PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 4.0.0
Tutor LMS – eLearning and online course solution v4.0.0
4.0.0 3.9.15 3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / classes / Input.php
tutor / classes Last commit date
Addons.php 1 day ago Admin.php 1 day ago Ajax.php 1 day ago Announcements.php 1 day ago Assets.php 1 day ago Backend_Page_Trait.php 1 year ago BaseController.php 1 year ago Config.php 1 day ago Container.php 11 months ago Course.php 1 day ago Course_Embed.php 3 years ago Course_Filter.php 1 day ago Course_List.php 1 day ago Course_Settings_Tabs.php 1 day ago Course_Widget.php 1 year ago Custom_Validation.php 1 day ago Dashboard.php 1 day ago Earnings.php 9 months ago FormHandler.php 1 day ago Frontend.php 1 day ago Gutenberg.php 1 year ago Icon.php 1 day ago Input.php 1 day ago Instructor.php 1 day ago Instructors_List.php 1 day ago Lesson.php 1 day ago Options_V2.php 1 day ago Permalink.php 1 day ago Post_types.php 2 days ago Private_Course_Access.php 1 day ago Q_And_A.php 1 day ago Question_Answers_List.php 11 months ago Quiz.php 1 day ago QuizBuilder.php 1 day ago Quiz_Attempts_List.php 1 day ago RestAPI.php 2 years ago Reviews.php 1 day ago Rewrite_Rules.php 2 years ago SampleCourse.php 1 day ago Shortcode.php 1 day ago Singleton.php 1 year ago Student.php 1 day ago Students_List.php 1 year ago Taxonomies.php 1 year ago Template.php 1 day ago Theme_Compatibility.php 3 years ago Tools.php 1 year ago Tools_V2.php 4 weeks ago Tutor.php 1 day ago TutorEDD.php 1 day ago Tutor_Base.php 2 years ago Tutor_Setup.php 1 day ago Upgrader.php 1 day ago User.php 1 day ago UserPreference.php 1 day ago Utils.php 1 day ago Video_Stream.php 3 years ago WhatsNew.php 10 months ago Withdraw.php 1 day ago Withdraw_Requests_List.php 11 months ago WooCommerce.php 1 day ago
Input.php
575 lines
1 <?php
2 /**
3 * Input class for sanitize GET and POST request
4 *
5 * @package Tutor
6 * @author Themeum <support@themeum.com>
7 * @link https://themeum.com
8 * @since 2.0.2
9 */
10
11 namespace TUTOR;
12
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16 /**
17 * Input class
18 *
19 * @since 2.0.2
20 */
21 class Input {
22
23 const TYPE_STRING = 'string';
24 const TYPE_INT = 'int';
25 const TYPE_NUMERIC = 'numeric';
26 const TYPE_BOOL = 'bool';
27 const TYPE_ARRAY = 'array';
28 const TYPE_TEXTAREA = 'textarea';
29 const TYPE_KSES_POST = 'kses-post';
30
31 const GET_REQUEST = 'get';
32 const POST_REQUEST = 'post';
33
34 /**
35 * Common data sanitizer method
36 *
37 * @since 2.0.2
38 *
39 * @param string $value input value.
40 * @param string $default default value if input key is not exit.
41 * @param string $type Default is Input::TYPE_STRING.
42 * @param boolean $trim remove blank splace from start and end.
43 * @param string $request_method request method get or post.
44 *
45 * @return mixed
46 */
47 private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) {
48 $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true );
49 $key = null;
50
51 //phpcs:disable WordPress.Security.NonceVerification
52 if ( $is_input_request ) {
53 $key = $value;
54 if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) {
55 if ( self::TYPE_ARRAY === $type ) {
56 return is_array( $default ) ? $default : array();
57 } else {
58 return $default;
59 }
60 }
61 if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) {
62 if ( self::TYPE_ARRAY === $type ) {
63 return is_array( $default ) ? $default : array();
64 } else {
65 return $default;
66 }
67 }
68 }
69
70 $sanitized_value = null;
71
72 switch ( $type ) {
73 case self::TYPE_STRING:
74 case self::TYPE_INT:
75 case self::TYPE_NUMERIC:
76 case self::TYPE_BOOL:
77 default:
78 $sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
79 if ( self::TYPE_INT === $type ) {
80 $sanitized_value = (int) $sanitized_value;
81 }
82 if ( self::TYPE_NUMERIC === $type ) {
83 $sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0;
84 }
85 if ( self::TYPE_BOOL === $type ) {
86 $sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true );
87 }
88
89 break;
90
91 case self::TYPE_ARRAY:
92 if ( ! is_array( $default ) ) {
93 $sanitized_value = array();
94 } else {
95 $sanitized_value = array_map(
96 'sanitize_text_field',
97 wp_unslash(
98 is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
99 ? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
100 : $default
101 )
102 );
103 }
104
105 break;
106
107 case self::TYPE_TEXTAREA:
108 $sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
109 break;
110
111 case self::TYPE_KSES_POST:
112 $sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
113 break;
114
115 }
116
117 //phpcs:enable WordPress.Security.NonceVerification
118
119 if ( $trim ) {
120 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
121 $sanitized_value = array_map( 'trim', $sanitized_value );
122 }
123 }
124
125 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
126 $final_array = array();
127 $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 );
128
129 foreach ( $sanitized_value as $input_key => $input_value ) {
130 /**
131 * Sanitize array key if array is assoc.
132 * When from form submit like person['name'], person['age'] etc
133 */
134 if ( $is_assoc ) {
135 $input_key = sanitize_text_field( wp_unslash( $input_key ) );
136 }
137
138 if ( is_numeric( $input_value ) ) {
139 $input_value = $input_value + 0;
140 }
141
142 $final_array[ $input_key ] = $input_value;
143 }
144
145 $sanitized_value = $final_array;
146
147 }
148
149 return $sanitized_value;
150 }
151
152 /**
153 * Dynamically get value
154 *
155 * @since 2.2.0
156 *
157 * @param string $request_method detect called from get or post method.
158 * @param array $get GET superglobal.
159 * @param array $post POST superglobal.
160 * @param string $key GET or POST input key name.
161 * @param string $value value of variable or DB value.
162 *
163 * @return mixed
164 */
165 private static function get_value( $request_method, $get, $post, $key, $value ) {
166 return self::GET_REQUEST === $request_method
167 ? $get[ $key ]
168 : ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value );
169 }
170
171 /**
172 * Sanitize value
173 *
174 * @since 2.0.2
175 *
176 * @param string $value input value.
177 * @param string $default default value if input key is not exit.
178 * @param string $type Default is Input::TYPE_STRING.
179 * @param boolean $trim remove blank splace from start and end.
180 *
181 * @return mixed
182 */
183 public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) {
184 return self::data_sanitizer( $value, $default, $type, $trim );
185 }
186
187 /**
188 * Get input value from GET request
189 *
190 * @param string $key $_GET request key.
191 * @param mixed $default default value if input key is not exit.
192 * @param string $type input type. Default is Input::TYPE_STRING.
193 * @param boolean $trim remove blank splace from start and end.
194 *
195 * @return mixed
196 */
197 public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
198 return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST );
199 }
200
201 /**
202 * Get input value from POST request
203 *
204 * @since 2.0.2
205 *
206 * @param string $key $_POST request key.
207 * @param mixed $default default value if input key is not exit.
208 * @param string $type input type. Default is Input::TYPE_STRING.
209 * @param boolean $trim remove blank splace from start and end.
210 * @return mixed
211 */
212 public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
213 return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST );
214 }
215
216 /**
217 * Check input has key or not
218 *
219 * @since 2.0.2
220 * @since 4.0.0 param $method added.
221 *
222 * @param string $key input key name.
223 * @param string $method request method.
224 *
225 * @return boolean
226 */
227 public static function has( $key, $method = '' ) {
228 if ( empty( $method ) ) {
229 //phpcs:ignore WordPress.Security.NonceVerification
230 return isset( $_REQUEST[ $key ] );
231 }
232
233 //phpcs:ignore WordPress.Security.NonceVerification
234 return self::GET_REQUEST === $method ? isset( $_GET[ $key ] ) : isset( $_POST[ $key ] );
235 }
236
237 /**
238 * Check input has any keys.
239 *
240 * @since 4.0.0
241 *
242 * @param array $keys keys.
243 * @param string $method request method.
244 *
245 * @return boolean
246 */
247 public static function has_any( array $keys, $method = '' ) {
248 foreach ( $keys as $key ) {
249 if ( self::has( $key, $method ) ) {
250 return true;
251 }
252 }
253
254 return false;
255 }
256
257 /**
258 * Check input has all keys.
259 *
260 * @since 4.0.0
261 *
262 * @param array $keys keys.
263 * @param string $method request method.
264 *
265 * @return boolean
266 */
267 public static function has_all( array $keys, $method = '' ) {
268 foreach ( $keys as $key ) {
269 if ( ! self::has( $key, $method ) ) {
270 return false;
271 }
272 }
273
274 return true;
275 }
276
277 /**
278 * Sanitize & unslash a request data
279 *
280 * @since 2.1.3
281 *
282 * @param string $key a request key.
283 * @param mixed $default_value a default value if key not exists.
284 *
285 * @return mixed
286 */
287 public static function sanitize_request_data( string $key, $default_value = '' ) {
288 if ( self::has( $key ) ) {
289 return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore
290 }
291 return $default_value;
292 }
293
294 /**
295 * Sanitize array, single or multi dimensional array
296 * Explicitly setup how should a value sanitize by the
297 * sanitize function.
298 *
299 * @since 2.1.3
300 *
301 * @see available sanitize func
302 * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
303 *
304 * @param array $input array to sanitize.
305 * @param array $sanitize_mapping single dimensional map key value
306 * pair to set up sanitization process. Key name should by inside
307 * input array and the value will be callable func.
308 * For ex: [key1 => sanitize_email, key2 => wp_kses_post ]
309 *
310 * If key not passed then default sanitize_text_field will be used.
311 *
312 * @param bool $allow_iframe if set true then iframe tag will be allowed.
313 *
314 * @return array
315 */
316 public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ): array {
317 $array = array();
318
319 if ( $allow_iframe ) {
320 add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 );
321 }
322
323 if ( is_array( $input ) && count( $input ) ) {
324 foreach ( $input as $key => $value ) {
325 if ( is_array( $value ) ) {
326 $array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe );
327 } else {
328 $key = sanitize_text_field( $key );
329
330 // If mapping exists then use callback.
331 if ( isset( $sanitize_mapping[ $key ] ) ) {
332 $callback = $sanitize_mapping[ $key ];
333 $value = call_user_func( $callback, wp_unslash( $value ) );
334 } else {
335 $value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) );
336 }
337 $array[ $key ] = $value;
338 }
339 }
340 }
341 return is_array( $array ) && count( $array ) ? $array : array();
342 }
343
344 /**
345 * This method is used with wp_kses_allowed_html filter
346 * to allow iframe
347 *
348 * @since 2.1.3
349 *
350 * @param array $tags allowed HTML tags.
351 * @param string $context context name.
352 *
353 * @return array
354 */
355 public static function allow_iframe( $tags, $context ) {
356 $tags['iframe'] = array(
357 'src' => true,
358 'title' => true,
359 'height' => true,
360 'width' => true,
361 'frameborder' => true,
362 'allowfullscreen' => true,
363 'allow' => true,
364 'style' => true,
365 );
366 return $tags;
367 }
368
369 /**
370 * This method is used with wp_kses_allowed_html filter
371 * to allow svg tags.
372 *
373 * @since 4.0.0
374 *
375 * @param array $allowed_tags allowed HTML tags.
376 *
377 * @return array
378 */
379 public static function allow_svg( $allowed_tags ) {
380 $attr_id = array( 'id' => true );
381 $attr_fill = array( 'fill' => true );
382 $attr_dims = array(
383 'width' => true,
384 'height' => true,
385 'x' => true,
386 'y' => true,
387 );
388 $attr_transform = array( 'transform' => true );
389 $attr_clip = array(
390 'clip-path' => true,
391 'clip-rule' => true,
392 );
393 $attr_center = array(
394 'cx' => true,
395 'cy' => true,
396 );
397 $attr_stroke = array(
398 'stroke' => true,
399 'stroke-width' => true,
400 'stroke-linecap' => true,
401 'stroke-linejoin' => true,
402 'stroke-dasharray' => true,
403 'stroke-dashoffset' => true,
404 );
405 $attr_style = array( 'style' => true );
406 $attr_opacity = array( 'opacity' => true );
407 $attr_xlink = array( 'xlink:href' => true );
408
409 $svg_tags = array(
410 'svg' => array_merge(
411 $attr_id,
412 $attr_fill,
413 $attr_dims,
414 $attr_style,
415 array(
416 'class' => true,
417 'aria-hidden' => true,
418 'aria-label' => true,
419 'role' => true,
420 'xmlns' => true,
421 'viewbox' => true,
422 'viewBox' => true,
423 'opacity' => true,
424 )
425 ),
426 'g' => array_merge(
427 $attr_id,
428 $attr_fill,
429 $attr_clip,
430 $attr_transform,
431 $attr_style,
432 $attr_opacity
433 ),
434 'defs' => array(),
435 'clipPath' => $attr_id,
436 'clippath' => $attr_id,
437 'path' => array_merge(
438 $attr_id,
439 $attr_fill,
440 $attr_stroke,
441 $attr_clip,
442 $attr_transform,
443 $attr_style,
444 array(
445 'd' => true,
446 'fill-rule' => true,
447 'mask' => true,
448 'opacity' => true,
449 )
450 ),
451 'mask' => array_merge(
452 $attr_id,
453 $attr_fill,
454 $attr_dims,
455 $attr_style,
456 array(
457 'maskunits' => true,
458 'mask-type' => true,
459 'opacity' => true,
460 )
461 ),
462 'circle' => array_merge(
463 $attr_id,
464 $attr_fill,
465 $attr_center,
466 $attr_transform,
467 $attr_stroke,
468 $attr_style,
469 array(
470 'r' => true,
471 'opacity' => true,
472 )
473 ),
474 'ellipse' => array_merge(
475 $attr_id,
476 $attr_fill,
477 $attr_center,
478 $attr_transform,
479 $attr_style,
480 array(
481 'rx' => true,
482 'ry' => true,
483 'opacity' => true,
484 )
485 ),
486 'rect' => array_merge(
487 $attr_id,
488 $attr_fill,
489 $attr_dims,
490 $attr_stroke,
491 $attr_transform,
492 $attr_style,
493 array(
494 'maskunits' => true,
495 'rx' => true,
496 'opacity' => true,
497 )
498 ),
499 'line' => array_merge(
500 $attr_id,
501 $attr_stroke,
502 $attr_transform,
503 $attr_style,
504 array(
505 'x1' => true,
506 'x2' => true,
507 'y1' => true,
508 'y2' => true,
509 'opacity' => true,
510 )
511 ),
512 'polyline' => array_merge(
513 $attr_id,
514 $attr_fill,
515 $attr_stroke,
516 $attr_transform,
517 $attr_style,
518 array(
519 'points' => true,
520 'opacity' => true,
521 )
522 ),
523 'polygon' => array_merge(
524 $attr_id,
525 $attr_fill,
526 $attr_stroke,
527 $attr_transform,
528 $attr_style,
529 array(
530 'points' => true,
531 'opacity' => true,
532 )
533 ),
534 'lineargradient' => array_merge(
535 $attr_id,
536 $attr_xlink,
537 array(
538 'x1' => true,
539 'y1' => true,
540 'x2' => true,
541 'y2' => true,
542 'gradientunits' => true,
543 'gradienttransform' => true,
544 'spreadmethod' => true,
545 )
546 ),
547 'radialgradient' => array_merge(
548 $attr_id,
549 $attr_center,
550 $attr_xlink,
551 array(
552 'r' => true,
553 'fx' => true,
554 'fy' => true,
555 'gradientunits' => true,
556 'gradienttransform' => true,
557 'spreadmethod' => true,
558 )
559 ),
560 'stop' => array(
561 'offset' => true,
562 'stop-color' => true,
563 'stop-opacity' => true,
564 ),
565 'use' => array_merge(
566 $attr_id,
567 $attr_dims,
568 $attr_xlink
569 ),
570 );
571
572 return array_merge( $allowed_tags, $svg_tags );
573 }
574 }
575