Пример #1
0
 /**
  * Fallback function for WP SEO functionality, Validate INT
  *
  * @param $string
  *
  * @return mixed
  */
 public static function yoast_wpseo_video_validate_int($string)
 {
     if (method_exists('WPSEO_Utils', 'validate_int')) {
         return WPSEO_Utils::validate_int($string);
     }
     return WPSEO_Option::validate_int($string);
 }
Пример #2
0
 /**
  * Retrieves post data given a post ID or the global
  *
  * @return array|null|WP_Post Returns a post if found, otherwise returns an empty array.
  */
 private function get_post()
 {
     if ($post = filter_input(INPUT_GET, 'post')) {
         $post_id = (int) WPSEO_Utils::validate_int($post);
         return get_post($post_id);
     }
     if (isset($GLOBALS['post'])) {
         return $GLOBALS['post'];
     }
     return array();
 }
Пример #3
0
 /**
  * Validate the post meta values
  *
  * @static
  *
  * @param  mixed  $meta_value The new value.
  * @param  string $meta_key   The full meta key (including prefix).
  *
  * @return string             Validated meta value
  */
 public static function sanitize_post_meta($meta_value, $meta_key)
 {
     $field_def = self::$meta_fields[self::$fields_index[$meta_key]['subset']][self::$fields_index[$meta_key]['key']];
     $clean = self::$defaults[$meta_key];
     switch (true) {
         case $meta_key === self::$meta_prefix . 'linkdex':
             $int = WPSEO_Utils::validate_int($meta_value);
             if ($int !== false && $int >= 0) {
                 $clean = strval($int);
                 // Convert to string to make sure default check works.
             }
             break;
         case $field_def['type'] === 'checkbox':
             // Only allow value if it's one of the predefined options.
             if (in_array($meta_value, array('on', 'off'), true)) {
                 $clean = $meta_value;
             }
             break;
         case $field_def['type'] === 'select' || $field_def['type'] === 'radio':
             // Only allow value if it's one of the predefined options.
             if (isset($field_def['options'][$meta_value])) {
                 $clean = $meta_value;
             }
             break;
         case $field_def['type'] === 'multiselect' && $meta_key === self::$meta_prefix . 'meta-robots-adv':
             $clean = self::validate_meta_robots_adv($meta_value);
             break;
         case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'canonical':
         case $field_def['type'] === 'text' && $meta_key === self::$meta_prefix . 'redirect':
             // Validate as url(-part).
             $url = WPSEO_Utils::sanitize_url($meta_value);
             if ($url !== '') {
                 $clean = $url;
             }
             break;
         case $field_def['type'] === 'upload' && $meta_key === self::$meta_prefix . 'opengraph-image':
             // Validate as url.
             $url = WPSEO_Utils::sanitize_url($meta_value, array('http', 'https', 'ftp', 'ftps'));
             if ($url !== '') {
                 $clean = $url;
             }
             break;
         case $field_def['type'] === 'textarea':
             if (is_string($meta_value)) {
                 // Remove line breaks and tabs.
                 // @todo [JRF => Yoast] verify that line breaks and the likes aren't allowed/recommended in meta header fields.
                 $meta_value = str_replace(array("\n", "\r", "\t", '  '), ' ', $meta_value);
                 $clean = WPSEO_Utils::sanitize_text_field(trim($meta_value));
             }
             break;
         case 'multiselect' === $field_def['type']:
             $clean = $meta_value;
             break;
         case $field_def['type'] === 'text':
         default:
             if (is_string($meta_value)) {
                 $clean = WPSEO_Utils::sanitize_text_field(trim($meta_value));
             }
             if ($meta_key === self::$meta_prefix . 'focuskw') {
                 $clean = str_replace(array('&lt;', '&gt;', '&quot', '&#96', '<', '>', '"', '`'), '', $clean);
             }
             break;
     }
     $clean = apply_filters('wpseo_sanitize_post_meta_' . $meta_key, $clean, $meta_value, $field_def, $meta_key);
     return $clean;
 }
Пример #4
0
 /**
  * Validate the option
  *
  * @param  array $dirty New value for the option.
  * @param  array $clean Clean value for the option, normally the defaults.
  * @param  array $old   Old value of the option.
  *
  * @return  array      Validated clean value for the option to be saved to the database
  */
 protected function validate_option($dirty, $clean, $old)
 {
     foreach ($clean as $key => $value) {
         switch ($key) {
             case 'version':
                 $clean[$key] = WPSEO_VERSION;
                 break;
             case 'blocking_files':
                 /**
                  * @internal [JRF] to really validate this we should also do a file_exists()
                  * on each array entry and remove files which no longer exist, but that might be overkill
                  */
                 if (isset($dirty[$key]) && is_array($dirty[$key])) {
                     $clean[$key] = array_unique($dirty[$key]);
                 } elseif (isset($old[$key]) && is_array($old[$key])) {
                     $clean[$key] = array_unique($old[$key]);
                 }
                 break;
             case 'company_or_person':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     if (in_array($dirty[$key], array('company', 'person'))) {
                         $clean[$key] = $dirty[$key];
                     }
                 }
                 break;
                 /* text fields */
             /* text fields */
             case 'company_name':
             case 'person_name':
             case 'website_name':
             case 'alternate_website_name':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     $clean[$key] = sanitize_text_field($dirty[$key]);
                 }
                 break;
             case 'company_logo':
                 $this->validate_url($key, $dirty, $old, $clean);
                 break;
                 /* verification strings */
             /* verification strings */
             case 'googleverify':
             case 'msverify':
             case 'yandexverify':
                 $this->validate_verification_string($key, $dirty, $old, $clean);
                 break;
                 /*
                 				Boolean dismiss warnings - not fields - may not be in form
                 					   (and don't need to be either as long as the default is false)
                 */
             /*
             				Boolean dismiss warnings - not fields - may not be in form
             					   (and don't need to be either as long as the default is false)
             */
             case 'ms_defaults_set':
                 if (isset($dirty[$key])) {
                     $clean[$key] = WPSEO_Utils::validate_bool($dirty[$key]);
                 } elseif (isset($old[$key])) {
                     $clean[$key] = WPSEO_Utils::validate_bool($old[$key]);
                 }
                 break;
             case 'site_type':
                 $clean[$key] = '';
                 if (isset($dirty[$key]) && in_array($dirty[$key], $this->site_types, true)) {
                     $clean[$key] = $dirty[$key];
                 }
                 break;
             case 'environment_type':
                 $clean[$key] = '';
                 if (isset($dirty[$key]) && in_array($dirty[$key], $this->environment_types, true)) {
                     $clean[$key] = $dirty[$key];
                 }
                 break;
             case 'first_activated_on':
                 $clean[$key] = false;
                 if (isset($dirty[$key])) {
                     if ($dirty[$key] === false || WPSEO_Utils::validate_int($dirty[$key])) {
                         $clean[$key] = $dirty[$key];
                     }
                 }
                 break;
                 /*
                 Boolean (checkbox) fields
                 */
                 /*
                 				Covers
                 * 		'disableadvanced_meta'
                 * 		'yoast_tracking'
                 */
             /*
             Boolean (checkbox) fields
             */
             /*
             				Covers
             * 		'disableadvanced_meta'
             * 		'yoast_tracking'
             */
             default:
                 $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false;
                 break;
         }
     }
     return $clean;
 }
Пример #5
0
 /**
  * Returns post in metabox context
  *
  * @returns WP_Post
  */
 private function get_metabox_post()
 {
     if (isset($_GET['post'])) {
         $post_id = (int) WPSEO_Utils::validate_int($_GET['post']);
         $post = get_post($post_id);
     } else {
         $post = $GLOBALS['post'];
     }
     return $post;
 }
Пример #6
0
}
$yform = Yoast_Form::get_instance();
$options = get_site_option('wpseo_ms');
if (isset($_POST['wpseo_submit'])) {
    check_admin_referer('wpseo-network-settings');
    foreach (array('access', 'defaultblog') as $opt) {
        $options[$opt] = $_POST['wpseo_ms'][$opt];
    }
    unset($opt);
    WPSEO_Options::update_site_option('wpseo_ms', $options);
    add_settings_error('wpseo_ms', 'settings_updated', __('Settings Updated.', 'wordpress-seo'), 'updated');
}
if (isset($_POST['wpseo_restore_blog'])) {
    check_admin_referer('wpseo-network-restore');
    if (isset($_POST['wpseo_ms']['restoreblog']) && is_numeric($_POST['wpseo_ms']['restoreblog'])) {
        $restoreblog = (int) WPSEO_Utils::validate_int($_POST['wpseo_ms']['restoreblog']);
        $blog = get_blog_details($restoreblog);
        if ($blog) {
            WPSEO_Options::reset_ms_blog($restoreblog);
            add_settings_error('wpseo_ms', 'settings_updated', sprintf(__('%s restored to default SEO settings.', 'wordpress-seo'), esc_html($blog->blogname)), 'updated');
        } else {
            add_settings_error('wpseo_ms', 'settings_updated', sprintf(__('Blog %s not found.', 'wordpress-seo'), esc_html($restoreblog)), 'error');
        }
        unset($restoreblog, $blog);
    }
}
/* Set up selectbox dropdowns for smaller networks (usability) */
$use_dropdown = true;
if (get_blog_count() > 100) {
    $use_dropdown = false;
} else {
Пример #7
0
 /**
  * Validate a value as integer
  *
  * @deprecated 1.5.6.1
  * @deprecated use WPSEO_Utils::validate_int()
  * @see        WPSEO_Utils::validate_int()
  *
  * @param mixed $value Value to validate.
  *
  * @return  mixed  int or false in case of failure to convert to int
  */
 public static function validate_int($value)
 {
     _deprecated_function(__FUNCTION__, 'WPSEO 1.5.6.1', 'WPSEO_Utils::validate_int()');
     return WPSEO_Utils::validate_int($value);
 }
Пример #8
0
 /**
  * Validate the option
  *
  * @param  array $dirty New value for the option.
  * @param  array $clean Clean value for the option, normally the defaults.
  * @param  array $old   Old value of the option.
  *
  * @return  array      Validated clean value for the option to be saved to the database
  */
 protected function validate_option($dirty, $clean, $old)
 {
     foreach ($clean as $key => $value) {
         switch ($key) {
             case 'access':
                 if (isset($dirty[$key]) && in_array($dirty[$key], self::$allowed_access_options, true)) {
                     $clean[$key] = $dirty[$key];
                 } elseif (function_exists('add_settings_error')) {
                     add_settings_error($this->group_name, '_' . $key, sprintf(__('%1$s is not a valid choice for who should be allowed access to the %2$s settings. Value reset to the default.', 'wordpress-seo'), esc_html(sanitize_text_field($dirty[$key])), 'Yoast SEO'), 'error');
                 }
                 break;
             case 'defaultblog':
                 if (isset($dirty[$key]) && ($dirty[$key] !== '' && $dirty[$key] !== '-')) {
                     $int = WPSEO_Utils::validate_int($dirty[$key]);
                     if ($int !== false && $int > 0) {
                         // Check if a valid blog number has been received.
                         $exists = get_blog_details($int, false);
                         if ($exists && $exists->deleted == 0) {
                             $clean[$key] = $int;
                         } elseif (function_exists('add_settings_error')) {
                             add_settings_error($this->group_name, '_' . $key, esc_html__('The default blog setting must be the numeric blog id of the blog you want to use as default.', 'wordpress-seo') . '<br>' . sprintf(esc_html__('This must be an existing blog. Blog %s does not exist or has been marked as deleted.', 'wordpress-seo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'), 'error');
                         }
                         unset($exists);
                     } elseif (function_exists('add_settings_error')) {
                         add_settings_error($this->group_name, '_' . $key, esc_html__('The default blog setting must be the numeric blog id of the blog you want to use as default.', 'wordpress-seo') . '<br>' . esc_html__('No numeric value was received.', 'wordpress-seo'), 'error');
                     }
                     unset($int);
                 }
                 break;
             default:
                 $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false;
                 break;
         }
     }
     return $clean;
 }
Пример #9
0
 /**
  * Validate the option
  *
  * @param  array $dirty New value for the option.
  * @param  array $clean Clean value for the option, normally the defaults.
  * @param  array $old   Old value of the option.
  *
  * @return  array      Validated clean value for the option to be saved to the database
  */
 protected function validate_option($dirty, $clean, $old)
 {
     foreach ($clean as $key => $value) {
         $switch_key = $this->get_switch_key($key);
         switch ($switch_key) {
             /*
             Text fields
             */
             /*
             Covers:
             	   'title-home-wpseo', 'title-author-wpseo', 'title-archive-wpseo',
             	   'title-search-wpseo', 'title-404-wpseo'
             	   'title-' . $pt->name
             	   'title-ptarchive-' . $pt->name
             	   'title-tax-' . $tax->name
             */
             case 'title-':
                 if (isset($dirty[$key])) {
                     $clean[$key] = WPSEO_Utils::sanitize_text_field($dirty[$key]);
                 }
                 break;
                 /*
                 Covers:
                 	   'metadesc-home-wpseo', 'metadesc-author-wpseo', 'metadesc-archive-wpseo'
                 	   'metadesc-' . $pt->name
                 	   'metadesc-ptarchive-' . $pt->name
                 	   'metadesc-tax-' . $tax->name
                 */
             /*
             Covers:
             	   'metadesc-home-wpseo', 'metadesc-author-wpseo', 'metadesc-archive-wpseo'
             	   'metadesc-' . $pt->name
             	   'metadesc-ptarchive-' . $pt->name
             	   'metadesc-tax-' . $tax->name
             */
             case 'metadesc-':
                 /*
                 Covers:
                 		 'metakey-home-wpseo', 'metakey-author-wpseo'
                 		 'metakey-' . $pt->name
                 		 'metakey-ptarchive-' . $pt->name
                 		 'metakey-tax-' . $tax->name
                 */
             /*
             Covers:
             		 'metakey-home-wpseo', 'metakey-author-wpseo'
             		 'metakey-' . $pt->name
             		 'metakey-ptarchive-' . $pt->name
             		 'metakey-tax-' . $tax->name
             */
             case 'metakey-':
                 /*
                 Covers:
                 		 ''bctitle-ptarchive-' . $pt->name
                 */
             /*
             Covers:
             		 ''bctitle-ptarchive-' . $pt->name
             */
             case 'bctitle-ptarchive-':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     $clean[$key] = WPSEO_Utils::sanitize_text_field($dirty[$key]);
                 }
                 break;
                 /* integer field - not in form*/
             /* integer field - not in form*/
             case 'title_test':
                 if (isset($dirty[$key])) {
                     $int = WPSEO_Utils::validate_int($dirty[$key]);
                     if ($int !== false && $int >= 0) {
                         $clean[$key] = $int;
                     }
                 } elseif (isset($old[$key])) {
                     $int = WPSEO_Utils::validate_int($old[$key]);
                     if ($int !== false && $int >= 0) {
                         $clean[$key] = $int;
                     }
                 }
                 break;
                 /* Separator field - Radio */
             /* Separator field - Radio */
             case 'separator':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     // Get separator fields.
                     $separator_fields = $this->get_separator_options();
                     // Check if the given separator is exists.
                     if (isset($separator_fields[$dirty[$key]])) {
                         $clean[$key] = $dirty[$key];
                     }
                 }
                 break;
                 /*
                 Boolean fields
                 */
                 /*
                 				Covers:
                 *		'noindex-subpages-wpseo', 'noindex-author-wpseo', 'noindex-archive-wpseo'
                 *		'noindex-' . $pt->name
                 *		'noindex-ptarchive-' . $pt->name
                 *		'noindex-tax-' . $tax->name
                 *		'forcerewritetitle':
                 *		'usemetakeywords':
                 *		'noodp':
                 *		'noydir':
                 *		'disable-author':
                 *		'disable-date':
                 *		'noindex-'
                 *		'showdate-'
                 *		'showdate-'. $pt->name
                 *		'hideeditbox-'
                 *	 	'hideeditbox-'. $pt->name
                 *		'hideeditbox-tax-' . $tax->name
                 */
             /*
             Boolean fields
             */
             /*
             				Covers:
             *		'noindex-subpages-wpseo', 'noindex-author-wpseo', 'noindex-archive-wpseo'
             *		'noindex-' . $pt->name
             *		'noindex-ptarchive-' . $pt->name
             *		'noindex-tax-' . $tax->name
             *		'forcerewritetitle':
             *		'usemetakeywords':
             *		'noodp':
             *		'noydir':
             *		'disable-author':
             *		'disable-date':
             *		'noindex-'
             *		'showdate-'
             *		'showdate-'. $pt->name
             *		'hideeditbox-'
             *	 	'hideeditbox-'. $pt->name
             *		'hideeditbox-tax-' . $tax->name
             */
             default:
                 $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false;
                 break;
         }
     }
     return $clean;
 }
Пример #10
0
 /**
  * Validate the option
  *
  * @param  array $dirty New value for the option.
  * @param  array $clean Clean value for the option, normally the defaults.
  * @param  array $old   Old value of the option.
  *
  * @return  array      Validated clean value for the option to be saved to the database
  */
 protected function validate_option($dirty, $clean, $old)
 {
     foreach ($clean as $key => $value) {
         $switch_key = $this->get_switch_key($key);
         switch ($switch_key) {
             /* integer fields */
             case 'entries-per-page':
                 /**
                  * @todo [JRF/JRF => Yoast] add some more rules (minimum 50 or something
                  * - what should be the guideline?) and adjust error message
                  */
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     $int = WPSEO_Utils::validate_int($dirty[$key]);
                     if ($int !== false && $int > 0) {
                         $clean[$key] = $int;
                     } else {
                         if (isset($old[$key]) && $old[$key] !== '') {
                             $int = WPSEO_Utils::validate_int($old[$key]);
                             if ($int !== false && $int > 0) {
                                 $clean[$key] = $int;
                             }
                         }
                         if (function_exists('add_settings_error')) {
                             add_settings_error($this->group_name, '_' . $key, sprintf(__('"Max entries per sitemap page" should be a positive number, which %s is not. Please correct.', 'wordpress-seo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>'), 'error');
                         }
                     }
                     unset($int);
                 }
                 break;
             case 'excluded-posts':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     if ($filtered_array = filter_var_array(explode(',', $dirty[$key]), FILTER_VALIDATE_INT)) {
                         $clean[$key] = implode(',', array_filter($filtered_array, 'is_integer'));
                         unset($filtered_array);
                     }
                 }
                 break;
                 /*
                 Boolean fields
                 */
                 /*
                 				Covers:
                 *		'disable_author_sitemap':
                 * 		'disable_author_noposts':
                 * 		'enablexmlsitemap':
                 * 		'user_role-':
                 * 		'user_role' . $role_name . '-not_in_sitemap' fields
                 * 		'post_types-':
                 * 		'post_types-' . $pt->name . '-not_in_sitemap' fields
                 * 		'taxonomies-':
                 *		'taxonomies-' . $tax->name . '-not_in_sitemap' fields
                 */
             /*
             Boolean fields
             */
             /*
             				Covers:
             *		'disable_author_sitemap':
             * 		'disable_author_noposts':
             * 		'enablexmlsitemap':
             * 		'user_role-':
             * 		'user_role' . $role_name . '-not_in_sitemap' fields
             * 		'post_types-':
             * 		'post_types-' . $pt->name . '-not_in_sitemap' fields
             * 		'taxonomies-':
             *		'taxonomies-' . $tax->name . '-not_in_sitemap' fields
             */
             default:
                 $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false;
                 break;
         }
     }
     return $clean;
 }
Пример #11
0
 /**
  * Validate the option
  *
  * @param  array $dirty New value for the option.
  * @param  array $clean Clean value for the option, normally the defaults.
  * @param  array $old   Old value of the option.
  *
  * @return  array      Validated clean value for the option to be saved to the database
  */
 protected function validate_option($dirty, $clean, $old)
 {
     foreach ($clean as $key => $value) {
         $switch_key = $this->get_switch_key($key);
         switch ($switch_key) {
             /* integer fields */
             case 'entries-per-page':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     $int = WPSEO_Utils::validate_int($dirty[$key]);
                     if ($int !== false && $int > 0) {
                         if ($int > 50000) {
                             $error_message = sprintf(__('"Max entries per sitemap page" should be below %s to meet Google\'s requirements, which %s is not.', 'wordpress-seo'), number_format_i18n(50000), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>');
                             add_settings_error($this->group_name, '_' . $key, $error_message, 'error');
                             $int = 50000;
                         }
                         $clean[$key] = $int;
                     } else {
                         if (isset($old[$key]) && $old[$key] !== '') {
                             $int = WPSEO_Utils::validate_int($old[$key]);
                             if ($int !== false && $int > 0) {
                                 $clean[$key] = $int;
                             }
                         }
                         $error_message = sprintf(__('"Max entries per sitemap page" should be a positive number, which %s is not. Please correct.', 'wordpress-seo'), '<strong>' . esc_html(sanitize_text_field($dirty[$key])) . '</strong>');
                         add_settings_error($this->group_name, '_' . $key, $error_message, 'error');
                     }
                     unset($int);
                 }
                 break;
             case 'excluded-posts':
                 if (isset($dirty[$key]) && $dirty[$key] !== '') {
                     if ($filtered_array = filter_var_array(explode(',', $dirty[$key]), FILTER_VALIDATE_INT)) {
                         $clean[$key] = implode(',', array_filter($filtered_array, 'is_integer'));
                         unset($filtered_array);
                     }
                 }
                 break;
                 /*
                 Boolean fields
                 */
                 /*
                 				Covers:
                 *		'disable_author_sitemap':
                 * 		'disable_author_noposts':
                 * 		'enablexmlsitemap':
                 * 		'user_role-':
                 * 		'user_role' . $role_name . '-not_in_sitemap' fields
                 * 		'post_types-':
                 * 		'post_types-' . $pt->name . '-not_in_sitemap' fields
                 * 		'taxonomies-':
                 *		'taxonomies-' . $tax->name . '-not_in_sitemap' fields
                 */
             /*
             Boolean fields
             */
             /*
             				Covers:
             *		'disable_author_sitemap':
             * 		'disable_author_noposts':
             * 		'enablexmlsitemap':
             * 		'user_role-':
             * 		'user_role' . $role_name . '-not_in_sitemap' fields
             * 		'post_types-':
             * 		'post_types-' . $pt->name . '-not_in_sitemap' fields
             * 		'taxonomies-':
             *		'taxonomies-' . $tax->name . '-not_in_sitemap' fields
             */
             default:
                 $clean[$key] = isset($dirty[$key]) ? WPSEO_Utils::validate_bool($dirty[$key]) : false;
                 break;
         }
     }
     return $clean;
 }
Пример #12
0
 /**
  * Returns post in metabox context - fallback for Yoast SEO < 3.0 and News SEO > 2.2.5
  *
  * @returns WP_Post
  */
 protected function get_metabox_post()
 {
     if (is_callable('parent:get_metabox_post')) {
         return parent::get_metabox_post();
     }
     if ($post = filter_input(INPUT_GET, 'post')) {
         $post_id = (int) WPSEO_Utils::validate_int($post);
         return get_post($post_id);
     }
     if (isset($GLOBALS['post'])) {
         return $GLOBALS['post'];
     }
     return array();
 }