_System::deleteSection($_POST['sectionid'][$row]); } else { $difficulty = isset($_POST['difficulty'][$row]) ? $_POST['difficulty'][$row] : false; Wpsqt_System::updateSection($_POST['sectionid'][$row], $sectionName, $_POST['number'][$row], $_POST['order'][$row], $difficulty); } } $this->_pageVars['successMessage'] = "Sections updated"; } $validData = Wpsqt_System::fetchSections($_GET['id']); if (!empty($validData)) { $this->_pageVars['validData'] = $validData; } }
function of_sanitize_textarea($input) { // global $allowedposttags; // $output = wp_kses( $input, $allowedposttags); $output = wp_kses_stripslashes($input); return $output; }
function wp_kses_split2($string, $allowed_html, $allowed_protocols) { $string = wp_kses_stripslashes($string); if (substr($string, 0, 1) != '<') { return '>'; } # It matched a ">" character if (preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) { $string = str_replace(array('<!--', '-->'), '', $matches[1]); while ($string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols))) { $string = $newstring; } if ($string == '') { return ''; } return "<!--{$string}-->"; } # Allow HTML comments if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) { return ''; } # It's seriously malformed $slash = trim($matches[1]); $elem = $matches[2]; $attrlist = $matches[3]; if (!@isset($allowed_html[strtolower($elem)])) { return ''; } # They are using a not allowed HTML element if ($slash != '') { return "<{$slash}{$elem}>"; } # No attributes are allowed for closing elements return wp_kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols); }
function wp_kses_split2($string, $allowed_html, $allowed_protocols, $cutoff = true) { $string = wp_kses_stripslashes($string); if (substr($string, 0, 1) != '<') { return '>'; } # It matched a ">" character if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) { # It's seriously malformed if ($cutoff) { //hacked by NobuNobu to display not allowed element with < > return ''; } else { return str_replace(array('<', '>'), array('<', '>'), $string); } } $slash = trim($matches[1]); $elem = $matches[2]; $attrlist = $matches[3]; if (!isset($allowed_html[strtolower($elem)]) || !is_array($allowed_html[strtolower($elem)])) { # They are using a not allowed HTML element if ($cutoff) { return ''; } else { //hacked by NobuNobu to display not allowed element with < > return str_replace(array('<', '>'), array('<', '>'), $string); } } if ($slash != '') { return "<{$slash}{$elem}>"; } # No attributes are allowed for closing elements return wp_kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols); }
/** * update the particular instant * * This function should check that $new_instance is set correctly. * The newly calculated value of $instance should be returned. * If "false" is returned, the instance won't be saved/updated. * * $new_instance New settings for this instance as input by the user via form() * $old_instance Old settings for this instance * Settings to save or bool false to cancel saving */ function update( $new_instance, $old_instance ) { $instance = $old_instance; $instance['title'] = stripslashes($new_instance['title']); $instance['adcode'] = wp_kses_stripslashes($new_instance['adcode']); $instance['image'] = esc_url_raw($new_instance['image']); $instance['href'] = esc_url_raw($new_instance['href']); $instance['alt'] = sanitize_text_field($new_instance['alt']); return $instance; }
/** * Runs the footer content posted via Ajax through the do_shortcode() function. This makes sure the * shortcodes are output correctly in the live preview. * * @since 1.4.0 * @access private */ function omega_customize_footer_content_ajax() { /* Check the AJAX nonce to make sure this is a valid request. */ check_ajax_referer('omega_customize_footer_content_nonce'); /* If footer content has been posted, run it through the do_shortcode() function. */ if (isset($_POST['footer_content'])) { echo do_shortcode(wp_kses_stripslashes($_POST['footer_content'])); } /* Always die() when handling Ajax. */ die; }
function genesis_get_custom_field($field) { global $post; $custom_field = get_post_meta($post->ID, $field, true); if ($custom_field) { // sanitize and return the value of the custom field return wp_kses_stripslashes(wp_kses_decode_entities($custom_field)); } else { // return FALSE if custom field is empty return FALSE; } }
/** * Pull an Simple Hooks option from the database, return value * * @since 0.1 */ function simplehooks_get_option($hook = null, $field = null, $all = false) { static $options = array(); $options = $options ? $options : get_option(SIMPLEHOOKS_SETTINGS_FIELD); if ($all) { return $options; } if (!array_key_exists($hook, (array) $options)) { return ''; } $option = isset($options[$hook][$field]) ? $options[$hook][$field] : ''; return wp_kses_stripslashes(wp_kses_decode_entities($option)); }
public function update($new, $old) { $instance = $old; $instance['title'] = strip_tags($new['title']); $instance['headline'] = wp_kses_stripslashes($new['headline']); $instance['tagline'] = wp_kses_stripslashes($new['tagline']); $instance['image'] = $new['image']; $instance['thumbnail'] = $new['thumbnail']; $instance['action_url'] = esc_url_raw($new['action_url']); $instance['action_label'] = wp_kses_stripslashes($new['action_label']); $instance['action_color'] = wp_kses_stripslashes($new['action_color']); $instance['alignment'] = wp_kses_stripslashes($new['alignment']); return $instance; }
function mt_register_settings() { if (!empty($_POST['lib_options']) && check_admin_referer('maintenance_edit_post', 'maintenance_nonce')) { if (!isset($_POST['lib_options']['state'])) { $_POST['lib_options']['state'] = 0; } else { $_POST['lib_options']['state'] = 1; } if (isset($_POST['lib_options']['htmlcss'])) { $_POST['lib_options']['htmlcss'] = wp_kses_stripslashes($_POST['lib_options']['htmlcss']); } if (isset($_POST['lib_options'])) { update_option('maintenance_options', $_POST['lib_options']); } } }
function wp_kses_split2($string, $allowed_html, $allowed_protocols) { $string = wp_kses_stripslashes($string); if (substr($string, 0, 1) != '<') { return '>'; } # It matched a ">" character if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) { return ''; } # It's seriously malformed $slash = trim($matches[1]); $elem = $matches[2]; $attrlist = $matches[3]; if (!is_array($allowed_html[strtolower($elem)])) { return ''; } # They are using a not allowed HTML element return wp_kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols); }
public function process() { if ($_SERVER["REQUEST_METHOD"] == "POST") { global $wp_version; $errorArray = array(); if (!isset($_POST['email']) || empty($_POST['email'])) { $errorArray[] = 'Email is required'; } elseif (!is_email($_POST['email'])) { $errorArray[] = 'Invalid from email'; } if (!isset($_POST['name']) || empty($_POST['name'])) { $errorArray[] = 'Name is required'; } if (!isset($_POST['message']) || empty($_POST['message'])) { $errorArray[] = 'Message is required'; } if (!isset($_POST['reason']) || empty($_POST['reason'])) { $errorArray[] = 'Reason is required'; // Tho this should never be blank or empty! } elseif ($_POST['reason'] != "Bug" && $_POST['reason'] != 'Suggestion' && $_POST['reason'] != 'You guys rock!' && $_POST['reason'] != 'You guys are the suck!' && $_POST['reason'] != 'Moving to CatN') { $errorArray[] = 'Invalid reason'; // Definetly something a miss here } if (empty($errorArray)) { $fromEmail = get_option('wpsqt_from_email') ? get_option('wpsqt_from_email') : get_option('admin_email'); $headers = 'From: WPSQT Contact Form' . PHP_EOL; $headers .= 'Reply-To: ' . trim($_POST['name']) . ' <' . $_POST['email'] . '>' . PHP_EOL; $message = 'From: ' . trim($_POST['name']) . ' <' . $fromEmail . '>' . PHP_EOL; $message .= 'WPSQT Version: ' . WPSQT_VERSION . PHP_EOL; $message .= 'PHP Version: ' . PHP_VERSION . PHP_EOL; $message .= 'WordPress Version: ' . $wp_version . PHP_EOL; $message .= 'Message: ' . esc_html(wp_kses_stripslashes($_POST['message'])) . PHP_EOL; if (!wp_mail(WPSQT_CONTACT_EMAIL, 'WPSQT : ' . stripslashes($_POST['reason']), $message, $headers)) { $errorArray[] = 'Unable to send email, please check wordpress settings'; } else { $successMessage = 'Email sent! Thank you for reponse'; } } } $this->_pageView = "admin/misc/contact.php"; }
function uz_ace_editor_input($label, $input_name, $input_value, $mode = 'css') { $label_string = "label_{$input_name}"; ?> <div class="uz_input"> <label> <?php echo $label; ?> </label> <div id="<?php echo $mode; ?> _container"> <div name="<?php echo $input_name; ?> " id="<?php echo $mode; ?> _editor"></div> </div> <textarea id="<?php echo $mode; ?> _textarea" name="<?php echo $input_name; ?> " style="display: none;"><?php echo wp_kses_stripslashes($input_value); ?> </textarea> </div> <?php }
/** * Loads the Hybrid theme settings once and allows the input of the specific field the user would * like to show. Hybrid theme settings are added with 'autoload' set to 'yes', so the settings are * only loaded once on each page load. * * @since 0.7.0 * @access public * @uses get_option() Gets an option from the database. * @uses hybrid_get_prefix() Gets the prefix of the theme. * @global object $hybrid The global Hybrid object. * @param string $option The specific theme setting the user wants. * @return mixed $settings[$option] Specific setting asked for. */ function hybrid_get_setting($option = '') { global $hybrid; /* If no specific option was requested, return false. */ if (!$option) { return false; } /* If the settings array hasn't been set, call get_option() to get an array of theme settings. */ if (!isset($hybrid->settings)) { $hybrid->settings = get_option(hybrid_get_prefix() . '_theme_settings', hybrid_get_default_theme_settings()); } /* If the settings isn't an array or the specific option isn't in the array, return false. */ if (!is_array($hybrid->settings) || empty($hybrid->settings[$option])) { return false; } /* If the specific option is an array, return it. */ if (is_array($hybrid->settings[$option])) { return $hybrid->settings[$option]; } else { return wp_kses_stripslashes($hybrid->settings[$option]); } }
function widget($args, $instance) { extract($args); $image = $instance['image']; $url = $instance['url']; $alt = $instance['alt']; $code = $instance['code']; $target = !empty($instance['target']) ? ' target="_blank"' : ''; $nofollow = !empty($instance['nofollow']) ? ' rel="nofollow"' : ''; echo $before_widget; if ($instance['title']) { echo $before_title . apply_filters('widget_title', $instance['title'], $instance, $this->id_base) . $after_title; } echo '<div class="ad-widget">'; if (!empty($code)) { echo wp_kses_stripslashes($code); } else { echo '<a' . $target . $nofollow . ' href="' . $url . '"><img src="' . $image . '" alt="' . $alt . '" /></a>'; } echo '</div>'; echo $after_widget; }
/** * This is a modified version of the WordPress function wp_kses_split2. * * @since 1.4 * * @param array $match * @return string Fixed HTML element */ private static function kses_split($match) { $string = wp_kses_stripslashes($match[0]); // Encode the ">" character if (substr($string, 0, 1) != '<') { return '>'; } // Do not allow HTML comments if ('<!--' == substr($string, 0, 4)) { return ''; } // It's seriously malformed if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9:]+)([^>]*)>?$%', $string, $matches)) { return ''; } $slash = trim($matches[1]); $elem = $matches[2]; //$attrlist = $matches[3]; // They are using a not allowed HTML element if (!isset(self::$xmlTags[strtolower($elem)])) { return ''; } return $slash ? "</{$elem}>" : "<{$elem}>"; }
/** * Sends Updated Actions to the List Table View * * @todo fix reliability issues with sidebar widgets * * @uses gather_updated_items * @uses generate_row * * @param array Response to heartbeat * @param array Response from heartbeat * * @return array Data sent to heartbeat */ public static function live_update($response, $data) { if (!isset($data['wp-stream-heartbeat-last-id'])) { return; } $last_id = intval($data['wp-stream-heartbeat-last-id']); $query = $data['wp-stream-heartbeat-query']; if (empty($query)) { $query = array(); } // Decode the query $query = json_decode(wp_kses_stripslashes($query)); $updated_items = WP_Stream_Dashboard_Widget::gather_updated_items($last_id, $query); if (!empty($updated_items)) { ob_start(); foreach ($updated_items as $item) { self::$list_table->single_row($item); } $send = ob_get_clean(); } else { $send = ''; } return $send; }
function update($new, $old) { $instance = $old; $instance['title'] = strip_tags($new['title']); $instance['category'] = (int) $new['category']; $instance['archive'] = (int) $new['archive']; $instance['recent'] = (int) $new['recent']; $instance['tag'] = (int) $new['tag']; $instance['menu'] = (int) $new['menu']; $instance['text'] = (int) $new['text']; $instance['showcount'] = (int) $new['showcount']; $instance['limits'] = (int) $new['limits']; $instance['category_label'] = wp_kses_stripslashes($new['category_label']); $instance['archive_label'] = wp_kses_stripslashes($new['archive_label']); $instance['recent_label'] = wp_kses_stripslashes($new['recent_label']); $instance['tag_label'] = wp_kses_stripslashes($new['tag_label']); $instance['menu_label'] = wp_kses_stripslashes($new['menu_label']); $instance['menu_id'] = $new['menu_id']; $instance['text_label'] = wp_kses_stripslashes($new['text_label']); $instance['textcontent'] = wp_kses_stripslashes($new['textcontent']); $instance['data'] = $new['data']; $items = array(); parse_str($instance['data'], $items); if (!empty($items['tab'])) { $ii = 1; foreach ($items['tab'] as $item) { if ($instance[$item]) { $instance[$item] = $ii; $ii = $ii + 1; } } } return $instance; }
/** * Callback for wp_kses_split for fixing malformed HTML tags. * * This function does a lot of work. It rejects some very malformed things like * <:::>. It returns an empty string, if the element isn't allowed (look ma, no * strip_tags()!). Otherwise it splits the tag into an element and an attribute * list. * * After the tag is split into an element and an attribute list, it is run * through another filter which will remove illegal attributes and once that is * completed, will be returned. * * @access private * @since 1.0.0 * * @param string $string Content to filter * @param array $allowed_html Allowed HTML elements * @param array $allowed_protocols Allowed protocols to keep * @return string Fixed HTML element */ function wp_kses_split2($string, $allowed_html, $allowed_protocols) { $string = wp_kses_stripslashes($string); if (substr($string, 0, 1) != '<') { return '>'; } // It matched a ">" character if ('<!--' == substr($string, 0, 4)) { $string = str_replace(array('<!--', '-->'), '', $string); while ($string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols))) { $string = $newstring; } if ($string == '') { return ''; } // prevent multiple dashes in comments $string = preg_replace('/--+/', '-', $string); // prevent three dashes closing a comment $string = preg_replace('/-$/', '', $string); return "<!--{$string}-->"; } // Allow HTML comments if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) { return ''; } // It's seriously malformed $slash = trim($matches[1]); $elem = $matches[2]; $attrlist = $matches[3]; if (!is_array($allowed_html)) { $allowed_html = wp_kses_allowed_html($allowed_html); } if (!isset($allowed_html[strtolower($elem)])) { return ''; } // They are using a not allowed HTML element if ($slash != '') { return "</{$elem}>"; } // No attributes are allowed for closing elements return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols); }
/** * Sanitize and validate input. Accepts an array, return a sanitized array. */ function responsive_theme_options_validate($input) { // checkbox value is either 0 or 1 foreach (array('breadcrumb', 'cta_button') as $checkbox) { if (!isset($input[$checkbox])) { $input[$checkbox] = null; } $input[$checkbox] = $input[$checkbox] == 1 ? 1 : 0; } $input['home_headline'] = wp_kses_stripslashes($input['home_headline']); $input['home_subheadline'] = wp_kses_stripslashes($input['home_subheadline']); $input['home_content_area'] = wp_kses_stripslashes($input['home_content_area']); $input['cta_text'] = wp_kses_stripslashes($input['cta_text']); $input['cta_url'] = esc_url_raw($input['cta_url']); $input['featured_content'] = wp_kses_stripslashes($input['featured_content']); $input['google_site_verification'] = wp_filter_post_kses($input['google_site_verification']); $input['bing_site_verification'] = wp_filter_post_kses($input['bing_site_verification']); $input['yahoo_site_verification'] = wp_filter_post_kses($input['yahoo_site_verification']); $input['site_statistics_tracker'] = wp_kses_stripslashes($input['site_statistics_tracker']); $input['twitter_uid'] = esc_url_raw($input['twitter_uid']); $input['facebook_uid'] = esc_url_raw($input['facebook_uid']); $input['linkedin_uid'] = esc_url_raw($input['linkedin_uid']); $input['youtube_uid'] = esc_url_raw($input['youtube_uid']); $input['stumble_uid'] = esc_url_raw($input['stumble_uid']); $input['rss_uid'] = esc_url_raw($input['rss_uid']); $input['google_plus_uid'] = esc_url_raw($input['google_plus_uid']); $input['instagram_uid'] = esc_url_raw($input['instagram_uid']); $input['pinterest_uid'] = esc_url_raw($input['pinterest_uid']); $input['yelp_uid'] = esc_url_raw($input['yelp_uid']); $input['vimeo_uid'] = esc_url_raw($input['vimeo_uid']); $input['foursquare_uid'] = esc_url_raw($input['foursquare_uid']); $input['responsive_inline_css'] = wp_kses_stripslashes($input['responsive_inline_css']); $input['responsive_inline_js_head'] = wp_kses_stripslashes($input['responsive_inline_js_head']); $input['responsive_inline_css_js_footer'] = wp_kses_stripslashes($input['responsive_inline_css_js_footer']); return $input; }
/** * Shortcode render. * * @since 1.0.0 * @access public * @return json */ public function shortcode_render() { // Check ajax referer check_ajax_referer($this->action_nonce, $this->field_nonce); $type = isset($_POST['type']) ? $_POST['type'] : ''; $method = isset($_POST['method']) ? $_POST['method'] : 'add'; $mode = isset($_POST['mode']) ? $_POST['mode'] : 'frontend'; $data = array(); switch ($method) { case 'duplicate': global $TF_Layout; if ('module' == $type) { global $tf_modules, $tf_styles; $module_instance = $tf_modules->get_module($_POST['module']); $atts = isset($_POST['shortcode_params']) ? $_POST['shortcode_params'] : ''; $content = isset($_POST['shortcode_content']) ? wp_kses_stripslashes($_POST['shortcode_content']) : ''; $template_id = (int) $_POST['template_id']; $data_styling = isset($_POST['data_styling']) ? json_decode(stripslashes($_POST['data_styling']), true) : array(); $styles = array(); $atts['sc_id'] = TF_Model::generate_block_id(); // generate new sc_id if (is_array($data_styling) && count($data_styling) > 0) { $data_styling['ID'] = $atts['sc_id']; $styles[$atts['sc_id']] = array('module' => $data_styling['module']); if (isset($data_styling['settings']) && count($data_styling['settings']) > 0) { foreach ($data_styling['settings'] as $fields) { $setting_key = ''; foreach ($fields as $key => $val) { if ('SettingKey' == $key) { $setting_key = $val; } else { $styles[$atts['sc_id']]['settings'][$setting_key][$key] = stripslashes_deep($val); } } } } } $render_style = ''; if (count($styles) > 0) { $render_style = '<style type="text/css" id="tf-template-temp-' . $atts['sc_id'] . '-css">' . $tf_styles->generate_css($styles) . '</style>'; } if (isset($atts['editable_markup'])) { unset($atts['editable_markup']); } if (get_magic_quotes_gpc()) { $atts = stripslashes_deep($atts); } $shortcode_string = $module_instance->to_shortcode($atts, $content); global $post; $post = get_post($template_id); setup_postdata($post); $shortcode = $TF_Layout->render($shortcode_string); $data = array('module' => sanitize_text_field($_POST['module']), 'content' => tf_escape_atts($content), 'atts' => $atts, 'caption' => $module_instance->name, 'element' => $shortcode, 'styles' => $render_style, 'model' => $data_styling); } else { if ('row' == $type) { global $tf_editor_ui; $row_data = isset($_POST['row_data']) ? stripslashes_deep($_POST['row_data']) : array(); tf_recursive_unset($row_data, 'sc_id'); tf_recursive_unset($row_data, 'editable_markup'); $shortcode = TF_Model::array_to_shortcode(array($row_data)); $tf_editor_ui->force_editable_shortcode($mode); $data = $TF_Layout->render($shortcode); } } break; } wp_send_json_success($data); }
/** * Validate content options * @param array $options * @uses esc_url_raw, absint, esc_textarea, sanitize_text_field, ecvetstep_invalidate_caches * @return array */ function ecvetstep_theme_options_validate($options) { global $ecvetstep_options_settings, $ecvetstep_options_defaults; $input_validated = $ecvetstep_options_settings; $defaults = $ecvetstep_options_defaults; $input = array(); $input = $options; // Data Validation for Resonsive Design if (isset($input['disable_responsive'])) { // Our checkbox value is either 0 or 1 $input_validated['disable_responsive'] = $input['disable_responsive']; } if (isset($input['enable_menus'])) { // Our checkbox value is either 0 or 1 $input_validated['enable_menus'] = $input['enable_menus']; } // Data Validation for Favicon if (isset($input['fav_icon'])) { $input_validated['fav_icon'] = esc_url_raw($input['fav_icon']); } if (isset($input['remove_favicon'])) { // Our checkbox value is either 0 or 1 $input_validated['remove_favicon'] = $input['remove_favicon']; } // Data Validation for web clip icon if (isset($input['web_clip'])) { $input_validated['web_clip'] = esc_url_raw($input['web_clip']); } if (isset($input['remove_web_clip'])) { // Our checkbox value is either 0 or 1 $input_validated['remove_web_clip'] = $input['remove_web_clip']; } // Data Validation for Homepage Headline Message if (isset($input['homepage_headline'])) { $input_validated['homepage_headline'] = sanitize_text_field($input['homepage_headline']) ? $input['homepage_headline'] : $defaults['homepage_headline']; } if (isset($input['homepage_subheadline'])) { $input_validated['homepage_subheadline'] = sanitize_text_field($input['homepage_subheadline']) ? $input['homepage_subheadline'] : $defaults['homepage_subheadline']; } if (isset($input['homepage_headline_button'])) { $input_validated['homepage_headline_button'] = sanitize_text_field($input['homepage_headline_button']) ? $input['homepage_headline_button'] : $defaults['homepage_headline_button']; } if (isset($input['homepage_headline_url'])) { $input_validated['homepage_headline_url'] = esc_url_raw($input['homepage_headline_url']) ? $input['homepage_headline_url'] : $defaults['homepage_headline_url']; } if (isset($input['disable_homepage_headline'])) { $input_validated['disable_homepage_headline'] = $input['disable_homepage_headline']; } if (isset($input['disable_homepage_subheadline'])) { $input_validated['disable_homepage_subheadline'] = $input['disable_homepage_subheadline']; } if (isset($input['disable_homepage_button'])) { $input_validated['disable_homepage_button'] = $input['disable_homepage_button']; } // Data Validation for Header Sidebar if (isset($input['disable_header_right_sidebar'])) { $input_validated['disable_header_right_sidebar'] = $input['disable_header_right_sidebar']; } // Data validation for Large Header Image if (isset($input['enable_featured_header_image'])) { $input_validated['enable_featured_header_image'] = $input['enable_featured_header_image']; } if (isset($input['page_featured_image'])) { $input_validated['page_featured_image'] = $input['page_featured_image']; } if (isset($input['featured_header_image'])) { $input_validated['featured_header_image'] = esc_url_raw($input['featured_header_image']) ? $input['featured_header_image'] : $defaults['featured_header_image']; } if (isset($input['featured_header_image_alt'])) { $input_validated['featured_header_image_alt'] = sanitize_text_field($input['featured_header_image_alt']); } if (isset($input['featured_header_image_url'])) { $input_validated['featured_header_image_url'] = esc_url_raw($input['featured_header_image_url']); } if (isset($input['featured_header_image_base'])) { // Our checkbox value is either 0 or 1 $input_validated['featured_header_image_base'] = $input['featured_header_image_base']; } if (isset($input['reset_featured_image'])) { // Our checkbox value is either 0 or 1 $input_validated['reset_featured_image'] = $input['reset_featured_image']; } //Reset Header Featured Image Options if ($input['reset_featured_image'] == 1) { $input_validated['enable_featured_header_image'] = $defaults['enable_featured_header_image']; $input_validated['page_featured_image'] = $defaults['page_featured_image']; $input_validated['featured_header_image'] = $defaults['featured_header_image']; $input_validated['featured_header_image_alt'] = $defaults['featured_header_image_alt']; $input_validated['featured_header_image_url'] = $defaults['featured_header_image_url']; $input_validated['featured_header_image_base'] = $defaults['featured_header_image_base']; } // data validation for Color Scheme if (isset($input['color_scheme'])) { // Our checkbox value is either 0 or 1 $input_validated['color_scheme'] = $input['color_scheme']; } // Data Validation for Custom CSS Style if (isset($input['custom_css'])) { $input_validated['custom_css'] = wp_kses_stripslashes($input['custom_css']); } // Data Validation for Homepage Featured Content if (isset($input['disable_homepage_featured'])) { $input_validated['disable_homepage_featured'] = $input['disable_homepage_featured']; } if (isset($input['homepage_featured_headline'])) { $input_validated['homepage_featured_headline'] = sanitize_text_field($input['homepage_featured_headline']) ? $input['homepage_featured_headline'] : $defaults['homepage_featured_headline']; } if (isset($input['homepage_featured_image'])) { $input_validated['homepage_featured_image'] = array(); } if (isset($input['homepage_featured_url'])) { $input_validated['homepage_featured_url'] = array(); } if (isset($input['homepage_featured_base'])) { $input_validated['homepage_featured_base'] = array(); } if (isset($input['homepage_featured_title'])) { $input_validated['homepage_featured_title'] = array(); } if (isset($input['homepage_featured_content'])) { $input_validated['homepage_featured_content'] = array(); } if (isset($input['homepage_featured_layout'])) { $input_validated['homepage_featured_layout'] = $input['homepage_featured_layout']; } if (isset($input['homepage_featured_qty'])) { $input_validated['homepage_featured_qty'] = absint($input['homepage_featured_qty']) ? $input['homepage_featured_qty'] : $defaults['homepage_featured_qty']; for ($i = 1; $i <= $input['homepage_featured_qty']; $i++) { if (!empty($input['homepage_featured_image'][$i])) { $input_validated['homepage_featured_image'][$i] = esc_url_raw($input['homepage_featured_image'][$i]); } if (!empty($input['homepage_featured_url'][$i])) { $input_validated['homepage_featured_url'][$i] = esc_url_raw($input['homepage_featured_url'][$i]); } if (!empty($input['homepage_featured_base'][$i])) { $input_validated['homepage_featured_base'][$i] = $input['homepage_featured_base'][$i]; } if (!empty($input['homepage_featured_title'][$i])) { $input_validated['homepage_featured_title'][$i] = sanitize_text_field($input['homepage_featured_title'][$i]); } if (!empty($input['homepage_featured_content'][$i])) { $input_validated['homepage_featured_content'][$i] = wp_kses_stripslashes($input['homepage_featured_content'][$i]); } } } // Data Validation for Homepage if (isset($input['enable_posts_home'])) { $input_validated['enable_posts_home'] = $input['enable_posts_home']; } if (isset($input['move_posts_home'])) { $input_validated['move_posts_home'] = $input['move_posts_home']; } if (isset($input['exclude_slider_post'])) { // Our checkbox value is either 0 or 1 $input_validated['exclude_slider_post'] = $input['exclude_slider_post']; } // Front page posts categories if (isset($input['front_page_category'])) { $input_validated['front_page_category'] = $input['front_page_category']; } // data validation for Slider Type if (isset($input['select_slider_type'])) { $input_validated['select_slider_type'] = $input['select_slider_type']; } // data validation for Enable Slider if (isset($input['enable_slider'])) { $input_validated['enable_slider'] = $input['enable_slider']; } // data validation for number of slides if (isset($input['slider_qty'])) { $input_validated['slider_qty'] = absint($input['slider_qty']) ? $input['slider_qty'] : 4; } // data validation for transition effect if (isset($input['transition_effect'])) { $input_validated['transition_effect'] = wp_filter_nohtml_kses($input['transition_effect']); } // data validation for transition delay if (isset($input['transition_delay']) && is_numeric($input['transition_delay'])) { $input_validated['transition_delay'] = $input['transition_delay']; } // data validation for transition length if (isset($input['transition_duration']) && is_numeric($input['transition_duration'])) { $input_validated['transition_duration'] = $input['transition_duration']; } // data validation for Featured Post and Page Slider if (isset($input['featured_slider'])) { $input_validated['featured_slider'] = array(); } if (isset($input['featured_slider_page'])) { $input_validated['featured_slider_page'] = array(); } if (isset($input['slider_qty'])) { for ($i = 1; $i <= $input['slider_qty']; $i++) { if (!empty($input['featured_slider'][$i]) && intval($input['featured_slider'][$i])) { $input_validated['featured_slider'][$i] = absint($input['featured_slider'][$i]); } if (!empty($input['featured_slider_page'][$i]) && intval($input['featured_slider_page'][$i])) { $input_validated['featured_slider_page'][$i] = absint($input['featured_slider_page'][$i]); } } } //Featured Catgory Slider if (isset($input['slider_category'])) { $input_validated['slider_category'] = $input['slider_category']; } // data validation for Featured Image SLider if (isset($input['featured_image_slider_image'])) { $input_validated['featured_image_slider_image'] = array(); } if (isset($input['featured_image_slider_link'])) { $input_validated['featured_image_slider_link'] = array(); } if (isset($input['featured_image_slider_base'])) { $input_validated['featured_image_slider_base'] = array(); } if (isset($input['featured_image_slider_title'])) { $input_validated['featured_image_slider_title'] = array(); } if (isset($input['featured_image_slider_content'])) { $input_validated['featured_image_slider_content'] = array(); } if (isset($input['slider_qty'])) { for ($i = 1; $i <= $input['slider_qty']; $i++) { if (!empty($input['featured_image_slider_image'][$i])) { $input_validated['featured_image_slider_image'][$i] = esc_url_raw($input['featured_image_slider_image'][$i]); } if (!empty($input['featured_image_slider_link'][$i])) { $input_validated['featured_image_slider_link'][$i] = esc_url_raw($input['featured_image_slider_link'][$i]); } if (!empty($input['featured_image_slider_base'][$i])) { $input_validated['featured_image_slider_base'][$i] = $input['featured_image_slider_base'][$i]; } if (!empty($input['featured_image_slider_title'][$i])) { $input_validated['featured_image_slider_title'][$i] = sanitize_text_field($input['featured_image_slider_title'][$i]); } if (!empty($input['featured_image_slider_content'][$i])) { $input_validated['featured_image_slider_content'][$i] = wp_kses_stripslashes($input['featured_image_slider_content'][$i]); } } } // data validation for Social Icons if (isset($input['social_facebook'])) { $input_validated['social_facebook'] = esc_url_raw($input['social_facebook']); } if (isset($input['social_twitter'])) { $input_validated['social_twitter'] = esc_url_raw($input['social_twitter']); } if (isset($input['social_googleplus'])) { $input_validated['social_googleplus'] = esc_url_raw($input['social_googleplus']); } if (isset($input['social_pinterest'])) { $input_validated['social_pinterest'] = esc_url_raw($input['social_pinterest']); } if (isset($input['social_youtube'])) { $input_validated['social_youtube'] = esc_url_raw($input['social_youtube']); } if (isset($input['social_vimeo'])) { $input_validated['social_vimeo'] = esc_url_raw($input['social_vimeo']); } if (isset($input['social_linkedin'])) { $input_validated['social_linkedin'] = esc_url_raw($input['social_linkedin']); } if (isset($input['social_slideshare'])) { $input_validated['social_slideshare'] = esc_url_raw($input['social_slideshare']); } if (isset($input['social_foursquare'])) { $input_validated['social_foursquare'] = esc_url_raw($input['social_foursquare']); } if (isset($input['social_flickr'])) { $input_validated['social_flickr'] = esc_url_raw($input['social_flickr']); } if (isset($input['social_tumblr'])) { $input_validated['social_tumblr'] = esc_url_raw($input['social_tumblr']); } if (isset($input['social_deviantart'])) { $input_validated['social_deviantart'] = esc_url_raw($input['social_deviantart']); } if (isset($input['social_dribbble'])) { $input_validated['social_dribbble'] = esc_url_raw($input['social_dribbble']); } if (isset($input['social_myspace'])) { $input_validated['social_myspace'] = esc_url_raw($input['social_myspace']); } if (isset($input['social_wordpress'])) { $input_validated['social_wordpress'] = esc_url_raw($input['social_wordpress']); } if (isset($input['social_rss'])) { $input_validated['social_rss'] = esc_url_raw($input['social_rss']); } if (isset($input['social_delicious'])) { $input_validated['social_delicious'] = esc_url_raw($input['social_delicious']); } if (isset($input['social_lastfm'])) { $input_validated['social_lastfm'] = esc_url_raw($input['social_lastfm']); } if (isset($input['social_instagram'])) { $input_validated['social_instagram'] = esc_url_raw($input['social_instagram']); } if (isset($input['social_github'])) { $input_validated['social_github'] = esc_url_raw($input['social_github']); } if (isset($input['social_vkontakte'])) { $input_validated['social_vkontakte'] = esc_url_raw($input['social_vkontakte']); } if (isset($input['social_myworld'])) { $input_validated['social_myworld'] = esc_url_raw($input['social_myworld']); } if (isset($input['social_odnoklassniki'])) { $input_validated['social_odnoklassniki'] = esc_url_raw($input['social_odnoklassniki']); } if (isset($input['social_goodreads'])) { $input_validated['social_goodreads'] = esc_url_raw($input['social_goodreads']); } if (isset($input['social_skype'])) { $input_validated['social_skype'] = sanitize_text_field($input['social_skype']); } if (isset($input['social_soundcloud'])) { $input_validated['social_soundcloud'] = esc_url_raw($input['social_soundcloud']); } // data validation for Custom Social Icons if (isset($input['social_custom_qty'])) { $input_validated['social_custom_qty'] = absint($input['social_custom_qty']) ? $input['social_custom_qty'] : 1; } if (isset($input['social_custom_name'])) { $input_validated['social_custom_name'] = array(); } if (isset($input['social_custom_image'])) { $input_validated['social_custom_image'] = array(); } if (isset($input['social_custom_url'])) { $input_validated['social_custom_url'] = array(); } if (isset($input['social_custom_qty'])) { for ($i = 1; $i <= $input['social_custom_qty']; $i++) { if (!empty($input['social_custom_name'][$i])) { $input_validated['social_custom_name'][$i] = sanitize_text_field($input['social_custom_name'][$i]); } if (!empty($input['social_custom_image'][$i])) { $input_validated['social_custom_image'][$i] = esc_url_raw($input['social_custom_image'][$i]); } if (!empty($input['social_custom_url'][$i])) { $input_validated['social_custom_url'][$i] = esc_url_raw($input['social_custom_url'][$i]); } } } //Webmaster Tool Verification if (isset($input['google_verification'])) { $input_validated['google_verification'] = wp_filter_post_kses($input['google_verification']); } if (isset($input['yahoo_verification'])) { $input_validated['yahoo_verification'] = wp_filter_post_kses($input['yahoo_verification']); } if (isset($input['bing_verification'])) { $input_validated['bing_verification'] = wp_filter_post_kses($input['bing_verification']); } if (isset($input['analytic_header'])) { $input_validated['analytic_header'] = wp_kses_stripslashes($input['analytic_header']); } if (isset($input['analytic_footer'])) { $input_validated['analytic_footer'] = wp_kses_stripslashes($input['analytic_footer']); } // Layout settings verification if (isset($input['sidebar_layout'])) { $input_validated['sidebar_layout'] = $input['sidebar_layout']; } if (isset($input['content_layout'])) { $input_validated['content_layout'] = $input['content_layout']; } //data validation for more text if (isset($input['more_tag_text'])) { $input_validated['more_tag_text'] = htmlentities(sanitize_text_field($input['more_tag_text']), ENT_QUOTES, 'UTF-8'); } //data validation for excerpt length if (isset($input['excerpt_length'])) { $input_validated['excerpt_length'] = absint($input['excerpt_length']) ? $input['excerpt_length'] : $defaults['excerpt_length']; } if (isset($input['reset_moretag'])) { // Our checkbox value is either 0 or 1 $input_validated['reset_moretag'] = $input['reset_moretag']; } //Reset Color Options if ($input['reset_moretag'] == 1) { $input_validated['more_tag_text'] = $defaults['more_tag_text']; $input_validated['excerpt_length'] = $defaults['excerpt_length']; } if (isset($input['search_display_text'])) { $input_validated['search_display_text'] = sanitize_text_field($input['search_display_text']) ? $input['search_display_text'] : $defaults['search_display_text']; } // Data Validation for Featured Image if (isset($input['featured_image'])) { $input_validated['featured_image'] = $input['featured_image']; } if (isset($input['reset_layout'])) { // Our checkbox value is either 0 or 1 $input_validated['reset_layout'] = $input['reset_layout']; } //Reset Color Options if ($input['reset_layout'] == 1) { $input_validated['sidebar_layout'] = $defaults['sidebar_layout']; $input_validated['content_layout'] = $defaults['content_layout']; $input_validated['featured_image'] = $defaults['featured_image']; } //Feed Redirect if (isset($input['feed_url'])) { $input_validated['feed_url'] = esc_url_raw($input['feed_url']); } //Clearing the theme option cache if (function_exists('ecvetstep_themeoption_invalidate_caches')) { ecvetstep_themeoption_invalidate_caches(); } return $input_validated; }
/** * Sanitizes iframe code etc by stripping slashes * * @param $input code e.g. iframe * * @return string */ function responsive_pro_code_sanitize($input) { $input = wp_kses_stripslashes($input); return $input; }
/** * Validates the javascript textarea * * @param $input * @param $key * * @return string */ protected function validate_js($input, $key) { $input = wp_kses_stripslashes($input); return $input; }
function add_css_fields() { $mt_option = mt_get_plugin_options(true); echo '<table class="form-table">'; echo '<tbody>'; generate_textarea_filed(__('CSS Code', 'maintenance'), 'custom_css', 'custom_css', wp_kses_stripslashes($mt_option['custom_css'])); echo '</tbody>'; echo '</table>'; }
public function responsive_addons_sanitize($input) { $output = array(); foreach ($input as $key => $test) { switch ($key) { case 'google_site_verification': $output[$key] = wp_filter_post_kses($test); break; case 'yahoo_site_verification': $output[$key] = wp_filter_post_kses($test); break; case 'bing_site_verification': $output[$key] = wp_filter_post_kses($test); break; case 'site_statistics_tracker': $output[$key] = wp_kses_stripslashes($test); break; } } return $output; }
/** * Saves field content sent by ajax * Hookable through action 'wa_fronted_save' * @return json $result */ public function wa_fronted_save() { $return = array('success' => true); if (isset($_POST['data']) && wp_verify_nonce($_POST['wa_fronted_save_nonce'], 'wa_fronted_save_nonce')) { $data = $_POST['data']; foreach ($data as $this_data) { $safe_content = trim(wp_kses_stripslashes($this->unfilter_shortcodes($this_data['content']))); $field_type = $this_data['options']['field_type']; $post_id = (int) $this_data['options']['post_id']; if ($field_type == 'post_content' || $field_type == 'post_title' || $field_type == 'post_excerpt') { wp_update_post(array('ID' => $post_id, $field_type => $safe_content)); } else { if (strpos($field_type, 'meta_') !== false && array_key_exists('meta_key', $this_data['options'])) { switch ($field_type) { case 'text': case 'email': case 'url': case 'number': $safe_content = trim(strip_tags($safe_content)); case 'textarea': if (!$this_data['options']['paragraphs']) { $safe_content = strip_tags($safe_content); } $safe_content = trim($safe_content); break; } update_post_meta($post_id, $this_data['options']['meta_key'], $safe_content); } else { if ($field_type == 'option' && array_key_exists('option_name', $this_data['options'])) { update_option($this_data['options']['option_name'], $safe_content); } } } } do_action('wa_fronted_save', $data); } else { $return['success'] = false; $return['error'] = __('Sent data not valid', 'wa-fronted'); } wp_send_json($return); }
/** * Adds sanitization callback function: Strip Slashes * @package phg_gold */ function phg_gold_sanitize_strip_slashes($input) { return wp_kses_stripslashes($input); }
/** * Validate settings for options * @uses normalize_whitespace * @access public * * @param array $value * * @since 2.0.0 * @return string $value */ public function validate_settings($value) { // Save core buttons changes if (isset($value['core_buttons'])) { $core_buttons = $value['core_buttons']; } // Save Code buttons if (isset($value['code_buttons'])) { $code_buttons = $value['code_buttons']; } // set allowed values for import, only the defaults of plugin and custom post types $allowed_settings = (array) array_merge($this->get_post_types_for_js(), array('text', 'title', 'start', 'end', 'access', 'order', 'visual')); $buttons = ''; // filter for allowed values foreach ($value['buttons'] as $key => $button) { foreach ($button as $label => $val) { if (!in_array($label, $allowed_settings)) { unset($button[$label]); } } $buttons[] = $button; } // return filtered array $filtered_values['buttons'] = $buttons; $value = $filtered_values; $buttons = array(); for ($i = 0; $i < count($value['buttons']); $i++) { $b = $value['buttons'][$i]; if (!empty($b['text']) && !empty($b['start'])) { //preg_replace( '~[^\p{L}]~u', '', $string ); $b['text'] = sanitize_text_field($b['text']); $b['title'] = sanitize_text_field($b['title']); $b['start'] = wp_kses_stripslashes($b['start']); $b['end'] = wp_kses_stripslashes($b['end']); if (isset($b['access'])) { $b['access'] = esc_html($b['access']); } if (isset($b['order'])) { $b['order'] = intval($b['order']); } // visual settings if (isset($b['visual'])) { $b['visual'] = intval($b['visual']); } else { $b['visual'] = 0; } // post types foreach ($this->get_post_types_for_js() as $post_type) { if (isset($b[$post_type])) { $b[$post_type] = intval($b[$post_type]); } else { $b[$post_type] = 0; } } $buttons[] = $b; } } $value['buttons'] = $buttons; // Check for wrong empty values and kill foreach ($value['buttons'] as $key => $b) { if (empty($b['text']) && empty($b['start'])) { unset($value['buttons'][$key]); } } // reorder the array $value['buttons'] = array_values($value['buttons']); // Filter core button values, strings and convert to integer if (!empty($core_buttons)) { /** * $key is core-string * 'core_buttons' => * array (size=1) * 'strong' => * array (size=2) * 'post' => string '1' (length=1) * 'page' => string '1' (length=1) */ $filtered_core_buttons = array(); foreach ($core_buttons as $key => $var) { $core_button = array(); foreach ($var as $post_type => $val) { $core_button[$post_type] = intval($val); } $filtered_core_buttons[$key] = $core_button; } $value['core_buttons'] = $filtered_core_buttons; } // Filter code button values, strings and convert to integer if (!empty($code_buttons)) { $filtered_code_buttons = array(); foreach ($code_buttons as $key => $var) { $code_button = array(); foreach ($var as $post_type => $val) { $code_button[$post_type] = intval($val); } $filtered_code_buttons[$key] = $code_button; } $value['code_buttons'] = $filtered_code_buttons; } return $value; }