cmb_Meta_Box_Sanitize

CMB field validation.

Defined (1)

The class is defined in the following location(s).

/admin/includes/CMBF/helpers/cmb_Meta_Box_Sanitize.php  
  1. class cmb_Meta_Box_Sanitize { 
  2.  
  3. /** 
  4. * A CMB field object 
  5. * @var cmb_Meta_Box_field object 
  6. */ 
  7. public $field; 
  8.  
  9. /** 
  10. * Field's $_POST value 
  11. * @var mixed 
  12. */ 
  13. public $value; 
  14.  
  15. /** 
  16. * Setup our class vars 
  17. * @since 1.1.0 
  18. * @param object $field A CMB field object 
  19. * @param mixed $value Field value 
  20. */ 
  21. public function __construct( $field, $value ) { 
  22. $this->field = $field; 
  23. $this->value = $value; 
  24. $this->object_id = cmb_Meta_Box::get_object_id(); 
  25. $this->object_type = cmb_Meta_Box::get_object_type(); 
  26.  
  27. /** 
  28. * Catchall method if field's 'sanitization_cb' is NOT defined, or field type does not have a corresponding validation method 
  29. * @since 1.0.0 
  30. * @param string $name Non-existent method name 
  31. * @param array $arguments All arguments passed to the method 
  32. */ 
  33. public function __call( $name, $arguments ) { 
  34. list( $value ) = $arguments; 
  35. return $this->default_sanitization( $value ); 
  36.  
  37. /** 
  38. * Default fallback sanitization method. Applies filters. 
  39. * @since 1.0.2 
  40. * @param mixed $value Meta value 
  41. */ 
  42. public function default_sanitization( $value ) { 
  43.  
  44. // Allow field type validation via filter 
  45. $updated = apply_filters( 'cmb_validate_'. $this->field->type(), null, $value, $this->object_id, $this->field->args(), $this ); 
  46.  
  47. if ( null !== $updated ) 
  48. return $updated; 
  49.  
  50. switch ( $this->field->type() ) { 
  51. case 'wysiwyg': 
  52. // $value = wp_kses( $value ); 
  53. // break; 
  54. case 'textarea_small': 
  55. return $this->textarea( $value ); 
  56. case 'taxonomy_select': 
  57. case 'taxonomy_radio': 
  58. case 'taxonomy_multicheck': 
  59. if ( $this->field->args( 'taxonomy' ) ) { 
  60. return wp_set_object_terms( $this->object_id, $value, $this->field->args( 'taxonomy' ) ); 
  61. case 'multicheck': 
  62. case 'file_list': 
  63. case 'oembed': 
  64. // no filtering 
  65. return $value; 
  66. default: 
  67. // Handle repeatable fields array 
  68. // We'll fallback to 'sanitize_text_field' 
  69. return is_array( $value ) ? array_map( 'sanitize_text_field', $value ) : call_user_func( 'sanitize_text_field', $value ); 
  70.  
  71. /** 
  72. * Simple checkbox validation 
  73. * @since 1.0.1 
  74. * @param mixed $val 'on' or false 
  75. * @return mixed 'on' or false 
  76. */ 
  77. public function checkbox( $value ) { 
  78. return $value === 'on' ? 'on' : false; 
  79.  
  80. /** 
  81. * Validate url in a meta value 
  82. * @since 1.0.1 
  83. * @param string $value Meta value 
  84. * @return string Empty string or escaped url 
  85. */ 
  86. public function text_url( $value ) { 
  87. $protocols = $this->field->args( 'protocols' ); 
  88. // for repeatable 
  89. if ( is_array( $value ) ) { 
  90. foreach ( $value as $key => $val ) { 
  91. $value[ $key ] = $val ? esc_url_raw( $val, $protocols ) : $this->field->args( 'default' ); 
  92. } else { 
  93. $value = $value ? esc_url_raw( $value, $protocols ) : $this->field->args( 'default' ); 
  94.  
  95. return $value; 
  96.  
  97. public function colorpicker( $value ) { 
  98. // for repeatable 
  99. if ( is_array( $value ) ) { 
  100. $check = $value; 
  101. $value = array(); 
  102. foreach ( $check as $key => $val ) { 
  103. if ( $val && '#' != $val ) { 
  104. $value[ $key ] = esc_attr( $val ); 
  105. } else { 
  106. $value = ! $value || '#' == $value ? '' : esc_attr( $value ); 
  107. return $value; 
  108.  
  109. /** 
  110. * Validate email in a meta value 
  111. * @since 1.0.1 
  112. * @param string $value Meta value 
  113. * @return string Empty string or validated email 
  114. */ 
  115. public function text_email( $value ) { 
  116. // for repeatable 
  117. if ( is_array( $value ) ) { 
  118. foreach ( $value as $key => $val ) { 
  119. $val = trim( $val ); 
  120. $value[ $key ] = is_email( $val ) ? $val : ''; 
  121. } else { 
  122. $value = trim( $value ); 
  123. $value = is_email( $value ) ? $value : ''; 
  124.  
  125. return $value; 
  126.  
  127. /** 
  128. * Validate money in a meta value 
  129. * @since 1.0.1 
  130. * @param string $value Meta value 
  131. * @return string Empty string or validated money value 
  132. */ 
  133. public function text_money( $value ) { 
  134.  
  135. global $wp_locale; 
  136.  
  137. $search = array( $wp_locale->number_format['thousands_sep'], $wp_locale->number_format['decimal_point'] ); 
  138. $replace = array( '', '.' ); 
  139.  
  140. // for repeatable 
  141. if ( is_array( $value ) ) { 
  142. foreach ( $value as $key => $val ) { 
  143. $value[ $key ] = number_format_i18n( (float) str_ireplace( $search, $replace, $val ), 2 ); 
  144. } else { 
  145. $value = number_format_i18n( (float) str_ireplace( $search, $replace, $value ), 2 ); 
  146.  
  147. return $value; 
  148.  
  149. /** 
  150. * Converts text date to timestamp 
  151. * @since 1.0.2 
  152. * @param string $value Meta value 
  153. * @return string Timestring 
  154. */ 
  155. public function text_date_timestamp( $value ) { 
  156. return is_array( $value ) ? array_map( 'strtotime', $value ) : strtotime( $value ); 
  157.  
  158. /** 
  159. * Datetime to timestamp 
  160. * @since 1.0.1 
  161. * @param string $value Meta value 
  162. * @return string Timestring 
  163. */ 
  164. public function text_datetime_timestamp( $value, $repeat = false ) { 
  165.  
  166. $test = is_array( $value ) ? array_filter( $value ) : ''; 
  167. if ( empty( $test ) ) 
  168. return ''; 
  169.  
  170. if ( $repeat_value = $this->_check_repeat( $value, __FUNCTION__, $repeat ) ) 
  171. return $repeat_value; 
  172.  
  173. $value = strtotime( $value['date'] .' '. $value['time'] ); 
  174.  
  175. if ( $tz_offset = $this->field->field_timezone_offset() ) 
  176. $value += $tz_offset; 
  177.  
  178. return $value; 
  179.  
  180. /** 
  181. * Datetime to imestamp with timezone 
  182. * @since 1.0.1 
  183. * @param string $value Meta value 
  184. * @return string Timestring 
  185. */ 
  186. public function text_datetime_timestamp_timezone( $value, $repeat = false ) { 
  187.  
  188. $test = is_array( $value ) ? array_filter( $value ) : ''; 
  189. if ( empty( $test ) ) 
  190. return ''; 
  191.  
  192. if ( $repeat_value = $this->_check_repeat( $value, __FUNCTION__, $repeat ) ) 
  193. return $repeat_value; 
  194.  
  195. $tzstring = null; 
  196.  
  197. if ( is_array( $value ) && array_key_exists( 'timezone', $value ) ) 
  198. $tzstring = $value['timezone']; 
  199.  
  200. if ( empty( $tzstring ) ) 
  201. $tzstring = cmb_Meta_Box::timezone_string(); 
  202.  
  203. $offset = cmb_Meta_Box::timezone_offset( $tzstring, true ); 
  204.  
  205. if ( substr( $tzstring, 0, 3 ) === 'UTC' ) 
  206. $tzstring = timezone_name_from_abbr( '', $offset, 0 ); 
  207.  
  208. $value = new DateTime( $value['date'] .' '. $value['time'], new DateTimeZone( $tzstring ) ); 
  209. $value = serialize( $value ); 
  210.  
  211. return $value; 
  212.  
  213. /** 
  214. * Sanitize textareas and wysiwyg fields 
  215. * @since 1.0.1 
  216. * @param string $value Meta value 
  217. * @return string Sanitized data 
  218. */ 
  219. public function textarea( $value ) { 
  220. return is_array( $value ) ? array_map( 'wp_kses_post', $value ) : wp_kses_post( $value ); 
  221.  
  222. /** 
  223. * Sanitize code textareas 
  224. * @since 1.0.2 
  225. * @param string $value Meta value 
  226. * @return string Sanitized data 
  227. */ 
  228. public function textarea_code( $value, $repeat = false ) { 
  229. if ( $repeat_value = $this->_check_repeat( $value, __FUNCTION__, $repeat ) ) 
  230. return $repeat_value; 
  231.  
  232. return htmlspecialchars_decode( stripslashes( $value ) ); 
  233.  
  234. /** 
  235. * Peforms saving of `file` attachement's ID 
  236. * @since 1.1.0 
  237. * @param string $value File url 
  238. */ 
  239. public function _save_file_id( $value ) { 
  240. $group = $this->field->group; 
  241. $args = $this->field->args(); 
  242. $args['id'] = $args['_id'] . '_id'; 
  243.  
  244. unset( $args['_id'], $args['_name'] ); 
  245. // And get new field object 
  246. $field = new cmb_Meta_Box_field( $args, $group ); 
  247. $id_key = $field->_id(); 
  248. $id_val_old = $field->escaped_value( 'absint' ); 
  249.  
  250. if ( $group ) { 
  251. // Check group $_POST data 
  252. $i = $group->index; 
  253. $base_id = $group->_id(); 
  254. $id_val = isset( $_POST[ $base_id ][ $i ][ $id_key ] ) ? absint( $_POST[ $base_id ][ $i ][ $id_key ] ) : 0; 
  255.  
  256. } else { 
  257. // Check standard $_POST data 
  258. $id_val = isset( $_POST[ $field->id() ] ) ? $_POST[ $field->id() ] : null; 
  259.  
  260.  
  261. // If there is no ID saved yet, try to get it from the url 
  262. if ( $value && ! $id_val ) { 
  263. $id_val = cmb_Meta_Box::image_id_from_url( $value ); 
  264.  
  265. if ( $group ) { 
  266. return array( 
  267. 'attach_id' => $id_val,  
  268. 'field_id' => $id_key 
  269. ); 
  270.  
  271. if ( $id_val && $id_val != $id_val_old ) { 
  272. return $field->update_data( $id_val ); 
  273. } elseif ( empty( $id_val ) && $id_val_old ) { 
  274. return $field->remove_data( $old ); 
  275.  
  276. /** 
  277. * Handles saving of attachment post ID and sanitizing file url 
  278. * @since 1.1.0 
  279. * @param string $value File url 
  280. * @return string Sanitized url 
  281. */ 
  282. public function file( $value ) { 
  283. // If NOT specified to NOT save the file ID 
  284. if ( $this->field->args( 'save_id' ) ) { 
  285. $id_value = $this->_save_file_id( $value ); 
  286. $clean = $this->text_url( $value ); 
  287.  
  288. // Return an array with url/id if saving a group field 
  289. return $this->field->group ? array_merge( array( 'url' => $clean), $id_value ) : $clean; 
  290.  
  291. /** 
  292. * If repeating, loop through and re-apply sanitization method 
  293. * @since 1.1.0 
  294. * @param mixed $value Meta value 
  295. * @param string $method Class method 
  296. * @param bool $repeat Whether repeating or not 
  297. * @return mixed Sanitized value 
  298. */ 
  299. public function _check_repeat( $value, $method, $repeat ) { 
  300. if ( $repeat || ! $this->field->args( 'repeatable' ) ) 
  301. return; 
  302. $new_value = array(); 
  303. foreach ( $value as $iterator => $val ) { 
  304. $new_value[] = $this->$method( $val, true ); 
  305. return $new_value; 
  306.