Addons.php
1 year ago
Admin.php
1 year ago
Ajax.php
1 year ago
Announcements.php
1 year ago
Assets.php
1 year ago
Backend_Page_Trait.php
1 year ago
BaseController.php
1 year ago
Course.php
1 year ago
Course_Embed.php
3 years ago
Course_Filter.php
1 year ago
Course_List.php
1 year ago
Course_Settings_Tabs.php
1 year ago
Course_Widget.php
3 years ago
Custom_Validation.php
3 years ago
Dashboard.php
1 year ago
Earnings.php
1 year ago
FormHandler.php
2 years ago
Frontend.php
1 year ago
Gutenberg.php
1 year ago
Input.php
1 year ago
Instructor.php
1 year ago
Instructors_List.php
1 year ago
Lesson.php
1 year ago
Options_V2.php
1 year ago
Permalink.php
2 years ago
Post_types.php
2 years ago
Private_Course_Access.php
1 year ago
Q_And_A.php
1 year ago
Question_Answers_List.php
3 years ago
Quiz.php
1 year ago
QuizBuilder.php
1 year ago
Quiz_Attempts_List.php
1 year ago
RestAPI.php
2 years ago
Reviews.php
3 years ago
Rewrite_Rules.php
2 years ago
Shortcode.php
1 year ago
Singleton.php
1 year ago
Student.php
1 year ago
Students_List.php
3 years ago
Taxonomies.php
3 years ago
Template.php
1 year ago
Theme_Compatibility.php
3 years ago
Tools.php
3 years ago
Tools_V2.php
1 year ago
Tutor.php
1 year ago
TutorEDD.php
1 year ago
Tutor_Base.php
2 years ago
Tutor_Setup.php
1 year ago
Upgrader.php
1 year ago
User.php
1 year ago
Utils.php
1 year ago
Video_Stream.php
3 years ago
WhatsNew.php
2 years ago
Withdraw.php
1 year ago
Withdraw_Requests_List.php
1 year ago
WooCommerce.php
1 year ago
Input.php
322 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Input class for sanitize GET and POST request |
| 4 | * |
| 5 | * @package Tutor |
| 6 | * @author Themeum <support@themeum.com> |
| 7 | * @link https://themeum.com |
| 8 | * @since 2.0.2 |
| 9 | */ |
| 10 | |
| 11 | namespace TUTOR; |
| 12 | |
| 13 | if ( ! defined( 'ABSPATH' ) ) { |
| 14 | exit; |
| 15 | } |
| 16 | /** |
| 17 | * Input class |
| 18 | * |
| 19 | * @since 2.0.2 |
| 20 | */ |
| 21 | class Input { |
| 22 | |
| 23 | const TYPE_STRING = 'string'; |
| 24 | const TYPE_INT = 'int'; |
| 25 | const TYPE_NUMERIC = 'numeric'; |
| 26 | const TYPE_BOOL = 'bool'; |
| 27 | const TYPE_ARRAY = 'array'; |
| 28 | const TYPE_TEXTAREA = 'textarea'; |
| 29 | const TYPE_KSES_POST = 'kses-post'; |
| 30 | |
| 31 | private const GET_REQUEST = 'get'; |
| 32 | private const POST_REQUEST = 'post'; |
| 33 | |
| 34 | /** |
| 35 | * Common data sanitizer method |
| 36 | * |
| 37 | * @since 2.0.2 |
| 38 | * |
| 39 | * @param string $value input value. |
| 40 | * @param string $default default value if input key is not exit. |
| 41 | * @param string $type Default is Input::TYPE_STRING. |
| 42 | * @param boolean $trim remove blank splace from start and end. |
| 43 | * @param string $request_method request method get or post. |
| 44 | * |
| 45 | * @return mixed |
| 46 | */ |
| 47 | private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) { |
| 48 | $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true ); |
| 49 | $key = null; |
| 50 | |
| 51 | //phpcs:disable WordPress.Security.NonceVerification |
| 52 | if ( $is_input_request ) { |
| 53 | $key = $value; |
| 54 | if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) { |
| 55 | if ( self::TYPE_ARRAY === $type ) { |
| 56 | return is_array( $default ) ? $default : array(); |
| 57 | } else { |
| 58 | return $default; |
| 59 | } |
| 60 | } |
| 61 | if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) { |
| 62 | if ( self::TYPE_ARRAY === $type ) { |
| 63 | return is_array( $default ) ? $default : array(); |
| 64 | } else { |
| 65 | return $default; |
| 66 | } |
| 67 | } |
| 68 | } |
| 69 | |
| 70 | $sanitized_value = null; |
| 71 | |
| 72 | switch ( $type ) { |
| 73 | case self::TYPE_STRING: |
| 74 | case self::TYPE_INT: |
| 75 | case self::TYPE_NUMERIC: |
| 76 | case self::TYPE_BOOL: |
| 77 | default: |
| 78 | $sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) ); |
| 79 | if ( self::TYPE_INT === $type ) { |
| 80 | $sanitized_value = (int) $sanitized_value; |
| 81 | } |
| 82 | if ( self::TYPE_NUMERIC === $type ) { |
| 83 | $sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0; |
| 84 | } |
| 85 | if ( self::TYPE_BOOL === $type ) { |
| 86 | $sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true ); |
| 87 | } |
| 88 | |
| 89 | break; |
| 90 | |
| 91 | case self::TYPE_ARRAY: |
| 92 | if ( ! is_array( $default ) ) { |
| 93 | $sanitized_value = array(); |
| 94 | } else { |
| 95 | $sanitized_value = array_map( |
| 96 | 'sanitize_text_field', |
| 97 | wp_unslash( |
| 98 | is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) |
| 99 | ? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) |
| 100 | : $default |
| 101 | ) |
| 102 | ); |
| 103 | } |
| 104 | |
| 105 | break; |
| 106 | |
| 107 | case self::TYPE_TEXTAREA: |
| 108 | $sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) ); |
| 109 | break; |
| 110 | |
| 111 | case self::TYPE_KSES_POST: |
| 112 | $sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) ); |
| 113 | break; |
| 114 | |
| 115 | } |
| 116 | |
| 117 | //phpcs:enable WordPress.Security.NonceVerification |
| 118 | |
| 119 | if ( $trim ) { |
| 120 | if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) { |
| 121 | $sanitized_value = array_map( 'trim', $sanitized_value ); |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) { |
| 126 | $final_array = array(); |
| 127 | $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 ); |
| 128 | |
| 129 | foreach ( $sanitized_value as $input_key => $input_value ) { |
| 130 | /** |
| 131 | * Sanitize array key if array is assoc. |
| 132 | * When from form submit like person['name'], person['age'] etc |
| 133 | */ |
| 134 | if ( $is_assoc ) { |
| 135 | $input_key = sanitize_text_field( wp_unslash( $input_key ) ); |
| 136 | } |
| 137 | |
| 138 | if ( is_numeric( $input_value ) ) { |
| 139 | $input_value = $input_value + 0; |
| 140 | } |
| 141 | |
| 142 | $final_array[ $input_key ] = $input_value; |
| 143 | } |
| 144 | |
| 145 | $sanitized_value = $final_array; |
| 146 | |
| 147 | } |
| 148 | |
| 149 | return $sanitized_value; |
| 150 | |
| 151 | } |
| 152 | |
| 153 | /** |
| 154 | * Dynamically get value |
| 155 | * |
| 156 | * @since 2.2.0 |
| 157 | * |
| 158 | * @param string $request_method detect called from get or post method. |
| 159 | * @param array $get GET superglobal. |
| 160 | * @param array $post POST superglobal. |
| 161 | * @param string $key GET or POST input key name. |
| 162 | * @param string $value value of variable or DB value. |
| 163 | * |
| 164 | * @return mixed |
| 165 | */ |
| 166 | private static function get_value( $request_method, $get, $post, $key, $value ) { |
| 167 | return self::GET_REQUEST === $request_method |
| 168 | ? $get[ $key ] |
| 169 | : ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value ); |
| 170 | } |
| 171 | |
| 172 | /** |
| 173 | * Sanitize value |
| 174 | * |
| 175 | * @since 2.0.2 |
| 176 | * |
| 177 | * @param string $value input value. |
| 178 | * @param string $default default value if input key is not exit. |
| 179 | * @param string $type Default is Input::TYPE_STRING. |
| 180 | * @param boolean $trim remove blank splace from start and end. |
| 181 | * |
| 182 | * @return mixed |
| 183 | */ |
| 184 | public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) { |
| 185 | return self::data_sanitizer( $value, $default, $type, $trim ); |
| 186 | } |
| 187 | |
| 188 | /** |
| 189 | * Get input value from GET request |
| 190 | * |
| 191 | * @param string $key $_GET request key. |
| 192 | * @param mixed $default default value if input key is not exit. |
| 193 | * @param string $type input type. Default is Input::TYPE_STRING. |
| 194 | * @param boolean $trim remove blank splace from start and end. |
| 195 | * |
| 196 | * @return mixed |
| 197 | */ |
| 198 | public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) { |
| 199 | return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST ); |
| 200 | } |
| 201 | |
| 202 | /** |
| 203 | * Get input value from POST request |
| 204 | * |
| 205 | * @since 2.0.2 |
| 206 | * |
| 207 | * @param string $key $_POST request key. |
| 208 | * @param mixed $default default value if input key is not exit. |
| 209 | * @param string $type input type. Default is Input::TYPE_STRING. |
| 210 | * @param boolean $trim remove blank splace from start and end. |
| 211 | * @return mixed |
| 212 | */ |
| 213 | public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) { |
| 214 | return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST ); |
| 215 | } |
| 216 | |
| 217 | /** |
| 218 | * Check input has key or not |
| 219 | * |
| 220 | * @since 2.0.2 |
| 221 | * |
| 222 | * @param string $key input key name. |
| 223 | * @return boolean |
| 224 | */ |
| 225 | public static function has( $key ) { |
| 226 | //phpcs:ignore WordPress.Security.NonceVerification |
| 227 | return isset( $_REQUEST[ $key ] ); |
| 228 | } |
| 229 | |
| 230 | /** |
| 231 | * Sanitize & unslash a request data |
| 232 | * |
| 233 | * @since 2.1.3 |
| 234 | * |
| 235 | * @param string $key a request key. |
| 236 | * @param mixed $default_value a default value if key not exists. |
| 237 | * |
| 238 | * @return mixed |
| 239 | */ |
| 240 | public static function sanitize_request_data( string $key, $default_value = '' ) { |
| 241 | if ( self::has( $key ) ) { |
| 242 | return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore |
| 243 | } |
| 244 | return $default_value; |
| 245 | } |
| 246 | |
| 247 | /** |
| 248 | * Sanitize array, single or multi dimensional array |
| 249 | * Explicitly setup how should a value sanitize by the |
| 250 | * sanitize function. |
| 251 | * |
| 252 | * @since 2.1.3 |
| 253 | * |
| 254 | * @see available sanitize func |
| 255 | * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/ |
| 256 | * |
| 257 | * @param array $input array to sanitize. |
| 258 | * @param array $sanitize_mapping single dimensional map key value |
| 259 | * pair to set up sanitization process. Key name should by inside |
| 260 | * input array and the value will be callable func. |
| 261 | * For ex: [key1 => sanitize_email, key2 => wp_kses_post ] |
| 262 | * |
| 263 | * If key not passed then default sanitize_text_field will be used. |
| 264 | * |
| 265 | * @param bool $allow_iframe if set true then iframe tag will be allowed. |
| 266 | * |
| 267 | * @return array |
| 268 | */ |
| 269 | public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ):array { |
| 270 | $array = array(); |
| 271 | |
| 272 | if ( $allow_iframe ) { |
| 273 | add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 ); |
| 274 | } |
| 275 | |
| 276 | if ( is_array( $input ) && count( $input ) ) { |
| 277 | foreach ( $input as $key => $value ) { |
| 278 | if ( is_array( $value ) ) { |
| 279 | $array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe ); |
| 280 | } else { |
| 281 | $key = sanitize_text_field( $key ); |
| 282 | |
| 283 | // If mapping exists then use callback. |
| 284 | if ( isset( $sanitize_mapping[ $key ] ) ) { |
| 285 | $callback = $sanitize_mapping[ $key ]; |
| 286 | $value = call_user_func( $callback, wp_unslash( $value ) ); |
| 287 | } else { |
| 288 | $value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) ); |
| 289 | } |
| 290 | $array[ $key ] = $value; |
| 291 | } |
| 292 | } |
| 293 | } |
| 294 | return is_array( $array ) && count( $array ) ? $array : array(); |
| 295 | } |
| 296 | |
| 297 | /** |
| 298 | * This method is used with wp_kses_allowed_html filter |
| 299 | * to allow iframe |
| 300 | * |
| 301 | * @since 2.1.3 |
| 302 | * |
| 303 | * @param array $tags allowed HTML tags. |
| 304 | * @param string $context context name. |
| 305 | * |
| 306 | * @return array |
| 307 | */ |
| 308 | public static function allow_iframe( $tags, $context ) { |
| 309 | $tags['iframe'] = array( |
| 310 | 'src' => true, |
| 311 | 'title' => true, |
| 312 | 'height' => true, |
| 313 | 'width' => true, |
| 314 | 'frameborder' => true, |
| 315 | 'allowfullscreen' => true, |
| 316 | 'allow' => true, |
| 317 | 'style' => true, |
| 318 | ); |
| 319 | return $tags; |
| 320 | } |
| 321 | } |
| 322 |