Diff: STRATO-apps/wordpress_03/app/wp-content/plugins/tutor/classes/Input.php
Keine Baseline-Datei – Diff nur gegen leer.
1
-
1
+
<?php
2
+
/**
3
+
* Input class for sanitize GET and POST request
4
+
*
5
+
* @package Tutor
6
+
* @author Themeum <support@themeum.com>
7
+
* @link https://themeum.com
8
+
* @since 2.0.2
9
+
*/
10
+
11
+
namespace TUTOR;
12
+
13
+
if ( ! defined( 'ABSPATH' ) ) {
14
+
exit;
15
+
}
16
+
/**
17
+
* Input class
18
+
*
19
+
* @since 2.0.2
20
+
*/
21
+
class Input {
22
+
23
+
const TYPE_STRING = 'string';
24
+
const TYPE_INT = 'int';
25
+
const TYPE_NUMERIC = 'numeric';
26
+
const TYPE_BOOL = 'bool';
27
+
const TYPE_ARRAY = 'array';
28
+
const TYPE_TEXTAREA = 'textarea';
29
+
const TYPE_KSES_POST = 'kses-post';
30
+
31
+
private const GET_REQUEST = 'get';
32
+
private const POST_REQUEST = 'post';
33
+
34
+
/**
35
+
* Common data sanitizer method
36
+
*
37
+
* @since 2.0.2
38
+
*
39
+
* @param string $value input value.
40
+
* @param string $default default value if input key is not exit.
41
+
* @param string $type Default is Input::TYPE_STRING.
42
+
* @param boolean $trim remove blank splace from start and end.
43
+
* @param string $request_method request method get or post.
44
+
*
45
+
* @return mixed
46
+
*/
47
+
private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) {
48
+
$is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true );
49
+
$key = null;
50
+
51
+
//phpcs:disable WordPress.Security.NonceVerification
52
+
if ( $is_input_request ) {
53
+
$key = $value;
54
+
if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) {
55
+
if ( self::TYPE_ARRAY === $type ) {
56
+
return is_array( $default ) ? $default : array();
57
+
} else {
58
+
return $default;
59
+
}
60
+
}
61
+
if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) {
62
+
if ( self::TYPE_ARRAY === $type ) {
63
+
return is_array( $default ) ? $default : array();
64
+
} else {
65
+
return $default;
66
+
}
67
+
}
68
+
}
69
+
70
+
$sanitized_value = null;
71
+
72
+
switch ( $type ) {
73
+
case self::TYPE_STRING:
74
+
case self::TYPE_INT:
75
+
case self::TYPE_NUMERIC:
76
+
case self::TYPE_BOOL:
77
+
default:
78
+
$sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
79
+
if ( self::TYPE_INT === $type ) {
80
+
$sanitized_value = (int) $sanitized_value;
81
+
}
82
+
if ( self::TYPE_NUMERIC === $type ) {
83
+
$sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0;
84
+
}
85
+
if ( self::TYPE_BOOL === $type ) {
86
+
$sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true );
87
+
}
88
+
89
+
break;
90
+
91
+
case self::TYPE_ARRAY:
92
+
if ( ! is_array( $default ) ) {
93
+
$sanitized_value = array();
94
+
} else {
95
+
$sanitized_value = array_map(
96
+
'sanitize_text_field',
97
+
wp_unslash(
98
+
is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
99
+
? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
100
+
: $default
101
+
)
102
+
);
103
+
}
104
+
105
+
break;
106
+
107
+
case self::TYPE_TEXTAREA:
108
+
$sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
109
+
break;
110
+
111
+
case self::TYPE_KSES_POST:
112
+
$sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
113
+
break;
114
+
115
+
}
116
+
117
+
//phpcs:enable WordPress.Security.NonceVerification
118
+
119
+
if ( $trim ) {
120
+
if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
121
+
$sanitized_value = array_map( 'trim', $sanitized_value );
122
+
}
123
+
}
124
+
125
+
if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
126
+
$final_array = array();
127
+
$is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 );
128
+
129
+
foreach ( $sanitized_value as $input_key => $input_value ) {
130
+
/**
131
+
* Sanitize array key if array is assoc.
132
+
* When from form submit like person['name'], person['age'] etc
133
+
*/
134
+
if ( $is_assoc ) {
135
+
$input_key = sanitize_text_field( wp_unslash( $input_key ) );
136
+
}
137
+
138
+
if ( is_numeric( $input_value ) ) {
139
+
$input_value = $input_value + 0;
140
+
}
141
+
142
+
$final_array[ $input_key ] = $input_value;
143
+
}
144
+
145
+
$sanitized_value = $final_array;
146
+
147
+
}
148
+
149
+
return $sanitized_value;
150
+
151
+
}
152
+
153
+
/**
154
+
* Dynamically get value
155
+
*
156
+
* @since 2.2.0
157
+
*
158
+
* @param string $request_method detect called from get or post method.
159
+
* @param array $get GET superglobal.
160
+
* @param array $post POST superglobal.
161
+
* @param string $key GET or POST input key name.
162
+
* @param string $value value of variable or DB value.
163
+
*
164
+
* @return mixed
165
+
*/
166
+
private static function get_value( $request_method, $get, $post, $key, $value ) {
167
+
return self::GET_REQUEST === $request_method
168
+
? $get[ $key ]
169
+
: ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value );
170
+
}
171
+
172
+
/**
173
+
* Sanitize value
174
+
*
175
+
* @since 2.0.2
176
+
*
177
+
* @param string $value input value.
178
+
* @param string $default default value if input key is not exit.
179
+
* @param string $type Default is Input::TYPE_STRING.
180
+
* @param boolean $trim remove blank splace from start and end.
181
+
*
182
+
* @return mixed
183
+
*/
184
+
public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) {
185
+
return self::data_sanitizer( $value, $default, $type, $trim );
186
+
}
187
+
188
+
/**
189
+
* Get input value from GET request
190
+
*
191
+
* @param string $key $_GET request key.
192
+
* @param mixed $default default value if input key is not exit.
193
+
* @param string $type input type. Default is Input::TYPE_STRING.
194
+
* @param boolean $trim remove blank splace from start and end.
195
+
*
196
+
* @return mixed
197
+
*/
198
+
public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
199
+
return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST );
200
+
}
201
+
202
+
/**
203
+
* Get input value from POST request
204
+
*
205
+
* @since 2.0.2
206
+
*
207
+
* @param string $key $_POST request key.
208
+
* @param mixed $default default value if input key is not exit.
209
+
* @param string $type input type. Default is Input::TYPE_STRING.
210
+
* @param boolean $trim remove blank splace from start and end.
211
+
* @return mixed
212
+
*/
213
+
public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
214
+
return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST );
215
+
}
216
+
217
+
/**
218
+
* Check input has key or not
219
+
*
220
+
* @since 2.0.2
221
+
*
222
+
* @param string $key input key name.
223
+
* @return boolean
224
+
*/
225
+
public static function has( $key ) {
226
+
//phpcs:ignore WordPress.Security.NonceVerification
227
+
return isset( $_REQUEST[ $key ] );
228
+
}
229
+
230
+
/**
231
+
* Sanitize & unslash a request data
232
+
*
233
+
* @since 2.1.3
234
+
*
235
+
* @param string $key a request key.
236
+
* @param mixed $default_value a default value if key not exists.
237
+
*
238
+
* @return mixed
239
+
*/
240
+
public static function sanitize_request_data( string $key, $default_value = '' ) {
241
+
if ( self::has( $key ) ) {
242
+
return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore
243
+
}
244
+
return $default_value;
245
+
}
246
+
247
+
/**
248
+
* Sanitize array, single or multi dimensional array
249
+
* Explicitly setup how should a value sanitize by the
250
+
* sanitize function.
251
+
*
252
+
* @since 2.1.3
253
+
*
254
+
* @see available sanitize func
255
+
* https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
256
+
*
257
+
* @param array $input array to sanitize.
258
+
* @param array $sanitize_mapping single dimensional map key value
259
+
* pair to set up sanitization process. Key name should by inside
260
+
* input array and the value will be callable func.
261
+
* For ex: [key1 => sanitize_email, key2 => wp_kses_post ]
262
+
*
263
+
* If key not passed then default sanitize_text_field will be used.
264
+
*
265
+
* @param bool $allow_iframe if set true then iframe tag will be allowed.
266
+
*
267
+
* @return array
268
+
*/
269
+
public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ):array {
270
+
$array = array();
271
+
272
+
if ( $allow_iframe ) {
273
+
add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 );
274
+
}
275
+
276
+
if ( is_array( $input ) && count( $input ) ) {
277
+
foreach ( $input as $key => $value ) {
278
+
if ( is_array( $value ) ) {
279
+
$array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe );
280
+
} else {
281
+
$key = sanitize_text_field( $key );
282
+
283
+
// If mapping exists then use callback.
284
+
if ( isset( $sanitize_mapping[ $key ] ) ) {
285
+
$callback = $sanitize_mapping[ $key ];
286
+
$value = call_user_func( $callback, wp_unslash( $value ) );
287
+
} else {
288
+
$value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) );
289
+
}
290
+
$array[ $key ] = $value;
291
+
}
292
+
}
293
+
}
294
+
return is_array( $array ) && count( $array ) ? $array : array();
295
+
}
296
+
297
+
/**
298
+
* This method is used with wp_kses_allowed_html filter
299
+
* to allow iframe
300
+
*
301
+
* @since 2.1.3
302
+
*
303
+
* @param array $tags allowed HTML tags.
304
+
* @param string $context context name.
305
+
*
306
+
* @return array
307
+
*/
308
+
public static function allow_iframe( $tags, $context ) {
309
+
$tags['iframe'] = array(
310
+
'src' => true,
311
+
'title' => true,
312
+
'height' => true,
313
+
'width' => true,
314
+
'frameborder' => true,
315
+
'allowfullscreen' => true,
316
+
'allow' => true,
317
+
'style' => true,
318
+
);
319
+
return $tags;
320
+
}
321
+
}
322
+