/**
* Returns post in metabox context
*
* @returns WP_Post
*/
private function get_metabox_post()
{
if (isset($_GET['post'])) {
$post_id = (int) YMBESEO_Utils::validate_int($_GET['post']);
$post = get_post($post_id);
} else {
$post = $GLOBALS['post'];
}
return $post;
}
/**
* Validate the option
*
* @param array $dirty New value for the option.
* @param array $clean Clean value for the option, normally the defaults.
* @param array $old Old value of the option.
*
* @return array Validated clean value for the option to be saved to the database
*/
protected function validate_option($dirty, $clean, $old)
{
foreach ($clean as $key => $value) {
$switch_key = $this->get_switch_key($key);
switch ($switch_key) {
/*
Text fields
*/
/*
Covers:
'title-home-wpseo', 'title-author-wpseo', 'title-archive-wpseo',
'title-search-wpseo', 'title-404-wpseo'
'title-' . $pt->name
'title-ptarchive-' . $pt->name
'title-tax-' . $tax->name
*/
case 'title-':
if (isset($dirty[$key])) {
$clean[$key] = YMBESEO_Utils::sanitize_text_field($dirty[$key]);
}
break;
/*
Covers:
'metadesc-home-wpseo', 'metadesc-author-wpseo', 'metadesc-archive-wpseo'
'metadesc-' . $pt->name
'metadesc-ptarchive-' . $pt->name
'metadesc-tax-' . $tax->name
*/
/*
Covers:
'metadesc-home-wpseo', 'metadesc-author-wpseo', 'metadesc-archive-wpseo'
'metadesc-' . $pt->name
'metadesc-ptarchive-' . $pt->name
'metadesc-tax-' . $tax->name
*/
case 'metadesc-':
/*
Covers:
'metakey-home-wpseo', 'metakey-author-wpseo'
'metakey-' . $pt->name
'metakey-ptarchive-' . $pt->name
'metakey-tax-' . $tax->name
*/
/*
Covers:
'metakey-home-wpseo', 'metakey-author-wpseo'
'metakey-' . $pt->name
'metakey-ptarchive-' . $pt->name
'metakey-tax-' . $tax->name
*/
case 'metakey-':
/*
Covers:
''bctitle-ptarchive-' . $pt->name
*/
/*
Covers:
''bctitle-ptarchive-' . $pt->name
*/
case 'bctitle-ptarchive-':
if (isset($dirty[$key]) && $dirty[$key] !== '') {
$clean[$key] = YMBESEO_Utils::sanitize_text_field($dirty[$key]);
}
break;
/* integer field - not in form*/
/* integer field - not in form*/
case 'title_test':
if (isset($dirty[$key])) {
$int = YMBESEO_Utils::validate_int($dirty[$key]);
if ($int !== false && $int >= 0) {
$clean[$key] = $int;
}
} elseif (isset($old[$key])) {
$int = YMBESEO_Utils::validate_int($old[$key]);
if ($int !== false && $int >= 0) {
$clean[$key] = $int;
}
}
break;
/* Separator field - Radio */
/* Separator field - Radio */
case 'separator':
if (isset($dirty[$key]) && $dirty[$key] !== '') {
// Get separator fields.
$separator_fields = $this->get_separator_options();
// Check if the given separator is exists.
if (isset($separator_fields[$dirty[$key]])) {
$clean[$key] = $dirty[$key];
}
}
break;
/*
Boolean fields
*/
/*
Covers:
* 'noindex-subpages-wpseo', 'noindex-author-wpseo', 'noindex-archive-wpseo'
* 'noindex-' . $pt->name
* 'noindex-ptarchive-' . $pt->name
* 'noindex-tax-' . $tax->name
* 'forcerewritetitle':
* 'usemetakeywords':
* 'noodp':
* 'noydir':
* 'disable-author':
* 'disable-date':
* 'noindex-'
* 'showdate-'
* 'showdate-'. $pt->name
* 'hideeditbox-'
* 'hideeditbox-'. $pt->name
* 'hideeditbox-tax-' . $tax->name
*/
/*
Boolean fields
*/
/*
Covers:
* 'noindex-subpages-wpseo', 'noindex-author-wpseo', 'noindex-archive-wpseo'
* 'noindex-' . $pt->name
* 'noindex-ptarchive-' . $pt->name
* 'noindex-tax-' . $tax->name
* 'forcerewritetitle':
* 'usemetakeywords':
* 'noodp':
* 'noydir':
* 'disable-author':
* 'disable-date':
* 'noindex-'
* 'showdate-'
* 'showdate-'. $pt->name
* 'hideeditbox-'
* 'hideeditbox-'. $pt->name
* 'hideeditbox-tax-' . $tax->name
*/
default:
$clean[$key] = isset($dirty[$key]) ? YMBESEO_Utils::validate_bool($dirty[$key]) : false;
break;
}
}
return $clean;
}
/**
* Validate the post meta values
*
* @static
*
* @param mixed $meta_value The new value.
* @param string $meta_key The full meta key (including prefix).
*
* @return string Validated meta value
*/
public static function sanitize_post_meta($meta_value, $meta_key)
{
$field_def = self::$meta_fields[self::$fields_index[$meta_key]['subset']][self::$fields_index[$meta_key]['key']];
$clean = self::$defaults[$meta_key];
switch (true) {
case $meta_key === self::$meta_prefix . 'linkdex':
$int = YMBESEO_Utils::validate_int($meta_value);
if ($int !== false && $int >= 0) {
$clean = strval($int);
// Convert to string to make sure default check works.
}
break;
case $field_def['type'] === 'checkbox':
// Only allow value if it's one of the predefined options.
if (in_array($meta_value, array('on', 'off'), true)) {
$clean = $meta_value;
}
break;
case $field_def['type'] === 'select' || $field_def['type'] === 'radio':
// Only allow value if it's one of the predefined options.
if (isset($field_def['options'][$meta_value])) {
$clean = $meta_value;
}
break;
case $field_def['type'] === 'multiselect' && $meta_key === self::$meta_prefix . 'meta-robots-adv':
$clean = self::validate_meta_robots_adv($meta_value);
break;
case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'canonical':
case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'redirect':
// Validate as url(-part).
$url = YMBESEO_Utils::sanitize_url($meta_value);
if ($url !== '') {
$clean = $url;
}
break;
case $field_def['type'] === 'upload' && $meta_key === self::$meta_prefix . 'opengraph-image':
// Validate as url.
$url = YMBESEO_Utils::sanitize_url($meta_value, array('http', 'https', 'ftp', 'ftps'));
if ($url !== '') {
$clean = $url;
}
break;
case $field_def['type'] === 'textarea':
if (is_string($meta_value)) {
// Remove line breaks and tabs.
// @todo [JRF => Yoast] verify that line breaks and the likes aren't allowed/recommended in meta header fields.
$meta_value = str_replace(array("\n", "\r", "\t", ' '), ' ', $meta_value);
$clean = YMBESEO_Utils::sanitize_text_field(trim($meta_value));
}
break;
case 'multiselect' === $field_def['type']:
$clean = $meta_value;
break;
case $field_def['type'] === 'text':
default:
if (is_string($meta_value)) {
$clean = YMBESEO_Utils::sanitize_text_field(trim($meta_value));
}
break;
}
$clean = apply_filters('YMBESEO_sanitize_post_meta_' . $meta_key, $clean, $meta_value, $field_def, $meta_key);
return $clean;
}
/**
* Validate the option
*
* @param array $dirty New value for the option.
* @param array $clean Clean value for the option, normally the defaults.
* @param array $old Old value of the option.
*
* @return array Validated clean value for the option to be saved to the database
*/
protected function validate_option($dirty, $clean, $old)
{
foreach ($clean as $key => $value) {
switch ($key) {
case 'access':
if (isset($dirty[$key]) && in_array($dirty[$key], self::$allowed_access_options, true)) {
$clean[$key] = $dirty[$key];
} elseif (function_exists('add_settings_error')) {
add_settings_error($this->group_name, '_' . $key, sprintf(__('%1$s is not a valid choice for who should be allowed access to the %2$s settings. Value reset to the default.', 'ymbeseo'), esc_html(sanitize_text_field($dirty[$key])), 'Yoast SEO'), 'error');
}
break;
case 'defaultblog':
if (isset($dirty[$key]) && ($dirty[$key] !== '' && $dirty[$key] !== '-')) {
$int = YMBESEO_Utils::validate_int($dirty[$key]);
if ($int !== false && $int > 0) {
// Check if a valid blog number has been received.
$exists = get_blog_details($int, false);
if ($exists && $exists->deleted == 0) {
$clean[$key] = $int;
} elseif (function_exists('add_settings_error')) {
add_settings_error($this->group_name, '_' . $key, esc_html__('The default blog setting must be the numeric blog id of the blog you want to use as default.', 'ymbeseo') . '<br>' . sprintf(esc_html__('This must be an existing blog. Blog %s does not exist or has been marked as deleted.', 'ymbeseo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'), 'error');
}
unset($exists);
} elseif (function_exists('add_settings_error')) {
add_settings_error($this->group_name, '_' . $key, esc_html__('The default blog setting must be the numeric blog id of the blog you want to use as default.', 'ymbeseo') . '<br>' . esc_html__('No numeric value was received.', 'ymbeseo'), 'error');
}
unset($int);
}
break;
default:
$clean[$key] = isset($dirty[$key]) ? YMBESEO_Utils::validate_bool($dirty[$key]) : false;
break;
}
}
return $clean;
}
}
$yform = Yoast_Form::get_instance();
$options = get_site_option('YMBESEO_ms');
if (isset($_POST['YMBESEO_submit'])) {
check_admin_referer('wpseo-network-settings');
foreach (array('access', 'defaultblog') as $opt) {
$options[$opt] = $_POST['YMBESEO_ms'][$opt];
}
unset($opt);
YMBESEO_Options::update_site_option('YMBESEO_ms', $options);
add_settings_error('YMBESEO_ms', 'settings_updated', __('Settings Updated.', 'ymbeseo'), 'updated');
}
if (isset($_POST['YMBESEO_restore_blog'])) {
check_admin_referer('wpseo-network-restore');
if (isset($_POST['YMBESEO_ms']['restoreblog']) && is_numeric($_POST['YMBESEO_ms']['restoreblog'])) {
$restoreblog = (int) YMBESEO_Utils::validate_int($_POST['YMBESEO_ms']['restoreblog']);
$blog = get_blog_details($restoreblog);
if ($blog) {
YMBESEO_Options::reset_ms_blog($restoreblog);
add_settings_error('YMBESEO_ms', 'settings_updated', sprintf(__('%s restored to default SEO settings.', 'ymbeseo'), esc_html($blog->blogname)), 'updated');
} else {
add_settings_error('YMBESEO_ms', 'settings_updated', sprintf(__('Blog %s not found.', 'ymbeseo'), esc_html($restoreblog)), 'error');
}
unset($restoreblog, $blog);
}
}
/* Set up selectbox dropdowns for smaller networks (usability) */
$use_dropdown = true;
if (get_blog_count() > 100) {
$use_dropdown = false;
} else {
/**
* Validate a value as integer
*
* @deprecated 1.5.6.1
* @deprecated use YMBESEO_Utils::validate_int()
* @see YMBESEO_Utils::validate_int()
*
* @static
*
* @param mixed $value
*
* @return mixed int or false in case of failure to convert to int
*/
public static function validate_int($value)
{
_deprecated_function(__FUNCTION__, 'WPSEO 1.5.6.1', 'YMBESEO_Utils::validate_int()');
return YMBESEO_Utils::validate_int($value);
}
/**
* Validate the option
*
* @param array $dirty New value for the option.
* @param array $clean Clean value for the option, normally the defaults.
* @param array $old Old value of the option.
*
* @return array Validated clean value for the option to be saved to the database
*/
protected function validate_option($dirty, $clean, $old)
{
foreach ($clean as $key => $value) {
$switch_key = $this->get_switch_key($key);
switch ($switch_key) {
/* integer fields */
case 'entries-per-page':
/**
* @todo [JRF/JRF => Yoast] add some more rules (minimum 50 or something
* - what should be the guideline?) and adjust error message
*/
if (isset($dirty[$key]) && $dirty[$key] !== '') {
$int = YMBESEO_Utils::validate_int($dirty[$key]);
if ($int !== false && $int > 0) {
$clean[$key] = $int;
} else {
if (isset($old[$key]) && $old[$key] !== '') {
$int = YMBESEO_Utils::validate_int($old[$key]);
if ($int !== false && $int > 0) {
$clean[$key] = $int;
}
}
if (function_exists('add_settings_error')) {
add_settings_error($this->group_name, '_' . $key, sprintf(__('"Max entries per sitemap page" should be a positive number, which %s is not. Please correct.', 'ymbeseo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'), 'error');
}
}
unset($int);
}
break;
case 'excluded-posts':
if (isset($dirty[$key]) && $dirty[$key] !== '') {
if ($filtered_array = filter_var_array(explode(',', $dirty[$key]), FILTER_VALIDATE_INT)) {
$clean[$key] = implode(',', array_filter($filtered_array, 'is_integer'));
unset($filtered_array);
}
}
break;
/*
Boolean fields
*/
/*
Covers:
* 'disable_author_sitemap':
* 'disable_author_noposts':
* 'enablexmlsitemap':
* 'user_role-':
* 'user_role' . $role_name . '-not_in_sitemap' fields
* 'post_types-':
* 'post_types-' . $pt->name . '-not_in_sitemap' fields
* 'taxonomies-':
* 'taxonomies-' . $tax->name . '-not_in_sitemap' fields
*/
/*
Boolean fields
*/
/*
Covers:
* 'disable_author_sitemap':
* 'disable_author_noposts':
* 'enablexmlsitemap':
* 'user_role-':
* 'user_role' . $role_name . '-not_in_sitemap' fields
* 'post_types-':
* 'post_types-' . $pt->name . '-not_in_sitemap' fields
* 'taxonomies-':
* 'taxonomies-' . $tax->name . '-not_in_sitemap' fields
*/
default:
$clean[$key] = isset($dirty[$key]) ? YMBESEO_Utils::validate_bool($dirty[$key]) : false;
break;
}
}
return $clean;
}