Exemplo n.º 1
0
function wppb_sanitize_inputs($input = '')
{
    // Grab from POST
    if ('' == $input) {
        $input = $_POST;
    }
    // If no data loaded, then grab from database (presumably because on initial page load instead of loading via AJAX)
    if ('' == $input) {
        $input = get_option(WPPB_DESIGNER_SETTINGS);
    }
    // Processing entire POST to array with errors (replaced later with correct values - used for debugging purposes)
    foreach (wppb_ajax_option_get() as $option) {
        if (isset($input[$option])) {
            $wppb_design_settings[$option] = 'Sanitization error!';
        }
    }
    // Sanitizing CSS
    if (isset($input['add_custom_css'])) {
        $wppb_design_settings['add_custom_css'] = pixopoint_validate_css($input['add_custom_css']);
    }
    // Sanitizing CSS
    // Sanitizing the added custom CSS (only one option for this so need for accessing from array)
    if (empty($wppb_design_settings['add_custom_css'])) {
        $wppb_design_settings['add_custom_css'] = '';
    }
    if (isset($input['add_custom_css'])) {
        $wppb_design_settings['add_custom_css'] = pixopoint_validate_css($input['add_custom_css']);
    }
    // Sanitizing font size options
    foreach (wppb_fontsize_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if (is_numeric($input[$opt])) {
            if ($input[$opt] > 4 && $input[$opt] < 120) {
                $wppb_design_settings[$opt] = $input[$opt];
            } else {
                $wppb_design_settings[$opt] = '12';
            }
        }
    }
    // Sanitizing Font family options
    foreach (wppb_fontfamily_options() as $stuff => $opt) {
        // Loop through all variations
        foreach (wppb_font_family() as $variation) {
            if (!isset($input[$opt])) {
                $input[$opt] = '';
            }
            // Correcting escaped characters
            $input[$opt] = str_replace("\\'", "'", $input[$opt]);
            // Setting option if matches possible variation
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // If no variation selected, then default to helvetica
        if ('' == $input[$opt]) {
            $wppb_design_settings[$opt] = "'Helvetica Neue', Arial, Helvetica, 'Nimbus Sans L', sans-serif";
        }
    }
    // Sanitizing colour options
    foreach (wppb_colour_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        $wppb_design_settings[$opt] = wppb_sanitize_hex_colour($input[$opt]);
    }
    // Sanitizing image options
    foreach (wppb_image_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        $image_location_initial = explode('/', $input[$opt]);
        $image_location_final[0] = sanitize_file_name($image_location_initial[0]);
        if (isset($image_location_initial[1])) {
            $image_location_final[1] = sanitize_file_name($image_location_initial[1]);
        }
        $wppb_design_settings[$opt] = implode('/', $image_location_final);
        if ('/' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = '';
        }
    }
    // Sanitizing image tiling options
    foreach (wppb_imagetiling_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Loop through all variations
        foreach (wppb_imagetiling_variations() as $variation => $text) {
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // If no variation selected, then default to "repeat"
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'repeat';
        }
    }
    // Sanitizing Small-caps options
    foreach (wppb_smallcaps_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Loop through all variations
        foreach (wppb_smallcaps_variations() as $variation => $text) {
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        // If no variation selected, then default to "repeat"
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'normal';
        }
    }
    // Sanitizing font weight options
    foreach (wppb_fontweight_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if ('bold' == $input[$opt]) {
            $wppb_design_settings[$opt] = 'bold';
        } elseif ('inherit' == $input[$opt]) {
            $wppb_design_settings[$opt] = 'inherit';
        } else {
            $wppb_design_settings[$opt] = 'normal';
        }
    }
    // Sanitizing text decoration options
    foreach (wppb_textdecoration_options() as $stuff => $opt) {
        // Loop through all variations
        foreach (wppb_textdecoration_variations() as $variation) {
            if (!isset($input[$opt])) {
                $input[$opt] = '';
            }
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // Inherit variation is only present for some options
        if ($input[$opt] == 'inherit') {
            $wppb_design_settings[$opt] = $input[$opt];
        }
        // If no variation selected, then default to "repeat"
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'none';
        }
    }
    // Sanitizing big numbers options
    foreach (wppb_bignumbers_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if (is_numeric($input[$opt])) {
            if ($input[$opt] > -0.001 and $input[$opt] < 1600) {
                $wppb_design_settings[$opt] = $input[$opt];
            } else {
                $wppb_design_settings[$opt] = '600';
            }
        }
    }
    // Sanitizing little numbers options
    foreach (wppb_littlenumbers_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if (is_numeric($input[$opt])) {
            if ($input[$opt] > 0 and $input[$opt] < 100) {
                $wppb_design_settings[$opt] = $input[$opt];
            } else {
                $wppb_design_settings[$opt] = '0';
            }
        }
    }
    // Sanitizing shadow coordinate options
    foreach (wppb_shadow_coordinates_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if (is_numeric($input[$opt])) {
            if ($input[$opt] > -0.001 and $input[$opt] < 40) {
                $wppb_design_settings[$opt] = $input[$opt];
            } else {
                $wppb_design_settings[$opt] = '0';
            }
        }
    }
    // Sanitizing opacity options
    foreach (wppb_opacity_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if (is_numeric($input[$opt])) {
            if ($input[$opt] > 0 and $input[$opt] < 1.00001) {
                $wppb_design_settings[$opt] = $input[$opt];
            } else {
                $wppb_design_settings[$opt] = '1';
            }
        }
    }
    // Sanitizing display options
    foreach (wppb_display_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = 'none';
        }
        if ($input[$opt] == 'on' || $input[$opt] == 'block') {
            $wppb_design_settings[$opt] = 'block';
        } else {
            $wppb_design_settings[$opt] = 'none';
        }
    }
    // Sanitizing centered options
    foreach (wppb_centered_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Loop through all variations
        foreach (wppb_alignment_variations() as $variation) {
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // If no variation selected, then default to "repeat"
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'none';
        }
    }
    // Sanitizing alignment options
    foreach (wppb_alignment_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Loop through all variations
        foreach (wppb_alignment_variations() as $variation) {
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // If no variation selected, then default to "none"
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'none';
        }
    }
    // Sanitizing Text transform options
    foreach (wppb_texttransform_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Loop through all variations
        foreach (wppb_texttransform_variations() as $variation) {
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // If no variation selected, then default to "none"
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'none';
        }
    }
    // Sanitizing border type options
    foreach (wppb_bordertype_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Loop through all variations
        foreach (wppb_bordertype_variations() as $variation) {
            if ($input[$opt] == $variation) {
                $wppb_design_settings[$opt] = $input[$opt];
            }
        }
        // If no variation selected, then default to "solid"
        if (!isset($wppb_design_settings[$opt])) {
            $wppb_design_settings[$opt] = '';
        }
        if ('' == $wppb_design_settings[$opt]) {
            $wppb_design_settings[$opt] = 'solid';
        }
    }
    // Sanitizing font style options
    foreach (wppb_fontstyle_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        if ('normal' == $input[$opt] || 'italic' == $input[$opt] || 'inherit' == $input[$opt]) {
            $wppb_design_settings[$opt] = $input[$opt];
        } else {
            $wppb_design_settings[$opt] = 'normal';
        }
    }
    // Sanitizing raw text options
    foreach (wppb_rawtext_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Allows some HTML, and converts quote marks to ensure they don't screw up quote marks in input fields
        $wppb_design_settings[$opt] = str_replace("'", '"', wp_kses($input[$opt], pixopoint_limited_html(), ''));
    }
    // Sanitizing raw text options
    foreach (wppb_rawhtml_options() as $stuff => $opt) {
        if (!isset($input[$opt])) {
            $input[$opt] = '';
        }
        // Allows some HTML, and converts quote marks to ensure they don't screw up quote marks in input fields
        $wppb_design_settings[$opt] = wp_kses($input[$opt], pixopoint_allowed_html(), '');
    }
    return $wppb_design_settings;
}
Exemplo n.º 2
0
/**
 * Sanitize and validate input
 * Accepts an array, returns a sanitized array
 * @since 0.1
 */
function wppb_settings_options_validate($input)
{
    // Sanitize checkboxes
    $checkboxes = array('support_primarymenu', 'support_secondarymenu', 'support_hardcrop_postthumbnails');
    foreach ($checkboxes as $thingy) {
        if (!isset($input[$thingy])) {
            $input[$thingy] = '';
        }
        $output[$thingy] = wppb_validate_checkboxes($input[$thingy]);
    }
    // Sanitize template markup
    $template = array('header', 'footer', 'index', 'front_page', 'home', 'page', 'page_template_1', 'page_template_2', 'single', 'comments');
    foreach ($template as $thingy) {
        if (!isset($input[$thingy])) {
            $input[$thingy] = '';
        }
        $output[$thingy] = wp_kses($input[$thingy], pixopoint_allowed_html(), '');
    }
    // Sanitize widget settings
    foreach (wppb_settings_widgets_array() as $number) {
        if (!isset($input['name_widget' . $number])) {
            $input['name_widget' . $number] = '';
        }
        $output['name_widget' . $number] = wp_kses($input['name_widget' . $number], '', '');
        if (!isset($input['before_widget' . $number])) {
            $input['before_widget' . $number] = '';
        }
        $output['before_widget' . $number] = wp_kses($input['before_widget' . $number], pixopoint_allowed_html(), '');
        if (!isset($input['after_widget' . $number])) {
            $input['after_widget' . $number] = '';
        }
        $output['after_widget' . $number] = wp_kses($input['after_widget' . $number], pixopoint_allowed_html(), '');
        if (!isset($input['before_title' . $number])) {
            $input['before_title' . $number] = '';
        }
        $output['before_title' . $number] = wp_kses($input['before_title' . $number], pixopoint_allowed_html(), '');
        if (!isset($input['after_title' . $number])) {
            $input['after_title' . $number] = '';
        }
        $output['after_title' . $number] = wp_kses($input['after_title' . $number], pixopoint_allowed_html(), '');
        if (!isset($input['show_widget' . $number])) {
            $input['show_widget' . $number] = '';
        }
        $output['show_widget' . $number] = wppb_validate_checkboxes($input['show_widget' . $number]);
    }
    // Sanitize numbers
    if (!isset($input['support_width_postthumbnails'])) {
        $input['support_width_postthumbnails'] = '';
    }
    if (is_numeric($input['support_width_postthumbnails'])) {
        $output['support_width_postthumbnails'] = intval($input['support_width_postthumbnails']);
    }
    if (!isset($input['support_height_postthumbnails'])) {
        $input['support_height_postthumbnails'] = '';
    }
    if (is_numeric($input['support_height_postthumbnails'])) {
        $output['support_height_postthumbnails'] = intval($input['support_height_postthumbnails']);
    }
    if (!isset($input['version'])) {
        $input['version'] = '';
    }
    if (is_numeric($input['version'])) {
        $output['version'] = intval($input['version']);
    }
    // Sanitize thumbnail information
    foreach (wppb_settings_thumbs_array() as $number) {
        // Setting variables
        if (!isset($input['support_name_postthumbnails' . $number])) {
            $input['support_name_postthumbnails' . $number] = '';
        }
        $output['support_name_postthumbnails' . $number] = wp_kses($input['support_name_postthumbnails' . $number], '', '');
        if (!isset($input['support_width_postthumbnails' . $number])) {
            $input['support_width_postthumbnails' . $number] = '';
        }
        if (is_numeric($input['support_width_postthumbnails' . $number])) {
            $output['support_width_postthumbnails' . $number] = $input['support_width_postthumbnails' . $number];
        }
        if (!isset($input['support_height_postthumbnails' . $number])) {
            $input['support_height_postthumbnails' . $number] = '';
        }
        if (is_numeric($input['support_height_postthumbnails' . $number])) {
            $output['support_height_postthumbnails' . $number] = $input['support_height_postthumbnails' . $number];
        }
        if (!isset($input['support_hardcrop_postthumbnails' . $number])) {
            $input['support_hardcrop_postthumbnails' . $number] = '';
        }
        if ('on' == $input['support_hardcrop_postthumbnails' . $number]) {
            $output['support_hardcrop_postthumbnails' . $number] = $input['support_hardcrop_postthumbnails' . $number];
        }
    }
    // Sanitize CSS
    $output['css'] = pixopoint_validate_css($input['css']);
    // Support for plain strings instead of arrays
    if (!is_array($input)) {
        $output = wp_kses($input, pixopoint_allowed_html(), '');
    }
    // Finally - return the santised output
    return $output;
}