/** * Sanitize and validate input * * Sanitizes and validates module options saved on the settings page or via multisite. * * @since 4.0.0 * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { global $itsec_globals; $input['enabled'] = isset($input['enabled']) && intval($input['enabled'] == 1) ? true : false; $input['all_sites'] = isset($input['all_sites']) && intval($input['all_sites'] == 1) ? true : false; $input['interval'] = isset($input['interval']) ? absint($input['interval']) : 3; $input['method'] = isset($input['method']) ? intval($input['method']) : 0; $input['location'] = isset($input['location']) ? sanitize_text_field($input['location']) : $itsec_globals['ithemes_backup_dir']; $input['last_run'] = isset($this->settings['last_run']) ? $this->settings['last_run'] : 0; $input['retain'] = isset($input['retain']) ? absint($input['retain']) : 0; if (isset($input['location']) && $input['location'] != $itsec_globals['ithemes_backup_dir']) { $good_path = ITSEC_Lib::validate_path($input['location']); } else { $good_path = true; } if (true !== $good_path) { $input['location'] = $itsec_globals['ithemes_backup_dir']; $type = 'error'; $message = __('The file path entered for the backup file location does not appear to be valid. it has been reset to: ' . $itsec_globals['ithemes_backup_dir'], 'it-l10n-ithemes-security-pro'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $input['exclude'] = isset($input['exclude']) ? $input['exclude'] : array(); $input['zip'] = isset($input['zip']) && intval($input['zip'] == 1) ? true : false; if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = $input; } return $input; }
/** * Sanitize and validate input * * @since 4.0 * * @param Array $input array of input fields * * @return Array Sanitized array */ public function sanitize_module_input($input) { global $itsec_globals; $input['did_upgrade'] = isset($this->settings['did_upgrade']) ? $this->settings['did_upgrade'] : false; if (isset($input['backup_email'])) { $bad_emails = array(); $emails_to_save = array(); if (isset($input['backup_email']) && !is_array($input['backup_email'])) { $emails = explode(PHP_EOL, $input['backup_email']); } elseif (isset($input['backup_email'])) { $emails = $input['backup_email']; } foreach ($emails as $email) { $email = sanitize_text_field(trim($email)); if (strlen($email) > 0) { if (is_email($email) === false) { $bad_emails[] = $email; } $emails_to_save[] = $email; } } if (sizeof($bad_emails) > 0) { $bad_addresses = implode(', ', $bad_emails); $type = 'error'; $message = __('The following backup email address(es) do not appear to be valid: ', 'better-wp-security') . $bad_addresses; add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $input['backup_email'] = $emails_to_save; } if (isset($input['notification_email'])) { $bad_emails = array(); $emails_to_save = array(); if (isset($input['notification_email']) && !is_array($input['notification_email'])) { $emails = explode(PHP_EOL, $input['notification_email']); } else { $emails = $input['notification_email']; } foreach ($emails as $email) { $email = sanitize_text_field(trim($email)); if (strlen($email) > 0) { if (is_email($email) === false) { $bad_emails[] = $email; } $emails_to_save[] = $email; } } if (sizeof($bad_emails) > 0) { $bad_addresses = implode(', ', $bad_emails); $type = 'error'; $message = __('The following notification email address(es) do not appear to be valid: ', 'better-wp-security') . $bad_addresses; add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $input['notification_email'] = $emails_to_save; } $input['lockout_message'] = isset($input['lockout_message']) ? trim(wp_kses($input['lockout_message'], $this->allowed_tags)) : ''; $input['user_lockout_message'] = isset($input['user_lockout_message']) ? trim(wp_kses($input['user_lockout_message'], $this->allowed_tags)) : ''; $input['community_lockout_message'] = isset($input['community_lockout_message']) ? trim(wp_kses($input['community_lockout_message'], $this->allowed_tags)) : ''; $input['blacklist'] = isset($input['blacklist']) && intval($input['blacklist'] == 1) ? true : false; $input['blacklist_count'] = isset($input['blacklist_count']) ? absint($input['blacklist_count']) : 3; $input['blacklist_period'] = isset($input['blacklist_period']) ? absint($input['blacklist_period']) : 7; $input['email_notifications'] = isset($input['email_notifications']) && intval($input['email_notifications'] == 1) ? true : false; $input['lockout_period'] = isset($input['lockout_period']) ? absint($input['lockout_period']) : 15; $input['log_rotation'] = isset($input['log_rotation']) ? absint($input['log_rotation']) : 14; $input['allow_tracking'] = isset($input['allow_tracking']) && intval($input['allow_tracking'] == 1) ? true : false; $input['write_files'] = isset($input['write_files']) && intval($input['write_files'] == 1) ? true : false; $input['nginx_file'] = isset($input['nginx_file']) ? sanitize_text_field($input['nginx_file']) : ABSPATH . 'nginx.conf'; $input['infinitewp_compatibility'] = isset($input['infinitewp_compatibility']) && intval($input['infinitewp_compatibility'] == 1) ? true : false; $input['log_info'] = $itsec_globals['settings']['log_info']; $input['lock_file'] = isset($input['lock_file']) && intval($input['lock_file'] == 1) ? true : false; $input['digest_email'] = isset($input['digest_email']) && intval($input['digest_email'] == 1) ? true : false; $input['proxy_override'] = isset($input['proxy_override']) && intval($input['proxy_override'] == 1) ? true : false; $input['hide_admin_bar'] = isset($input['hide_admin_bar']) && intval($input['hide_admin_bar'] == 1) ? true : false; //Set a fresh message queue if we're just turning on the digest. if ($input['digest_email'] === true && (!isset($this->settings['digest_email']) || $this->settings['digest_email'] === false)) { $digest_queue = array('last_sent' => $itsec_globals['current_time_gmt'], 'messages' => array()); update_site_option('itsec_message_queue', $digest_queue); } $input['log_location'] = isset($input['log_location']) ? sanitize_text_field($input['log_location']) : $itsec_globals['ithemes_log_dir']; //Process white list if (isset($input['lockout_white_list']) && !is_array($input['lockout_white_list'])) { $white_listed_addresses = explode(PHP_EOL, $input['lockout_white_list']); } elseif (isset($input['lockout_white_list'])) { $white_listed_addresses = $input['lockout_white_list']; } else { $white_listed_addresses = array(); } $bad_white_listed_ips = array(); $raw_white_listed_ips = array(); foreach ($white_listed_addresses as $index => $address) { $address = trim($address); if (strlen(trim($address)) > 0) { if (ITSEC_Lib::validates_ip_address($address) === false) { $bad_white_listed_ips[] = filter_var($address, FILTER_SANITIZE_STRING); } $raw_white_listed_ips[] = filter_var($address, FILTER_SANITIZE_STRING); } else { unset($white_listed_addresses[$index]); } } $raw_white_listed_ips = array_unique($raw_white_listed_ips); if (sizeof($bad_white_listed_ips) > 0) { $type = 'error'; $message = ''; $message .= sprintf('%s<br /><br />', __('There is a problem with an IP address in the white list:', 'better-wp-security')); foreach ($bad_white_listed_ips as $bad_ip) { $message .= sprintf('%s %s<br />', $bad_ip, __('is not a valid address in the white list users box.', 'better-wp-security')); } add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $input['lockout_white_list'] = $raw_white_listed_ips; if ($input['log_location'] != $itsec_globals['ithemes_log_dir']) { $good_path = ITSEC_Lib::validate_path($input['log_location']); } else { $good_path = true; } if ($good_path !== true) { $input['log_location'] = $itsec_globals['ithemes_log_dir']; $type = 'error'; $message = __('The file path entered for the log location does not appear to be valid. it has been reset to: ' . $itsec_globals['ithemes_log_dir'], 'better-wp-security'); add_settings_error('itsec', esc_attr('settings_updated'), $message, $type); } $input['log_type'] = isset($input['log_type']) ? intval($input['log_type']) : 0; if (!isset($type) && $input['write_files'] === true && $this->settings['write_files'] === false) { add_site_option('itsec_rewrites_changed', true); } if (is_multisite()) { if (isset($type)) { $error_handler = new WP_Error(); $error_handler->add($type, $message); $this->core->show_network_admin_notice($error_handler); } else { $this->core->show_network_admin_notice(false); } $this->settings = $input; } return $input; }