PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 3.7.3
Tutor LMS – eLearning and online course solution v3.7.3
3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / classes / Input.php
tutor / classes Last commit date
Addons.php 11 months ago Admin.php 11 months ago Ajax.php 1 year ago Announcements.php 1 year ago Assets.php 11 months ago Backend_Page_Trait.php 1 year ago BaseController.php 1 year ago Config.php 11 months ago Container.php 11 months ago Course.php 10 months ago Course_Embed.php 3 years ago Course_Filter.php 1 year ago Course_List.php 10 months ago Course_Settings_Tabs.php 1 year ago Course_Widget.php 1 year ago Custom_Validation.php 3 years ago Dashboard.php 1 year ago Earnings.php 1 year ago FormHandler.php 2 years ago Frontend.php 1 year ago Gutenberg.php 1 year ago Icon.php 10 months ago Input.php 1 year ago Instructor.php 1 year ago Instructors_List.php 11 months ago Lesson.php 10 months ago Options_V2.php 11 months ago Permalink.php 2 years ago Post_types.php 1 year ago Private_Course_Access.php 1 year ago Q_And_A.php 10 months ago Question_Answers_List.php 11 months ago Quiz.php 10 months ago QuizBuilder.php 11 months ago Quiz_Attempts_List.php 11 months ago RestAPI.php 2 years ago Reviews.php 11 months ago Rewrite_Rules.php 2 years ago Shortcode.php 1 year ago Singleton.php 1 year ago Student.php 1 year ago Students_List.php 1 year ago Taxonomies.php 1 year ago Template.php 11 months ago Theme_Compatibility.php 3 years ago Tools.php 1 year ago Tools_V2.php 1 year ago Tutor.php 10 months ago TutorEDD.php 1 year ago Tutor_Base.php 2 years ago Tutor_Setup.php 1 year ago Upgrader.php 10 months ago User.php 1 year ago Utils.php 10 months ago Video_Stream.php 3 years ago WhatsNew.php 2 years ago Withdraw.php 1 year ago Withdraw_Requests_List.php 11 months ago WooCommerce.php 11 months ago
Input.php
322 lines
1 <?php
2 /**
3 * Input class for sanitize GET and POST request
4 *
5 * @package Tutor
6 * @author Themeum <support@themeum.com>
7 * @link https://themeum.com
8 * @since 2.0.2
9 */
10
11 namespace TUTOR;
12
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16 /**
17 * Input class
18 *
19 * @since 2.0.2
20 */
21 class Input {
22
23 const TYPE_STRING = 'string';
24 const TYPE_INT = 'int';
25 const TYPE_NUMERIC = 'numeric';
26 const TYPE_BOOL = 'bool';
27 const TYPE_ARRAY = 'array';
28 const TYPE_TEXTAREA = 'textarea';
29 const TYPE_KSES_POST = 'kses-post';
30
31 private const GET_REQUEST = 'get';
32 private const POST_REQUEST = 'post';
33
34 /**
35 * Common data sanitizer method
36 *
37 * @since 2.0.2
38 *
39 * @param string $value input value.
40 * @param string $default default value if input key is not exit.
41 * @param string $type Default is Input::TYPE_STRING.
42 * @param boolean $trim remove blank splace from start and end.
43 * @param string $request_method request method get or post.
44 *
45 * @return mixed
46 */
47 private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) {
48 $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true );
49 $key = null;
50
51 //phpcs:disable WordPress.Security.NonceVerification
52 if ( $is_input_request ) {
53 $key = $value;
54 if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) {
55 if ( self::TYPE_ARRAY === $type ) {
56 return is_array( $default ) ? $default : array();
57 } else {
58 return $default;
59 }
60 }
61 if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) {
62 if ( self::TYPE_ARRAY === $type ) {
63 return is_array( $default ) ? $default : array();
64 } else {
65 return $default;
66 }
67 }
68 }
69
70 $sanitized_value = null;
71
72 switch ( $type ) {
73 case self::TYPE_STRING:
74 case self::TYPE_INT:
75 case self::TYPE_NUMERIC:
76 case self::TYPE_BOOL:
77 default:
78 $sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
79 if ( self::TYPE_INT === $type ) {
80 $sanitized_value = (int) $sanitized_value;
81 }
82 if ( self::TYPE_NUMERIC === $type ) {
83 $sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0;
84 }
85 if ( self::TYPE_BOOL === $type ) {
86 $sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true );
87 }
88
89 break;
90
91 case self::TYPE_ARRAY:
92 if ( ! is_array( $default ) ) {
93 $sanitized_value = array();
94 } else {
95 $sanitized_value = array_map(
96 'sanitize_text_field',
97 wp_unslash(
98 is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
99 ? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
100 : $default
101 )
102 );
103 }
104
105 break;
106
107 case self::TYPE_TEXTAREA:
108 $sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
109 break;
110
111 case self::TYPE_KSES_POST:
112 $sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
113 break;
114
115 }
116
117 //phpcs:enable WordPress.Security.NonceVerification
118
119 if ( $trim ) {
120 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
121 $sanitized_value = array_map( 'trim', $sanitized_value );
122 }
123 }
124
125 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
126 $final_array = array();
127 $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 );
128
129 foreach ( $sanitized_value as $input_key => $input_value ) {
130 /**
131 * Sanitize array key if array is assoc.
132 * When from form submit like person['name'], person['age'] etc
133 */
134 if ( $is_assoc ) {
135 $input_key = sanitize_text_field( wp_unslash( $input_key ) );
136 }
137
138 if ( is_numeric( $input_value ) ) {
139 $input_value = $input_value + 0;
140 }
141
142 $final_array[ $input_key ] = $input_value;
143 }
144
145 $sanitized_value = $final_array;
146
147 }
148
149 return $sanitized_value;
150
151 }
152
153 /**
154 * Dynamically get value
155 *
156 * @since 2.2.0
157 *
158 * @param string $request_method detect called from get or post method.
159 * @param array $get GET superglobal.
160 * @param array $post POST superglobal.
161 * @param string $key GET or POST input key name.
162 * @param string $value value of variable or DB value.
163 *
164 * @return mixed
165 */
166 private static function get_value( $request_method, $get, $post, $key, $value ) {
167 return self::GET_REQUEST === $request_method
168 ? $get[ $key ]
169 : ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value );
170 }
171
172 /**
173 * Sanitize value
174 *
175 * @since 2.0.2
176 *
177 * @param string $value input value.
178 * @param string $default default value if input key is not exit.
179 * @param string $type Default is Input::TYPE_STRING.
180 * @param boolean $trim remove blank splace from start and end.
181 *
182 * @return mixed
183 */
184 public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) {
185 return self::data_sanitizer( $value, $default, $type, $trim );
186 }
187
188 /**
189 * Get input value from GET request
190 *
191 * @param string $key $_GET request key.
192 * @param mixed $default default value if input key is not exit.
193 * @param string $type input type. Default is Input::TYPE_STRING.
194 * @param boolean $trim remove blank splace from start and end.
195 *
196 * @return mixed
197 */
198 public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
199 return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST );
200 }
201
202 /**
203 * Get input value from POST request
204 *
205 * @since 2.0.2
206 *
207 * @param string $key $_POST request key.
208 * @param mixed $default default value if input key is not exit.
209 * @param string $type input type. Default is Input::TYPE_STRING.
210 * @param boolean $trim remove blank splace from start and end.
211 * @return mixed
212 */
213 public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
214 return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST );
215 }
216
217 /**
218 * Check input has key or not
219 *
220 * @since 2.0.2
221 *
222 * @param string $key input key name.
223 * @return boolean
224 */
225 public static function has( $key ) {
226 //phpcs:ignore WordPress.Security.NonceVerification
227 return isset( $_REQUEST[ $key ] );
228 }
229
230 /**
231 * Sanitize & unslash a request data
232 *
233 * @since 2.1.3
234 *
235 * @param string $key a request key.
236 * @param mixed $default_value a default value if key not exists.
237 *
238 * @return mixed
239 */
240 public static function sanitize_request_data( string $key, $default_value = '' ) {
241 if ( self::has( $key ) ) {
242 return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore
243 }
244 return $default_value;
245 }
246
247 /**
248 * Sanitize array, single or multi dimensional array
249 * Explicitly setup how should a value sanitize by the
250 * sanitize function.
251 *
252 * @since 2.1.3
253 *
254 * @see available sanitize func
255 * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
256 *
257 * @param array $input array to sanitize.
258 * @param array $sanitize_mapping single dimensional map key value
259 * pair to set up sanitization process. Key name should by inside
260 * input array and the value will be callable func.
261 * For ex: [key1 => sanitize_email, key2 => wp_kses_post ]
262 *
263 * If key not passed then default sanitize_text_field will be used.
264 *
265 * @param bool $allow_iframe if set true then iframe tag will be allowed.
266 *
267 * @return array
268 */
269 public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ):array {
270 $array = array();
271
272 if ( $allow_iframe ) {
273 add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 );
274 }
275
276 if ( is_array( $input ) && count( $input ) ) {
277 foreach ( $input as $key => $value ) {
278 if ( is_array( $value ) ) {
279 $array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe );
280 } else {
281 $key = sanitize_text_field( $key );
282
283 // If mapping exists then use callback.
284 if ( isset( $sanitize_mapping[ $key ] ) ) {
285 $callback = $sanitize_mapping[ $key ];
286 $value = call_user_func( $callback, wp_unslash( $value ) );
287 } else {
288 $value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) );
289 }
290 $array[ $key ] = $value;
291 }
292 }
293 }
294 return is_array( $array ) && count( $array ) ? $array : array();
295 }
296
297 /**
298 * This method is used with wp_kses_allowed_html filter
299 * to allow iframe
300 *
301 * @since 2.1.3
302 *
303 * @param array $tags allowed HTML tags.
304 * @param string $context context name.
305 *
306 * @return array
307 */
308 public static function allow_iframe( $tags, $context ) {
309 $tags['iframe'] = array(
310 'src' => true,
311 'title' => true,
312 'height' => true,
313 'width' => true,
314 'frameborder' => true,
315 'allowfullscreen' => true,
316 'allow' => true,
317 'style' => true,
318 );
319 return $tags;
320 }
321 }
322