PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 2.1.5
Tutor LMS – eLearning and online course solution v2.1.5
3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / classes / Input.php
tutor / classes Last commit date
Addons.php 3 years ago Admin.php 3 years ago Ajax.php 3 years ago Announcements.php 3 years ago Assets.php 3 years ago Backend_Page_Trait.php 3 years ago Course.php 3 years ago Course_Embed.php 3 years ago Course_Filter.php 3 years ago Course_List.php 3 years ago Course_Settings_Tabs.php 3 years ago Course_Widget.php 3 years ago Custom_Validation.php 3 years ago Dashboard.php 3 years ago FormHandler.php 3 years ago Frontend.php 3 years ago Gutenberg.php 3 years ago Input.php 3 years ago Instructor.php 3 years ago Instructors_List.php 3 years ago Lesson.php 3 years ago Options_V2.php 3 years ago Post_types.php 3 years ago Private_Course_Access.php 3 years ago Q_and_A.php 3 years ago Question_Answers_List.php 3 years ago Quiz.php 3 years ago Quiz_Attempts_List.php 3 years ago RestAPI.php 3 years ago Reviews.php 3 years ago Rewrite_Rules.php 3 years ago Shortcode.php 3 years ago Student.php 3 years ago Students_List.php 3 years ago Taxonomies.php 3 years ago Template.php 3 years ago Theme_Compatibility.php 3 years ago Tools.php 3 years ago Tools_V2.php 3 years ago Tutor.php 3 years ago TutorEDD.php 3 years ago Tutor_Base.php 3 years ago Tutor_Setup.php 3 years ago Upgrader.php 3 years ago User.php 3 years ago Utils.php 3 years ago Video_Stream.php 3 years ago Withdraw.php 3 years ago Withdraw_Requests_List.php 3 years ago WooCommerce.php 3 years ago
Input.php
305 lines
1 <?php
2 /**
3 * Input class for sanitize GET and POST request
4 *
5 * @package Tutor
6 * @author Themeum <support@themeum.com>
7 * @link https://themeum.com
8 * @since 2.0.2
9 */
10
11 namespace TUTOR;
12
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16 /**
17 * Input class
18 *
19 * @since 2.0.2
20 */
21 class Input {
22
23 const TYPE_STRING = 'string';
24 const TYPE_INT = 'int';
25 const TYPE_NUMERIC = 'numeric';
26 const TYPE_BOOL = 'bool';
27 const TYPE_ARRAY = 'array';
28 const TYPE_TEXTAREA = 'textarea';
29 const TYPE_KSES_POST = 'kses-post';
30
31 private const GET_REQUEST = 'get';
32 private const POST_REQUEST = 'post';
33
34 /**
35 * Common data sanitizer method
36 *
37 * @since 2.0.2
38 *
39 * @param string $value input value.
40 * @param string $default default value if input key is not exit.
41 * @param string $type Default is Input::TYPE_STRING.
42 * @param boolean $trim remove blank splace from start and end.
43 * @param string $request_method request method get or post.
44 *
45 * @return mixed
46 */
47 private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) {
48 $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true );
49 $key = null;
50
51 //phpcs:disable WordPress.Security.NonceVerification
52 if ( $is_input_request ) {
53 $key = $value;
54 if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) {
55 if ( self::TYPE_ARRAY === $type ) {
56 return is_array( $default ) ? $default : array();
57 } else {
58 return $default;
59 }
60 }
61 if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) {
62 if ( self::TYPE_ARRAY === $type ) {
63 return is_array( $default ) ? $default : array();
64 } else {
65 return $default;
66 }
67 }
68 }
69
70 $sanitized_value = null;
71
72 switch ( $type ) {
73 case self::TYPE_INT:
74 $sanitized_value = (int) sanitize_text_field( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) );
75 break;
76
77 case self::TYPE_NUMERIC:
78 $input = sanitize_text_field( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) );
79 $sanitized_value = is_numeric( $input ) ? $input + 0 : 0;
80 break;
81
82 case self::TYPE_BOOL:
83 $sanitized_value = in_array( strtolower( sanitize_text_field( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) ) ), array( '1', 'true', 'on' ), true );
84 break;
85
86 case self::TYPE_STRING:
87 $sanitized_value = sanitize_text_field( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) );
88 break;
89 case self::TYPE_ARRAY:
90 if ( ! is_array( $default ) ) {
91 $sanitized_value = array();
92 } else {
93 $sanitized_value = array_map(
94 'sanitize_text_field',
95 wp_unslash(
96 is_array( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) //phpcs:ignore
97 ? ( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) //phpcs:ignore
98 : $default
99 )
100 );
101 }
102
103 break;
104
105 case self::TYPE_TEXTAREA:
106 $sanitized_value = sanitize_textarea_field( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) );
107 break;
108
109 case self::TYPE_KSES_POST:
110 $sanitized_value = wp_kses_post( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) );
111 break;
112
113 default:
114 $sanitized_value = sanitize_text_field( wp_unslash( self::GET_REQUEST === $request_method ? $_GET[ $key ] : ( self::POST_REQUEST === $request_method ? $_POST[ $key ] : $value ) ) );
115 break;
116 }
117
118 //phpcs:enable WordPress.Security.NonceVerification
119
120 if ( $trim ) {
121 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
122 $sanitized_value = array_map( 'trim', $sanitized_value );
123 }
124 }
125
126 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
127 $final_array = array();
128 $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 );
129
130 foreach ( $sanitized_value as $input_key => $input_value ) {
131 /**
132 * Sanitize array key if array is assoc.
133 * When from form submit like person['name'], person['age'] etc
134 */
135 if ( $is_assoc ) {
136 $input_key = sanitize_text_field( wp_unslash( $input_key ) );
137 }
138
139 if ( is_numeric( $input_value ) ) {
140 $input_value = $input_value + 0;
141 }
142
143 $final_array[ $input_key ] = $input_value;
144 }
145
146 $sanitized_value = $final_array;
147
148 }
149
150 return $sanitized_value;
151
152 }
153
154 /**
155 * Sanitize value
156 *
157 * @since 2.0.2
158 *
159 * @param string $value input value.
160 * @param string $default default value if input key is not exit.
161 * @param string $type Default is Input::TYPE_STRING.
162 * @param boolean $trim remove blank splace from start and end.
163 *
164 * @return mixed
165 */
166 public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) {
167 return self::data_sanitizer( $value, $default, $type, $trim );
168 }
169
170 /**
171 * Get input value from GET request
172 *
173 * @param string $key $_GET request key.
174 * @param mixed $default default value if input key is not exit.
175 * @param string $type input type. Default is Input::TYPE_STRING.
176 * @param boolean $trim remove blank splace from start and end.
177 *
178 * @return mixed
179 */
180 public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
181 return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST );
182 }
183
184 /**
185 * Get input value from POST request
186 *
187 * @since 2.0.2
188 *
189 * @param string $key $_POST request key.
190 * @param mixed $default default value if input key is not exit.
191 * @param string $type input type. Default is Input::TYPE_STRING.
192 * @param boolean $trim remove blank splace from start and end.
193 * @return mixed
194 */
195 public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
196 return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST );
197 }
198
199 /**
200 * Check input has key or not
201 *
202 * @since 2.0.2
203 *
204 * @param string $key input key name.
205 * @return boolean
206 */
207 public static function has( $key ) {
208 //phpcs:ignore WordPress.Security.NonceVerification
209 return isset( $_REQUEST[ $key ] );
210 }
211
212 /**
213 * Sanitize & unslash a request data
214 *
215 * @since 2.1.3
216 *
217 * @param string $key a request key.
218 * @param mixed $default_value a default value if key not exists.
219 *
220 * @return mixed
221 */
222 public static function sanitize_request_data( string $key, $default_value = '' ) {
223 if ( self::has( $key ) ) {
224 return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore
225 }
226 return $default_value;
227 }
228
229 /**
230 * Sanitize array, single or multi dimensional array
231 * Explicitly setup how should a value sanitize by the
232 * sanitize function.
233 *
234 * @since 2.1.3
235 *
236 * @see available sanitize func
237 * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
238 *
239 * @param array $input array to sanitize.
240 * @param array $sanitize_mapping single dimensional map key value
241 * pair to set up sanitization process. Key name should by inside
242 * input array and the value will be callable func.
243 * For ex: [key1 => sanitize_email, key2 => wp_kses_post ]
244 *
245 * If key not passed then default sanitize_text_field will be used.
246 *
247 * @param bool $allow_iframe if set true then iframe tag will be
248 * allowed.
249 *
250 * @return array
251 */
252 public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ):array {
253 $array = array();
254
255 if ( $allow_iframe ) {
256 add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 );
257 }
258
259 if ( is_array( $input ) && count( $input ) ) {
260 foreach ( $input as $key => $value ) {
261 if ( is_array( $value ) ) {
262 $array[ $key ] = self::sanitize_array( $value );
263 } else {
264 $key = sanitize_text_field( $key );
265
266 // If mapping exists then use callback.
267 if ( isset( $sanitize_mapping[ $key ] ) ) {
268 $callback = $sanitize_mapping[ $key ];
269 $value = call_user_func( $callback, wp_unslash( $value ) );
270 } else {
271 $value = sanitize_text_field( wp_unslash( $value ) );
272 }
273 $array[ $key ] = $value;
274 }
275 }
276 }
277 return is_array( $array ) && count( $array ) ? $array : array();
278 }
279
280 /**
281 * This method is used with wp_kses_allowed_html filter
282 * to allow iframe
283 *
284 * @since 2.1.3
285 *
286 * @param array $tags allowed HTML tags.
287 * @param string $context context name.
288 *
289 * @return array
290 */
291 public static function allow_iframe( $tags, $context ) {
292 $tags['iframe'] = array(
293 'src' => true,
294 'title' => true,
295 'height' => true,
296 'width' => true,
297 'frameborder' => true,
298 'allowfullscreen' => true,
299 'allow' => true,
300 'style' => true,
301 );
302 return $tags;
303 }
304 }
305