/** * Sanitize form data. * * @param array $input Raw form input. * @return array Sanitized form input. */ function sanitize($input) { $sanitized_input = array(); if (isset($input['api_key'])) { $api_key = sanitize_text_field($input['api_key']); if (!empty($input['api_key'])) { $livepress_com = new LivePress_Communication($api_key); // Note: site_url is the admin url on VIP $validation = $livepress_com->validate_on_livepress(site_url()); $sanitized_input['api_key'] = $api_key; $sanitized_input['error_api_key'] = $validation != 1; if ($validation == 1) { // We pass validation, update blog parameters from LP side $blog = $livepress_com->get_blog(); $sanitized_input['blog_shortname'] = isset($blog->shortname) ? $blog->shortname : ''; $sanitized_input['post_from_twitter_username'] = isset($blog->twitter_username) ? $blog->twitter_username : ''; $sanitized_input['api_key'] = $api_key; } else { add_settings_error('api_key', 'invalid', esc_html__('Key is not valid', 'livepress')); } } else { $sanitized_input['api_key'] = $api_key; } } if (isset($input['feed_order']) && $input['feed_order'] == 'bottom') { $sanitized_input['feed_order'] = 'bottom'; } else { $sanitized_input['feed_order'] = 'top'; } if (isset($input['timestamp_format']) && $input['timestamp_format'] == 'timeof') { $sanitized_input['timestamp_format'] = 'timeof'; } else { $sanitized_input['timestamp_format'] = 'timeago'; } if (isset($input['update_format']) && $input['update_format'] == 'newstyle') { $sanitized_input['update_format'] = 'newstyle'; } else { $sanitized_input['update_format'] = 'default'; } if (isset($input['show']) && !empty($input['show'])) { $sanitized_input['show'] = array_map('sanitize_text_field', $input['show']); } else { $sanitized_input['show'] = array(); } if (isset($input['notifications']) && !empty($input['notifications'])) { $sanitized_input['notifications'] = array_map('sanitize_text_field', $input['notifications']); } else { $sanitized_input['notifications'] = array(); } if (isset($input['allow_remote_twitter'])) { $sanitized_input['allow_remote_twitter'] = 'allow'; } else { $sanitized_input['allow_remote_twitter'] = 'deny'; } if (isset($input['oauth_authorized_user'])) { $sanitized_input['oauth_authorized_user'] = sanitize_text_field($input['oauth_authorized_user']); } if (isset($input['allow_sms'])) { $sanitized_input['allow_sms'] = 'allow'; } else { $sanitized_input['allow_sms'] = 'deny'; } if (isset($input['post_to_twitter'])) { $sanitized_input['post_to_twitter'] = (bool) $input['post_to_twitter']; } if (isset($input['sharing_ui'])) { $sanitized_input['sharing_ui'] = 'display'; } else { $sanitized_input['sharing_ui'] = 'dont_display'; } if (isset($input['facebook_app_id'])) { $sanitized_input['facebook_app_id'] = sanitize_text_field($input['facebook_app_id']); } else { $sanitized_input['facebook_app_id'] = ''; } $merged_input = wp_parse_args($sanitized_input, (array) $this->settings); // For the settings not exposed return $merged_input; }
/** * Validate the user's API key both with the LivePress webservice * and the plugin update service. * * @return string */ public static function api_key_validate() { self::die_if_not_allowed(); check_ajax_referer('livepress_api_validate_nonce'); $api_key = esc_html(stripslashes($_GET['api_key'])); $domains = array(); // Add domain mapping primary domain if (function_exists('domain_mapping_siteurl')) { $domain_mapping_siteurl = domain_mapping_siteurl(); $domains['alias[]'] = $domain_mapping_siteurl; } $home_url = get_home_url(); // Mapped domain on VIP $domains['alias[]'] = $home_url; // Validate with the LivePress webservice $livepress_communication = new LivePress_Communication($api_key); $status = $livepress_communication->validate_on_livepress($domains); $options = get_option(self::$options_name); $options['api_key'] = $api_key; $options['error_api_key'] = 1 != $status && 2 != $status; if ($status == 1) { // We pass validation, update blog parameters from LP side $blog = $livepress_communication->get_blog(); $options['blog_shortname'] = $blog->shortname; $options['post_from_twitter_username'] = $blog->twitter_username; } update_option(self::$options_name, $options); if (false == $options['error_api_key']) { // Validate with plugin update service $api_params = array('edd_action' => 'activate_license', 'license' => $api_key, 'item_name' => urlencode(LP_ITEM_NAME)); if (function_exists('vip_safe_wp_remote_get')) { $response = vip_safe_wp_remote_get(add_query_arg($api_params, LP_STORE_URL), '', 5, 10, 20, array('reject_unsafe_urls' => false)); } else { $response = wp_remote_get(add_query_arg($api_params, LP_STORE_URL), array('reject_unsafe_urls' => false)); } if (is_wp_error($response)) { die('Ouch'); } $license_data = json_decode(wp_remote_retrieve_body($response)); update_option('livepress_license_status', $license_data->license); } if (2 == $status || 1 == $status || 0 == $status) { header('Content-Type: application/json'); die(json_encode($options)); } else { die('Ouch'); } }