function wppb_load_processed_css($css) { // Check that nonce is valid if (!wp_verify_nonce($_POST['wppb_nonce'], 'wppb_nonce')) { exit('Error: Nonce not verified!'); } // Filter for adding CSS $css = apply_filters('wppb_add_css', $css); // Confirming that CSS is indeed valid by checking that string added to end of CSS exists if (($pos = strpos($css, '/* CSS provided by WP Paintbrush CSS generator */')) === FALSE) { exit("Error: Couldn't connect to server"); } // Sanitizing CSS $css = pixopoint_validate_css($css); // Add random number to help with debugging $css = "/* " . rand() . " */\n\n\n" . $css; // Serve CSS return $css; }
function wppb_sanitize_inputs($input = '') { // Grab from POST if ('' == $input) { $input = $_POST; } // If no data loaded, then grab from database (presumably because on initial page load instead of loading via AJAX) if ('' == $input) { $input = get_option(WPPB_DESIGNER_SETTINGS); } // Processing entire POST to array with errors (replaced later with correct values - used for debugging purposes) foreach (wppb_ajax_option_get() as $option) { if (isset($input[$option])) { $wppb_design_settings[$option] = 'Sanitization error!'; } } // Sanitizing CSS if (isset($input['add_custom_css'])) { $wppb_design_settings['add_custom_css'] = pixopoint_validate_css($input['add_custom_css']); } // Sanitizing CSS // Sanitizing the added custom CSS (only one option for this so need for accessing from array) if (empty($wppb_design_settings['add_custom_css'])) { $wppb_design_settings['add_custom_css'] = ''; } if (isset($input['add_custom_css'])) { $wppb_design_settings['add_custom_css'] = pixopoint_validate_css($input['add_custom_css']); } // Sanitizing font size options foreach (wppb_fontsize_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if (is_numeric($input[$opt])) { if ($input[$opt] > 4 && $input[$opt] < 120) { $wppb_design_settings[$opt] = $input[$opt]; } else { $wppb_design_settings[$opt] = '12'; } } } // Sanitizing Font family options foreach (wppb_fontfamily_options() as $stuff => $opt) { // Loop through all variations foreach (wppb_font_family() as $variation) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Correcting escaped characters $input[$opt] = str_replace("\\'", "'", $input[$opt]); // Setting option if matches possible variation if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // If no variation selected, then default to helvetica if ('' == $input[$opt]) { $wppb_design_settings[$opt] = "'Helvetica Neue', Arial, Helvetica, 'Nimbus Sans L', sans-serif"; } } // Sanitizing colour options foreach (wppb_colour_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } $wppb_design_settings[$opt] = wppb_sanitize_hex_colour($input[$opt]); } // Sanitizing image options foreach (wppb_image_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } $image_location_initial = explode('/', $input[$opt]); $image_location_final[0] = sanitize_file_name($image_location_initial[0]); if (isset($image_location_initial[1])) { $image_location_final[1] = sanitize_file_name($image_location_initial[1]); } $wppb_design_settings[$opt] = implode('/', $image_location_final); if ('/' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = ''; } } // Sanitizing image tiling options foreach (wppb_imagetiling_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Loop through all variations foreach (wppb_imagetiling_variations() as $variation => $text) { if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // If no variation selected, then default to "repeat" if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'repeat'; } } // Sanitizing Small-caps options foreach (wppb_smallcaps_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Loop through all variations foreach (wppb_smallcaps_variations() as $variation => $text) { if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } // If no variation selected, then default to "repeat" if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'normal'; } } // Sanitizing font weight options foreach (wppb_fontweight_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if ('bold' == $input[$opt]) { $wppb_design_settings[$opt] = 'bold'; } elseif ('inherit' == $input[$opt]) { $wppb_design_settings[$opt] = 'inherit'; } else { $wppb_design_settings[$opt] = 'normal'; } } // Sanitizing text decoration options foreach (wppb_textdecoration_options() as $stuff => $opt) { // Loop through all variations foreach (wppb_textdecoration_variations() as $variation) { if (!isset($input[$opt])) { $input[$opt] = ''; } if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // Inherit variation is only present for some options if ($input[$opt] == 'inherit') { $wppb_design_settings[$opt] = $input[$opt]; } // If no variation selected, then default to "repeat" if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'none'; } } // Sanitizing big numbers options foreach (wppb_bignumbers_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if (is_numeric($input[$opt])) { if ($input[$opt] > -0.001 and $input[$opt] < 1600) { $wppb_design_settings[$opt] = $input[$opt]; } else { $wppb_design_settings[$opt] = '600'; } } } // Sanitizing little numbers options foreach (wppb_littlenumbers_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if (is_numeric($input[$opt])) { if ($input[$opt] > 0 and $input[$opt] < 100) { $wppb_design_settings[$opt] = $input[$opt]; } else { $wppb_design_settings[$opt] = '0'; } } } // Sanitizing shadow coordinate options foreach (wppb_shadow_coordinates_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if (is_numeric($input[$opt])) { if ($input[$opt] > -0.001 and $input[$opt] < 40) { $wppb_design_settings[$opt] = $input[$opt]; } else { $wppb_design_settings[$opt] = '0'; } } } // Sanitizing opacity options foreach (wppb_opacity_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if (is_numeric($input[$opt])) { if ($input[$opt] > 0 and $input[$opt] < 1.00001) { $wppb_design_settings[$opt] = $input[$opt]; } else { $wppb_design_settings[$opt] = '1'; } } } // Sanitizing display options foreach (wppb_display_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = 'none'; } if ($input[$opt] == 'on' || $input[$opt] == 'block') { $wppb_design_settings[$opt] = 'block'; } else { $wppb_design_settings[$opt] = 'none'; } } // Sanitizing centered options foreach (wppb_centered_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Loop through all variations foreach (wppb_alignment_variations() as $variation) { if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // If no variation selected, then default to "repeat" if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'none'; } } // Sanitizing alignment options foreach (wppb_alignment_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Loop through all variations foreach (wppb_alignment_variations() as $variation) { if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // If no variation selected, then default to "none" if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'none'; } } // Sanitizing Text transform options foreach (wppb_texttransform_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Loop through all variations foreach (wppb_texttransform_variations() as $variation) { if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // If no variation selected, then default to "none" if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'none'; } } // Sanitizing border type options foreach (wppb_bordertype_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Loop through all variations foreach (wppb_bordertype_variations() as $variation) { if ($input[$opt] == $variation) { $wppb_design_settings[$opt] = $input[$opt]; } } // If no variation selected, then default to "solid" if (!isset($wppb_design_settings[$opt])) { $wppb_design_settings[$opt] = ''; } if ('' == $wppb_design_settings[$opt]) { $wppb_design_settings[$opt] = 'solid'; } } // Sanitizing font style options foreach (wppb_fontstyle_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } if ('normal' == $input[$opt] || 'italic' == $input[$opt] || 'inherit' == $input[$opt]) { $wppb_design_settings[$opt] = $input[$opt]; } else { $wppb_design_settings[$opt] = 'normal'; } } // Sanitizing raw text options foreach (wppb_rawtext_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Allows some HTML, and converts quote marks to ensure they don't screw up quote marks in input fields $wppb_design_settings[$opt] = str_replace("'", '"', wp_kses($input[$opt], pixopoint_limited_html(), '')); } // Sanitizing raw text options foreach (wppb_rawhtml_options() as $stuff => $opt) { if (!isset($input[$opt])) { $input[$opt] = ''; } // Allows some HTML, and converts quote marks to ensure they don't screw up quote marks in input fields $wppb_design_settings[$opt] = wp_kses($input[$opt], pixopoint_allowed_html(), ''); } return $wppb_design_settings; }
/** * Sanitize and validate input * Accepts an array, returns a sanitized array * @since 0.1 */ function wppb_settings_options_validate($input) { // Sanitize checkboxes $checkboxes = array('support_primarymenu', 'support_secondarymenu', 'support_hardcrop_postthumbnails'); foreach ($checkboxes as $thingy) { if (!isset($input[$thingy])) { $input[$thingy] = ''; } $output[$thingy] = wppb_validate_checkboxes($input[$thingy]); } // Sanitize template markup $template = array('header', 'footer', 'index', 'front_page', 'home', 'page', 'page_template_1', 'page_template_2', 'single', 'comments'); foreach ($template as $thingy) { if (!isset($input[$thingy])) { $input[$thingy] = ''; } $output[$thingy] = wp_kses($input[$thingy], pixopoint_allowed_html(), ''); } // Sanitize widget settings foreach (wppb_settings_widgets_array() as $number) { if (!isset($input['name_widget' . $number])) { $input['name_widget' . $number] = ''; } $output['name_widget' . $number] = wp_kses($input['name_widget' . $number], '', ''); if (!isset($input['before_widget' . $number])) { $input['before_widget' . $number] = ''; } $output['before_widget' . $number] = wp_kses($input['before_widget' . $number], pixopoint_allowed_html(), ''); if (!isset($input['after_widget' . $number])) { $input['after_widget' . $number] = ''; } $output['after_widget' . $number] = wp_kses($input['after_widget' . $number], pixopoint_allowed_html(), ''); if (!isset($input['before_title' . $number])) { $input['before_title' . $number] = ''; } $output['before_title' . $number] = wp_kses($input['before_title' . $number], pixopoint_allowed_html(), ''); if (!isset($input['after_title' . $number])) { $input['after_title' . $number] = ''; } $output['after_title' . $number] = wp_kses($input['after_title' . $number], pixopoint_allowed_html(), ''); if (!isset($input['show_widget' . $number])) { $input['show_widget' . $number] = ''; } $output['show_widget' . $number] = wppb_validate_checkboxes($input['show_widget' . $number]); } // Sanitize numbers if (!isset($input['support_width_postthumbnails'])) { $input['support_width_postthumbnails'] = ''; } if (is_numeric($input['support_width_postthumbnails'])) { $output['support_width_postthumbnails'] = intval($input['support_width_postthumbnails']); } if (!isset($input['support_height_postthumbnails'])) { $input['support_height_postthumbnails'] = ''; } if (is_numeric($input['support_height_postthumbnails'])) { $output['support_height_postthumbnails'] = intval($input['support_height_postthumbnails']); } if (!isset($input['version'])) { $input['version'] = ''; } if (is_numeric($input['version'])) { $output['version'] = intval($input['version']); } // Sanitize thumbnail information foreach (wppb_settings_thumbs_array() as $number) { // Setting variables if (!isset($input['support_name_postthumbnails' . $number])) { $input['support_name_postthumbnails' . $number] = ''; } $output['support_name_postthumbnails' . $number] = wp_kses($input['support_name_postthumbnails' . $number], '', ''); if (!isset($input['support_width_postthumbnails' . $number])) { $input['support_width_postthumbnails' . $number] = ''; } if (is_numeric($input['support_width_postthumbnails' . $number])) { $output['support_width_postthumbnails' . $number] = $input['support_width_postthumbnails' . $number]; } if (!isset($input['support_height_postthumbnails' . $number])) { $input['support_height_postthumbnails' . $number] = ''; } if (is_numeric($input['support_height_postthumbnails' . $number])) { $output['support_height_postthumbnails' . $number] = $input['support_height_postthumbnails' . $number]; } if (!isset($input['support_hardcrop_postthumbnails' . $number])) { $input['support_hardcrop_postthumbnails' . $number] = ''; } if ('on' == $input['support_hardcrop_postthumbnails' . $number]) { $output['support_hardcrop_postthumbnails' . $number] = $input['support_hardcrop_postthumbnails' . $number]; } } // Sanitize CSS $output['css'] = pixopoint_validate_css($input['css']); // Support for plain strings instead of arrays if (!is_array($input)) { $output = wp_kses($input, pixopoint_allowed_html(), ''); } // Finally - return the santised output return $output; }