/** * Fallback function for WP SEO functionality, Validate INT * * @param $string * * @return mixed */ public static function yoast_wpseo_video_validate_int($string) { if (method_exists('WPSEO_Utils', 'validate_int')) { return WPSEO_Utils::validate_int($string); } return WPSEO_Option::validate_int($string); }
/** * Retrieves post data given a post ID or the global * * @return array|null|WP_Post Returns a post if found, otherwise returns an empty array. */ private function get_post() { if ($post = filter_input(INPUT_GET, 'post')) { $post_id = (int) WPSEO_Utils::validate_int($post); return get_post($post_id); } if (isset($GLOBALS['post'])) { return $GLOBALS['post']; } return array(); }
/** * Validate the post meta values * * @static * * @param mixed $meta_value The new value. * @param string $meta_key The full meta key (including prefix). * * @return string Validated meta value */ public static function sanitize_post_meta($meta_value, $meta_key) { $field_def = self::$meta_fields[self::$fields_index[$meta_key]['subset']][self::$fields_index[$meta_key]['key']]; $clean = self::$defaults[$meta_key]; switch (true) { case $meta_key === self::$meta_prefix . 'linkdex': $int = WPSEO_Utils::validate_int($meta_value); if ($int !== false && $int >= 0) { $clean = strval($int); // Convert to string to make sure default check works. } break; case $field_def['type'] === 'checkbox': // Only allow value if it's one of the predefined options. if (in_array($meta_value, array('on', 'off'), true)) { $clean = $meta_value; } break; case $field_def['type'] === 'select' || $field_def['type'] === 'radio': // Only allow value if it's one of the predefined options. if (isset($field_def['options'][$meta_value])) { $clean = $meta_value; } break; case $field_def['type'] === 'multiselect' && $meta_key === self::$meta_prefix . 'meta-robots-adv': $clean = self::validate_meta_robots_adv($meta_value); break; case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'canonical': case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'redirect': // Validate as url(-part). $url = WPSEO_Utils::sanitize_url($meta_value); if ($url !== '') { $clean = $url; } break; case $field_def['type'] === 'upload' && $meta_key === self::$meta_prefix . 'opengraph-image': // Validate as url. $url = WPSEO_Utils::sanitize_url($meta_value, array('http', 'https', 'ftp', 'ftps')); if ($url !== '') { $clean = $url; } break; case $field_def['type'] === 'textarea': if (is_string($meta_value)) { // Remove line breaks and tabs. // @todo [JRF => Yoast] verify that line breaks and the likes aren't allowed/recommended in meta header fields. $meta_value = str_replace(array("\n", "\r", "\t", ' '), ' ', $meta_value); $clean = WPSEO_Utils::sanitize_text_field(trim($meta_value)); } break; case 'multiselect' === $field_def['type']: $clean = $meta_value; break; case $field_def['type'] === 'text': default: if (is_string($meta_value)) { $clean = WPSEO_Utils::sanitize_text_field(trim($meta_value)); } if ($meta_key === self::$meta_prefix . 'focuskw') { $clean = str_replace(array('<', '>', '"', '`', '<', '>', '"', '`'), '', $clean); } break; } $clean = apply_filters('wpseo_sanitize_post_meta_' . $meta_key, $clean, $meta_value, $field_def, $meta_key); return $clean; }
/** * Validate the option * * @param array $dirty New value for the option. * @param array $clean Clean value for the option, normally the defaults. * @param array $old Old value of the option. * * @return array Validated clean value for the option to be saved to the database */ protected function validate_option($dirty, $clean, $old) { foreach ($clean as $key => $value) { switch ($key) { case 'version': $clean[$key] = WPSEO_VERSION; break; case 'blocking_files': /** * @internal [JRF] to really validate this we should also do a file_exists() * on each array entry and remove files which no longer exist, but that might be overkill */ if (isset($dirty[$key]) && is_array($dirty[$key])) { $clean[$key] = array_unique($dirty[$key]); } elseif (isset($old[$key]) && is_array($old[$key])) { $clean[$key] = array_unique($old[$key]); } break; case 'company_or_person': if (isset($dirty[$key]) && $dirty[$key] !== '') { if (in_array($dirty[$key], array('company', 'person'))) { $clean[$key] = $dirty[$key]; } } break; /* text fields */ /* text fields */ case 'company_name': case 'person_name': case 'website_name': case 'alternate_website_name': if (isset($dirty[$key]) && $dirty[$key] !== '') { $clean[$key] = sanitize_text_field($dirty[$key]); } break; case 'company_logo': $this->validate_url($key, $dirty, $old, $clean); break; /* verification strings */ /* verification strings */ case 'googleverify': case 'msverify': case 'yandexverify': $this->validate_verification_string($key, $dirty, $old, $clean); break; /* Boolean dismiss warnings - not fields - may not be in form (and don't need to be either as long as the default is false) */ /* Boolean dismiss warnings - not fields - may not be in form (and don't need to be either as long as the default is false) */ case 'ms_defaults_set': if (isset($dirty[$key])) { $clean[$key] = WPSEO_Utils::validate_bool($dirty[$key]); } elseif (isset($old[$key])) { $clean[$key] = WPSEO_Utils::validate_bool($old[$key]); } break; case 'site_type': $clean[$key] = ''; if (isset($dirty[$key]) && in_array($dirty[$key], $this->site_types, true)) { $clean[$key] = $dirty[$key]; } break; case 'environment_type': $clean[$key] = ''; if (isset($dirty[$key]) && in_array($dirty[$key], $this->environment_types, true)) { $clean[$key] = $dirty[$key]; } break; case 'first_activated_on': $clean[$key] = false; if (isset($dirty[$key])) { if ($dirty[$key] === false || WPSEO_Utils::validate_int($dirty[$key])) { $clean[$key] = $dirty[$key]; } } break; /* Boolean (checkbox) fields */ /* Covers * 'disableadvanced_meta' * 'yoast_tracking' */ /* Boolean (checkbox) fields */ /* Covers * 'disableadvanced_meta' * 'yoast_tracking' */ default: $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false; break; } } return $clean; }
/** * Returns post in metabox context * * @returns WP_Post */ private function get_metabox_post() { if (isset($_GET['post'])) { $post_id = (int) WPSEO_Utils::validate_int($_GET['post']); $post = get_post($post_id); } else { $post = $GLOBALS['post']; } return $post; }
} $yform = Yoast_Form::get_instance(); $options = get_site_option('wpseo_ms'); if (isset($_POST['wpseo_submit'])) { check_admin_referer('wpseo-network-settings'); foreach (array('access', 'defaultblog') as $opt) { $options[$opt] = $_POST['wpseo_ms'][$opt]; } unset($opt); WPSEO_Options::update_site_option('wpseo_ms', $options); add_settings_error('wpseo_ms', 'settings_updated', __('Settings Updated.', 'wordpress-seo'), 'updated'); } if (isset($_POST['wpseo_restore_blog'])) { check_admin_referer('wpseo-network-restore'); if (isset($_POST['wpseo_ms']['restoreblog']) && is_numeric($_POST['wpseo_ms']['restoreblog'])) { $restoreblog = (int) WPSEO_Utils::validate_int($_POST['wpseo_ms']['restoreblog']); $blog = get_blog_details($restoreblog); if ($blog) { WPSEO_Options::reset_ms_blog($restoreblog); add_settings_error('wpseo_ms', 'settings_updated', sprintf(__('%s restored to default SEO settings.', 'wordpress-seo'), esc_html($blog->blogname)), 'updated'); } else { add_settings_error('wpseo_ms', 'settings_updated', sprintf(__('Blog %s not found.', 'wordpress-seo'), esc_html($restoreblog)), 'error'); } unset($restoreblog, $blog); } } /* Set up selectbox dropdowns for smaller networks (usability) */ $use_dropdown = true; if (get_blog_count() > 100) { $use_dropdown = false; } else {
/** * Validate a value as integer * * @deprecated 1.5.6.1 * @deprecated use WPSEO_Utils::validate_int() * @see WPSEO_Utils::validate_int() * * @param mixed $value Value to validate. * * @return mixed int or false in case of failure to convert to int */ public static function validate_int($value) { _deprecated_function(__FUNCTION__, 'WPSEO 1.5.6.1', 'WPSEO_Utils::validate_int()'); return WPSEO_Utils::validate_int($value); }
/** * Validate the option * * @param array $dirty New value for the option. * @param array $clean Clean value for the option, normally the defaults. * @param array $old Old value of the option. * * @return array Validated clean value for the option to be saved to the database */ protected function validate_option($dirty, $clean, $old) { foreach ($clean as $key => $value) { switch ($key) { case 'access': if (isset($dirty[$key]) && in_array($dirty[$key], self::$allowed_access_options, true)) { $clean[$key] = $dirty[$key]; } elseif (function_exists('add_settings_error')) { add_settings_error($this->group_name, '_' . $key, sprintf(__('%1$s is not a valid choice for who should be allowed access to the %2$s settings. Value reset to the default.', 'wordpress-seo'), esc_html(sanitize_text_field($dirty[$key])), 'Yoast SEO'), 'error'); } break; case 'defaultblog': if (isset($dirty[$key]) && ($dirty[$key] !== '' && $dirty[$key] !== '-')) { $int = WPSEO_Utils::validate_int($dirty[$key]); if ($int !== false && $int > 0) { // Check if a valid blog number has been received. $exists = get_blog_details($int, false); if ($exists && $exists->deleted == 0) { $clean[$key] = $int; } elseif (function_exists('add_settings_error')) { add_settings_error($this->group_name, '_' . $key, esc_html__('The default blog setting must be the numeric blog id of the blog you want to use as default.', 'wordpress-seo') . '<br>' . sprintf(esc_html__('This must be an existing blog. Blog %s does not exist or has been marked as deleted.', 'wordpress-seo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'), 'error'); } unset($exists); } elseif (function_exists('add_settings_error')) { add_settings_error($this->group_name, '_' . $key, esc_html__('The default blog setting must be the numeric blog id of the blog you want to use as default.', 'wordpress-seo') . '<br>' . esc_html__('No numeric value was received.', 'wordpress-seo'), 'error'); } unset($int); } break; default: $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false; break; } } return $clean; }
/** * Validate the option * * @param array $dirty New value for the option. * @param array $clean Clean value for the option, normally the defaults. * @param array $old Old value of the option. * * @return array Validated clean value for the option to be saved to the database */ protected function validate_option($dirty, $clean, $old) { foreach ($clean as $key => $value) { $switch_key = $this->get_switch_key($key); switch ($switch_key) { /* Text fields */ /* Covers: 'title-home-wpseo', 'title-author-wpseo', 'title-archive-wpseo', 'title-search-wpseo', 'title-404-wpseo' 'title-' . $pt->name 'title-ptarchive-' . $pt->name 'title-tax-' . $tax->name */ case 'title-': if (isset($dirty[$key])) { $clean[$key] = WPSEO_Utils::sanitize_text_field($dirty[$key]); } break; /* Covers: 'metadesc-home-wpseo', 'metadesc-author-wpseo', 'metadesc-archive-wpseo' 'metadesc-' . $pt->name 'metadesc-ptarchive-' . $pt->name 'metadesc-tax-' . $tax->name */ /* Covers: 'metadesc-home-wpseo', 'metadesc-author-wpseo', 'metadesc-archive-wpseo' 'metadesc-' . $pt->name 'metadesc-ptarchive-' . $pt->name 'metadesc-tax-' . $tax->name */ case 'metadesc-': /* Covers: 'metakey-home-wpseo', 'metakey-author-wpseo' 'metakey-' . $pt->name 'metakey-ptarchive-' . $pt->name 'metakey-tax-' . $tax->name */ /* Covers: 'metakey-home-wpseo', 'metakey-author-wpseo' 'metakey-' . $pt->name 'metakey-ptarchive-' . $pt->name 'metakey-tax-' . $tax->name */ case 'metakey-': /* Covers: ''bctitle-ptarchive-' . $pt->name */ /* Covers: ''bctitle-ptarchive-' . $pt->name */ case 'bctitle-ptarchive-': if (isset($dirty[$key]) && $dirty[$key] !== '') { $clean[$key] = WPSEO_Utils::sanitize_text_field($dirty[$key]); } break; /* integer field - not in form*/ /* integer field - not in form*/ case 'title_test': if (isset($dirty[$key])) { $int = WPSEO_Utils::validate_int($dirty[$key]); if ($int !== false && $int >= 0) { $clean[$key] = $int; } } elseif (isset($old[$key])) { $int = WPSEO_Utils::validate_int($old[$key]); if ($int !== false && $int >= 0) { $clean[$key] = $int; } } break; /* Separator field - Radio */ /* Separator field - Radio */ case 'separator': if (isset($dirty[$key]) && $dirty[$key] !== '') { // Get separator fields. $separator_fields = $this->get_separator_options(); // Check if the given separator is exists. if (isset($separator_fields[$dirty[$key]])) { $clean[$key] = $dirty[$key]; } } break; /* Boolean fields */ /* Covers: * 'noindex-subpages-wpseo', 'noindex-author-wpseo', 'noindex-archive-wpseo' * 'noindex-' . $pt->name * 'noindex-ptarchive-' . $pt->name * 'noindex-tax-' . $tax->name * 'forcerewritetitle': * 'usemetakeywords': * 'noodp': * 'noydir': * 'disable-author': * 'disable-date': * 'noindex-' * 'showdate-' * 'showdate-'. $pt->name * 'hideeditbox-' * 'hideeditbox-'. $pt->name * 'hideeditbox-tax-' . $tax->name */ /* Boolean fields */ /* Covers: * 'noindex-subpages-wpseo', 'noindex-author-wpseo', 'noindex-archive-wpseo' * 'noindex-' . $pt->name * 'noindex-ptarchive-' . $pt->name * 'noindex-tax-' . $tax->name * 'forcerewritetitle': * 'usemetakeywords': * 'noodp': * 'noydir': * 'disable-author': * 'disable-date': * 'noindex-' * 'showdate-' * 'showdate-'. $pt->name * 'hideeditbox-' * 'hideeditbox-'. $pt->name * 'hideeditbox-tax-' . $tax->name */ default: $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false; break; } } return $clean; }
/** * Validate the option * * @param array $dirty New value for the option. * @param array $clean Clean value for the option, normally the defaults. * @param array $old Old value of the option. * * @return array Validated clean value for the option to be saved to the database */ protected function validate_option($dirty, $clean, $old) { foreach ($clean as $key => $value) { $switch_key = $this->get_switch_key($key); switch ($switch_key) { /* integer fields */ case 'entries-per-page': /** * @todo [JRF/JRF => Yoast] add some more rules (minimum 50 or something * - what should be the guideline?) and adjust error message */ if (isset($dirty[$key]) && $dirty[$key] !== '') { $int = WPSEO_Utils::validate_int($dirty[$key]); if ($int !== false && $int > 0) { $clean[$key] = $int; } else { if (isset($old[$key]) && $old[$key] !== '') { $int = WPSEO_Utils::validate_int($old[$key]); if ($int !== false && $int > 0) { $clean[$key] = $int; } } if (function_exists('add_settings_error')) { add_settings_error($this->group_name, '_' . $key, sprintf(__('"Max entries per sitemap page" should be a positive number, which %s is not. Please correct.', 'wordpress-seo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'), 'error'); } } unset($int); } break; case 'excluded-posts': if (isset($dirty[$key]) && $dirty[$key] !== '') { if ($filtered_array = filter_var_array(explode(',', $dirty[$key]), FILTER_VALIDATE_INT)) { $clean[$key] = implode(',', array_filter($filtered_array, 'is_integer')); unset($filtered_array); } } break; /* Boolean fields */ /* Covers: * 'disable_author_sitemap': * 'disable_author_noposts': * 'enablexmlsitemap': * 'user_role-': * 'user_role' . $role_name . '-not_in_sitemap' fields * 'post_types-': * 'post_types-' . $pt->name . '-not_in_sitemap' fields * 'taxonomies-': * 'taxonomies-' . $tax->name . '-not_in_sitemap' fields */ /* Boolean fields */ /* Covers: * 'disable_author_sitemap': * 'disable_author_noposts': * 'enablexmlsitemap': * 'user_role-': * 'user_role' . $role_name . '-not_in_sitemap' fields * 'post_types-': * 'post_types-' . $pt->name . '-not_in_sitemap' fields * 'taxonomies-': * 'taxonomies-' . $tax->name . '-not_in_sitemap' fields */ default: $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false; break; } } return $clean; }
/** * Validate the option * * @param array $dirty New value for the option. * @param array $clean Clean value for the option, normally the defaults. * @param array $old Old value of the option. * * @return array Validated clean value for the option to be saved to the database */ protected function validate_option($dirty, $clean, $old) { foreach ($clean as $key => $value) { $switch_key = $this->get_switch_key($key); switch ($switch_key) { /* integer fields */ case 'entries-per-page': if (isset($dirty[$key]) && $dirty[$key] !== '') { $int = WPSEO_Utils::validate_int($dirty[$key]); if ($int !== false && $int > 0) { if ($int > 50000) { $error_message = sprintf(__('"Max entries per sitemap page" should be below %s to meet Google\'s requirements, which %s is not.', 'wordpress-seo'), number_format_i18n(50000), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'); add_settings_error($this->group_name, '_' . $key, $error_message, 'error'); $int = 50000; } $clean[$key] = $int; } else { if (isset($old[$key]) && $old[$key] !== '') { $int = WPSEO_Utils::validate_int($old[$key]); if ($int !== false && $int > 0) { $clean[$key] = $int; } } $error_message = sprintf(__('"Max entries per sitemap page" should be a positive number, which %s is not. Please correct.', 'wordpress-seo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'); add_settings_error($this->group_name, '_' . $key, $error_message, 'error'); } unset($int); } break; case 'excluded-posts': if (isset($dirty[$key]) && $dirty[$key] !== '') { if ($filtered_array = filter_var_array(explode(',', $dirty[$key]), FILTER_VALIDATE_INT)) { $clean[$key] = implode(',', array_filter($filtered_array, 'is_integer')); unset($filtered_array); } } break; /* Boolean fields */ /* Covers: * 'disable_author_sitemap': * 'disable_author_noposts': * 'enablexmlsitemap': * 'user_role-': * 'user_role' . $role_name . '-not_in_sitemap' fields * 'post_types-': * 'post_types-' . $pt->name . '-not_in_sitemap' fields * 'taxonomies-': * 'taxonomies-' . $tax->name . '-not_in_sitemap' fields */ /* Boolean fields */ /* Covers: * 'disable_author_sitemap': * 'disable_author_noposts': * 'enablexmlsitemap': * 'user_role-': * 'user_role' . $role_name . '-not_in_sitemap' fields * 'post_types-': * 'post_types-' . $pt->name . '-not_in_sitemap' fields * 'taxonomies-': * 'taxonomies-' . $tax->name . '-not_in_sitemap' fields */ default: $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false; break; } } return $clean; }
/** * Returns post in metabox context - fallback for Yoast SEO < 3.0 and News SEO > 2.2.5 * * @returns WP_Post */ protected function get_metabox_post() { if (is_callable('parent:get_metabox_post')) { return parent::get_metabox_post(); } if ($post = filter_input(INPUT_GET, 'post')) { $post_id = (int) WPSEO_Utils::validate_int($post); return get_post($post_id); } if (isset($GLOBALS['post'])) { return $GLOBALS['post']; } return array(); }