protected function sanitize_field_input($value, $instance)
{
$sanitized_value = trim($value);
if (preg_match('/^post\\: *([0-9]+)/', $sanitized_value, $matches)) {
$sanitized_value = 'post: ' . $matches[1];
} else {
$sanitized_value = sow_esc_url_raw($sanitized_value);
}
return $sanitized_value;
}
/**
* Sanitize all the widget values. Should be used before saving widget into the database.
*
* @param $instance
* @param $fields
*/
public function sanitize($instance, $fields = false)
{
if ($fields === false) {
$fields = $this->form_options();
}
// There is nothing to sanitize
if (empty($fields)) {
return $instance;
}
foreach ($fields as $name => $field) {
if (empty($instance[$name])) {
$instance[$name] = false;
}
switch ($field['type']) {
case 'select':
case 'radio':
$keys = array_keys($field['options']);
if (!in_array($instance[$name], $keys)) {
$instance[$name] = isset($field['default']) ? $field['default'] : false;
}
break;
case 'number':
case 'slider':
$instance[$name] = (double) $instance[$name];
break;
case 'textarea':
case 'text':
$instance[$name] = wp_kses_post($instance[$name]);
$instance[$name] = balanceTags($instance[$name], true);
break;
case 'color':
if (!preg_match('|^#([A-Fa-f0-9]{3}){1,2}$|', $instance[$name])) {
// 3 or 6 hex digits, or the empty string.
$instance[$name] = false;
}
break;
case 'media':
// Media values should be integer
$instance[$name] = intval($instance[$name]);
if (!empty($field['fallback']) && !empty($instance[$name . '_fallback'])) {
$instance[$name . '_fallback'] = esc_url_raw($instance[$name . '_fallback']);
}
break;
case 'link':
$instance[$name] = trim($instance[$name]);
if (preg_match('/^post\\: *([0-9]+)/', $instance[$name], $matches)) {
$instance[$name] = 'post: ' . $matches[1];
} else {
$instance[$name] = sow_esc_url_raw($instance[$name]);
}
break;
case 'checkbox':
$instance[$name] = !empty($instance[$name]);
break;
case 'widget':
if (!empty($field['class']) && class_exists($field['class'])) {
$the_widget = new $field['class']();
if (is_a($the_widget, 'SiteOrigin_Widget')) {
$instance[$name] = $the_widget->update($instance[$name], $instance[$name]);
}
}
break;
case 'repeater':
if (!empty($instance[$name])) {
foreach ($instance[$name] as $i => $sub_instance) {
$instance[$name][$i] = $this->sanitize($sub_instance, $field['fields']);
}
}
break;
case 'section':
$instance[$name] = $this->sanitize($instance[$name], $field['fields']);
break;
default:
$instance[$name] = sanitize_text_field($instance[$name]);
break;
}
if (isset($field['sanitize'])) {
// This field also needs some custom sanitization
switch ($field['sanitize']) {
case 'url':
$instance[$name] = sow_esc_url_raw($instance[$name]);
break;
case 'email':
$instance[$name] = sanitize_email($instance[$name]);
break;
default:
// This isn't a built in sanitization. Maybe it's handled elsewhere.
$instance[$name] = apply_filters('siteorigin_widgets_sanitize_field_' . $field['sanitize'], $instance[$name]);
break;
}
}
}
// Also let other plugins also sanitize the instance
$instance = apply_filters('siteorigin_widgets_sanitize_instance', $instance, $fields, $this);
$instance = apply_filters('siteorigin_widgets_sanitize_instance_' . $this->id_base, $instance, $fields, $this);
return $instance;
}
public function sanitize_instance($instance)
{
$fallback_name = $this->get_fallback_field_name($this->base_name);
if (!empty($this->fallback) && !empty($instance[$fallback_name])) {
$instance[$fallback_name] = sow_esc_url_raw($instance[$fallback_name]);
}
return $instance;
}
/**
* The default sanitization function.
*
* @param $value mixed The value to be sanitized.
* @return mixed|string|void
*/
public function sanitize($value)
{
$value = $this->sanitize_field_input($value);
if (isset($this->sanitize)) {
// This field also needs some custom sanitization
switch ($this->sanitize) {
case 'url':
$value = sow_esc_url_raw($value);
break;
case 'email':
$value = sanitize_email($value);
break;
default:
// This isn't a built in sanitization. Maybe it's handled elsewhere.
$value = apply_filters('siteorigin_widgets_sanitize_field_' . $this->sanitize, $value);
break;
}
}
return $value;
}
/**
* The default sanitization function.
*
* @param $value mixed The value to be sanitized.
* @param $instance array The widget instance.
* @param $old_value The old value of this field.
*
* @return mixed|string|void
*/
public function sanitize($value, $instance = array(), $old_value = null)
{
$value = $this->sanitize_field_input($value, $instance);
if (isset($this->sanitize)) {
// This field also needs some custom sanitization
switch ($this->sanitize) {
case 'url':
$value = sow_esc_url_raw($value);
break;
case 'email':
$value = sanitize_email($value);
break;
default:
// This isn't a built in sanitization. Maybe it's handled elsewhere.
if (is_callable($this->sanitize)) {
$value = call_user_func($this->sanitize, $value, $old_value);
} else {
if (is_string($this->sanitize)) {
$value = apply_filters('siteorigin_widgets_sanitize_field_' . $this->sanitize, $value);
}
}
break;
}
}
return $value;
}
