/** * Validate and sanitize any submitted data. Used when editing the definition for * this type of element. Default behavior here is require only a unique name and * label. Override this if customized validation is required: usually you'll want * to override and still reference the parent: * public function save_definition_filter($posted_data) { * $posted_data = parent::save_definition_filter($posted_data); * // your code here... * return $posted_data; * } * * * into the field values. * * @param array $posted_data = $_POST data * @return array filtered field_data that can be saved OR can be safely repopulated */ public function save_definition_filter($posted_data) { if (empty($posted_data['name'])) { $this->errors['name'][] = __('Name is required.', CCTM_TXTDOMAIN); } else { // Are there any invalid characters? 1st char. must be a letter (req'd for valid prop/func names) if (!preg_match('/^[a-z]{1}[a-z_0-9]*$/i', $posted_data['name'])) { $this->errors['name'][] = sprintf(__('%s contains invalid characters. The name may only contain letters, numbers, and underscores, and it must begin with a letter.', CCTM_TXTDOMAIN), '<strong>' . $posted_data['name'] . '</strong>'); $posted_data['name'] = preg_replace('/[^a-z_0-9]/', '', $posted_data['name']); } // Is the name too long? if (strlen($posted_data['name']) > 255) { $posted_data['name'] = substr($posted_data['name'], 0, 255); $this->errors['name'][] = __('The name is too long. Names must not exceed 255 characters.', CCTM_TXTDOMAIN); } // Run into any reserved words? if (in_array($posted_data['name'], CCTM::$reserved_field_names)) { $this->errors['name'][] = sprintf(__('%s is a reserved name.', CCTM_TXTDOMAIN), '<strong>' . $posted_data['name'] . '</strong>'); $posted_data['name'] = ''; } // it's a CREATE operation if (empty($this->original_name)) { if (isset(CCTM::$data['custom_field_defs']) && is_array(CCTM::$data['custom_field_defs'])) { foreach (CCTM::$data['custom_field_defs'] as $cf => $def) { if (strtolower($posted_data['name']) == strtolower($cf)) { $this->errors['name'][] = sprintf(__('The name %s is already in use. Please choose another name.', CCTM_TXTDOMAIN), '<em>' . $posted_data['name'] . '</em>'); } } } } elseif ($this->original_name != $posted_data['name']) { if (isset(CCTM::$data['custom_field_defs']) && is_array(CCTM::$data['custom_field_defs'])) { if (strtolower($posted_data['name']) == strtolower($cf)) { $this->errors['name'][] = sprintf(__('The name %s is already in use. Please choose another name.', CCTM_TXTDOMAIN), '<em>' . $posted_data['name'] . '</em>'); } $posted_data['name'] = ''; } } } // You may need to do this for any textarea fields. Saving a '</textarea>' tag // in your description field can wreak everything. if (!empty($posted_data['description'])) { $posted_data['description'] = strip_tags($posted_data['description'], CCTM::$allowed_html_tags); } $posted_data = CCTM::striptags_deep($posted_data); // WP always quotes data (!!!), so we don't bother checking get_magic_quotes_gpc et al. // See this: http://kovshenin.com/archives/wordpress-and-magic-quotes/ $posted_data = CCTM::stripslashes_deep($posted_data); //return $posted_data; // simplifiying immutable foreach ($this->immutable as $x) { if (isset($this->props[$x])) { $posted_data[$x] = $this->props[$x]; } else { $posted_data[$x] = ''; } } return $posted_data; // Apply immutable properties, and return filtered data //return array_merge($posted_data, $this->immutable); }
/** * Everything when creating a new post type must be filtered here. * * Problems with: * hierarchical * rewrite_with_front * * This is janky... sorta doesn't work how it's supposed when combined with save_post_type_settings(). * * * @param mixed $raw unsanitized $_POST data * @return mixed filtered $_POST data (only white-listed are passed thru to output) */ public static function sanitize_post_type_def($raw) { $sanitized = array(); unset($raw['custom_content_type_mgr_create_new_content_type_nonce']); unset($raw['custom_content_type_mgr_edit_content_type_nonce']); $raw = CCTM::striptags_deep($raw); // WP always adds slashes: see http://kovshenin.com/archives/wordpress-and-magic-quotes/ $raw = CCTM::stripslashes_deep($raw); // Handle unchecked checkboxes if (empty($raw['cctm_hierarchical_custom'])) { $sanitized['cctm_hierarchical_custom'] = ''; } if (empty($raw['cctm_hierarchical_includes_drafts'])) { $sanitized['cctm_hierarchical_includes_drafts'] = ''; } if (empty($raw['cctm_hierarchical_post_types'])) { $sanitized['cctm_hierarchical_post_types'] = array(); } if (!isset($raw['cctm_custom_columns_enabled'])) { $sanitized['cctm_custom_columns_enabled'] = 0; } if (!isset($raw['cctm_enable_right_now'])) { $sanitized['cctm_enable_right_now'] = 0; } // This will be empty if no "supports" items are checked. if (!empty($raw['supports'])) { $sanitized['supports'] = $raw['supports']; unset($raw['supports']); } else { $sanitized['supports'] = array(); } if (!empty($raw['taxonomies'])) { $sanitized['taxonomies'] = $raw['taxonomies']; } else { // do this so this will take precedence when you merge the existing array with the new one in the save_post_type_settings() function. $sanitized['taxonomies'] = array(); } // You gotta unset arrays if you want the foreach thing below to work. unset($raw['taxonomies']); // Temporary thing... ???? unset($sanitized['rewrite_slug']); // The main event // We grab everything except stuff that begins with '_', then override specific $keys as needed. foreach ($raw as $key => $value) { if (!preg_match('/^_.*/', $key)) { $sanitized[$key] = CCTM::get_value($raw, $key); } } // Specific overrides below: $sanitized['description'] = strip_tags($raw['description']); // post_type is the only required field $sanitized['post_type'] = CCTM::get_value($raw, 'post_type'); $sanitized['post_type'] = strtolower($sanitized['post_type']); $sanitized['post_type'] = preg_replace('/[^a-z0-9_\\-]/', '_', $sanitized['post_type']); $sanitized['post_type'] = substr($sanitized['post_type'], 0, 20); // Our form passes integers and strings, but WP req's literal booleans, // so we do some type-casting here to ensure literal booleans. $sanitized['public'] = (bool) CCTM::get_value($raw, 'public'); $sanitized['rewrite_with_front'] = (bool) CCTM::get_value($raw, 'rewrite_with_front'); $sanitized['show_ui'] = (bool) CCTM::get_value($raw, 'show_ui'); $sanitized['public'] = (bool) CCTM::get_value($raw, 'public'); $sanitized['show_in_nav_menus'] = (bool) CCTM::get_value($raw, 'show_in_nav_menus'); $sanitized['can_export'] = (bool) CCTM::get_value($raw, 'can_export'); $sanitized['use_default_menu_icon'] = (bool) CCTM::get_value($raw, 'use_default_menu_icon'); $sanitized['hierarchical'] = (bool) CCTM::get_value($raw, 'hierarchical'); $sanitized['include_in_search'] = (bool) CCTM::get_value($raw, 'include_in_search'); $sanitized['publicly_queryable'] = (bool) CCTM::get_value($raw, 'publicly_queryable'); $sanitized['include_in_rss'] = (bool) CCTM::get_value($raw, 'include_in_rss'); $sanitized['map_meta_cap'] = (bool) CCTM::get_value($raw, 'map_meta_cap'); $sanitized['show_in_admin_bar'] = (bool) CCTM::get_value($raw, 'show_in_admin_bar'); if (empty($sanitized['has_archive'])) { $sanitized['has_archive'] = false; } else { $sanitized['has_archive'] = true; } // *facepalm*... Special handling req'd here for menu_position because 0 // is handled differently than a literal null. if ((int) CCTM::get_value($raw, 'menu_position')) { $sanitized['menu_position'] = (int) CCTM::get_value($raw, 'menu_position', null); } else { $sanitized['menu_position'] = null; } $sanitized['show_in_menu'] = CCTM::get_value($raw, 'show_in_menu'); $sanitized['cctm_show_in_menu'] = CCTM::get_value($raw, 'cctm_show_in_menu'); // menu_icon... the user will lose any custom Menu Icon URL if they save with this checked! // TODO: let this value persist. if ($sanitized['use_default_menu_icon']) { unset($sanitized['menu_icon']); // === null; } if (empty($sanitized['query_var'])) { $sanitized['query_var'] = false; } // Cleaning up the labels if (empty($sanitized['label'])) { $sanitized['label'] = ucfirst($sanitized['post_type']); } if (empty($sanitized['labels']['singular_name'])) { $sanitized['labels']['singular_name'] = ucfirst($sanitized['post_type']); } if (empty($sanitized['labels']['add_new'])) { $sanitized['labels']['add_new'] = __('Add New'); } if (empty($sanitized['labels']['add_new_item'])) { $sanitized['labels']['add_new_item'] = __('Add New') . ' ' . ucfirst($sanitized['post_type']); } if (empty($sanitized['labels']['edit_item'])) { $sanitized['labels']['edit_item'] = __('Edit') . ' ' . ucfirst($sanitized['post_type']); } if (empty($sanitized['labels']['new_item'])) { $sanitized['labels']['new_item'] = __('New') . ' ' . ucfirst($sanitized['post_type']); } if (empty($sanitized['labels']['view_item'])) { $sanitized['labels']['view_item'] = __('View') . ' ' . ucfirst($sanitized['post_type']); } if (empty($sanitized['labels']['search_items'])) { $sanitized['labels']['search_items'] = __('Search') . ' ' . ucfirst($sanitized['labels']['menu_name']); } if (empty($sanitized['labels']['not_found'])) { $sanitized['labels']['not_found'] = sprintf(__('No %s found', CCTM_TXTDOMAIN), strtolower($raw['labels']['menu_name'])); } if (empty($sanitized['labels']['not_found_in_trash'])) { $sanitized['labels']['not_found_in_trash'] = sprintf(__('No %s found in trash', CCTM_TXTDOMAIN), strtolower($raw['labels']['menu_name'])); } if (empty($sanitized['labels']['parent_item_colon'])) { $sanitized['labels']['parent_item_colon'] = __('Parent Page'); } // Rewrites. TODO: make this work like the built-in post-type permalinks switch ($sanitized['permalink_action']) { case '/%postname%/': $sanitized['rewrite'] = true; break; case 'Custom': $sanitized['rewrite']['slug'] = $raw['rewrite_slug']; $sanitized['rewrite']['with_front'] = isset($raw['rewrite_with_front']) ? (bool) $raw['rewrite_with_front'] : false; break; case 'Off': default: $sanitized['rewrite'] = false; } return $sanitized; }
/** * Sanitize data * @param array * @return array */ public static function sanitize($posted_data) { $data = array(); $data['id'] = CCTM::get_value($posted_data, 'id'); $data['old_id'] = CCTM::get_value($posted_data, 'old_id'); $data['title'] = CCTM::get_value($posted_data, 'title'); $data['context'] = CCTM::get_value($posted_data, 'context'); $data['priority'] = CCTM::get_value($posted_data, 'priority'); $data['callback'] = CCTM::get_value($posted_data, 'callback'); $data['callback_args'] = CCTM::get_value($posted_data, 'callback_args'); // See https://code.google.com/p/wordpress-custom-content-type-manager/issues/detail?id=511 $data['visibility_control'] = isset($posted_data['visibility_control']) ? $posted_data['visibility_control'] : ''; $data['post_types'] = CCTM::get_value($posted_data, 'post_types', array()); $data = CCTM::striptags_deep($data); $data = CCTM::stripslashes_deep($data); return $data; }