PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / 3.21.0
GiveWP – Donation Plugin and Fundraising Platform v3.21.0
4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / src / Helpers / Utils.php
give / src / Helpers Last commit date
Form 2 years ago Frontend 2 years ago Gateways 4 years ago ArrayDataSet.php 4 years ago Call.php 3 years ago Date.php 4 years ago EnqueueScript.php 4 years ago Hooks.php 4 years ago Html.php 4 years ago IntlTelInput.php 2 years ago Language.php 2 years ago Table.php 4 years ago Utils.php 1 year ago
Utils.php
236 lines
1 <?php
2
3 namespace Give\Helpers;
4
5 /**
6 * Class Utils
7 *
8 * @package Give\Helpers
9 */
10 class Utils
11 {
12 /**
13 * Extract query param from URL
14 *
15 * @since 2.7.0
16 *
17 * @param string $url
18 * @param string $queryParamName
19 * @param mixed $default
20 *
21 * @return string
22 */
23 public static function getQueryParamFromURL($url, $queryParamName, $default = '')
24 {
25 $queryArgs = wp_parse_args(parse_url($url, PHP_URL_QUERY));
26
27 return isset($queryArgs[$queryParamName]) ? give_clean($queryArgs[$queryParamName]) : $default;
28 }
29
30 /**
31 * This function will change request url with other url.
32 *
33 * @since 2.7.0
34 *
35 * @param string $location Requested URL.
36 * @param string $url URL.
37 * @param array $removeArgs Remove extra query params.
38 * @param array $addArgs add extra query params.
39 *
40 * @return string
41 */
42 public static function switchRequestedURL($location, $url, $addArgs = [], $removeArgs = [])
43 {
44 $queryString = [];
45
46 if ($index = strpos($location, '?')) {
47 $queryString = wp_parse_args(substr($location, strpos($location, '?') + 1));
48 }
49
50 if ($index = strpos($url, '?')) {
51 $queryString = array_merge($queryString, wp_parse_args(substr($url, strpos($url, '?') + 1)));
52 }
53
54 $url = add_query_arg(
55 $queryString,
56 $url
57 );
58
59 if ($removeArgs) {
60 foreach ($removeArgs as $name) {
61 $url = add_query_arg([$name => false], $url);
62 }
63 }
64
65 if ($addArgs) {
66 foreach ($addArgs as $name => $value) {
67 $url = add_query_arg([$name => $value], $url);
68 }
69 }
70
71 return esc_url_raw($url);
72 }
73
74 /**
75 * Remove giveDonationAction from URL.
76 *
77 * @since 2.7.0
78 *
79 * @param $url
80 *
81 * @return string
82 */
83 public static function removeDonationAction($url)
84 {
85 return esc_url_raw( add_query_arg(['giveDonationAction' => false], $url) );
86 }
87
88 /**
89 * Determines whether a plugin is active.
90 *
91 * Only plugins installed in the plugins/ folder can be active.
92 *
93 * Plugins in the mu-plugins/ folder can't be "activated," so this function will
94 * return false for those plugins.
95 *
96 * For more information on this and similar theme functions, check out
97 * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/
98 * Conditional Tags} article in the Theme Developer Handbook.
99 *
100 * @since 2.7.0
101 *
102 * @param string $plugin Path to the plugin file relative to the plugins directory.
103 *
104 * @return bool True, if in the active plugins list. False, not in the list.
105 */
106 public static function isPluginActive($plugin)
107 {
108 if ( ! function_exists('is_plugin_active')) {
109 include_once ABSPATH . 'wp-admin/includes/plugin.php';
110 }
111
112 return is_plugin_active($plugin);
113 }
114
115 /**
116 * @since 3.17.2
117 */
118 public static function removeBackslashes($data)
119 {
120 /**
121 * The stripslashes_deep() method removes only the first backslash occurrence from
122 * a given string, so we are using the ltrim() method to make sure we are removing
123 * all other occurrences. We need to remove these backslashes from the beginner of
124 * the input because attackers can use them to bypass the is_serialized() check.
125 */
126 $data = stripslashes_deep($data);
127 $data = is_string($data) ? ltrim($data, '\\') : $data;
128
129 return $data;
130 }
131
132 /**
133 * Decode strings recursively to prevent double (or more) encoded strings
134 *
135 * @since 3.19.4
136 */
137 public static function recursiveUrlDecode(string $data): string
138 {
139 $decoded = urldecode($data);
140
141 return $decoded === $data ? $data : self::recursiveUrlDecode($decoded);
142 }
143
144 /**
145 * The regular expression attempts to capture the basic structure of all data types that can be serialized by PHP.
146 *
147 * @since 3.19.4 Decode the string and remove any character not allowed in a serialized string
148 * @since 3.19.3 Support all types of serialized data instead of only objects and arrays
149 * @since 3.17.2
150 */
151 public static function containsSerializedDataRegex($data): bool
152 {
153 if ( ! is_string($data)) {
154 return false;
155 }
156
157 $data = self::recursiveUrlDecode($data);
158
159 /**
160 * This regular expression removes any special character that is not:
161 * a Letter (a-zA-Z), number (0-9), or any of the characters {}, :, ;, ", ', ., [, ], (, ), ,
162 */
163 $data = preg_replace('/[^a-zA-Z0-9:{};"\'.\[\](),]/', '', $data);
164
165 $pattern = '/
166 (a:\d+:\{.*}) | # Matches arrays (e.g: a:2:{i:0;s:5:"hello";i:1;i:42;})
167 (O:\d+:"[^"]+":\{.*}) | # Matches objects (e.g: O:8:"stdClass":1:{s:4:"name";s:5:"James";})
168 (s:\d+:"[^"]*";) | # Matches strings (e.g: s:5:"hello";)
169 (i:\d+;) | # Matches integers (e.g: i:42;)
170 (b:[01];) | # Matches booleans (e.g: b:1; or b:0;)
171 (d:\d+(\.\d+)?;) | # Matches floats (e.g: d:3.14;)
172 (N;) # Matches NULL (e.g: N;)
173 /x';
174
175 return preg_match($pattern, $data) === 1;
176 }
177
178 /**
179 * @since 3.17.2
180 */
181 public static function isSerialized($data): bool
182 {
183 $data = self::removeBackslashes($data);
184
185 if (is_serialized($data) || self::containsSerializedDataRegex($data)) {
186 return true;
187 }
188
189 return false;
190 }
191
192 /**
193 * @since 3.17.2
194 */
195 public static function safeUnserialize($data)
196 {
197 $data = self::removeBackslashes($data);
198
199 /**
200 * We are setting the allowed_classes to false as a default to
201 * prevent the injection of objects that can run unwished code.
202 *
203 * From PHP docs:
204 * allowed_classes - Either an array of class names which should be accepted, false to accept no classes, or
205 * true to accept all classes. If this option is defined and unserialize() encounters an object of a class
206 * that isn't to be accepted, then the object will be instantiated as __PHP_Incomplete_Class instead. Omitting
207 * this option is the same as defining it as true: PHP will attempt to instantiate objects of any class.
208 */
209 $unserializedData = @unserialize(trim($data), ['allowed_classes' => false]);
210
211 /*
212 * In case the passed string is not unserializeable, false is returned.
213 *
214 * @see https://www.php.net/manual/en/function.unserialize.php
215 */
216
217 return ! $unserializedData && ! self::containsSerializedDataRegex($data) ? $data : $unserializedData;
218 }
219
220 /**
221 * Avoid insecure usage of `unserialize` when the data could be submitted by the user.
222 *
223 * @since 3.16.1
224 *
225 * @param string $data Data that might be unserialized.
226 *
227 * @return mixed Unserialized data can be any type.
228 */
229 public static function maybeSafeUnserialize($data)
230 {
231 return self::isSerialized($data)
232 ? self::safeUnserialize($data)
233 : $data;
234 }
235 }
236