/**
* Allow only certain tags and attributes in a string.
*/
function weaverx_cz_sanitize_css($string)
{
return weaverx_filter_code($string);
}
function weaverx_validate_all_options($in)
{
/* validation for all options */
$err_msg = '';
// no error message yet
if (empty($in)) {
wp_die(__('You attempted to save options, but something has gone wrong. Please be sure you are logged in and your host is correctly configured. See the "Weaver Doesn\'t Save Settings" FAQ on weavertheme.com.', 'weaver-xtreme'));
}
if (!current_user_can('edit_theme_options')) {
wp_die(__('You do not have sufficient permissions to manage options for this site.', 'weaver-xtreme'));
}
$wvr_last = '';
foreach ($in as $key => $value) {
switch ($key) {
/* -------- integer -------- */
case 'excerpt_length':
if (!empty($value) && (!is_numeric($value) || !is_int((int) $value))) {
$opt_id = str_replace('', '', $key);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= __('Option must be an integer value: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '".' . __(' Value has been cleared to blank value', 'weaver-xtreme') . '<br />';
$in[$key] = '';
}
break;
/* ---------- text ----------- */
/* ---------- text ----------- */
case 'excerpt_more_msg':
case 'header_maxwidth':
if (!empty($value)) {
$in[$key] = weaverx_filter_textarea($value);
}
break;
case 'themename':
// can't be empty!
if (empty($value)) {
$in[$key] = 'please-give-this-a-name';
} else {
$in[$key] = weaverx_filter_textarea($value);
}
break;
/* code */
/* code */
case 'copyright':
// Alternate copyright
// Alternate copyright
case '_css_rows':
if (!empty($value)) {
$in[$key] = weaverx_filter_code($value);
}
break;
case '_perpagewidgets':
// Add widget areas for per page - names must be lower case
if (!empty($value)) {
$in[$key] = strtolower(str_ireplace(' ', '', weaverx_filter_code($value)));
}
break;
case '_althead_opts':
case 'head_opts':
if (!empty($value)) {
$in[$key] = weaverx_filter_head($value);
}
break;
case 'wvrx_css_saved':
if (!empty($value)) {
$in[$key] = weaverx_filter_code($value);
//$in[$key] = wp_filter_post_kses( trim(stripslashes($value)) );
}
break;
/* must not have <style .... </style> */
/* must not have <style .... </style> */
case 'add_css':
// Add CSS Rules to Weaver Xtreme's style rules
if (!empty($value)) {
$val = weaverx_filter_code($value);
$in[$key] = $val;
if (stripos($val, '<style') !== false || stripos($val, '</style') !== false || stripos($val, '<script') !== false || stripos($val, '</script') !== false) {
$err_msg .= __('<style> or <script> tags have been automatically stripped from your "Add CSS Rules"!', 'weaver-xtreme') . ' ' . __('Please correct your entry.', 'weaver-xtreme') . '<br />';
$in[$key] = wp_filter_post_kses(trim(stripslashes($val)));
}
}
break;
case '_fonts_google':
$in[$key] = $value;
break;
case 'last_option':
// check for last_option...
if (!empty($value)) {
$wvr_last = $value;
}
break;
default:
/* to here, then colors, _css, or checkbox/selectors */
$keylen = strlen($key);
if (strrpos($key, '_css') == $keylen - 4) {
// all _css settings
if (!empty($value)) {
$val = weaverx_filter_code($value);
if (stripos($val, '<style') !== false || stripos($val, '</style') !== false || stripos($val, '<script') !== false || stripos($val, '</script') !== false) {
$err_msg .= __('<style> or <script> tags have been automatically stripped from your CSS+ rules,', 'weaver-xtreme') . ' ' . __('Please correct your entry.', 'weaver-xtreme') . '<br />';
$val = wp_filter_post_kses(trim($val));
}
$in[$key] = $val;
if (strpos($val, '{') === false || strpos($val, '}') === false) {
$opt_id = str_replace('_css', '', $key);
// kill _css
$opt_id = str_replace('', '', $opt_id);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= __('CSS options must be enclosed in {}\'s: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '". ' . __('Please correct your entry.', 'weaver-xtreme') . '<br />';
}
}
break;
}
// _css
if (strrpos($key, '_insert') == $keylen - 7) {
// all _insert settings
if (!empty($value)) {
$val = weaverx_filter_code($value);
$in[$key] = $val;
}
break;
}
// _insert
if (strrpos($key, '_url') == $keylen - 4) {
// all _url settings
if (!empty($value)) {
$val = weaverx_filter_code($value);
// can't use esc_url because that forces a leading html{background-image: url(%template_directory%assets/images/addon_themes.png);}
$in[$key] = $val;
}
break;
}
// _insert
if (strrpos($key, '_dec') == $keylen - 4) {
if (!empty($value) && !is_numeric($value)) {
$opt_id = str_replace('', '', $key);
$opt_id = str_replace('_dec', '', $opt_id);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= __('Option must be a numeric value: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '". ' . __('Value has been cleared to blank value.', 'weaver-xtreme') . '<br />';
$in[$key] = '';
}
break;
}
if (strrpos($key, '_int') == $keylen - 4 || strrpos($key, '_X') == $keylen - 2 || strrpos($key, '_Y') == $keylen - 2 || strrpos($key, '_L') == $keylen - 2 || strrpos($key, '_R') == $keylen - 2 || strrpos($key, '_T') == $keylen - 2 || strrpos($key, '_B') == $keylen - 2) {
if (!empty($value) && (!is_numeric($value) || !is_int((int) $value))) {
$opt_id = str_replace('', '', $key);
$opt_id = str_replace('_int', '', $opt_id);
$opt_id = str_replace('_', ' ', $opt_id);
$err_msg .= __('Option must be a numeric value: ', 'weaver-xtreme') . '"' . $opt_id . '" = "' . $value . '". ' . __('Value has been cleared to blank value.', 'weaver-xtreme') . '<br />';
$in[$key] = '';
}
break;
}
if (strrpos($key, 'color') == $keylen - 5) {
// _bgcolor and _color (order here important - after _css, etc.)
if (!empty($value)) {
$val = trim(weaverx_filter_code($value));
if (preg_match('/^#?+[0-9a-f]{3}(?:[0-9a-f]{3})?$/i', $val)) {
// hex value
$val = strtoupper($val);
// force hex values to upper case, just to be tidy
if ($val[0] != '#') {
$val = '#' . $val;
}
$in[$key] = $val;
} else {
if (preg_match("/^([a-zA-Z])+\$/i", $val)) {
// name - all letters
$in[$key] = $val;
} else {
// only legal things left are rgb and rgba
$isrgb = strpos($val, 'rgb');
$ishsa = strpos($val, 'hsl');
if ($isrgb === false && $ishsa === false) {
if ($value == ' ') {
$in[$key] = '';
} else {
$err_msg .= __('Color must be a valid # hex value, rgb value, or color name (a-z): ', 'weaver-xtreme') . '"' . $key . '" = "' . bin2hex($value) . '". ' . __('Value has been cleared to blank value.', 'weaver-xtreme') . '<br />';
}
$in[$key] = '';
} else {
$in[$key] = $val;
}
}
}
}
break;
}
if (!empty($value) && is_string($value) && !is_numeric($value)) {
$in[$key] = weaverx_filter_textarea($value);
}
break;
}
}
if (false && $wvr_last != 'Weaver Xtreme') {
$err_msg .= __('Warning - your host may be configured to limit how many input var options you are allowed to pass via PHP.
Unfortunately, this means your settings may not be saved correctly. See the "Weaver II Doesn\'t Save Settings" FAQ on weavertheme.com.<br />', 'weaver-xtreme');
}
if (!empty($err_msg)) {
add_settings_error('weaverx_settings', 'settings_error', $err_msg, 'error');
} else {
add_settings_error('weaverx_settings', 'settings_updated', __('Weaver Xtreme Settings Saved.', 'weaver-xtreme'), 'updated');
}
return $in;
}
function weaverx_filter_textarea($text)
{
// virtually all option text input from Weaver Xtreme can be code, and thus must not be
// content filtered. Treat like code for now....
return weaverx_filter_code($text);
}
