%PDF-
%PDF-
Mini Shell
Mini Shell
<?php
/**
* Sanitize field value before saving.
*
* @package Meta Box
*/
/**
* Sanitize class.
*/
class RWMB_Sanitizer {
/**
* Register hook to sanitize field value.
*/
public function init() {
add_filter( 'rwmb_sanitize', array( $this, 'sanitize' ), 10, 4 );
}
/**
* Sanitize a field value.
*
* @param mixed $value The submitted new value.
* @param array $field The field settings.
* @param mixed $old_value The old field value in the database.
* @param int $object_id The object ID.
*/
public function sanitize( $value, $field, $old_value = null, $object_id = null ) {
// Allow developers to bypass the sanitization.
if ( 'none' === $field['sanitize_callback'] ) {
return $value;
}
$callback = $this->get_callback( $field );
return is_callable( $callback ) ? call_user_func( $callback, $value, $field, $old_value, $object_id ) : $value;
}
/**
* Get sanitize callback for a field.
*
* @param array $field Field settings.
* @return callable
*/
private function get_callback( $field ) {
// User-defined callback.
if ( is_callable( $field['sanitize_callback'] ) ) {
return $field['sanitize_callback'];
}
$callbacks = array(
'autocomplete' => array( $this, 'sanitize_choice' ),
'background' => array( $this, 'sanitize_background' ),
'button_group' => array( $this, 'sanitize_choice' ),
'checkbox' => array( $this, 'sanitize_checkbox' ),
'checkbox_list' => array( $this, 'sanitize_choice' ),
'color' => array( $this, 'sanitize_color' ),
'date' => array( $this, 'sanitize_datetime' ),
'datetime' => array( $this, 'sanitize_datetime' ),
'email' => 'sanitize_email',
'fieldset_text' => array( $this, 'sanitize_text' ),
'file' => array( $this, 'sanitize_file' ),
'file_advanced' => array( $this, 'sanitize_object' ),
'file_input' => array( $this, 'sanitize_url' ),
'file_upload' => array( $this, 'sanitize_object' ),
'hidden' => 'sanitize_text_field',
'image' => array( $this, 'sanitize_file' ),
'image_advanced' => array( $this, 'sanitize_object' ),
'image_select' => array( $this, 'sanitize_choice' ),
'image_upload' => array( $this, 'sanitize_object' ),
'key_value' => array( $this, 'sanitize_text' ),
'map' => array( $this, 'sanitize_map' ),
'number' => array( $this, 'sanitize_number' ),
'oembed' => array( $this, 'sanitize_url' ),
'osm' => array( $this, 'sanitize_map' ),
'password' => 'sanitize_text_field',
'post' => array( $this, 'sanitize_object' ),
'radio' => array( $this, 'sanitize_choice' ),
'range' => array( $this, 'sanitize_number' ),
'select' => array( $this, 'sanitize_choice' ),
'select_advanced' => array( $this, 'sanitize_choice' ),
'sidebar' => array( $this, 'sanitize_text' ),
'single_image' => 'absint',
'slider' => array( $this, 'sanitize_slider' ),
'switch' => array( $this, 'sanitize_checkbox' ),
'taxonomy' => array( $this, 'sanitize_object' ),
'taxonomy_advanced' => array( $this, 'sanitize_taxonomy_advanced' ),
'text' => 'sanitize_text_field',
'text_list' => array( $this, 'sanitize_text' ),
'textarea' => 'wp_kses_post',
'time' => 'sanitize_text_field',
'url' => array( $this, 'sanitize_url' ),
'user' => array( $this, 'sanitize_object' ),
'video' => array( $this, 'sanitize_object' ),
'wysiwyg' => 'wp_kses_post',
);
$type = $field['type'];
return isset( $callbacks[ $type ] ) ? $callbacks[ $type ] : null;
}
/**
* Set the value of checkbox to 1 or 0 instead of 'checked' and empty string.
* This prevents using default value once the checkbox has been unchecked.
*
* @link https://github.com/rilwis/meta-box/issues/6
* @param string $value Checkbox value.
* @return int
*/
private function sanitize_checkbox( $value ) {
return (int) ! empty( $value );
}
/**
* Sanitize numeric value.
*
* @param string $value The number value.
* @return string
*/
private function sanitize_number( $value ) {
return is_numeric( $value ) ? $value : '';
}
/**
* Sanitize color value.
*
* @param string $value The color value.
* @return string
*/
private function sanitize_color( $value ) {
if ( false === strpos( $value, 'rgba' ) ) {
return sanitize_hex_color( $value );
}
// rgba value.
$red = '';
$green = '';
$blue = '';
$alpha = '';
sscanf( $value, 'rgba(%d,%d,%d,%f)', $red, $green, $blue, $alpha );
return 'rgba(' . $red . ',' . $green . ',' . $blue . ',' . $alpha . ')';
}
/**
* Sanitize value for a choice field.
*
* @param string|array $value The submitted value.
* @param array $field The field settings.
* @return string|array
*/
private function sanitize_choice( $value, $field ) {
$options = RWMB_Choice_Field::transform_options( $field['options'] );
$options = wp_list_pluck( $options, 'value' );
$value = wp_unslash( $value );
return is_array( $value ) ? array_intersect( $value, $options ) : ( in_array( $value, $options ) ? $value : '' );
}
/**
* Sanitize object & media field.
*
* @param int|array $value The submitted value.
* @return int|array
*/
private function sanitize_object( $value ) {
return is_array( $value ) ? array_filter( array_map( 'absint', $value ) ) : ( $value ? absint( $value ) : '' );
}
/**
* Sanitize background field.
*
* @param array $value The submitted value.
* @return array
*/
private function sanitize_background( $value ) {
$value = wp_parse_args(
$value,
array(
'color' => '',
'image' => '',
'repeat' => '',
'attachment' => '',
'position' => '',
'size' => '',
)
);
$value['color'] = $this->sanitize_color( $value['color'] );
$value['image'] = esc_url_raw( $value['image'] );
$value['repeat'] = in_array( $value['repeat'], array( 'no-repeat', 'repeat', 'repeat-x', 'repeat-y', 'inherit' ), true ) ? $value['repeat'] : '';
$value['position'] = in_array( $value['position'], array( 'top left', 'top center', 'top right', 'center left', 'center center', 'center right', 'bottom left', 'bottom center', 'bottom right' ), true ) ? $value['position'] : '';
$value['attachment'] = in_array( $value['attachment'], array( 'fixed', 'scroll', 'inherit' ), true ) ? $value['attachment'] : '';
$value['size'] = in_array( $value['size'], array( 'inherit', 'cover', 'contain' ), true ) ? $value['size'] : '';
return $value;
}
/**
* Sanitize text field.
*
* @param string|array $value The submitted value.
* @return string|array
*/
private function sanitize_text( $value ) {
return is_array( $value ) ? array_map( __METHOD__, $value ) : sanitize_text_field( $value );
}
/**
* Sanitize file, image field.
*
* @param array $value The submitted value.
* @param array $field The field settings.
* @return array
*/
private function sanitize_file( $value, $field ) {
return $field['upload_dir'] ? array_map( 'esc_url_raw', $value ) : $this->sanitize_object( $value );
}
/**
* Sanitize slider field.
*
* @param mixed $value The submitted value.
* @param array $field The field settings.
* @return string|int|float
*/
private function sanitize_slider( $value, $field ) {
return true === $field['js_options']['range'] ? sanitize_text_field( $value ) : $this->sanitize_number( $value );
}
/**
* Sanitize datetime field.
*
* @param mixed $value The submitted value.
* @param array $field The field settings.
* @return float|string
*/
private function sanitize_datetime( $value, $field ) {
return $field['timestamp'] ? floor( abs( (float) $value ) ) : sanitize_text_field( $value );
}
/**
* Sanitize map field.
*
* @param mixed $value The submitted value.
* @return string
*/
private function sanitize_map( $value ) {
$value = sanitize_text_field( $value );
list( $latitude, $longitude, $zoom ) = explode( ',', $value . ',,' );
$latitude = (float) $latitude;
$longitude = (float) $longitude;
$zoom = (int) $zoom;
return "$latitude,$longitude,$zoom";
}
/**
* Sanitize taxonomy advanced field.
*
* @param mixed $value The submitted value.
* @return string
*/
private function sanitize_taxonomy_advanced( $value ) {
$value = RWMB_Helpers_Array::from_csv( $value );
$value = array_filter( array_map( 'absint', $value ) );
return implode( ',', $value );
}
/**
* Sanitize URL field.
*
* @param string $value The submitted value.
* @return string
*/
private function sanitize_url( $value ) {
return esc_url_raw( $value );
}
}
Zerion Mini Shell 1.0