/**
* Validate the post meta values
*
* @static
*
* @param mixed $meta_value The new value
* @param string $meta_key The full meta key (including prefix)
* @return string Validated meta value
*/
public static function sanitize_post_meta($meta_value, $meta_key)
{
$field_def = self::$meta_fields[self::$fields_index[$meta_key]['subset']][self::$fields_index[$meta_key]['key']];
$clean = self::$defaults[$meta_key];
switch (true) {
case $meta_key === self::$meta_prefix . 'linkdex':
$int = WPSEO_Option::validate_int($meta_value);
if ($int !== false && $int >= 0) {
$clean = strval($int);
// Convert to string to make sure default check works
}
break;
case $field_def['type'] === 'checkbox':
// Only allow value if it's one of the predefined options
if (in_array($meta_value, array('on', 'off'), true)) {
$clean = $meta_value;
}
break;
case $field_def['type'] === 'select' || $field_def['type'] === 'radio':
// Only allow value if it's one of the predefined options
if (isset($field_def['options'][$meta_value])) {
$clean = $meta_value;
}
break;
case $field_def['type'] === 'multiselect' && $meta_key === self::$meta_prefix . 'meta-robots-adv':
$clean = self::validate_meta_robots_adv($meta_value);
break;
case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'canonical':
case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'redirect':
// Validate as url(-part)
$url = WPSEO_Option::sanitize_url($meta_value);
if ($url !== '') {
$clean = $url;
}
break;
case $field_def['type'] === 'upload' && $meta_key === self::$meta_prefix . 'opengraph-image':
// Validate as url
$url = WPSEO_Option::sanitize_url($meta_value, array('http', 'https', 'ftp', 'ftps'));
if ($url !== '') {
$clean = $url;
}
break;
case $field_def['type'] === 'textarea':
if (is_string($meta_value)) {
// Remove line breaks and tabs
// @todo [JRF => Yoast] verify that line breaks and the likes aren't allowed/recommended in meta header fields
$meta_value = str_replace(array("\n", "\r", "\t", ' '), ' ', $meta_value);
$clean = WPSEO_Option::sanitize_text_field(trim($meta_value));
}
break;
case 'multiselect' === $field_def['type']:
$clean = $meta_value;
break;
case $field_def['type'] === 'text':
default:
if (is_string($meta_value)) {
$clean = WPSEO_Option::sanitize_text_field(trim($meta_value));
}
break;
}
$clean = apply_filters('wpseo_sanitize_post_meta_' . $meta_key, $clean, $meta_value, $field_def, $meta_key);
return $clean;
}
/**
* Fallback funciton for WP SEO functionality, sanitize_url
*
* @param $string
*
* @return mixed
*/
public static function yoast_wpseo_video_sanitize_url($string)
{
if (method_exists('WPSEO_Utils', 'sanitize_url')) {
return WPSEO_Utils::sanitize_url($string, array('http', 'https', 'ftp', 'ftps'));
}
return WPSEO_Option::sanitize_url($string, array('http', 'https', 'ftp', 'ftps'));
}