Blocks
1 month ago
Datastore
1 month ago
Meta
1 year ago
abilities
3 weeks ago
admin
2 months ago
ajax
1 month ago
api
2 weeks ago
fields
2 weeks ago
forms
2 weeks ago
legacy
1 year ago
locations
1 year ago
post-types
2 months ago
rest-api
2 months ago
walkers
1 year ago
acf-bidirectional-functions.php
1 year ago
acf-field-functions.php
2 months ago
acf-field-group-functions.php
7 months ago
acf-form-functions.php
1 year ago
acf-helper-functions.php
1 year ago
acf-hook-functions.php
1 year ago
acf-input-functions.php
7 months ago
acf-internal-post-type-functions.php
7 months ago
acf-meta-functions.php
2 weeks ago
acf-post-functions.php
1 year ago
acf-post-type-functions.php
1 year ago
acf-taxonomy-functions.php
1 year ago
acf-user-functions.php
1 year ago
acf-utility-functions.php
1 year ago
acf-value-functions.php
1 year ago
acf-wp-functions.php
1 year ago
assets.php
1 month ago
blocks-auto-inline-editing.php
2 months ago
blocks.php
2 weeks ago
class-acf-data.php
10 months ago
class-acf-internal-post-type.php
2 months ago
class-acf-options-page.php
1 year ago
class-acf-site-health.php
3 months ago
class-scf-json-schema-validator.php
6 months ago
class-scf-schema-builder.php
2 months ago
compatibility.php
1 year ago
datastore.php
1 month ago
deprecated.php
1 year ago
fields.php
10 months ago
index.php
1 year ago
l10n.php
1 year ago
local-fields.php
1 year ago
local-json.php
1 month ago
local-meta.php
1 year ago
locations.php
1 year ago
loop.php
10 months ago
media.php
1 year ago
rest-api.php
10 months ago
revisions.php
1 month ago
scf-ui-options-page-functions.php
1 year ago
third-party.php
7 months ago
upgrades.php
2 weeks ago
validation.php
10 months ago
wpml.php
1 year ago
validation.php
398 lines
| 1 | <?php // phpcs:disable Universal.Files.SeparateFunctionsFromOO.Mixed, PEAR.NamingConventions.ValidClassName |
| 2 | |
| 3 | if ( ! defined( 'ABSPATH' ) ) { |
| 4 | exit; // Exit if accessed directly |
| 5 | } |
| 6 | |
| 7 | if ( ! class_exists( 'acf_validation' ) ) : |
| 8 | /** |
| 9 | * Validation Class |
| 10 | */ |
| 11 | class acf_validation { |
| 12 | |
| 13 | /** |
| 14 | * Array of errors. |
| 15 | * |
| 16 | * @var array $errors |
| 17 | */ |
| 18 | public $errors = array(); |
| 19 | /** |
| 20 | * This function will setup the class functionality |
| 21 | * |
| 22 | * @type function |
| 23 | * @date 5/03/2014 |
| 24 | * @since ACF 5.0.0 |
| 25 | * |
| 26 | * @return void |
| 27 | */ |
| 28 | public function __construct() { |
| 29 | |
| 30 | // ajax |
| 31 | add_action( 'wp_ajax_acf/validate_save_post', array( $this, 'ajax_validate_save_post' ) ); |
| 32 | add_action( 'wp_ajax_nopriv_acf/validate_save_post', array( $this, 'ajax_validate_save_post' ) ); |
| 33 | add_action( 'acf/validate_save_post', array( $this, 'acf_validate_save_post' ), 5 ); |
| 34 | } |
| 35 | |
| 36 | |
| 37 | /** |
| 38 | * This function will add an error message for a field |
| 39 | * |
| 40 | * @type function |
| 41 | * @date 25/11/2013 |
| 42 | * @since ACF 5.0.0 |
| 43 | * |
| 44 | * @param string $input name attribute of DOM element. |
| 45 | * @param string $message error message. |
| 46 | */ |
| 47 | public function add_error( $input, $message ) { |
| 48 | |
| 49 | // add to array |
| 50 | $this->errors[] = array( |
| 51 | 'input' => $input, |
| 52 | 'message' => $message, |
| 53 | ); |
| 54 | } |
| 55 | |
| 56 | |
| 57 | /** |
| 58 | * This function will return an error for a given input |
| 59 | * |
| 60 | * @type function |
| 61 | * @date 5/03/2016 |
| 62 | * @since ACF 5.3.2 |
| 63 | * |
| 64 | * @param string $input name attribute of DOM element. |
| 65 | * @return array|bool |
| 66 | */ |
| 67 | public function get_error( $input ) { |
| 68 | |
| 69 | // bail early if no errors |
| 70 | if ( empty( $this->errors ) ) { |
| 71 | return false; |
| 72 | } |
| 73 | |
| 74 | // loop |
| 75 | foreach ( $this->errors as $error ) { |
| 76 | if ( $error['input'] === $input ) { |
| 77 | return $error; |
| 78 | } |
| 79 | } |
| 80 | |
| 81 | // return |
| 82 | return false; |
| 83 | } |
| 84 | |
| 85 | |
| 86 | /** |
| 87 | * This function will return validation errors |
| 88 | * |
| 89 | * @type function |
| 90 | * @date 25/11/2013 |
| 91 | * @since ACF 5.0.0 |
| 92 | * |
| 93 | * @return array|bool |
| 94 | */ |
| 95 | public function get_errors() { |
| 96 | |
| 97 | // bail early if no errors |
| 98 | if ( empty( $this->errors ) ) { |
| 99 | return false; |
| 100 | } |
| 101 | |
| 102 | // return |
| 103 | return $this->errors; |
| 104 | } |
| 105 | |
| 106 | |
| 107 | /** |
| 108 | * This function will remove all errors |
| 109 | * |
| 110 | * @type function |
| 111 | * @date 4/03/2016 |
| 112 | * @since ACF 5.3.2 |
| 113 | * |
| 114 | * @return void |
| 115 | */ |
| 116 | public function reset_errors() { |
| 117 | |
| 118 | $this->errors = array(); |
| 119 | } |
| 120 | |
| 121 | /** |
| 122 | * Validates $_POST data via AJAX prior to save. |
| 123 | * |
| 124 | * @since ACF 5.0.9 |
| 125 | * |
| 126 | * @return void |
| 127 | */ |
| 128 | public function ajax_validate_save_post() { |
| 129 | if ( ! acf_verify_ajax() ) { |
| 130 | if ( empty( $_REQUEST['nonce'] ) ) { |
| 131 | $nonce_error = __( 'SCF was unable to perform validation because no nonce was received by the server.', 'secure-custom-fields' ); |
| 132 | } else { |
| 133 | $nonce_error = __( 'SCF was unable to perform validation because the provided nonce failed verification.', 'secure-custom-fields' ); |
| 134 | } |
| 135 | |
| 136 | wp_send_json_success( |
| 137 | array( |
| 138 | 'valid' => 0, |
| 139 | 'errors' => array( |
| 140 | array( |
| 141 | 'input' => false, |
| 142 | 'message' => __( 'SCF was unable to perform validation due to an invalid security nonce being provided.', 'secure-custom-fields' ), |
| 143 | ), |
| 144 | ), |
| 145 | ) |
| 146 | ); |
| 147 | } |
| 148 | |
| 149 | $json = array( |
| 150 | 'valid' => 1, |
| 151 | 'errors' => 0, |
| 152 | ); |
| 153 | |
| 154 | if ( acf_validate_save_post() ) { |
| 155 | wp_send_json_success( $json ); |
| 156 | } |
| 157 | |
| 158 | $json['valid'] = 0; |
| 159 | $json['errors'] = acf_get_validation_errors(); |
| 160 | |
| 161 | wp_send_json_success( $json ); |
| 162 | } |
| 163 | |
| 164 | /** |
| 165 | * Loops over $_POST data and validates ACF values. |
| 166 | * |
| 167 | * @since ACF 5.4.0 |
| 168 | */ |
| 169 | public function acf_validate_save_post() { |
| 170 | // phpcs:disable WordPress.Security.NonceVerification.Missing -- Verified elsewhere. |
| 171 | $post_type = acf_request_arg( 'post_type', false ); |
| 172 | $screen = acf_request_arg( '_acf_screen', false ); |
| 173 | |
| 174 | if ( in_array( $screen, array( 'post_type', 'taxonomy', 'ui_options_page' ), true ) && in_array( $post_type, array( 'acf-post-type', 'acf-taxonomy', 'acf-ui-options-page' ), true ) ) { |
| 175 | acf_validate_internal_post_type_values( $post_type ); |
| 176 | } elseif ( acf_request_arg( 'acf_ui_options_page' ) ) { |
| 177 | acf_validate_internal_post_type_values( 'acf-ui-options-page' ); |
| 178 | } else { |
| 179 | // Bail early if no matching $_POST. |
| 180 | if ( empty( $_POST['acf'] ) ) { |
| 181 | return; |
| 182 | } |
| 183 | |
| 184 | acf_validate_values( wp_unslash( $_POST['acf'] ), 'acf' ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized |
| 185 | } |
| 186 | // phpcs:enable WordPress.Security.NonceVerification.Missing |
| 187 | } |
| 188 | } |
| 189 | |
| 190 | // initialize |
| 191 | acf()->validation = new acf_validation(); |
| 192 | endif; // class_exists check |
| 193 | |
| 194 | |
| 195 | /** |
| 196 | * Add validation error. |
| 197 | * |
| 198 | * Alias of acf()->validation->add_error() |
| 199 | * |
| 200 | * @type function |
| 201 | * @date 6/10/13 |
| 202 | * @since ACF 5.0.0 |
| 203 | * |
| 204 | * @param string $input name attribute of DOM element. |
| 205 | * @param string $message error message. |
| 206 | * @return void |
| 207 | */ |
| 208 | function acf_add_validation_error( $input, $message = '' ) { |
| 209 | acf()->validation->add_error( $input, $message ); |
| 210 | } |
| 211 | |
| 212 | /** |
| 213 | * Retrieve validation errors. |
| 214 | * |
| 215 | * Alias of acf()->validation->function() |
| 216 | * |
| 217 | * @type function |
| 218 | * @date 6/10/13 |
| 219 | * @since ACF 5.0.0 |
| 220 | * |
| 221 | * @return array|bool |
| 222 | */ |
| 223 | function acf_get_validation_errors() { |
| 224 | return acf()->validation->get_errors(); |
| 225 | } |
| 226 | |
| 227 | /** |
| 228 | * Get the validation error. |
| 229 | * |
| 230 | * Alias of acf()->validation->get_error() |
| 231 | * |
| 232 | * @type function |
| 233 | * @date 6/10/13 |
| 234 | * @since ACF 5.0.0 |
| 235 | * @since SCF 6.4.1 Added the $input parameter, which is required in the get_error method. |
| 236 | * |
| 237 | * @param string $input name attribute of DOM element. |
| 238 | * |
| 239 | * @return string|bool |
| 240 | */ |
| 241 | function acf_get_validation_error( $input ) { |
| 242 | return acf()->validation->get_error( $input ); |
| 243 | } |
| 244 | |
| 245 | /** |
| 246 | * Reset Validation errors. |
| 247 | * |
| 248 | * Alias of acf()->validation->reset_errors() |
| 249 | * |
| 250 | * @type function |
| 251 | * @date 6/10/13 |
| 252 | * @since ACF 5.0.0 |
| 253 | * |
| 254 | * @return void |
| 255 | */ |
| 256 | function acf_reset_validation_errors() { |
| 257 | acf()->validation->reset_errors(); |
| 258 | } |
| 259 | |
| 260 | |
| 261 | /** |
| 262 | * This function will validate $_POST data and add errors |
| 263 | * |
| 264 | * @type function |
| 265 | * @date 25/11/2013 |
| 266 | * @since ACF 5.0.0 |
| 267 | * |
| 268 | * @param bool $show_errors if true, errors will be shown via a wp_die screen. |
| 269 | * @return bool |
| 270 | */ |
| 271 | function acf_validate_save_post( $show_errors = false ) { |
| 272 | |
| 273 | // action |
| 274 | do_action( 'acf/validate_save_post' ); |
| 275 | |
| 276 | // vars |
| 277 | $errors = acf_get_validation_errors(); |
| 278 | |
| 279 | // bail early if no errors |
| 280 | if ( ! $errors ) { |
| 281 | return true; |
| 282 | } |
| 283 | |
| 284 | // show errors |
| 285 | if ( $show_errors ) { |
| 286 | $message = '<h2>' . __( 'Validation failed', 'secure-custom-fields' ) . '</h2>'; |
| 287 | $message .= '<ul>'; |
| 288 | foreach ( $errors as $error ) { |
| 289 | $message .= '<li>' . $error['message'] . '</li>'; |
| 290 | } |
| 291 | $message .= '</ul>'; |
| 292 | |
| 293 | // die |
| 294 | wp_die( acf_esc_html( $message ), esc_html__( 'Validation failed', 'secure-custom-fields' ) ); |
| 295 | } |
| 296 | |
| 297 | // return |
| 298 | return false; |
| 299 | } |
| 300 | |
| 301 | |
| 302 | /** |
| 303 | * This function will validate an array of field values |
| 304 | * |
| 305 | * @type function |
| 306 | * @date 6/10/13 |
| 307 | * @since ACF 5.0.0 |
| 308 | * |
| 309 | * @param array $values An array of field values. |
| 310 | * @param string $input_prefix The input element's name attribute. |
| 311 | * |
| 312 | * @return void |
| 313 | */ |
| 314 | function acf_validate_values( $values, $input_prefix = '' ) { |
| 315 | |
| 316 | // bail early if empty |
| 317 | if ( empty( $values ) ) { |
| 318 | return; |
| 319 | } |
| 320 | |
| 321 | // loop |
| 322 | foreach ( $values as $key => $value ) { |
| 323 | |
| 324 | // vars |
| 325 | $field = acf_get_field( $key ); |
| 326 | $input = $input_prefix . '[' . $key . ']'; |
| 327 | |
| 328 | // bail early if not found |
| 329 | if ( ! $field ) { |
| 330 | continue; |
| 331 | } |
| 332 | |
| 333 | // validate |
| 334 | acf_validate_value( $value, $field, $input ); |
| 335 | } |
| 336 | } |
| 337 | |
| 338 | |
| 339 | /** |
| 340 | * This function will validate a field's value |
| 341 | * |
| 342 | * @type function |
| 343 | * @date 6/10/13 |
| 344 | * @since ACF 5.0.0 |
| 345 | * |
| 346 | * @param mixed $value The field value to validate. |
| 347 | * @param array $field The field array. |
| 348 | * @param string $input The input element's name attribute. |
| 349 | * |
| 350 | * @return boolean |
| 351 | */ |
| 352 | function acf_validate_value( $value, $field, $input ) { |
| 353 | |
| 354 | // vars |
| 355 | $valid = true; |
| 356 | /* translators: %s: field label */ |
| 357 | $message = sprintf( __( '%s value is required', 'secure-custom-fields' ), $field['label'] ); |
| 358 | |
| 359 | // valid |
| 360 | if ( $field['required'] ) { |
| 361 | |
| 362 | // valid is set to false if the value is empty, but allow 0 as a valid value |
| 363 | if ( empty( $value ) && ! is_numeric( $value ) ) { |
| 364 | $valid = false; |
| 365 | } |
| 366 | } |
| 367 | |
| 368 | /** |
| 369 | * Filters whether the value is valid. |
| 370 | * |
| 371 | * @date 28/09/13 |
| 372 | * @since ACF 5.0.0 |
| 373 | * |
| 374 | * @param bool $valid The valid status. Return a string to display a custom error message. |
| 375 | * @param mixed $value The value. |
| 376 | * @param array $field The field array. |
| 377 | * @param string $input The input element's name attribute. |
| 378 | */ |
| 379 | $valid = apply_filters( "acf/validate_value/type={$field['type']}", $valid, $value, $field, $input ); |
| 380 | $valid = apply_filters( "acf/validate_value/name={$field['_name']}", $valid, $value, $field, $input ); |
| 381 | $valid = apply_filters( "acf/validate_value/key={$field['key']}", $valid, $value, $field, $input ); |
| 382 | $valid = apply_filters( 'acf/validate_value', $valid, $value, $field, $input ); |
| 383 | |
| 384 | // allow $valid to be a custom error message |
| 385 | if ( ! empty( $valid ) && is_string( $valid ) ) { |
| 386 | $message = $valid; |
| 387 | $valid = false; |
| 388 | } |
| 389 | |
| 390 | if ( ! $valid ) { |
| 391 | acf_add_validation_error( $input, $message ); |
| 392 | return false; |
| 393 | } |
| 394 | |
| 395 | // return |
| 396 | return true; |
| 397 | } |
| 398 |