PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 3.4.1
Tutor LMS – eLearning and online course solution v3.4.1
3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / classes / Input.php
tutor / classes Last commit date
Addons.php 1 year ago Admin.php 1 year ago Ajax.php 1 year ago Announcements.php 1 year ago Assets.php 1 year ago Backend_Page_Trait.php 1 year ago BaseController.php 1 year ago Course.php 1 year ago Course_Embed.php 3 years ago Course_Filter.php 1 year ago Course_List.php 1 year ago Course_Settings_Tabs.php 1 year ago Course_Widget.php 1 year ago Custom_Validation.php 3 years ago Dashboard.php 1 year ago Earnings.php 1 year ago FormHandler.php 2 years ago Frontend.php 1 year ago Gutenberg.php 1 year ago Input.php 1 year ago Instructor.php 1 year ago Instructors_List.php 1 year ago Lesson.php 1 year ago Options_V2.php 1 year ago Permalink.php 2 years ago Post_types.php 1 year ago Private_Course_Access.php 1 year ago Q_And_A.php 1 year ago Question_Answers_List.php 3 years ago Quiz.php 1 year ago QuizBuilder.php 1 year ago Quiz_Attempts_List.php 1 year ago RestAPI.php 2 years ago Reviews.php 3 years ago Rewrite_Rules.php 2 years ago Shortcode.php 1 year ago Singleton.php 1 year ago Student.php 1 year ago Students_List.php 1 year ago Taxonomies.php 1 year ago Template.php 1 year ago Theme_Compatibility.php 3 years ago Tools.php 1 year ago Tools_V2.php 1 year ago Tutor.php 1 year ago TutorEDD.php 1 year ago Tutor_Base.php 2 years ago Tutor_Setup.php 1 year ago Upgrader.php 1 year ago User.php 1 year ago Utils.php 1 year ago Video_Stream.php 3 years ago WhatsNew.php 2 years ago Withdraw.php 1 year ago Withdraw_Requests_List.php 1 year ago WooCommerce.php 1 year ago
Input.php
363 lines
1 <?php
2 /**
3 * Input class for sanitize GET and POST request
4 *
5 * @package Tutor
6 * @author Themeum <support@themeum.com>
7 * @link https://themeum.com
8 * @since 2.0.2
9 */
10
11 namespace TUTOR;
12
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16 /**
17 * Input class
18 *
19 * @since 2.0.2
20 */
21 class Input {
22
23 const TYPE_STRING = 'string';
24 const TYPE_INT = 'int';
25 const TYPE_NUMERIC = 'numeric';
26 const TYPE_BOOL = 'bool';
27 const TYPE_ARRAY = 'array';
28 const TYPE_TEXTAREA = 'textarea';
29 const TYPE_KSES_POST = 'kses-post';
30
31 private const GET_REQUEST = 'get';
32 private const POST_REQUEST = 'post';
33
34 /**
35 * Common data sanitizer method
36 *
37 * @since 2.0.2
38 *
39 * @param string $value input value.
40 * @param string $default default value if input key is not exit.
41 * @param string $type Default is Input::TYPE_STRING.
42 * @param boolean $trim remove blank splace from start and end.
43 * @param string $request_method request method get or post.
44 *
45 * @return mixed
46 */
47 private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) {
48 $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true );
49 $key = null;
50
51 //phpcs:disable WordPress.Security.NonceVerification
52 if ( $is_input_request ) {
53 $key = $value;
54 if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) {
55 if ( self::TYPE_ARRAY === $type ) {
56 return is_array( $default ) ? $default : array();
57 } else {
58 return $default;
59 }
60 }
61 if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) {
62 if ( self::TYPE_ARRAY === $type ) {
63 return is_array( $default ) ? $default : array();
64 } else {
65 return $default;
66 }
67 }
68 }
69
70 $sanitized_value = null;
71
72 switch ( $type ) {
73 case self::TYPE_STRING:
74 case self::TYPE_INT:
75 case self::TYPE_NUMERIC:
76 case self::TYPE_BOOL:
77 default:
78 $sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
79 if ( self::TYPE_INT === $type ) {
80 $sanitized_value = (int) $sanitized_value;
81 }
82 if ( self::TYPE_NUMERIC === $type ) {
83 $sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0;
84 }
85 if ( self::TYPE_BOOL === $type ) {
86 $sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true );
87 }
88
89 break;
90
91 case self::TYPE_ARRAY:
92 if ( ! is_array( $default ) ) {
93 $sanitized_value = array();
94 } else {
95 $sanitized_value = array_map(
96 'sanitize_text_field',
97 wp_unslash(
98 is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
99 ? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
100 : $default
101 )
102 );
103 }
104
105 break;
106
107 case self::TYPE_TEXTAREA:
108 $sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
109 break;
110
111 case self::TYPE_KSES_POST:
112 $sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
113 break;
114
115 }
116
117 //phpcs:enable WordPress.Security.NonceVerification
118
119 if ( $trim ) {
120 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
121 $sanitized_value = array_map( 'trim', $sanitized_value );
122 }
123 }
124
125 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
126 $final_array = array();
127 $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 );
128
129 foreach ( $sanitized_value as $input_key => $input_value ) {
130 /**
131 * Sanitize array key if array is assoc.
132 * When from form submit like person['name'], person['age'] etc
133 */
134 if ( $is_assoc ) {
135 $input_key = sanitize_text_field( wp_unslash( $input_key ) );
136 }
137
138 if ( is_numeric( $input_value ) ) {
139 $input_value = $input_value + 0;
140 }
141
142 $final_array[ $input_key ] = $input_value;
143 }
144
145 $sanitized_value = $final_array;
146
147 }
148
149 return $sanitized_value;
150
151 }
152
153 /**
154 * Sanitize tutor text editor text
155 *
156 * @since 3.4.1
157 *
158 * @param string $field_name input value.
159 *
160 * @return string
161 */
162 public static function sanitize_tutor_editor_content( $field_name ) {
163 $supported_tags = array(
164 'p' => array(),
165 'br' => array(),
166 'span' => array(
167 'style' => true,
168 ),
169 'strong' => array(),
170 'b' => array(),
171 'em' => array(),
172 'i' => array(),
173 'u' => array(),
174 'blockquote' => array(),
175 'ul' => array(),
176 'ol' => array(),
177 'li' => array(),
178 'del' => array(),
179 'ins' => array(),
180 'sub' => array(),
181 'sup' => array(),
182 'a' => array(
183 'href' => true,
184 'title' => true,
185 'target' => true,
186 'rel' => true,
187 ),
188 );
189
190 $content = wp_unslash( $_POST[ $field_name ] ?? '' ); //phpcs:ignore
191 return wp_kses( $content, $supported_tags );
192 }
193
194 /**
195 * Dynamically get value
196 *
197 * @since 2.2.0
198 *
199 * @param string $request_method detect called from get or post method.
200 * @param array $get GET superglobal.
201 * @param array $post POST superglobal.
202 * @param string $key GET or POST input key name.
203 * @param string $value value of variable or DB value.
204 *
205 * @return mixed
206 */
207 private static function get_value( $request_method, $get, $post, $key, $value ) {
208 return self::GET_REQUEST === $request_method
209 ? $get[ $key ]
210 : ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value );
211 }
212
213 /**
214 * Sanitize value
215 *
216 * @since 2.0.2
217 *
218 * @param string $value input value.
219 * @param string $default default value if input key is not exit.
220 * @param string $type Default is Input::TYPE_STRING.
221 * @param boolean $trim remove blank splace from start and end.
222 *
223 * @return mixed
224 */
225 public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) {
226 return self::data_sanitizer( $value, $default, $type, $trim );
227 }
228
229 /**
230 * Get input value from GET request
231 *
232 * @param string $key $_GET request key.
233 * @param mixed $default default value if input key is not exit.
234 * @param string $type input type. Default is Input::TYPE_STRING.
235 * @param boolean $trim remove blank splace from start and end.
236 *
237 * @return mixed
238 */
239 public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
240 return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST );
241 }
242
243 /**
244 * Get input value from POST request
245 *
246 * @since 2.0.2
247 *
248 * @param string $key $_POST request key.
249 * @param mixed $default default value if input key is not exit.
250 * @param string $type input type. Default is Input::TYPE_STRING.
251 * @param boolean $trim remove blank splace from start and end.
252 * @return mixed
253 */
254 public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
255 return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST );
256 }
257
258 /**
259 * Check input has key or not
260 *
261 * @since 2.0.2
262 *
263 * @param string $key input key name.
264 * @return boolean
265 */
266 public static function has( $key ) {
267 //phpcs:ignore WordPress.Security.NonceVerification
268 return isset( $_REQUEST[ $key ] );
269 }
270
271 /**
272 * Sanitize & unslash a request data
273 *
274 * @since 2.1.3
275 *
276 * @param string $key a request key.
277 * @param mixed $default_value a default value if key not exists.
278 *
279 * @return mixed
280 */
281 public static function sanitize_request_data( string $key, $default_value = '' ) {
282 if ( self::has( $key ) ) {
283 return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore
284 }
285 return $default_value;
286 }
287
288 /**
289 * Sanitize array, single or multi dimensional array
290 * Explicitly setup how should a value sanitize by the
291 * sanitize function.
292 *
293 * @since 2.1.3
294 *
295 * @see available sanitize func
296 * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
297 *
298 * @param array $input array to sanitize.
299 * @param array $sanitize_mapping single dimensional map key value
300 * pair to set up sanitization process. Key name should by inside
301 * input array and the value will be callable func.
302 * For ex: [key1 => sanitize_email, key2 => wp_kses_post ]
303 *
304 * If key not passed then default sanitize_text_field will be used.
305 *
306 * @param bool $allow_iframe if set true then iframe tag will be allowed.
307 *
308 * @return array
309 */
310 public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ):array {
311 $array = array();
312
313 if ( $allow_iframe ) {
314 add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 );
315 }
316
317 if ( is_array( $input ) && count( $input ) ) {
318 foreach ( $input as $key => $value ) {
319 if ( is_array( $value ) ) {
320 $array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe );
321 } else {
322 $key = sanitize_text_field( $key );
323
324 // If mapping exists then use callback.
325 if ( isset( $sanitize_mapping[ $key ] ) ) {
326 $callback = $sanitize_mapping[ $key ];
327 $value = call_user_func( $callback, wp_unslash( $value ) );
328 } else {
329 $value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) );
330 }
331 $array[ $key ] = $value;
332 }
333 }
334 }
335 return is_array( $array ) && count( $array ) ? $array : array();
336 }
337
338 /**
339 * This method is used with wp_kses_allowed_html filter
340 * to allow iframe
341 *
342 * @since 2.1.3
343 *
344 * @param array $tags allowed HTML tags.
345 * @param string $context context name.
346 *
347 * @return array
348 */
349 public static function allow_iframe( $tags, $context ) {
350 $tags['iframe'] = array(
351 'src' => true,
352 'title' => true,
353 'height' => true,
354 'width' => true,
355 'frameborder' => true,
356 'allowfullscreen' => true,
357 'allow' => true,
358 'style' => true,
359 );
360 return $tags;
361 }
362 }
363