function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = sanitize_text_field($new_instance['title']);
$instance['adsenseCode'] = wp_filter_post_kses(addslashes($new_instance['adsenseCode']));
return $instance;
}
/**
* Runs options through filter prior to saving
* @param array $options the options array
* @return array sanitized options array
*/
function validate($options)
{
//add slashes to JS selectors
$js = array('nextSelector', 'navSelector', 'itemSelector', 'contentSelector');
foreach ($js as $field) {
if (!isset($options[$field])) {
continue;
}
$options[$field] = addslashes($options[$field]);
}
//force post-style kses on messages
foreach (array('finishedMsg', 'msgText') as $field) {
if (!isset($options['loading'][$field])) {
continue;
}
// wp_filter_post_kses will add slashes to something like "you've" -> "you\'ve" but not added slashes to other slashes
// Escaping the slashes and then stripping them, gets past this problem and allows preservation of intentionally inserted slashes
$options['loading'][$field] = stripslashes(wp_filter_post_kses(addslashes($options['loading'][$field])));
}
//handle image resets
if (isset($_POST['reset_default_image'])) {
$options["loading"]['img'] = $this->defaults["loading"]['img'];
}
//pull existing image if none is given
if (empty($options["loading"]['img'])) {
$options["loading"]['img'] = $this->loading["img"];
}
// force `debug` to be a bool
$options["debug"] = (bool) $options["debug"];
return apply_filters($this->parent->prefix . 'options_validate', $options);
}
function saga_save_theme_settings()
{
global $pagenow;
$settings = get_option("saga_theme_settings");
if ($pagenow == 'themes.php' && $_GET['page'] == 'theme-settings') {
if (isset($_GET['tab'])) {
$tab = $_GET['tab'];
} else {
$tab = 'homepage';
}
switch ($tab) {
case 'general':
$settings['saga_tag_class'] = $_POST['saga_tag_class'];
$settings['saga_deal_week'] = $_POST['saga_deal_week'];
$settings['saga_deal_week_name'] = $_POST['saga_deal_week_name'];
$settings['saga_deal_week_link'] = $_POST['saga_deal_week_link'];
$settings['saga_post_gallery'] = $_POST['saga_post_gallery'];
break;
case 'footer':
$settings['saga_ga'] = $_POST['saga_ga'];
break;
}
}
if (!current_user_can('unfiltered_html')) {
if ($settings['saga_ga']) {
$settings['saga_ga'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['saga_ga'])));
}
if ($settings['saga_intro']) {
$settings['saga_intro'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['saga_intro'])));
}
}
$updated = update_option("saga_theme_settings", $settings);
}
function widget($args, $instance)
{
$account = trim(urlencode($instance['account']));
/**
* After Twitter disables v1 API calls, show a message to admins/theme managers only that they can show Tweets using a different widget.
*/
if (time() >= $this->twitter_v1_shutdown) {
if (current_user_can('edit_theme_options')) {
$title = apply_filters('widget_title', $instance['title']);
if (empty($title)) {
$title = __('Twitter Updates', 'jetpack');
}
echo $args['before_widget'];
echo "{$args['before_title']}<a href='" . esc_url("http://twitter.com/{$account}") . "'>" . esc_html($title) . "</a>{$args['after_title']}";
echo '<p>' . sprintf(__('Due to changes with how we interact with Twitter, this widget can no longer display Tweets. Please switch to the <a href="%s">Twitter Timeline</a> widget instead.', 'jetpack'), admin_url('widgets.php')) . '</p>';
echo $args['after_widget'];
}
return;
}
if (empty($account)) {
if (current_user_can('edit_theme_options')) {
echo $args['before_widget'];
echo '<p>' . sprintf(__('Please configure your Twitter username for the <a href="%s">Twitter Widget</a>.', 'jetpack'), admin_url('widgets.php')) . '</p>';
echo $args['after_widget'];
}
return;
}
$title = apply_filters('widget_title', $instance['title']);
if (empty($title)) {
$title = __('Twitter Updates', 'jetpack');
}
$show = absint($instance['show']);
// # of Updates to show
if ($show > 200) {
// Twitter paginates at 200 max tweets. update() should not have accepted greater than 20
$show = 200;
}
$hidereplies = (bool) $instance['hidereplies'];
$hidepublicized = (bool) $instance['hidepublicized'];
$include_retweets = (bool) $instance['includeretweets'];
$follow_button = (bool) $instance['followbutton'];
echo "{$args['before_widget']}{$args['before_title']}<a href='" . esc_url("http://twitter.com/{$account}") . "'>" . esc_html($title) . "</a>{$args['after_title']}";
$tweets = $this->fetch_twitter_user_stream($account, $hidereplies, $show, $include_retweets);
if (isset($tweets['error']) && (isset($tweets['data']) && !empty($tweets['data']))) {
$tweets['error'] = '';
}
if (empty($tweets['error'])) {
$before_tweet = isset($instance['beforetweet']) ? stripslashes(wp_filter_post_kses($instance['beforetweet'])) : '';
$before_timesince = isset($instance['beforetimesince']) && !empty($instance['beforetimesince']) ? esc_html($instance['beforetimesince']) : ' ';
$this->display_tweets($show, $tweets['data'], $hidepublicized, $before_tweet, $before_timesince, $account);
if ($follow_button) {
$this->display_follow_button($account);
}
add_action('wp_footer', array($this, 'twitter_widget_script'));
} else {
echo $tweets['error'];
}
echo $args['after_widget'];
do_action('jetpack_bump_stats_extras', 'widget', 'twitter');
}
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['logoImagePath'] = sanitize_text_field($new_instance['logoImagePath']);
$instance['textInfo'] = current_user_can('unfiltered_html') ? $new_instance['textInfo'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['textInfo'])));
return $instance;
}
/**
* Updates the widget control options for the particular instance of the widget.
*
* @since 0.0.1
*/
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = strip_tags($new_instance['title']);
$instance['title_url'] = esc_url($new_instance['title_url']);
$instance['offset'] = (int) $new_instance['offset'];
$instance['limit'] = (int) $new_instance['limit'];
$instance['ignore_sticky'] = isset($new_instance['ignore_sticky']) ? (bool) $new_instance['ignore_sticky'] : 0;
$instance['post_type'] = esc_attr($new_instance['post_type']);
$instance['post_status'] = esc_attr($new_instance['post_status']);
$instance['taxonomy'] = esc_attr($new_instance['taxonomy']);
$instance['cat'] = $new_instance['cat'];
$instance['tag'] = $new_instance['tag'];
$instance['thumbnail'] = isset($new_instance['thumbnail']) ? (bool) $new_instance['thumbnail'] : false;
$instance['thumbnail_size'] = esc_attr($new_instance['thumbnail_size']);
$instance['thumbnail_align'] = esc_attr($new_instance['thumbnail_align']);
$instance['thumbnail_custom'] = isset($new_instance['thumbnail_custom']) ? (bool) $new_instance['thumbnail_custom'] : false;
$instance['thumbnail_width'] = (int) $new_instance['thumbnail_width'];
$instance['thumbnail_height'] = (int) $new_instance['thumbnail_height'];
$instance['excerpt'] = isset($new_instance['excerpt']) ? (bool) $new_instance['excerpt'] : false;
$instance['excerpt_length'] = (int) $new_instance['excerpt_length'];
$instance['date'] = isset($new_instance['date']) ? (bool) $new_instance['date'] : false;
$instance['date_relative'] = isset($new_instance['date_relative']) ? (bool) $new_instance['date_relative'] : false;
$instance['css_class'] = sanitize_html_class($new_instance['css_class']);
$instance['before'] = wp_filter_post_kses($new_instance['before']);
$instance['after'] = wp_filter_post_kses($new_instance['after']);
return $instance;
}
function dashboard_notepad_widget()
{
$options = dashboard_notepad_widget_options();
if (!empty($_POST['dashboard_notepad_submit'])) {
if (current_user_can('unfiltered_html')) {
$options['notes'] = stripslashes($_POST['dashboard_notepad']);
} else {
$options['notes'] = stripslashes(wp_filter_post_kses($_POST['dashboard_notepad']));
}
update_option('dashboard_notepad', $options);
} else {
$dashboard_notepad = htmlspecialchars($options['notes'], ENT_QUOTES);
}
$form = '<form method="post" action="' . admin_url() . '">';
$form .= '<textarea id="dashboard_notepad" name="dashboard_notepad" rows="' . (int) $options['notepad_size'] . '"';
if (!current_user_can('edit_dashboard_notes')) {
$form .= ' readonly="readonly"';
}
$form .= '>' . $options['notes'] . '</textarea>';
if (current_user_can('edit_dashboard_notes')) {
$form .= '<p><input type="submit" value="' . __('Save Notes', 'dashboard-notepad') . '" class="button widget-control-save"></p>
<input type="hidden" name="dashboard_notepad_submit" value="true" />';
}
$form .= '</form>';
echo $form;
}
function pod_info_save_theme_settings()
{
global $pagenow;
$settings = get_option("pod_info_theme_settings");
if ($pagenow == 'themes.php' && $_GET['page'] == 'theme-information') {
if (isset($_GET['tab'])) {
$tab = $_GET['tab'];
} else {
$tab = 'whatsnew';
}
switch ($tab) {
case 'documentation':
$settings['pod_info_docs'] = $_POST['pod_info_docs'];
break;
case 'support':
$settings['pod_info_support'] = $_POST['pod_info_support'];
break;
case 'changelog':
$settings['pod_info_chlog'] = $_POST['pod_info_chlog'];
break;
case 'whatsnew':
$settings['pod_info_intro'] = $_POST['pod_info_intro'];
break;
}
}
if (!current_user_can('unfiltered_html')) {
if ($settings['pod_info_ga']) {
$settings['pod_info_ga'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['pod_info_ga'])));
}
if ($settings['pod_info_intro']) {
$settings['pod_info_intro'] = stripslashes(esc_textarea(wp_filter_post_kses($settings['pod_info_intro'])));
}
}
$updated = update_option("pod_info_theme_settings", $settings);
}
/**
* Runs options through filter prior to saving
* @param array $options the options array
* @return array sanitized options array
*/
function validate($options)
{
//add slashes to JS selectors
$js = array('nextSelector', 'navSelector', 'itemSelector', 'contentSelector', 'callback');
foreach ($js as $field) {
if (!isset($options[$field])) {
continue;
}
$options[$field] = addslashes($options[$field]);
}
//force post-style kses on messages
foreach (array('finishedMsg', 'msgText') as $field) {
if (!isset($options['loading'][$field])) {
continue;
}
$options['loading'][$field] = wp_filter_post_kses($options['loading'][$field]);
}
//handle image resets
if (isset($_POST['reset_default_image'])) {
$options['img'] = $this->defaults['img'];
}
//pull existing image if none is given
if (empty($options['img'])) {
$options['img'] = $this->img;
}
return apply_filters($this->parent->prefix . 'options_validate', $options);
}
public function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = strip_tags($new_instance['title']);
$instance['skype_id'] = trim(strip_tags(stripslashes($new_instance['skype_id'])));
$instance['user_name'] = trim(strip_tags(stripslashes($new_instance['user_name'])));
if (current_user_can('unfiltered_html')) {
$instance['before'] = $new_instance['before'];
$instance['after'] = $new_instance['after'];
} else {
$instance['before'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['before'])));
// wp_filter_post_kses() expects slashed
$instance['after'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['after'])));
// wp_filter_post_kses() expects slashed
}
if ($new_instance['button_theme'] != '') {
// then get template file content to load into db
$instance['button_template'] = stripslashes(Skype_Online_Status::get_template_file($new_instance['button_theme']));
} else {
$instance['button_template'] = '';
}
$instance['button_theme'] = stripslashes($new_instance['button_theme']);
$instance['use_voicemail'] = $new_instance['use_voicemail'];
return $instance;
}
/**
* Widget Update method
* @param <array> $new_instance
* @param <array> $old_instance
* @return <array>
*/
function update($new_instance, $old_instance)
{
global $intelliwidget;
$textfields = $this->get_text_fields();
foreach ($new_instance as $name => $value) {
// special handling for text inputs
if (in_array($name, $textfields)) {
if (current_user_can('unfiltered_html')) {
$old_instance[$name] = $value;
} else {
// raw html parser/cleaner-upper: see WP docs re: KSES
$old_instance[$name] = stripslashes(wp_filter_post_kses(addslashes($value)));
}
} else {
$old_instance[$name] = $this->filter_sanitize_input($value);
}
// handle multi selects that may not be passed or may just be empty
if ('page_multi' == $name && empty($new_instance['page'])) {
$old_instance['page'] = array();
}
if ('terms_multi' == $name && empty($new_instance['terms'])) {
$old_instance['terms'] = array();
}
}
foreach ($this->get_checkbox_fields() as $name) {
$old_instance[$name] = isset($new_instance[$name]);
}
return $old_instance;
}
function sanitize_option($option, $value) {
switch ($option) {
case 'admin_email':
$value = sanitize_email($value);
break;
case 'default_post_edit_rows':
case 'mailserver_port':
case 'comment_max_links':
$value = abs((int) $value);
break;
case 'posts_per_page':
case 'posts_per_rss':
$value = (int) $value;
if ( empty($value) ) $value = 1;
if ( $value < -1 ) $value = abs($value);
break;
case 'default_ping_status':
case 'default_comment_status':
// Options that if not there have 0 value but need to be something like "closed"
if ( $value == '0' || $value == '')
$value = 'closed';
break;
case 'blogdescription':
case 'blogname':
if (current_user_can('unfiltered_html') == false)
$value = wp_filter_post_kses( $value );
break;
case 'blog_charset':
$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
break;
case 'date_format':
case 'time_format':
case 'mailserver_url':
case 'mailserver_login':
case 'mailserver_pass':
case 'ping_sites':
case 'upload_path':
$value = strip_tags($value);
$value = wp_filter_kses($value);
break;
case 'gmt_offset':
$value = preg_replace('/[^0-9:.-]/', '', $value);
break;
case 'siteurl':
case 'home':
$value = clean_url($value);
break;
}
return $value;
}
/**
* Widget Update method
*/
function update($new_instance, $old_instance)
{
foreach ($new_instance as $name => $value) {
// special handling for text inputs
if (in_array($name, IntelliWidgetStrings::get_fields('text'))) {
if (current_user_can('unfiltered_html')) {
$old_instance[$name] = $value;
} else {
// raw html parser/cleaner-upper: see WP docs re: KSES
$old_instance[$name] = stripslashes(wp_filter_post_kses(addslashes($value)));
}
} elseif (0 === strpos($name, 'iw') || in_array($name, array('pagesearch', 'termsearch', 'profiles_only'))) {
unset($old_instance[$name]);
} else {
$old_instance[$name] = $this->filter_sanitize_input($value);
}
// handle multi selects that may not be passed or may just be empty
if ('page_multi' == $name && empty($new_instance['page'])) {
$old_instance['page'] = array();
}
if ('terms_multi' == $name && empty($new_instance['terms'])) {
$old_instance['terms'] = array();
}
}
foreach (IntelliWidgetStrings::get_fields('checkbox') as $name) {
$old_instance[$name] = isset($new_instance[$name]);
}
//$iwq = new IntelliWidgetQuery(); // do not use for now ( 2.3.4 )
//$old_instance[ 'querystr' ] = $iwq->iw_query( $old_instance );
return $old_instance;
}
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = sanitize_text_field($new_instance['title']);
$instance['adsenseCode'] = current_user_can('unfiltered_html') ? $new_instance['adsenseCode'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['adsenseCode'])));
return $instance;
}
function bp_core_widget_welcome_control()
{
global $current_blog;
$options = $newoptions = get_blog_option($current_blog->blog_id, 'bp_core_widget_welcome');
if ($_POST['bp-widget-welcome-submit']) {
$newoptions['title'] = strip_tags(stripslashes($_POST['bp-widget-welcome-title']));
$newoptions['text'] = stripslashes(wp_filter_post_kses($_POST['bp-widget-welcome-text']));
}
if ($options != $newoptions) {
$options = $newoptions;
update_blog_option($current_blog->blog_id, 'bp_core_widget_welcome', $options);
}
?>
<p><label for="bp-widget-welcome-title"><?php
_e('Title:', 'buddypress');
?>
<input class="widefat" id="bp-widget-welcome-title" name="bp-widget-welcome-title" type="text" value="<?php
echo attribute_escape($options['title']);
?>
" /></label></p>
<p>
<label for="bp-widget-welcome-text"><?php
_e('Welcome Text:', 'buddypress');
?>
<textarea id="bp-widget-welcome-text" name="bp-widget-welcome-text" class="widefat" style="height: 100px"><?php
echo htmlspecialchars($options['text']);
?>
</textarea>
</label>
</p>
<input type="hidden" id="bp-widget-welcome-submit" name="bp-widget-welcome-submit" value="1" />
<?php
}
/** Update a particular instance.
*
* This function should check that $new_instance is set correctly.
* The newly calculated value of $instance should be returned.
* If "false" is returned, the instance won't be saved/updated.
*
* @param array $new_instance New settings for this instance as input by the user via form()
* @param array $old_instance Old settings for this instance
* @return array Settings to save or bool false to cancel saving
*/
function update($new_instance, $old_instance)
{
$new_instance['wsm-content'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['wsm-content'])));
$new_instance['wsm-morelink'] = strip_tags($new_instance['wsm-morelink']);
$new_instance['wsm-img-url'] = strip_tags($new_instance['wsm-img-url']);
$new_instance['wsm-moretext'] = strip_tags($new_instance['wsm-moretext']);
return $new_instance;
}
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = sanitize_text_field($new_instance['title']);
$instance['categ_id'] = wp_filter_post_kses(addslashes($new_instance['categ_id']));
$instance['post_count'] = wp_filter_post_kses(addslashes($new_instance['post_count']));
return $instance;
}
function glades_sanitize_footer_text($value)
{
if (current_user_can('unfiltered_html')) {
return $value;
} else {
return stripslashes(wp_filter_post_kses(addslashes($value)));
}
}
public function update($new_instance, $old_instance)
{
$instance = array();
$instance['title'] = !empty($new_instance['title']) ? strip_tags($new_instance['title']) : '';
$instance['text'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['text'])));
$instance['show'] = !empty($new_instance['show']) ? 1 : 0;
return $instance;
}
/**
* Deals with the settings when they are saved by the admin. Here is
* where any validation should be dealt with.
*
* @param array An array of new settings as submitted by the admin
* @param array An array of the previous settings
* @return array The validated and (if necessary) amended settings
**/
public function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = strip_tags($new_instance['title']);
$instance['icon_class'] = strip_tags($new_instance['icon_class']);
$instance['text'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['text'])));
return $instance;
}
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = strip_tags($new_instance['title']);
$instance['imagePath'] = esc_url($new_instance['imagePath']);
$instance['aboutText'] = current_user_can('unfiltered_html') ? $new_instance['aboutText'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['aboutText'])));
return $instance;
}
function update($new_instance, $old_instance)
{
$instance = $old_instance;
$instance['title'] = strip_tags($new_instance['title']);
$instance['adsense_code'] = current_user_can('unfiltered_html') ? $new_instance['adsense_code'] : stripslashes(wp_filter_post_kses(addslashes($new_instance['adsense_code'])));
$instance['expand'] = isset($new_instance['expand']) ? 1 : 0;
return $instance;
}
private function updateif($slug = '', $default = '')
{
// Check if it's been submitted and pass the value or the default (if the field has been removed for some reason)
$newval = isset($_POST[$slug]) ? $_POST[$slug] : $default;
// Make sure it's a valid input and do the checking and setting
if (array_key_exists($slug, $this->fields) && $newval != $this->getif($slug) && isset($_POST[$slug])) {
update_option('scf_' . $slug, stripslashes(wp_filter_post_kses(addslashes($newval))));
}
}
function _wpcom_vip_custom_metadata_force_sanitize($field_slug, $field, $object_type, $object_id, $value)
{
if (is_array($value)) {
$value = array_map('wp_filter_post_kses', $value);
} else {
$value = wp_filter_post_kses($value);
}
return $value;
}
/**
* Sanitizes the footer content on the customize screen. Users with the 'unfiltered_html' cap can post
* anything. For other users, wp_filter_post_kses() is ran over the setting.
*
* @since 1.4.0
* @access public
* @param mixed $setting The current setting passed to sanitize.
* @param object $object The setting object passed via WP_Customize_Setting.
* @return mixed $setting
*/
function omega_customize_sanitize($setting, $object)
{
/* Make sure we kill evil scripts from users without the 'unfiltered_html' cap. */
if ("omega_theme_settings[footer_insert]" == $object->id && !current_user_can('unfiltered_html')) {
$setting = stripslashes(wp_filter_post_kses(addslashes($setting)));
}
/* Return the sanitized setting and apply filters. */
return apply_filters("omega_customize_sanitize", $setting, $object);
}
/**
* Custom text sanitization and filtering
* @version 2.0
*/
function apoc_custom_kses($content)
{
$content = wp_filter_post_kses($content);
$content = wptexturize($content);
$content = wpautop($content);
$content = convert_chars($content);
$content = force_balance_tags($content);
return $content;
}
/**
* Saves the footer meta box settings by filtering the "sanitize_option_{$prefix}_theme_settings" hook.
*
* @since 1.2.0
* @param array $settings Array of theme settings passed by the Settings API for validation.
* @return array $settings
*/
function hybrid_meta_box_theme_save_footer($settings)
{
/* Make sure we kill evil scripts from users without the 'unfiltered_html' cap. */
if (isset($settings['footer_insert']) && !current_user_can('unfiltered_html')) {
$settings['footer_insert'] = stripslashes(wp_filter_post_kses(addslashes($settings['footer_insert'])));
}
/* Return the theme settings. */
return $settings;
}
private function expect_reversal($embed, $reversal)
{
$before_content = "\napples before\n\n";
$after_content = "\n\nbananas after\n";
$transformed_content = wp_filter_post_kses($before_content . $embed . $after_content);
$transformed_content = str_replace('\\"', '"', $transformed_content);
// Kses slashes the data
$this->assertEquals($before_content . $reversal . $after_content, $transformed_content);
}
public function update($new_instance, $old_instance)
{
$instance = array();
$instance['title'] = strip_tags($new_instance['title']);
$instance['tab_icon'] = strip_tags($new_instance['tab_icon']);
//$instance['tab_content'] = strip_tags( $new_instance['tab_content'] );
$instance['tab_content'] = stripslashes(wp_filter_post_kses(addslashes($new_instance['tab_content'])));
// wp_filter_post_kses() expects slashed
return $instance;
}
/**
* Deals with the settings when they are saved by the admin. Here is
* where any validation should be dealt with.
*
* @param array An array of new settings as submitted by the admin
* @param array An array of the previous settings
* @return array The validated and (if necessary) amended settings
**/
function update($new_instance, $old_instance)
{
if (current_user_can('unfiltered_html')) {
$new_instance['title'] = $new_instance['title'];
} else {
$new_instance['title'] = trim(stripslashes(wp_filter_post_kses(addslashes($new_instance['title']))));
}
// wp_filter_post_kses() expects slashed
return $new_instance;
}
