PluginProbe ʕ •ᴥ•ʔ
Secure Custom Fields / 6.8.9
Secure Custom Fields v6.8.9
6.9.0 6.8.9 6.8.7 6.8.8 6.8.6 6.8.4 6.8.5 trunk 6.4.0-beta1 6.4.0-beta2 6.4.1 6.4.1-beta3 6.4.1-beta4 6.4.1-beta5 6.4.1-beta6 6.4.1-beta7 6.4.2 6.5.0 6.5.1 6.5.2 6.5.3 6.5.4 6.5.5 6.5.6 6.5.7 6.6.0 6.7.0 6.7.1 6.8.0 6.8.1 6.8.2 6.8.3
secure-custom-fields / includes / validation.php
secure-custom-fields / includes Last commit date
Blocks 1 month ago Datastore 1 month ago Meta 1 year ago abilities 3 weeks ago admin 2 months ago ajax 1 month ago api 2 weeks ago fields 2 weeks ago forms 2 weeks ago legacy 1 year ago locations 1 year ago post-types 2 months ago rest-api 2 months ago walkers 1 year ago acf-bidirectional-functions.php 1 year ago acf-field-functions.php 2 months ago acf-field-group-functions.php 7 months ago acf-form-functions.php 1 year ago acf-helper-functions.php 1 year ago acf-hook-functions.php 1 year ago acf-input-functions.php 7 months ago acf-internal-post-type-functions.php 7 months ago acf-meta-functions.php 2 weeks ago acf-post-functions.php 1 year ago acf-post-type-functions.php 1 year ago acf-taxonomy-functions.php 1 year ago acf-user-functions.php 1 year ago acf-utility-functions.php 1 year ago acf-value-functions.php 1 year ago acf-wp-functions.php 1 year ago assets.php 1 month ago blocks-auto-inline-editing.php 2 months ago blocks.php 2 weeks ago class-acf-data.php 10 months ago class-acf-internal-post-type.php 2 months ago class-acf-options-page.php 1 year ago class-acf-site-health.php 3 months ago class-scf-json-schema-validator.php 6 months ago class-scf-schema-builder.php 2 months ago compatibility.php 1 year ago datastore.php 1 month ago deprecated.php 1 year ago fields.php 10 months ago index.php 1 year ago l10n.php 1 year ago local-fields.php 1 year ago local-json.php 1 month ago local-meta.php 1 year ago locations.php 1 year ago loop.php 10 months ago media.php 1 year ago rest-api.php 10 months ago revisions.php 1 month ago scf-ui-options-page-functions.php 1 year ago third-party.php 7 months ago upgrades.php 2 weeks ago validation.php 10 months ago wpml.php 1 year ago
validation.php
398 lines
1 <?php // phpcs:disable Universal.Files.SeparateFunctionsFromOO.Mixed, PEAR.NamingConventions.ValidClassName
2
3 if ( ! defined( 'ABSPATH' ) ) {
4 exit; // Exit if accessed directly
5 }
6
7 if ( ! class_exists( 'acf_validation' ) ) :
8 /**
9 * Validation Class
10 */
11 class acf_validation {
12
13 /**
14 * Array of errors.
15 *
16 * @var array $errors
17 */
18 public $errors = array();
19 /**
20 * This function will setup the class functionality
21 *
22 * @type function
23 * @date 5/03/2014
24 * @since ACF 5.0.0
25 *
26 * @return void
27 */
28 public function __construct() {
29
30 // ajax
31 add_action( 'wp_ajax_acf/validate_save_post', array( $this, 'ajax_validate_save_post' ) );
32 add_action( 'wp_ajax_nopriv_acf/validate_save_post', array( $this, 'ajax_validate_save_post' ) );
33 add_action( 'acf/validate_save_post', array( $this, 'acf_validate_save_post' ), 5 );
34 }
35
36
37 /**
38 * This function will add an error message for a field
39 *
40 * @type function
41 * @date 25/11/2013
42 * @since ACF 5.0.0
43 *
44 * @param string $input name attribute of DOM element.
45 * @param string $message error message.
46 */
47 public function add_error( $input, $message ) {
48
49 // add to array
50 $this->errors[] = array(
51 'input' => $input,
52 'message' => $message,
53 );
54 }
55
56
57 /**
58 * This function will return an error for a given input
59 *
60 * @type function
61 * @date 5/03/2016
62 * @since ACF 5.3.2
63 *
64 * @param string $input name attribute of DOM element.
65 * @return array|bool
66 */
67 public function get_error( $input ) {
68
69 // bail early if no errors
70 if ( empty( $this->errors ) ) {
71 return false;
72 }
73
74 // loop
75 foreach ( $this->errors as $error ) {
76 if ( $error['input'] === $input ) {
77 return $error;
78 }
79 }
80
81 // return
82 return false;
83 }
84
85
86 /**
87 * This function will return validation errors
88 *
89 * @type function
90 * @date 25/11/2013
91 * @since ACF 5.0.0
92 *
93 * @return array|bool
94 */
95 public function get_errors() {
96
97 // bail early if no errors
98 if ( empty( $this->errors ) ) {
99 return false;
100 }
101
102 // return
103 return $this->errors;
104 }
105
106
107 /**
108 * This function will remove all errors
109 *
110 * @type function
111 * @date 4/03/2016
112 * @since ACF 5.3.2
113 *
114 * @return void
115 */
116 public function reset_errors() {
117
118 $this->errors = array();
119 }
120
121 /**
122 * Validates $_POST data via AJAX prior to save.
123 *
124 * @since ACF 5.0.9
125 *
126 * @return void
127 */
128 public function ajax_validate_save_post() {
129 if ( ! acf_verify_ajax() ) {
130 if ( empty( $_REQUEST['nonce'] ) ) {
131 $nonce_error = __( 'SCF was unable to perform validation because no nonce was received by the server.', 'secure-custom-fields' );
132 } else {
133 $nonce_error = __( 'SCF was unable to perform validation because the provided nonce failed verification.', 'secure-custom-fields' );
134 }
135
136 wp_send_json_success(
137 array(
138 'valid' => 0,
139 'errors' => array(
140 array(
141 'input' => false,
142 'message' => __( 'SCF was unable to perform validation due to an invalid security nonce being provided.', 'secure-custom-fields' ),
143 ),
144 ),
145 )
146 );
147 }
148
149 $json = array(
150 'valid' => 1,
151 'errors' => 0,
152 );
153
154 if ( acf_validate_save_post() ) {
155 wp_send_json_success( $json );
156 }
157
158 $json['valid'] = 0;
159 $json['errors'] = acf_get_validation_errors();
160
161 wp_send_json_success( $json );
162 }
163
164 /**
165 * Loops over $_POST data and validates ACF values.
166 *
167 * @since ACF 5.4.0
168 */
169 public function acf_validate_save_post() {
170 // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere.
171 $post_type = acf_request_arg( 'post_type', false );
172 $screen = acf_request_arg( '_acf_screen', false );
173
174 if ( in_array( $screen, array( 'post_type', 'taxonomy', 'ui_options_page' ), true ) && in_array( $post_type, array( 'acf-post-type', 'acf-taxonomy', 'acf-ui-options-page' ), true ) ) {
175 acf_validate_internal_post_type_values( $post_type );
176 } elseif ( acf_request_arg( 'acf_ui_options_page' ) ) {
177 acf_validate_internal_post_type_values( 'acf-ui-options-page' );
178 } else {
179 // Bail early if no matching $_POST.
180 if ( empty( $_POST['acf'] ) ) {
181 return;
182 }
183
184 acf_validate_values( wp_unslash( $_POST['acf'] ), 'acf' ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
185 }
186 // phpcs:enable WordPress.Security.NonceVerification.Missing
187 }
188 }
189
190 // initialize
191 acf()->validation = new acf_validation();
192 endif; // class_exists check
193
194
195 /**
196 * Add validation error.
197 *
198 * Alias of acf()->validation->add_error()
199 *
200 * @type function
201 * @date 6/10/13
202 * @since ACF 5.0.0
203 *
204 * @param string $input name attribute of DOM element.
205 * @param string $message error message.
206 * @return void
207 */
208 function acf_add_validation_error( $input, $message = '' ) {
209 acf()->validation->add_error( $input, $message );
210 }
211
212 /**
213 * Retrieve validation errors.
214 *
215 * Alias of acf()->validation->function()
216 *
217 * @type function
218 * @date 6/10/13
219 * @since ACF 5.0.0
220 *
221 * @return array|bool
222 */
223 function acf_get_validation_errors() {
224 return acf()->validation->get_errors();
225 }
226
227 /**
228 * Get the validation error.
229 *
230 * Alias of acf()->validation->get_error()
231 *
232 * @type function
233 * @date 6/10/13
234 * @since ACF 5.0.0
235 * @since SCF 6.4.1 Added the $input parameter, which is required in the get_error method.
236 *
237 * @param string $input name attribute of DOM element.
238 *
239 * @return string|bool
240 */
241 function acf_get_validation_error( $input ) {
242 return acf()->validation->get_error( $input );
243 }
244
245 /**
246 * Reset Validation errors.
247 *
248 * Alias of acf()->validation->reset_errors()
249 *
250 * @type function
251 * @date 6/10/13
252 * @since ACF 5.0.0
253 *
254 * @return void
255 */
256 function acf_reset_validation_errors() {
257 acf()->validation->reset_errors();
258 }
259
260
261 /**
262 * This function will validate $_POST data and add errors
263 *
264 * @type function
265 * @date 25/11/2013
266 * @since ACF 5.0.0
267 *
268 * @param bool $show_errors if true, errors will be shown via a wp_die screen.
269 * @return bool
270 */
271 function acf_validate_save_post( $show_errors = false ) {
272
273 // action
274 do_action( 'acf/validate_save_post' );
275
276 // vars
277 $errors = acf_get_validation_errors();
278
279 // bail early if no errors
280 if ( ! $errors ) {
281 return true;
282 }
283
284 // show errors
285 if ( $show_errors ) {
286 $message = '<h2>' . __( 'Validation failed', 'secure-custom-fields' ) . '</h2>';
287 $message .= '<ul>';
288 foreach ( $errors as $error ) {
289 $message .= '<li>' . $error['message'] . '</li>';
290 }
291 $message .= '</ul>';
292
293 // die
294 wp_die( acf_esc_html( $message ), esc_html__( 'Validation failed', 'secure-custom-fields' ) );
295 }
296
297 // return
298 return false;
299 }
300
301
302 /**
303 * This function will validate an array of field values
304 *
305 * @type function
306 * @date 6/10/13
307 * @since ACF 5.0.0
308 *
309 * @param array $values An array of field values.
310 * @param string $input_prefix The input element's name attribute.
311 *
312 * @return void
313 */
314 function acf_validate_values( $values, $input_prefix = '' ) {
315
316 // bail early if empty
317 if ( empty( $values ) ) {
318 return;
319 }
320
321 // loop
322 foreach ( $values as $key => $value ) {
323
324 // vars
325 $field = acf_get_field( $key );
326 $input = $input_prefix . '[' . $key . ']';
327
328 // bail early if not found
329 if ( ! $field ) {
330 continue;
331 }
332
333 // validate
334 acf_validate_value( $value, $field, $input );
335 }
336 }
337
338
339 /**
340 * This function will validate a field's value
341 *
342 * @type function
343 * @date 6/10/13
344 * @since ACF 5.0.0
345 *
346 * @param mixed $value The field value to validate.
347 * @param array $field The field array.
348 * @param string $input The input element's name attribute.
349 *
350 * @return boolean
351 */
352 function acf_validate_value( $value, $field, $input ) {
353
354 // vars
355 $valid = true;
356 /* translators: %s: field label */
357 $message = sprintf( __( '%s value is required', 'secure-custom-fields' ), $field['label'] );
358
359 // valid
360 if ( $field['required'] ) {
361
362 // valid is set to false if the value is empty, but allow 0 as a valid value
363 if ( empty( $value ) && ! is_numeric( $value ) ) {
364 $valid = false;
365 }
366 }
367
368 /**
369 * Filters whether the value is valid.
370 *
371 * @date 28/09/13
372 * @since ACF 5.0.0
373 *
374 * @param bool $valid The valid status. Return a string to display a custom error message.
375 * @param mixed $value The value.
376 * @param array $field The field array.
377 * @param string $input The input element's name attribute.
378 */
379 $valid = apply_filters( "acf/validate_value/type={$field['type']}", $valid, $value, $field, $input );
380 $valid = apply_filters( "acf/validate_value/name={$field['_name']}", $valid, $value, $field, $input );
381 $valid = apply_filters( "acf/validate_value/key={$field['key']}", $valid, $value, $field, $input );
382 $valid = apply_filters( 'acf/validate_value', $valid, $value, $field, $input );
383
384 // allow $valid to be a custom error message
385 if ( ! empty( $valid ) && is_string( $valid ) ) {
386 $message = $valid;
387 $valid = false;
388 }
389
390 if ( ! $valid ) {
391 acf_add_validation_error( $input, $message );
392 return false;
393 }
394
395 // return
396 return true;
397 }
398