/** * Save the settings. */ public function settings_save() { if (!is_admin()) { return; } // We need to save the options ourselves; settings api does not trigger save for the permalinks page. if (isset($_POST['permalink_structure'])) { $permalinks = get_option('axiscomposer_permalinks'); if (!$permalinks) { $permalinks = array(); } $permalinks['category_base'] = ac_sanitize_permalink(trim($_POST['axiscomposer_portfolio_category_slug'])); $permalinks['tag_base'] = ac_sanitize_permalink(trim($_POST['axiscomposer_portfolio_tag_slug'])); // Portfolio base. $portfolio_permalink = isset($_POST['portfolio_permalink']) ? ac_clean($_POST['portfolio_permalink']) : ''; if ('custom' === $portfolio_permalink) { if (isset($_POST['portfolio_permalink_structure'])) { $portfolio_permalink = preg_replace('#/+#', '/', '/' . str_replace('#', '', trim($_POST['portfolio_permalink_structure']))); } else { $portfolio_permalink = '/'; } // This is an invalid base structure and breaks pages. if ('/%portfolio_cat%' === $product_permalink) { $portfolio_permalink = '/' . _x('portfolio', 'slug', 'axiscomposer') . $portfolio_permalink; } } elseif (empty($portfolio_permalink)) { $portfolio_permalink = false; } $permalinks['portfolio_base'] = ac_sanitize_permalink($portfolio_permalink); update_option('axiscomposer_permalinks', $permalinks); } }
/** * Test ac_clean() - note this is a basic type test as WP core already * has coverage for sanitized_text_field() * * @since 1.0.0 */ public function test_ac_clean() { $this->assertEquals('cleaned', ac_clean('<script>alert();</script>cleaned')); }
/** * Validate Select Field. * * @param string $key * @param string $value Posted Value * @return string */ public function validate_select_field($key, $value) { $value = is_null($value) ? '' : $value; return ac_clean(stripslashes($value)); }
/** * Save admin fields. * * Loops though the axiscomposer options array and outputs each field. * * @param array $options Options array to output. * @param array $data Optional. Data to use for saving. Defaults to $_POST. * @return bool */ public static function save_fields($options, $data = null) { if (is_null($data)) { $data = $_POST; } if (empty($data)) { return false; } // Options to update will be stored here and saved later. $update_options = array(); // Loop options and get values to save. foreach ($options as $option) { if (!isset($option['id']) || !isset($option['type'])) { continue; } // Get posted value. if (strstr($option['id'], '[')) { parse_str($option['id'], $option_name_array); $option_name = current(array_keys($option_name_array)); $setting_name = key($option_name_array[$option_name]); $raw_value = isset($data[$option_name][$setting_name]) ? wp_unslash($data[$option_name][$setting_name]) : null; } else { $option_name = $option['id']; $setting_name = ''; $raw_value = isset($data[$option['id']]) ? wp_unslash($data[$option['id']]) : null; } // Format the value based on option type. switch ($option['type']) { case 'checkbox': $value = '1' === $raw_value || 'yes' === $raw_value ? 'yes' : 'no'; break; case 'textarea': $value = wp_kses_post(trim($raw_value)); break; case 'select': $allowed_values = empty($option['options']) ? array() : array_keys($option['options']); if (empty($option['default']) && empty($allowed_values)) { $value = null; break; } $default = empty($option['default']) ? $allowed_values[0] : $option['default']; $value = in_array($raw_value, $allowed_values) ? $raw_value : $default; break; case 'multiselect': case 'multi_select_screens': $value = array_filter(array_map('ac_clean', (array) $raw_value)); break; default: $value = ac_clean($raw_value); break; } /** * Sanitize the value of an option. */ $value = apply_filters('axiscomposer_admin_settings_sanitize_option', $value, $option, $raw_value); /** * Sanitize the value of an option by option name. */ $value = apply_filters("axiscomposer_admin_settings_sanitize_option_{$option_name}", $value, $option, $raw_value); if (is_null($value)) { continue; } // Check if option is an array and handle that differently to single values. if ($option_name && $setting_name) { if (!isset($update_options[$option_name])) { $update_options[$option_name] = get_option($option_name, array()); } if (!is_array($update_options[$option_name])) { $update_options[$option_name] = array(); } $update_options[$option_name][$setting_name] = $value; } else { $update_options[$option_name] = $value; } } // Save all options in our array. foreach ($update_options as $name => $value) { update_option($name, $value); } return true; }
$posting['wp_remote_post']['note'] .= ' ' . sprintf(__('Status code: %s', 'axiscomposer'), ac_clean($response['response']['code'])); } $posting['wp_remote_post']['success'] = false; } // WP Remote Get Check. $posting['wp_remote_get']['name'] = __('Remote Get', 'axiscomposer'); $posting['wp_remote_get']['help'] = ac_help_tip(__('AxisComposer plugins may use this method of communication when checking for plugin updates.', 'axiscomposer')); $response = wp_safe_remote_get('https://api.github.com/repos/axisthemes/axiscomposer/contributors'); if (!is_wp_error($response) && $response['response']['code'] >= 200 && $response['response']['code'] < 300) { $posting['wp_remote_get']['success'] = true; } else { $posting['wp_remote_get']['note'] = __('wp_safe_remote_get() failed. The AxisComposer plugin updater won\'t work with your server. Contact your hosting provider.', 'axiscomposer'); if (is_wp_error($response)) { $posting['wp_remote_get']['note'] .= ' ' . sprintf(__('Error: %s', 'axiscomposer'), ac_clean($response->get_error_message())); } else { $posting['wp_remote_get']['note'] .= ' ' . sprintf(__('Status code: %s', 'axiscomposer'), ac_clean($response['response']['code'])); } $posting['wp_remote_get']['success'] = false; } $posting = apply_filters('axiscomposer_debug_posting', $posting); foreach ($posting as $post) { $mark = !empty($post['success']) ? 'yes' : 'error'; ?> <tr> <td data-export-label="<?php echo esc_html($post['name']); ?> "><?php echo esc_html($post['name']); ?> :</td>
/** * AJAX Delete Custom Sidebar on Widgets Page. */ public static function delete_custom_sidebar() { ob_start(); check_ajax_referer('delete-custom-sidebar', 'security'); if (!current_user_can('manage_axiscomposer')) { die(-1); } $sidebar = ac_clean(stripslashes($_POST['sidebar'])); if (!empty($sidebar)) { AC_Sidebars::remove_sidebar($sidebar); wp_send_json_success(array($sidebar)); } die; }
/** * Add a sidebar if the POST variable is set. */ public function add_custom_sidebars() { if (!empty($_POST['axiscomposer-add-sidebar']) && isset($_POST['_ac_sidebar_nonce'])) { if (!wp_verify_nonce($_POST['_ac_sidebar_nonce'], 'axiscomposer_add_sidebar')) { wp_die(__('Action failed. Please refresh the page and retry.', 'axiscomposer')); } if (!current_user_can('manage_axiscomposer')) { wp_die(__('Cheatin’ huh?', 'axiscomposer')); } $sidebar_name = ac_clean($_POST['axiscomposer-add-sidebar']); self::add_sidebar(self::validate_sidebar_name($sidebar_name)); wp_redirect(admin_url('widgets.php')); } }