PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.4.1
Secure Custom Fields v6.4.1
6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / validation.php
secure-custom-fields / includes Last commit date
Blocks 1 year ago admin 1 year ago ajax 1 year ago api 1 year ago fields 1 year ago forms 1 year ago legacy 1 year ago locations 1 year ago post-types 1 year ago rest-api 1 year ago walkers 1 year ago acf-bidirectional-functions.php 1 year ago acf-field-functions.php 1 year ago acf-field-group-functions.php 1 year ago acf-form-functions.php 1 year ago acf-helper-functions.php 1 year ago acf-hook-functions.php 1 year ago acf-input-functions.php 1 year ago acf-internal-post-type-functions.php 1 year ago acf-meta-functions.php 1 year ago acf-post-functions.php 1 year ago acf-post-type-functions.php 1 year ago acf-taxonomy-functions.php 1 year ago acf-user-functions.php 1 year ago acf-utility-functions.php 1 year ago acf-value-functions.php 1 year ago acf-wp-functions.php 1 year ago assets.php 1 year ago blocks.php 1 year ago class-acf-data.php 1 year ago class-acf-internal-post-type.php 1 year ago class-acf-options-page.php 1 year ago class-acf-site-health.php 1 year ago compatibility.php 1 year ago deprecated.php 1 year ago fields.php 1 year ago index.php 1 year ago l10n.php 1 year ago local-fields.php 1 year ago local-json.php 1 year ago local-meta.php 1 year ago locations.php 1 year ago loop.php 1 year ago media.php 1 year ago rest-api.php 1 year ago revisions.php 1 year ago scf-ui-options-page-functions.php 1 year ago third-party.php 1 year ago upgrades.php 1 year ago validation.php 1 year ago wpml.php 1 year ago
validation.php
389 lines
1 <?php // phpcs:disable Universal.Files.SeparateFunctionsFromOO.Mixed, PEAR.NamingConventions.ValidClassName
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit; // Exit if accessed directly
5 }
6
7 if ( ! class_exists( 'acf_validation' ) ) :
8 #[AllowDynamicProperties]
9 /**
10 * Validation Class
11 */
12 class acf_validation {
13 /**
14 * This function will setup the class functionality
15 *
16 * @type function
17 * @date 5/03/2014
18 * @since ACF 5.0.0
19 *
20 * @return void
21 */
22 public function __construct() {
23
24 // vars
25 $this->errors = array();
26
27 // ajax
28 add_action( 'wp_ajax_acf/validate_save_post', array( $this, 'ajax_validate_save_post' ) );
29 add_action( 'wp_ajax_nopriv_acf/validate_save_post', array( $this, 'ajax_validate_save_post' ) );
30 add_action( 'acf/validate_save_post', array( $this, 'acf_validate_save_post' ), 5 );
31 }
32
33
34 /**
35 * This function will add an error message for a field
36 *
37 * @type function
38 * @date 25/11/2013
39 * @since ACF 5.0.0
40 *
41 * @param string $input name attribute of DOM elmenet.
42 * @param string $message error message.
43 */
44 public function add_error( $input, $message ) {
45
46 // add to array
47 $this->errors[] = array(
48 'input' => $input,
49 'message' => $message,
50 );
51 }
52
53
54 /**
55 * This function will return an error for a given input
56 *
57 * @type function
58 * @date 5/03/2016
59 * @since ACF 5.3.2
60 *
61 * @param string $input name attribute of DOM elmenet.
62 * @return array|bool
63 */
64 public function get_error( $input ) {
65
66 // bail early if no errors
67 if ( empty( $this->errors ) ) {
68 return false;
69 }
70
71 // loop
72 foreach ( $this->errors as $error ) {
73 if ( $error['input'] === $input ) {
74 return $error;
75 }
76 }
77
78 // return
79 return false;
80 }
81
82
83 /**
84 * This function will return validation errors
85 *
86 * @type function
87 * @date 25/11/2013
88 * @since ACF 5.0.0
89 *
90 * @return array|bool
91 */
92 public function get_errors() {
93
94 // bail early if no errors
95 if ( empty( $this->errors ) ) {
96 return false;
97 }
98
99 // return
100 return $this->errors;
101 }
102
103
104 /**
105 * This function will remove all errors
106 *
107 * @type function
108 * @date 4/03/2016
109 * @since ACF 5.3.2
110 *
111 * @return void
112 */
113 public function reset_errors() {
114
115 $this->errors = array();
116 }
117
118 /**
119 * Validates $_POST data via AJAX prior to save.
120 *
121 * @since ACF 5.0.9
122 *
123 * @return void
124 */
125 public function ajax_validate_save_post() {
126 if ( ! acf_verify_ajax() ) {
127 wp_send_json_success(
128 array(
129 'valid' => 0,
130 'errors' => array(
131 array(
132 'input' => false,
133 'message' => __( 'ACF was unable to perform validation due to an invalid security nonce being provided.', 'secure-custom-fields' ),
134 ),
135 ),
136 )
137 );
138 }
139
140 $json = array(
141 'valid' => 1,
142 'errors' => 0,
143 );
144
145 if ( acf_validate_save_post() ) {
146 wp_send_json_success( $json );
147 }
148
149 $json['valid'] = 0;
150 $json['errors'] = acf_get_validation_errors();
151
152 wp_send_json_success( $json );
153 }
154
155 /**
156 * Loops over $_POST data and validates ACF values.
157 *
158 * @since ACF 5.4.0
159 */
160 public function acf_validate_save_post() {
161 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere.
162 $post_type = acf_request_arg( 'post_type', false );
163 $screen = acf_request_arg( '_acf_screen', false );
164
165 if ( in_array( $screen, array( 'post_type', 'taxonomy', 'ui_options_page' ), true ) && in_array( $post_type, array( 'acf-post-type', 'acf-taxonomy', 'acf-ui-options-page' ), true ) ) {
166 acf_validate_internal_post_type_values( $post_type );
167 } elseif ( acf_request_arg( 'acf_ui_options_page' ) ) {
168 acf_validate_internal_post_type_values( 'acf-ui-options-page' );
169 } else {
170 // Bail early if no matching $_POST.
171 if ( empty( $_POST['acf'] ) ) {
172 return;
173 }
174
175 acf_validate_values( wp_unslash( $_POST['acf'] ), 'acf' ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
176 }
177 // phpcs:enable WordPress.Security.NonceVerification.Missing
178 }
179 }
180
181 // initialize
182 acf()->validation = new acf_validation();
183 endif; // class_exists check
184
185
186 /**
187 * Add validation error.
188 *
189 * Alias of acf()->validation->add_error()
190 *
191 * @type function
192 * @date 6/10/13
193 * @since ACF 5.0.0
194 *
195 * @param string $input name attribute of DOM elmenet.
196 * @param string $message error message.
197 * @return void
198 */
199 function acf_add_validation_error( $input, $message = '' ) {
200 acf()->validation->add_error( $input, $message );
201 }
202
203 /**
204 * Retrieve validation errors.
205 *
206 * Alias of acf()->validation->function()
207 *
208 * @type function
209 * @date 6/10/13
210 * @since ACF 5.0.0
211 *
212 * @return array|bool
213 */
214 function acf_get_validation_errors() {
215 return acf()->validation->get_errors();
216 }
217
218 /**
219 * Get the validation error.
220 *
221 * Alias of acf()->validation->get_error()
222 *
223 * @type function
224 * @date 6/10/13
225 * @since ACF 5.0.0
226 * @since 6.4.1 Added the $input parameter, which is required in the get_error method.
227 *
228 * @param string $input name attribute of DOM elmenet.
229 *
230 * @return string|bool
231 */
232 function acf_get_validation_error( $input ) {
233 return acf()->validation->get_error( $input );
234 }
235
236 /**
237 * Reset Validation errors.
238 *
239 * Alias of acf()->validation->reset_errors()
240 *
241 * @type function
242 * @date 6/10/13
243 * @since ACF 5.0.0
244 *
245 * @return void
246 */
247 function acf_reset_validation_errors() {
248 acf()->validation->reset_errors();
249 }
250
251
252 /**
253 * This function will validate $_POST data and add errors
254 *
255 * @type function
256 * @date 25/11/2013
257 * @since ACF 5.0.0
258 *
259 * @param bool $show_errors if true, errors will be shown via a wp_die screen.
260 * @return bool
261 */
262 function acf_validate_save_post( $show_errors = false ) {
263
264 // action
265 do_action( 'acf/validate_save_post' );
266
267 // vars
268 $errors = acf_get_validation_errors();
269
270 // bail early if no errors
271 if ( ! $errors ) {
272 return true;
273 }
274
275 // show errors
276 if ( $show_errors ) {
277 $message = '<h2>' . __( 'Validation failed', 'secure-custom-fields' ) . '</h2>';
278 $message .= '<ul>';
279 foreach ( $errors as $error ) {
280 $message .= '<li>' . $error['message'] . '</li>';
281 }
282 $message .= '</ul>';
283
284 // die
285 wp_die( acf_esc_html( $message ), esc_html__( 'Validation failed', 'secure-custom-fields' ) );
286 }
287
288 // return
289 return false;
290 }
291
292
293 /**
294 * This function will validate an array of field values
295 *
296 * @type function
297 * @date 6/10/13
298 * @since ACF 5.0.0
299 *
300 * @param array $values An array of field values.
301 * @param string $input_prefix The input element's name attribute.
302 *
303 * @return void
304 */
305 function acf_validate_values( $values, $input_prefix = '' ) {
306
307 // bail early if empty
308 if ( empty( $values ) ) {
309 return;
310 }
311
312 // loop
313 foreach ( $values as $key => $value ) {
314
315 // vars
316 $field = acf_get_field( $key );
317 $input = $input_prefix . '[' . $key . ']';
318
319 // bail early if not found
320 if ( ! $field ) {
321 continue;
322 }
323
324 // validate
325 acf_validate_value( $value, $field, $input );
326 }
327 }
328
329
330 /**
331 * This function will validate a field's value
332 *
333 * @type function
334 * @date 6/10/13
335 * @since ACF 5.0.0
336 *
337 * @param mixed $value The field value to validate.
338 * @param array $field The field array.
339 * @param string $input The input element's name attribute.
340 *
341 * @return boolean
342 */
343 function acf_validate_value( $value, $field, $input ) {
344
345 // vars
346 $valid = true;
347 /* translators: %s: field label */
348 $message = sprintf( __( '%s value is required', 'secure-custom-fields' ), $field['label'] );
349
350 // valid
351 if ( $field['required'] ) {
352
353 // valid is set to false if the value is empty, but allow 0 as a valid value
354 if ( empty( $value ) && ! is_numeric( $value ) ) {
355 $valid = false;
356 }
357 }
358
359 /**
360 * Filters whether the value is valid.
361 *
362 * @date 28/09/13
363 * @since ACF 5.0.0
364 *
365 * @param bool $valid The valid status. Return a string to display a custom error message.
366 * @param mixed $value The value.
367 * @param array $field The field array.
368 * @param string $input The input element's name attribute.
369 */
370 $valid = apply_filters( "acf/validate_value/type={$field['type']}", $valid, $value, $field, $input );
371 $valid = apply_filters( "acf/validate_value/name={$field['_name']}", $valid, $value, $field, $input );
372 $valid = apply_filters( "acf/validate_value/key={$field['key']}", $valid, $value, $field, $input );
373 $valid = apply_filters( 'acf/validate_value', $valid, $value, $field, $input );
374
375 // allow $valid to be a custom error message
376 if ( ! empty( $valid ) && is_string( $valid ) ) {
377 $message = $valid;
378 $valid = false;
379 }
380
381 if ( ! $valid ) {
382 acf_add_validation_error( $input, $message );
383 return false;
384 }
385
386 // return
387 return true;
388 }
389