/admin/includes/class-options-sanitization.php

  1. <?php 
  2. /** 
  3. * @package Options_Framework 
  4. * @author Devin Price <devin@wptheming.com> 
  5. * @license GPL-2.0+ 
  6. * @link http://wptheming.com 
  7. * @copyright 2010-2014 WP Theming 
  8. */ 
  9.  
  10. /** 
  11. * Sanitization for text input 
  12. * 
  13. * @link http://developer.wordpress.org/reference/functions/sanitize_text_field/ 
  14. */ 
  15. add_filter( 'of_sanitize_text', 'sanitize_text_field' ); 
  16.  
  17. /** 
  18. * Sanitization for password input 
  19. * 
  20. * @link http://developer.wordpress.org/reference/functions/sanitize_text_field/ 
  21. */ 
  22. add_filter( 'of_sanitize_password', 'sanitize_text_field' ); 
  23.  
  24. /** 
  25. * Sanitization for select input 
  26. * 
  27. * Validates that the selected option is a valid option. 
  28. */ 
  29. add_filter( 'of_sanitize_select', 'of_sanitize_enum', 10, 2 ); 
  30.  
  31. /** 
  32. * Sanitization for radio input 
  33. * 
  34. * Validates that the selected option is a valid option. 
  35. */ 
  36. add_filter( 'of_sanitize_radio', 'of_sanitize_enum', 10, 2 ); 
  37.  
  38. /** 
  39. * Sanitization for image selector 
  40. * 
  41. * Validates that the selected option is a valid option. 
  42. */ 
  43. add_filter( 'of_sanitize_images', 'of_sanitize_enum', 10, 2 ); 
  44.  
  45. /** 
  46. * Sanitization for textarea field 
  47. * 
  48. * @param $input string 
  49. * @return $output sanitized string 
  50. */ 
  51. function of_sanitize_textarea( $input ) { 
  52. global $allowedposttags; 
  53. if ( current_user_can( 'unfiltered_html' ) ) { 
  54. $output = $input; 
  55. }else{ 
  56. $output = wp_kses( $input, $allowedposttags ); 
  57. return $output; 
  58. add_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' ); 
  59.  
  60. /** 
  61. * Sanitization for checkbox input 
  62. * 
  63. * @param $input string (1 or empty) checkbox state 
  64. * @return $output '1' or false 
  65. */ 
  66. function of_sanitize_checkbox( $input ) { 
  67. if ( $input ) { 
  68. $output = '1'; 
  69. } else { 
  70. $output = false; 
  71. return $output; 
  72. add_filter( 'of_sanitize_checkbox', 'of_sanitize_checkbox' ); 
  73.  
  74. /** 
  75. * Sanitization for multicheck 
  76. * 
  77. * @param array of checkbox values 
  78. * @return array of sanitized values ('1' or false) 
  79. */ 
  80. function of_sanitize_multicheck( $input, $option ) { 
  81. $output = ''; 
  82. if ( is_array( $input ) ) { 
  83. foreach( $option['options'] as $key => $value ) { 
  84. $output[$key] = false; 
  85. foreach( $input as $key => $value ) { 
  86. if ( array_key_exists( $key, $option['options'] ) && $value ) { 
  87. $output[$key] = '1'; 
  88. return $output; 
  89. add_filter( 'of_sanitize_multicheck', 'of_sanitize_multicheck', 10, 2 ); 
  90.  
  91. /** 
  92. * File upload sanitization. 
  93. * 
  94. * Returns a sanitized filepath if it has a valid extension. 
  95. * 
  96. * @param string $input filepath 
  97. * @returns string $output filepath 
  98. */ 
  99. function of_sanitize_upload( $input ) { 
  100. $output = ''; 
  101. $filetype = wp_check_filetype( $input ); 
  102. if ( $filetype["ext"] ) { 
  103. $output = esc_url( $input ); 
  104. return $output; 
  105. add_filter( 'of_sanitize_upload', 'of_sanitize_upload' ); 
  106.  
  107. /** 
  108. * Sanitization for editor input. 
  109. * 
  110. * Returns unfiltered HTML if user has permissions. 
  111. * 
  112. * @param string $input 
  113. * @returns string $output 
  114. */ 
  115. function of_sanitize_editor( $input ) { 
  116. if ( current_user_can( 'unfiltered_html' ) ) { 
  117. $output = $input; 
  118. else { 
  119. global $allowedposttags; 
  120. $output = wpautop( wp_kses( $input, $allowedposttags ) ); 
  121. return $output; 
  122. add_filter( 'of_sanitize_editor', 'of_sanitize_editor' ); 
  123.  
  124. /** 
  125. * Sanitization of input with allowed tags and wpautotop. 
  126. * 
  127. * Allows allowed tags in html input and ensures tags close properly. 
  128. * 
  129. * @param string $input 
  130. * @returns string $output 
  131. */ 
  132. function of_sanitize_allowedtags( $input ) { 
  133. global $allowedtags; 
  134. $output = wpautop( wp_kses( $input, $allowedtags ) ); 
  135. return $output; 
  136.  
  137. /** 
  138. * Sanitization of input with allowed post tags and wpautotop. 
  139. * 
  140. * Allows allowed post tags in html input and ensures tags close properly. 
  141. * 
  142. * @param string $input 
  143. * @returns string $output 
  144. */ 
  145. function of_sanitize_allowedposttags( $input ) { 
  146. global $allowedposttags; 
  147. $output = wpautop( wp_kses( $input, $allowedposttags) ); 
  148. return $output; 
  149.  
  150. /** 
  151. * Validates that the $input is one of the avilable choices 
  152. * for that specific option. 
  153. * 
  154. * @param string $input 
  155. * @returns string $output 
  156. */ 
  157. function of_sanitize_enum( $input, $option ) { 
  158. $output = ''; 
  159. if ( $input && array_key_exists( $input, $option['options'] ) ) { 
  160. $output = $input; 
  161. return $output; 
  162.  
  163. /** 
  164. * Sanitization for background option. 
  165. * 
  166. * @returns array $output 
  167. */ 
  168. function of_sanitize_background( $input ) { 
  169.  
  170. $output = wp_parse_args( $input, array( 
  171. 'color' => '',  
  172. 'image' => '',  
  173. 'repeat' => 'repeat',  
  174. 'position' => 'top center',  
  175. 'attachment' => 'scroll' 
  176. ) ); 
  177.  
  178. $output['color'] = apply_filters( 'of_sanitize_hex', $input['color'] ); 
  179. $output['image'] = apply_filters( 'of_sanitize_upload', $input['image'] ); 
  180. $output['repeat'] = apply_filters( 'of_background_repeat', $input['repeat'] ); 
  181. $output['position'] = apply_filters( 'of_background_position', $input['position'] ); 
  182. $output['attachment'] = apply_filters( 'of_background_attachment', $input['attachment'] ); 
  183.  
  184. return $output; 
  185. add_filter( 'of_sanitize_background', 'of_sanitize_background' ); 
  186.  
  187. /** 
  188. * Sanitization for background repeat 
  189. * 
  190. * @returns string $value if it is valid 
  191. */ 
  192. function of_sanitize_background_repeat( $value ) { 
  193. $recognized = of_recognized_background_repeat(); 
  194. if ( array_key_exists( $value, $recognized ) ) { 
  195. return $value; 
  196. return apply_filters( 'of_default_background_repeat', current( $recognized ) ); 
  197. add_filter( 'of_background_repeat', 'of_sanitize_background_repeat' ); 
  198.  
  199. /** 
  200. * Sanitization for background position 
  201. * 
  202. * @returns string $value if it is valid 
  203. */ 
  204. function of_sanitize_background_position( $value ) { 
  205. $recognized = of_recognized_background_position(); 
  206. if ( array_key_exists( $value, $recognized ) ) { 
  207. return $value; 
  208. return apply_filters( 'of_default_background_position', current( $recognized ) ); 
  209. add_filter( 'of_background_position', 'of_sanitize_background_position' ); 
  210.  
  211. /** 
  212. * Sanitization for background attachment 
  213. * 
  214. * @returns string $value if it is valid 
  215. */ 
  216. function of_sanitize_background_attachment( $value ) { 
  217. $recognized = of_recognized_background_attachment(); 
  218. if ( array_key_exists( $value, $recognized ) ) { 
  219. return $value; 
  220. return apply_filters( 'of_default_background_attachment', current( $recognized ) ); 
  221. add_filter( 'of_background_attachment', 'of_sanitize_background_attachment' ); 
  222.  
  223. /** 
  224. * Sanitization for typography option. 
  225. */ 
  226. function of_sanitize_typography( $input, $option ) { 
  227.  
  228. $output = wp_parse_args( $input, array( 
  229. 'size' => '',  
  230. 'face' => '',  
  231. 'style' => '',  
  232. 'color' => '' 
  233. ) ); 
  234.  
  235. if ( isset( $option['options']['faces'] ) && isset( $input['face'] ) ) { 
  236. if ( !( array_key_exists( $input['face'], $option['options']['faces'] ) ) ) { 
  237. $output['face'] = ''; 
  238. else { 
  239. $output['face'] = apply_filters( 'of_font_face', $output['face'] ); 
  240.  
  241. $output['size'] = apply_filters( 'of_font_size', $output['size'] ); 
  242. $output['style'] = apply_filters( 'of_font_style', $output['style'] ); 
  243. $output['color'] = apply_filters( 'of_sanitize_color', $output['color'] ); 
  244. return $output; 
  245. add_filter( 'of_sanitize_typography', 'of_sanitize_typography', 10, 2 ); 
  246.  
  247. /** 
  248. * Sanitization for font size 
  249. */ 
  250. function of_sanitize_font_size( $value ) { 
  251. $recognized = of_recognized_font_sizes(); 
  252. $value_check = preg_replace('/px/', '', $value); 
  253. if ( in_array( (int) $value_check, $recognized ) ) { 
  254. return $value; 
  255. return apply_filters( 'of_default_font_size', $recognized ); 
  256. add_filter( 'of_font_size', 'of_sanitize_font_size' ); 
  257.  
  258. /** 
  259. * Sanitization for font style 
  260. */ 
  261. function of_sanitize_font_style( $value ) { 
  262. $recognized = of_recognized_font_styles(); 
  263. if ( array_key_exists( $value, $recognized ) ) { 
  264. return $value; 
  265. return apply_filters( 'of_default_font_style', current( $recognized ) ); 
  266. add_filter( 'of_font_style', 'of_sanitize_font_style' ); 
  267.  
  268. /** 
  269. * Sanitization for font face 
  270. */ 
  271. function of_sanitize_font_face( $value ) { 
  272. $recognized = of_recognized_font_faces(); 
  273. if ( array_key_exists( $value, $recognized ) ) { 
  274. return $value; 
  275. return apply_filters( 'of_default_font_face', current( $recognized ) ); 
  276. add_filter( 'of_font_face', 'of_sanitize_font_face' ); 
  277.  
  278. /** 
  279. * Get recognized background repeat settings 
  280. * 
  281. * @return array 
  282. */ 
  283. function of_recognized_background_repeat() { 
  284. $default = array( 
  285. 'no-repeat' => __( 'No Repeat', 'onetone' ),  
  286. 'repeat-x' => __( 'Repeat Horizontally', 'onetone' ),  
  287. 'repeat-y' => __( 'Repeat Vertically', 'onetone' ),  
  288. 'repeat' => __( 'Repeat All', 'onetone' ),  
  289. ); 
  290. return apply_filters( 'of_recognized_background_repeat', $default ); 
  291.  
  292. /** 
  293. * Get recognized background positions 
  294. * 
  295. * @return array 
  296. */ 
  297. function of_recognized_background_position() { 
  298. $default = array( 
  299. 'top left' => __( 'Top Left', 'onetone' ),  
  300. 'top center' => __( 'Top Center', 'onetone' ),  
  301. 'top right' => __( 'Top Right', 'onetone' ),  
  302. 'center left' => __( 'Middle Left', 'onetone' ),  
  303. 'center center' => __( 'Middle Center', 'onetone' ),  
  304. 'center right' => __( 'Middle Right', 'onetone' ),  
  305. 'bottom left' => __( 'Bottom Left', 'onetone' ),  
  306. 'bottom center' => __( 'Bottom Center', 'onetone' ),  
  307. 'bottom right' => __( 'Bottom Right', 'onetone') 
  308. ); 
  309. return apply_filters( 'of_recognized_background_position', $default ); 
  310.  
  311. /** 
  312. * Get recognized background attachment 
  313. * 
  314. * @return array 
  315. */ 
  316. function of_recognized_background_attachment() { 
  317. $default = array( 
  318. 'scroll' => __( 'Scroll Normally', 'onetone' ),  
  319. 'fixed' => __( 'Fixed in Place', 'onetone') 
  320. ); 
  321. return apply_filters( 'of_recognized_background_attachment', $default ); 
  322.  
  323. /** 
  324. * Sanitize a color represented in hexidecimal notation. 
  325. * 
  326. * @param string Color in hexidecimal notation. "#" may or may not be prepended to the string. 
  327. * @param string The value that this function should return if it cannot be recognized as a color. 
  328. * @return string 
  329. */ 
  330.  
  331. function of_sanitize_hex( $hex, $default = '' ) { 
  332. if ( of_validate_hex( $hex ) ) { 
  333. return $hex; 
  334. return $default; 
  335. add_filter( 'of_sanitize_color', 'of_sanitize_hex' ); 
  336.  
  337. /** 
  338. * Get recognized font sizes. 
  339. * 
  340. * Returns an indexed array of all recognized font sizes. 
  341. * Values are integers and represent a range of sizes from 
  342. * smallest to largest. 
  343. * 
  344. * @return array 
  345. */ 
  346.  
  347. function of_recognized_font_sizes() { 
  348. $sizes = range( 9, 71 ); 
  349. $sizes = apply_filters( 'of_recognized_font_sizes', $sizes ); 
  350. $sizes = array_map( 'absint', $sizes ); 
  351. return $sizes; 
  352.  
  353. /** 
  354. * Get recognized font faces. 
  355. * 
  356. * Returns an array of all recognized font faces. 
  357. * Keys are intended to be stored in the database 
  358. * while values are ready for display in in html. 
  359. * 
  360. * @return array 
  361. */ 
  362. function of_recognized_font_faces() { 
  363. $default = array( 
  364. 'arial' => 'Arial',  
  365. 'verdana' => 'Verdana, Geneva',  
  366. 'trebuchet' => 'Trebuchet',  
  367. 'georgia' => 'Georgia',  
  368. 'times' => 'Times New Roman',  
  369. 'tahoma' => 'Tahoma, Geneva',  
  370. 'palatino' => 'Palatino',  
  371. 'helvetica' => 'Helvetica*' 
  372. ); 
  373. return apply_filters( 'of_recognized_font_faces', $default ); 
  374.  
  375. /** 
  376. * Get recognized font styles. 
  377. * 
  378. * Returns an array of all recognized font styles. 
  379. * Keys are intended to be stored in the database 
  380. * while values are ready for display in in html. 
  381. * 
  382. * @return array 
  383. */ 
  384. function of_recognized_font_styles() { 
  385. $default = array( 
  386. 'normal' => __( 'Normal', 'onetone' ),  
  387. 'italic' => __( 'Italic', 'onetone' ),  
  388. 'bold' => __( 'Bold', 'onetone' ),  
  389. 'bold italic' => __( 'Bold Italic', 'onetone' ) 
  390. ); 
  391. return apply_filters( 'of_recognized_font_styles', $default ); 
  392.  
  393. /** 
  394. * Is a given string a color formatted in hexidecimal notation? 
  395. * 
  396. * @param string Color in hexidecimal notation. "#" may or may not be prepended to the string. 
  397. * @return bool 
  398. */ 
  399. function of_validate_hex( $hex ) { 
  400. $hex = trim( $hex ); 
  401. /** Strip recognized prefixes. */ 
  402. if ( 0 === strpos( $hex, '#' ) ) { 
  403. $hex = substr( $hex, 1 ); 
  404. elseif ( 0 === strpos( $hex, '%23' ) ) { 
  405. $hex = substr( $hex, 3 ); 
  406. /** Regex match. */ 
  407. if ( 0 === preg_match( '/^[0-9a-fA-F]{6}$/', $hex ) ) { 
  408. return false; 
  409. else { 
  410. return true; 
.