/**
* Sets $this->state_data from $_POST, potentially un-slashed and sanitized.
*
* @param array $key_rules An optional associative array of expected keys and their sanitization rule(s).
* @param string $state_key The key in $_POST that contains the migration state id (defaults to 'migration_state_id').
* @param string $context The method that is specifying the sanitization rules. Defaults to calling method.
*
* @return array
*/
function set_post_data($key_rules = array(), $state_key = 'migration_state_id', $context = '')
{
if (defined('DOING_WPMDB_TESTS') || $this->doing_cli_migration) {
$this->state_data = $_POST;
} elseif (is_null($this->state_data)) {
$this->state_data = WPMDB_Utils::safe_wp_unslash($_POST);
} else {
return $this->state_data;
}
// From this point on we're handling data originating from $_POST, so original $key_rules apply.
global $wpmdb_key_rules;
if (empty($key_rules) && !empty($wpmdb_key_rules)) {
$key_rules = $wpmdb_key_rules;
}
// Sanitize the new state data.
if (!empty($key_rules)) {
$wpmdb_key_rules = $key_rules;
$context = empty($context) ? $this->get_caller_function() : trim($context);
$this->state_data = WPMDB_Sanitize::sanitize_data($this->state_data, $key_rules, $context);
if (false === $this->state_data) {
exit;
}
}
$migration_state_id = null;
if (!empty($this->state_data[$state_key])) {
$migration_state_id = $this->state_data[$state_key];
}
if (true !== $this->get_migration_state($migration_state_id)) {
exit;
}
return $this->state_data;
}
/**
* Sanitize and validate data.
*
* @param string|array $data The data to the sanitized.
* @param string|array $key_rules The keys in the data (if data is an array) and the sanitization rule(s) to apply for each key.
* @param string $context Additional context data for messages etc.
* @param int $recursion_level How deep in the recursion are we? Optional, defaults to 0.
*
* @return mixed The sanitized data, the data if no key rules supplied or `false` if an unrecognized rule supplied.
*/
private static function _sanitize_data($data, $key_rules, $context, $recursion_level = 0)
{
if (empty($data) || empty($key_rules)) {
return $data;
}
if (0 === $recursion_level && is_array($data)) {
// We always expect associative arrays.
if (!is_array($key_rules)) {
wp_die(sprintf(__('%1$s was not expecting data to be an array.', 'wp-db-migrate-pro'), $context));
return false;
}
foreach ($data as $key => $value) {
// If a key does not have a rule it's not ours and can be removed.
// We should not fail if there is extra data as plugins like Polylang add their own data to each ajax request.
if (!array_key_exists($key, $key_rules)) {
unset($data[$key]);
continue;
}
$data[$key] = WPMDB_Sanitize::_sanitize_data($value, $key_rules[$key], $context, $recursion_level + 1);
}
} elseif (is_array($key_rules)) {
foreach ($key_rules as $rule) {
$data = WPMDB_Sanitize::_sanitize_data($data, $rule, $context, $recursion_level + 1);
}
} else {
// Neither $data or $key_rules are a first level array so can be analysed.
if ('array' == $key_rules) {
if (!is_array($data)) {
wp_die(sprintf(__('%1$s was expecting an array but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
} elseif ('string' == $key_rules) {
if (!is_string($data)) {
wp_die(sprintf(__('%1$s was expecting a string but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
} elseif ('key' == $key_rules) {
$key_name = sanitize_key($data);
if ($key_name !== $data) {
wp_die(sprintf(__('%1$s was expecting a valid key but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = $key_name;
} elseif ('text' == $key_rules) {
$text = sanitize_text_field($data);
if ($text !== $data) {
wp_die(sprintf(__('%1$s was expecting text but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = $text;
} elseif ('serialized' == $key_rules) {
if (!is_string($data) || !is_serialized($data)) {
wp_die(sprintf(__('%1$s was expecting serialized data but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
} elseif ('json_array' == $key_rules) {
if (!is_string($data) || !WPMDB::is_json($data)) {
wp_die(sprintf(__('%1$s was expecting JSON data but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = json_decode($data, true);
} elseif ('json' == $key_rules) {
if (!is_string($data) || !WPMDB::is_json($data)) {
wp_die(sprintf(__('%1$s was expecting JSON data but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
} elseif ('numeric' == $key_rules) {
if (!is_numeric($data)) {
wp_die(sprintf(__('%1$s was expecting a valid numeric but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
} elseif ('int' == $key_rules) {
// As we are sanitizing form data, even integers are within a string.
if (!is_numeric($data) || (int) $data != $data) {
wp_die(sprintf(__('%1$s was expecting an integer but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = (int) $data;
} elseif ('positive_int' == $key_rules) {
if (!is_numeric($data) || (int) $data != $data || 0 > $data) {
wp_die(sprintf(__('%1$s was expecting a positive number (int) but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = floor($data);
} elseif ('negative_int' == $key_rules) {
if (!is_numeric($data) || (int) $data != $data || 0 < $data) {
wp_die(sprintf(__('%1$s was expecting a negative number (int) but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = ceil($data);
} elseif ('zero_int' == $key_rules) {
if (!is_numeric($data) || (int) $data != $data || 0 !== $data) {
wp_die(sprintf(__('%1$s was expecting 0 (int) but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = 0;
} elseif ('empty' == $key_rules) {
if (!empty($data)) {
wp_die(sprintf(__('%1$s was expecting an empty value but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
} elseif ('url' == $key_rules) {
$url = esc_url_raw($data);
if (empty($url)) {
wp_die(sprintf(__('%1$s was expecting a URL but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = $url;
} elseif ('bool' == $key_rules) {
$bool = sanitize_key($data);
if (empty($bool) || !in_array($bool, array('true', 'false'))) {
wp_die(sprintf(__('%1$s was expecting a bool but got something else: "%2$s"', 'wp-db-migrate-pro'), $context, $data));
return false;
}
$data = $bool;
} else {
wp_die(sprintf(__('Unknown sanitization rule "%1$s" supplied by %2$s', 'wp-db-migrate-pro'), $key_rules, $context));
return false;
}
}
return $data;
}
/**
* Handler for ajax request to reset the secret key.
*
* @return bool|null
*/
function ajax_reset_api_key()
{
$this->check_ajax_referer('reset-api-key');
$key_rules = array('action' => 'key', 'nonce' => 'key');
$_POST = WPMDB_Sanitize::sanitize_data($_POST, $key_rules, __METHOD__);
if (false === $_POST) {
exit;
}
$this->settings['key'] = $this->generate_key();
update_site_option('wpmdb_settings', $this->settings);
$result = $this->end_ajax(sprintf("%s\n%s", site_url('', 'https'), $this->settings['key']));
return $result;
}
/**
* Sets $this->state_data from $_POST, potentially un-slashed and sanitized.
*
* @param array $key_rules An optional associative array of expected keys and their sanitization rule(s).
* @param string $state_key The key in $_POST that contains the migration state id (defaults to 'migration_state_id').
* @param string $context The method that is specifying the sanitization rules. Defaults to calling method.
*/
function set_post_data($key_rules = array(), $state_key = 'migration_state_id', $context = '')
{
if (defined('DOING_WPMDB_TESTS') || $this->doing_cli_migration) {
$this->state_data = $_POST;
} elseif (is_null($this->state_data)) {
$this->state_data = WPMDB_Utils::safe_wp_unslash($_POST);
} else {
return;
}
// Sanitize the new state data.
if (!empty($key_rules)) {
$context = empty($context) ? $this->get_caller_function() : trim($context);
$this->state_data = WPMDB_Sanitize::sanitize_data($this->state_data, $key_rules, $context);
if (false === $this->state_data) {
exit;
}
}
$migration_state_id = null;
if (!empty($this->state_data[$state_key])) {
$migration_state_id = $this->state_data[$state_key];
}
if (true !== $this->get_migration_state($migration_state_id)) {
exit;
}
}
