function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = sanitize_text_field($new_instance['title']); $instance['adsenseCode'] = wp_filter_post_kses(addslashes($new_instance['adsenseCode'])); return $instance; }
/** * Runs options through filter prior to saving * @param array $options the options array * @return array sanitized options array */ function validate($options) { //add slashes to JS selectors $js = array('nextSelector', 'navSelector', 'itemSelector', 'contentSelector'); foreach ($js as $field) { if (!isset($options[$field])) { continue; } $options[$field] = addslashes($options[$field]); } //force post-style kses on messages foreach (array('finishedMsg', 'msgText') as $field) { if (!isset($options['loading'][$field])) { continue; } // wp_filter_post_kses will add slashes to something like "you've" -> "you\'ve" but not added slashes to other slashes // Escaping the slashes and then stripping them, gets past this problem and allows preservation of intentionally inserted slashes $options['loading'][$field] = stripslashes(wp_filter_post_kses(addslashes($options['loading'][$field]))); } //handle image resets if (isset($_POST['reset_default_image'])) { $options["loading"]['img'] = $this->defaults["loading"]['img']; } //pull existing image if none is given if (empty($options["loading"]['img'])) { $options["loading"]['img'] = $this->loading["img"]; } // force `debug` to be a bool $options["debug"] = (bool) $options["debug"]; return apply_filters($this->parent->prefix . 'options_validate', $options); }
function saga_save_theme_settings() { global $pagenow; $settings = get_option("saga_theme_settings"); if ($pagenow == 'themes.php' && $_GET['page'] == 'theme-settings') { if (isset($_GET['tab'])) { $tab = $_GET['tab']; } else { $tab = 'homepage'; } switch ($tab) { case 'general': $settings['saga_tag_class'] = $_POST['saga_tag_class']; $settings['saga_deal_week'] = $_POST['saga_deal_week']; $settings['saga_deal_week_name'] = $_POST['saga_deal_week_name']; $settings['saga_deal_week_link'] = $_POST['saga_deal_week_link']; $settings['saga_post_gallery'] = $_POST['saga_post_gallery']; break; case 'footer': $settings['saga_ga'] = $_POST['saga_ga']; break; } } if (!current_user_can('unfiltered_html')) { if ($settings['saga_ga']) { $settings['saga_ga'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['saga_ga']))); } if ($settings['saga_intro']) { $settings['saga_intro'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['saga_intro']))); } } $updated = update_option("saga_theme_settings", $settings); }
function widget($args, $instance) { $account = trim(urlencode($instance['account'])); /** * After Twitter disables v1 API calls, show a message to admins/theme managers only that they can show Tweets using a different widget. */ if (time() >= $this->twitter_v1_shutdown) { if (current_user_can('edit_theme_options')) { $title = apply_filters('widget_title', $instance['title']); if (empty($title)) { $title = __('Twitter Updates', 'jetpack'); } echo $args['before_widget']; echo "{$args['before_title']}<a href='" . esc_url("http://twitter.com/{$account}") . "'>" . esc_html($title) . "</a>{$args['after_title']}"; echo '<p>' . sprintf(__('Due to changes with how we interact with Twitter, this widget can no longer display Tweets. Please switch to the <a href="%s">Twitter Timeline</a> widget instead.', 'jetpack'), admin_url('widgets.php')) . '</p>'; echo $args['after_widget']; } return; } if (empty($account)) { if (current_user_can('edit_theme_options')) { echo $args['before_widget']; echo '<p>' . sprintf(__('Please configure your Twitter username for the <a href="%s">Twitter Widget</a>.', 'jetpack'), admin_url('widgets.php')) . '</p>'; echo $args['after_widget']; } return; } $title = apply_filters('widget_title', $instance['title']); if (empty($title)) { $title = __('Twitter Updates', 'jetpack'); } $show = absint($instance['show']); // # of Updates to show if ($show > 200) { // Twitter paginates at 200 max tweets. update() should not have accepted greater than 20 $show = 200; } $hidereplies = (bool) $instance['hidereplies']; $hidepublicized = (bool) $instance['hidepublicized']; $include_retweets = (bool) $instance['includeretweets']; $follow_button = (bool) $instance['followbutton']; echo "{$args['before_widget']}{$args['before_title']}<a href='" . esc_url("http://twitter.com/{$account}") . "'>" . esc_html($title) . "</a>{$args['after_title']}"; $tweets = $this->fetch_twitter_user_stream($account, $hidereplies, $show, $include_retweets); if (isset($tweets['error']) && (isset($tweets['data']) && !empty($tweets['data']))) { $tweets['error'] = ''; } if (empty($tweets['error'])) { $before_tweet = isset($instance['beforetweet']) ? stripslashes(wp_filter_post_kses($instance['beforetweet'])) : ''; $before_timesince = isset($instance['beforetimesince']) && !empty($instance['beforetimesince']) ? esc_html($instance['beforetimesince']) : ' '; $this->display_tweets($show, $tweets['data'], $hidepublicized, $before_tweet, $before_timesince, $account); if ($follow_button) { $this->display_follow_button($account); } add_action('wp_footer', array($this, 'twitter_widget_script')); } else { echo $tweets['error']; } echo $args['after_widget']; do_action('jetpack_bump_stats_extras', 'widget', 'twitter'); }
function update($new_instance, $old_instance) { $instance = $old_instance; $instance['logoImagePath'] = sanitize_text_field($new_instance['logoImagePath']); $instance['textInfo'] = current_user_can('unfiltered_html') ? $new_instance['textInfo'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['textInfo']))); return $instance; }
/** * Updates the widget control options for the particular instance of the widget. * * @since 0.0.1 */ function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = strip_tags($new_instance['title']); $instance['title_url'] = esc_url($new_instance['title_url']); $instance['offset'] = (int) $new_instance['offset']; $instance['limit'] = (int) $new_instance['limit']; $instance['ignore_sticky'] = isset($new_instance['ignore_sticky']) ? (bool) $new_instance['ignore_sticky'] : 0; $instance['post_type'] = esc_attr($new_instance['post_type']); $instance['post_status'] = esc_attr($new_instance['post_status']); $instance['taxonomy'] = esc_attr($new_instance['taxonomy']); $instance['cat'] = $new_instance['cat']; $instance['tag'] = $new_instance['tag']; $instance['thumbnail'] = isset($new_instance['thumbnail']) ? (bool) $new_instance['thumbnail'] : false; $instance['thumbnail_size'] = esc_attr($new_instance['thumbnail_size']); $instance['thumbnail_align'] = esc_attr($new_instance['thumbnail_align']); $instance['thumbnail_custom'] = isset($new_instance['thumbnail_custom']) ? (bool) $new_instance['thumbnail_custom'] : false; $instance['thumbnail_width'] = (int) $new_instance['thumbnail_width']; $instance['thumbnail_height'] = (int) $new_instance['thumbnail_height']; $instance['excerpt'] = isset($new_instance['excerpt']) ? (bool) $new_instance['excerpt'] : false; $instance['excerpt_length'] = (int) $new_instance['excerpt_length']; $instance['date'] = isset($new_instance['date']) ? (bool) $new_instance['date'] : false; $instance['date_relative'] = isset($new_instance['date_relative']) ? (bool) $new_instance['date_relative'] : false; $instance['css_class'] = sanitize_html_class($new_instance['css_class']); $instance['before'] = wp_filter_post_kses($new_instance['before']); $instance['after'] = wp_filter_post_kses($new_instance['after']); return $instance; }
function dashboard_notepad_widget() { $options = dashboard_notepad_widget_options(); if (!empty($_POST['dashboard_notepad_submit'])) { if (current_user_can('unfiltered_html')) { $options['notes'] = stripslashes($_POST['dashboard_notepad']); } else { $options['notes'] = stripslashes(wp_filter_post_kses($_POST['dashboard_notepad'])); } update_option('dashboard_notepad', $options); } else { $dashboard_notepad = htmlspecialchars($options['notes'], ENT_QUOTES); } $form = '<form method="post" action="' . admin_url() . '">'; $form .= '<textarea id="dashboard_notepad" name="dashboard_notepad" rows="' . (int) $options['notepad_size'] . '"'; if (!current_user_can('edit_dashboard_notes')) { $form .= ' readonly="readonly"'; } $form .= '>' . $options['notes'] . '</textarea>'; if (current_user_can('edit_dashboard_notes')) { $form .= '<p><input type="submit" value="' . __('Save Notes', 'dashboard-notepad') . '" class="button widget-control-save"></p> <input type="hidden" name="dashboard_notepad_submit" value="true" />'; } $form .= '</form>'; echo $form; }
function pod_info_save_theme_settings() { global $pagenow; $settings = get_option("pod_info_theme_settings"); if ($pagenow == 'themes.php' && $_GET['page'] == 'theme-information') { if (isset($_GET['tab'])) { $tab = $_GET['tab']; } else { $tab = 'whatsnew'; } switch ($tab) { case 'documentation': $settings['pod_info_docs'] = $_POST['pod_info_docs']; break; case 'support': $settings['pod_info_support'] = $_POST['pod_info_support']; break; case 'changelog': $settings['pod_info_chlog'] = $_POST['pod_info_chlog']; break; case 'whatsnew': $settings['pod_info_intro'] = $_POST['pod_info_intro']; break; } } if (!current_user_can('unfiltered_html')) { if ($settings['pod_info_ga']) { $settings['pod_info_ga'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['pod_info_ga']))); } if ($settings['pod_info_intro']) { $settings['pod_info_intro'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['pod_info_intro']))); } } $updated = update_option("pod_info_theme_settings", $settings); }
/** * Runs options through filter prior to saving * @param array $options the options array * @return array sanitized options array */ function validate($options) { //add slashes to JS selectors $js = array('nextSelector', 'navSelector', 'itemSelector', 'contentSelector', 'callback'); foreach ($js as $field) { if (!isset($options[$field])) { continue; } $options[$field] = addslashes($options[$field]); } //force post-style kses on messages foreach (array('finishedMsg', 'msgText') as $field) { if (!isset($options['loading'][$field])) { continue; } $options['loading'][$field] = wp_filter_post_kses($options['loading'][$field]); } //handle image resets if (isset($_POST['reset_default_image'])) { $options['img'] = $this->defaults['img']; } //pull existing image if none is given if (empty($options['img'])) { $options['img'] = $this->img; } return apply_filters($this->parent->prefix . 'options_validate', $options); }
public function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = strip_tags($new_instance['title']); $instance['skype_id'] = trim(strip_tags(stripslashes($new_instance['skype_id']))); $instance['user_name'] = trim(strip_tags(stripslashes($new_instance['user_name']))); if (current_user_can('unfiltered_html')) { $instance['before'] = $new_instance['before']; $instance['after'] = $new_instance['after']; } else { $instance['before'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['before']))); // wp_filter_post_kses() expects slashed $instance['after'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['after']))); // wp_filter_post_kses() expects slashed } if ($new_instance['button_theme'] != '') { // then get template file content to load into db $instance['button_template'] = stripslashes(Skype_Online_Status::get_template_file($new_instance['button_theme'])); } else { $instance['button_template'] = ''; } $instance['button_theme'] = stripslashes($new_instance['button_theme']); $instance['use_voicemail'] = $new_instance['use_voicemail']; return $instance; }
/** * Widget Update method * @param <array> $new_instance * @param <array> $old_instance * @return <array> */ function update($new_instance, $old_instance) { global $intelliwidget; $textfields = $this->get_text_fields(); foreach ($new_instance as $name => $value) { // special handling for text inputs if (in_array($name, $textfields)) { if (current_user_can('unfiltered_html')) { $old_instance[$name] = $value; } else { // raw html parser/cleaner-upper: see WP docs re: KSES $old_instance[$name] = stripslashes(wp_filter_post_kses(addslashes($value))); } } else { $old_instance[$name] = $this->filter_sanitize_input($value); } // handle multi selects that may not be passed or may just be empty if ('page_multi' == $name && empty($new_instance['page'])) { $old_instance['page'] = array(); } if ('terms_multi' == $name && empty($new_instance['terms'])) { $old_instance['terms'] = array(); } } foreach ($this->get_checkbox_fields() as $name) { $old_instance[$name] = isset($new_instance[$name]); } return $old_instance; }
function sanitize_option($option, $value) { switch ($option) { case 'admin_email': $value = sanitize_email($value); break; case 'default_post_edit_rows': case 'mailserver_port': case 'comment_max_links': $value = abs((int) $value); break; case 'posts_per_page': case 'posts_per_rss': $value = (int) $value; if ( empty($value) ) $value = 1; if ( $value < -1 ) $value = abs($value); break; case 'default_ping_status': case 'default_comment_status': // Options that if not there have 0 value but need to be something like "closed" if ( $value == '0' || $value == '') $value = 'closed'; break; case 'blogdescription': case 'blogname': if (current_user_can('unfiltered_html') == false) $value = wp_filter_post_kses( $value ); break; case 'blog_charset': $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); break; case 'date_format': case 'time_format': case 'mailserver_url': case 'mailserver_login': case 'mailserver_pass': case 'ping_sites': case 'upload_path': $value = strip_tags($value); $value = wp_filter_kses($value); break; case 'gmt_offset': $value = preg_replace('/[^0-9:.-]/', '', $value); break; case 'siteurl': case 'home': $value = clean_url($value); break; } return $value; }
/** * Widget Update method */ function update($new_instance, $old_instance) { foreach ($new_instance as $name => $value) { // special handling for text inputs if (in_array($name, IntelliWidgetStrings::get_fields('text'))) { if (current_user_can('unfiltered_html')) { $old_instance[$name] = $value; } else { // raw html parser/cleaner-upper: see WP docs re: KSES $old_instance[$name] = stripslashes(wp_filter_post_kses(addslashes($value))); } } elseif (0 === strpos($name, 'iw') || in_array($name, array('pagesearch', 'termsearch', 'profiles_only'))) { unset($old_instance[$name]); } else { $old_instance[$name] = $this->filter_sanitize_input($value); } // handle multi selects that may not be passed or may just be empty if ('page_multi' == $name && empty($new_instance['page'])) { $old_instance['page'] = array(); } if ('terms_multi' == $name && empty($new_instance['terms'])) { $old_instance['terms'] = array(); } } foreach (IntelliWidgetStrings::get_fields('checkbox') as $name) { $old_instance[$name] = isset($new_instance[$name]); } //$iwq = new IntelliWidgetQuery(); // do not use for now ( 2.3.4 ) //$old_instance[ 'querystr' ] = $iwq->iw_query( $old_instance ); return $old_instance; }
function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = sanitize_text_field($new_instance['title']); $instance['adsenseCode'] = current_user_can('unfiltered_html') ? $new_instance['adsenseCode'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['adsenseCode']))); return $instance; }
function bp_core_widget_welcome_control() { global $current_blog; $options = $newoptions = get_blog_option($current_blog->blog_id, 'bp_core_widget_welcome'); if ($_POST['bp-widget-welcome-submit']) { $newoptions['title'] = strip_tags(stripslashes($_POST['bp-widget-welcome-title'])); $newoptions['text'] = stripslashes(wp_filter_post_kses($_POST['bp-widget-welcome-text'])); } if ($options != $newoptions) { $options = $newoptions; update_blog_option($current_blog->blog_id, 'bp_core_widget_welcome', $options); } ?> <p><label for="bp-widget-welcome-title"><?php _e('Title:', 'buddypress'); ?> <input class="widefat" id="bp-widget-welcome-title" name="bp-widget-welcome-title" type="text" value="<?php echo attribute_escape($options['title']); ?> " /></label></p> <p> <label for="bp-widget-welcome-text"><?php _e('Welcome Text:', 'buddypress'); ?> <textarea id="bp-widget-welcome-text" name="bp-widget-welcome-text" class="widefat" style="height: 100px"><?php echo htmlspecialchars($options['text']); ?> </textarea> </label> </p> <input type="hidden" id="bp-widget-welcome-submit" name="bp-widget-welcome-submit" value="1" /> <?php }
/** Update a particular instance. * * This function should check that $new_instance is set correctly. * The newly calculated value of $instance should be returned. * If "false" is returned, the instance won't be saved/updated. * * @param array $new_instance New settings for this instance as input by the user via form() * @param array $old_instance Old settings for this instance * @return array Settings to save or bool false to cancel saving */ function update($new_instance, $old_instance) { $new_instance['wsm-content'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['wsm-content']))); $new_instance['wsm-morelink'] = strip_tags($new_instance['wsm-morelink']); $new_instance['wsm-img-url'] = strip_tags($new_instance['wsm-img-url']); $new_instance['wsm-moretext'] = strip_tags($new_instance['wsm-moretext']); return $new_instance; }
function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = sanitize_text_field($new_instance['title']); $instance['categ_id'] = wp_filter_post_kses(addslashes($new_instance['categ_id'])); $instance['post_count'] = wp_filter_post_kses(addslashes($new_instance['post_count'])); return $instance; }
function glades_sanitize_footer_text($value) { if (current_user_can('unfiltered_html')) { return $value; } else { return stripslashes(wp_filter_post_kses(addslashes($value))); } }
public function update($new_instance, $old_instance) { $instance = array(); $instance['title'] = !empty($new_instance['title']) ? strip_tags($new_instance['title']) : ''; $instance['text'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['text']))); $instance['show'] = !empty($new_instance['show']) ? 1 : 0; return $instance; }
/** * Deals with the settings when they are saved by the admin. Here is * where any validation should be dealt with. * * @param array An array of new settings as submitted by the admin * @param array An array of the previous settings * @return array The validated and (if necessary) amended settings **/ public function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = strip_tags($new_instance['title']); $instance['icon_class'] = strip_tags($new_instance['icon_class']); $instance['text'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['text']))); return $instance; }
function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = strip_tags($new_instance['title']); $instance['imagePath'] = esc_url($new_instance['imagePath']); $instance['aboutText'] = current_user_can('unfiltered_html') ? $new_instance['aboutText'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['aboutText']))); return $instance; }
function update($new_instance, $old_instance) { $instance = $old_instance; $instance['title'] = strip_tags($new_instance['title']); $instance['adsense_code'] = current_user_can('unfiltered_html') ? $new_instance['adsense_code'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['adsense_code']))); $instance['expand'] = isset($new_instance['expand']) ? 1 : 0; return $instance; }
private function updateif($slug = '', $default = '') { // Check if it's been submitted and pass the value or the default (if the field has been removed for some reason) $newval = isset($_POST[$slug]) ? $_POST[$slug] : $default; // Make sure it's a valid input and do the checking and setting if (array_key_exists($slug, $this->fields) && $newval != $this->getif($slug) && isset($_POST[$slug])) { update_option('scf_' . $slug, stripslashes(wp_filter_post_kses(addslashes($newval)))); } }
function _wpcom_vip_custom_metadata_force_sanitize($field_slug, $field, $object_type, $object_id, $value) { if (is_array($value)) { $value = array_map('wp_filter_post_kses', $value); } else { $value = wp_filter_post_kses($value); } return $value; }
/** * Sanitizes the footer content on the customize screen. Users with the 'unfiltered_html' cap can post * anything. For other users, wp_filter_post_kses() is ran over the setting. * * @since 1.4.0 * @access public * @param mixed $setting The current setting passed to sanitize. * @param object $object The setting object passed via WP_Customize_Setting. * @return mixed $setting */ function omega_customize_sanitize($setting, $object) { /* Make sure we kill evil scripts from users without the 'unfiltered_html' cap. */ if ("omega_theme_settings[footer_insert]" == $object->id && !current_user_can('unfiltered_html')) { $setting = stripslashes(wp_filter_post_kses(addslashes($setting))); } /* Return the sanitized setting and apply filters. */ return apply_filters("omega_customize_sanitize", $setting, $object); }
/** * Custom text sanitization and filtering * @version 2.0 */ function apoc_custom_kses($content) { $content = wp_filter_post_kses($content); $content = wptexturize($content); $content = wpautop($content); $content = convert_chars($content); $content = force_balance_tags($content); return $content; }
/** * Saves the footer meta box settings by filtering the "sanitize_option_{$prefix}_theme_settings" hook. * * @since 1.2.0 * @param array $settings Array of theme settings passed by the Settings API for validation. * @return array $settings */ function hybrid_meta_box_theme_save_footer($settings) { /* Make sure we kill evil scripts from users without the 'unfiltered_html' cap. */ if (isset($settings['footer_insert']) && !current_user_can('unfiltered_html')) { $settings['footer_insert'] = stripslashes(wp_filter_post_kses(addslashes($settings['footer_insert']))); } /* Return the theme settings. */ return $settings; }
private function expect_reversal($embed, $reversal) { $before_content = "\napples before\n\n"; $after_content = "\n\nbananas after\n"; $transformed_content = wp_filter_post_kses($before_content . $embed . $after_content); $transformed_content = str_replace('\\"', '"', $transformed_content); // Kses slashes the data $this->assertEquals($before_content . $reversal . $after_content, $transformed_content); }
public function update($new_instance, $old_instance) { $instance = array(); $instance['title'] = strip_tags($new_instance['title']); $instance['tab_icon'] = strip_tags($new_instance['tab_icon']); //$instance['tab_content'] = strip_tags( $new_instance['tab_content'] ); $instance['tab_content'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['tab_content']))); // wp_filter_post_kses() expects slashed return $instance; }
/** * Deals with the settings when they are saved by the admin. Here is * where any validation should be dealt with. * * @param array An array of new settings as submitted by the admin * @param array An array of the previous settings * @return array The validated and (if necessary) amended settings **/ function update($new_instance, $old_instance) { if (current_user_can('unfiltered_html')) { $new_instance['title'] = $new_instance['title']; } else { $new_instance['title'] = trim(stripslashes(wp_filter_post_kses(addslashes($new_instance['title'])))); } // wp_filter_post_kses() expects slashed return $new_instance; }