class-ad-list-stats.php
1 week ago
class-cache.php
1 week ago
class-conditional.php
3 months ago
class-content-injection.php
1 year ago
class-data.php
1 week ago
class-sanitize.php
1 year ago
class-testing.php
1 year ago
class-validation.php
1 year ago
class-wordpress.php
1 week ago
index.php
2 years ago
class-validation.php
101 lines
| 1 | <?php |
| 2 | /** |
| 3 | * The class provides utility functions related to Validation. |
| 4 | * |
| 5 | * @package AdvancedAds |
| 6 | * @author Advanced Ads <info@wpadvancedads.com> |
| 7 | * @since 1.48.2 |
| 8 | */ |
| 9 | |
| 10 | namespace AdvancedAds\Utilities; |
| 11 | |
| 12 | use DOMDocument; |
| 13 | use AdvancedAds\Abstracts\Ad; |
| 14 | |
| 15 | defined( 'ABSPATH' ) || exit; |
| 16 | |
| 17 | /** |
| 18 | * Validation. |
| 19 | */ |
| 20 | class Validation { |
| 21 | |
| 22 | /** |
| 23 | * Check if an ad is valid for 'Post Content' placement |
| 24 | * |
| 25 | * @param Ad $ad Ad instance. |
| 26 | * |
| 27 | * @see Regex source: http://stackoverflow.com/questions/17852537/preg-replace-only-specific-part-of-string |
| 28 | * |
| 29 | * @return string|bool If not valid string with errors, otherwise empty string |
| 30 | */ |
| 31 | public static function is_valid_ad_dom( Ad $ad ) { |
| 32 | $ad_content = $ad->get_content() ?? ''; |
| 33 | if ( ! extension_loaded( 'dom' ) || ! $ad_content ) { |
| 34 | return false; |
| 35 | } |
| 36 | |
| 37 | $wp_charset = get_bloginfo( 'charset' ); |
| 38 | $ad_dom = new DOMDocument( '1.0', $wp_charset ); |
| 39 | |
| 40 | $libxml_previous_state = libxml_use_internal_errors( true ); |
| 41 | libxml_clear_errors(); |
| 42 | $ad_content = preg_replace( '#(document.write.+)</(.*)#', '$1<\/$2', $ad_content ); |
| 43 | $ad_dom->loadHtml( '<!DOCTYPE html><html><meta http-equiv="Content-Type" content="text/html; charset=' . $wp_charset . '" /><body>' . $ad_content ); |
| 44 | |
| 45 | $errors = ''; |
| 46 | foreach ( libxml_get_errors() as $error ) { |
| 47 | if ( stripos( $error->message, 'htmlParseEntityRef:' ) || preg_match( '/tag \S+ invalid/i', $error->message ) ) { |
| 48 | continue; |
| 49 | } |
| 50 | |
| 51 | $errors .= print_r( $error, true ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r |
| 52 | } |
| 53 | |
| 54 | libxml_use_internal_errors( $libxml_previous_state ); |
| 55 | |
| 56 | return $errors; |
| 57 | } |
| 58 | |
| 59 | /** |
| 60 | * Check if the current URL is HTTPS, but the ad code contains HTTP. |
| 61 | * |
| 62 | * @param Ad $ad Ad instance. |
| 63 | * |
| 64 | * @return bool false/string |
| 65 | */ |
| 66 | public static function is_ad_https( Ad $ad ) { |
| 67 | if ( |
| 68 | $ad && |
| 69 | is_ssl() && |
| 70 | $ad->is_type( [ 'plain', 'content' ] ) && |
| 71 | // Find img, iframe, script. '\\\\' denotes a single backslash. |
| 72 | preg_match( '#\ssrc=\\\\?[\'"]http:\\\\?/\\\\?/#i', $ad->get_content() ) |
| 73 | ) { |
| 74 | return __( 'Your website is using HTTPS, but the ad code contains HTTP and might not work.', 'advanced-ads' ); |
| 75 | } |
| 76 | |
| 77 | return false; |
| 78 | } |
| 79 | |
| 80 | /** |
| 81 | * Check post and nonce while saving post to reduce complexity. |
| 82 | * |
| 83 | * @param int $post_id Post ID. |
| 84 | * @param object $post Post object. |
| 85 | * |
| 86 | * @return boolean |
| 87 | */ |
| 88 | public static function check_save_post( $post_id, $post ): bool { |
| 89 | if ( empty( $post_id ) || empty( $post ) || ! is_a( $post, 'WP_Post' ) ) { |
| 90 | return false; |
| 91 | } |
| 92 | |
| 93 | // Dont' save meta boxes for revisions or autosaves. |
| 94 | if ( Conditional::doing_autosave() || is_int( wp_is_post_revision( $post ) ) || is_int( wp_is_post_autosave( $post ) ) ) { |
| 95 | return false; |
| 96 | } |
| 97 | |
| 98 | return true; |
| 99 | } |
| 100 | } |
| 101 |