PluginProbe ʕ •ᴥ•ʔ
Tutor LMS – eLearning and online course solution / 4.0.0
Tutor LMS – eLearning and online course solution v4.0.0
4.0.0 3.9.15 3.9.14 3.9.13 3.9.12 3.9.11 trunk 1.0.0 1.0.0-alpha 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.1.0 1.1.1 1.2.0 1.2.1 1.2.11 1.2.12 1.2.13 1.2.20 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5 1.3.6 1.3.7 1.3.8 1.3.9 1.4.0 1.4.1 1.4.2 1.4.3 1.4.4 1.4.5 1.4.6 1.4.7 1.4.8 1.4.9 1.5.0 1.5.1 1.5.2 1.5.3 1.5.4 1.5.5 1.5.6 1.5.7 1.5.8 1.5.9 1.6.0 1.6.1 1.6.2 1.6.3 1.6.4 1.6.5 1.6.6 1.6.7 1.6.8 1.6.9 1.7.0 1.7.1 1.7.2 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.2 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.9 1.9.0 1.9.1 1.9.10 1.9.11 1.9.12 1.9.13 1.9.14 1.9.15 1.9.16 1.9.2 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.9.8 1.9.9 2.0.0 2.0.1 2.0.10 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.1.0 2.1.1 2.1.10 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.3.0 2.4.0 2.5.0 2.6.0 2.6.1 2.6.2 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6 2.7.7 3.0.0 3.0.1 3.0.2 3.1.0 3.2.0 3.2.1 3.2.2 3.2.3 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.6.0 3.6.1 3.6.2 3.6.3 3.6.4 3.7.0 3.7.1 3.7.2 3.7.3 3.7.4 3.8.0 3.8.1 3.8.2 3.8.3 3.9.0 3.9.1 3.9.10 3.9.2 3.9.3 3.9.4 3.9.5 3.9.6 3.9.7 3.9.8 3.9.9
tutor / classes / Input.php
tutor / classes Last commit date
Addons.php 21 hours ago Admin.php 21 hours ago Ajax.php 21 hours ago Announcements.php 21 hours ago Assets.php 21 hours ago Backend_Page_Trait.php 1 year ago BaseController.php 1 year ago Config.php 21 hours ago Container.php 11 months ago Course.php 21 hours ago Course_Embed.php 3 years ago Course_Filter.php 21 hours ago Course_List.php 21 hours ago Course_Settings_Tabs.php 21 hours ago Course_Widget.php 1 year ago Custom_Validation.php 21 hours ago Dashboard.php 21 hours ago Earnings.php 9 months ago FormHandler.php 21 hours ago Frontend.php 21 hours ago Gutenberg.php 1 year ago Icon.php 21 hours ago Input.php 21 hours ago Instructor.php 21 hours ago Instructors_List.php 21 hours ago Lesson.php 21 hours ago Options_V2.php 21 hours ago Permalink.php 21 hours ago Post_types.php 1 day ago Private_Course_Access.php 21 hours ago Q_And_A.php 21 hours ago Question_Answers_List.php 11 months ago Quiz.php 21 hours ago QuizBuilder.php 21 hours ago Quiz_Attempts_List.php 21 hours ago RestAPI.php 2 years ago Reviews.php 21 hours ago Rewrite_Rules.php 2 years ago SampleCourse.php 21 hours ago Shortcode.php 21 hours ago Singleton.php 1 year ago Student.php 21 hours ago Students_List.php 1 year ago Taxonomies.php 1 year ago Template.php 21 hours ago Theme_Compatibility.php 3 years ago Tools.php 1 year ago Tools_V2.php 4 weeks ago Tutor.php 21 hours ago TutorEDD.php 21 hours ago Tutor_Base.php 2 years ago Tutor_Setup.php 21 hours ago Upgrader.php 21 hours ago User.php 21 hours ago UserPreference.php 21 hours ago Utils.php 21 hours ago Video_Stream.php 3 years ago WhatsNew.php 10 months ago Withdraw.php 21 hours ago Withdraw_Requests_List.php 11 months ago WooCommerce.php 21 hours ago
Input.php
575 lines
1 <?php
2 /**
3 * Input class for sanitize GET and POST request
4 *
5 * @package Tutor
6 * @author Themeum <support@themeum.com>
7 * @link https://themeum.com
8 * @since 2.0.2
9 */
10
11 namespace TUTOR;
12
13 if ( ! defined( 'ABSPATH' ) ) {
14 exit;
15 }
16 /**
17 * Input class
18 *
19 * @since 2.0.2
20 */
21 class Input {
22
23 const TYPE_STRING = 'string';
24 const TYPE_INT = 'int';
25 const TYPE_NUMERIC = 'numeric';
26 const TYPE_BOOL = 'bool';
27 const TYPE_ARRAY = 'array';
28 const TYPE_TEXTAREA = 'textarea';
29 const TYPE_KSES_POST = 'kses-post';
30
31 const GET_REQUEST = 'get';
32 const POST_REQUEST = 'post';
33
34 /**
35 * Common data sanitizer method
36 *
37 * @since 2.0.2
38 *
39 * @param string $value input value.
40 * @param string $default default value if input key is not exit.
41 * @param string $type Default is Input::TYPE_STRING.
42 * @param boolean $trim remove blank splace from start and end.
43 * @param string $request_method request method get or post.
44 *
45 * @return mixed
46 */
47 private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) {
48 $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true );
49 $key = null;
50
51 //phpcs:disable WordPress.Security.NonceVerification
52 if ( $is_input_request ) {
53 $key = $value;
54 if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) {
55 if ( self::TYPE_ARRAY === $type ) {
56 return is_array( $default ) ? $default : array();
57 } else {
58 return $default;
59 }
60 }
61 if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) {
62 if ( self::TYPE_ARRAY === $type ) {
63 return is_array( $default ) ? $default : array();
64 } else {
65 return $default;
66 }
67 }
68 }
69
70 $sanitized_value = null;
71
72 switch ( $type ) {
73 case self::TYPE_STRING:
74 case self::TYPE_INT:
75 case self::TYPE_NUMERIC:
76 case self::TYPE_BOOL:
77 default:
78 $sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
79 if ( self::TYPE_INT === $type ) {
80 $sanitized_value = (int) $sanitized_value;
81 }
82 if ( self::TYPE_NUMERIC === $type ) {
83 $sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0;
84 }
85 if ( self::TYPE_BOOL === $type ) {
86 $sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true );
87 }
88
89 break;
90
91 case self::TYPE_ARRAY:
92 if ( ! is_array( $default ) ) {
93 $sanitized_value = array();
94 } else {
95 $sanitized_value = array_map(
96 'sanitize_text_field',
97 wp_unslash(
98 is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
99 ? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) )
100 : $default
101 )
102 );
103 }
104
105 break;
106
107 case self::TYPE_TEXTAREA:
108 $sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
109 break;
110
111 case self::TYPE_KSES_POST:
112 $sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) );
113 break;
114
115 }
116
117 //phpcs:enable WordPress.Security.NonceVerification
118
119 if ( $trim ) {
120 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
121 $sanitized_value = array_map( 'trim', $sanitized_value );
122 }
123 }
124
125 if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) {
126 $final_array = array();
127 $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 );
128
129 foreach ( $sanitized_value as $input_key => $input_value ) {
130 /**
131 * Sanitize array key if array is assoc.
132 * When from form submit like person['name'], person['age'] etc
133 */
134 if ( $is_assoc ) {
135 $input_key = sanitize_text_field( wp_unslash( $input_key ) );
136 }
137
138 if ( is_numeric( $input_value ) ) {
139 $input_value = $input_value + 0;
140 }
141
142 $final_array[ $input_key ] = $input_value;
143 }
144
145 $sanitized_value = $final_array;
146
147 }
148
149 return $sanitized_value;
150 }
151
152 /**
153 * Dynamically get value
154 *
155 * @since 2.2.0
156 *
157 * @param string $request_method detect called from get or post method.
158 * @param array $get GET superglobal.
159 * @param array $post POST superglobal.
160 * @param string $key GET or POST input key name.
161 * @param string $value value of variable or DB value.
162 *
163 * @return mixed
164 */
165 private static function get_value( $request_method, $get, $post, $key, $value ) {
166 return self::GET_REQUEST === $request_method
167 ? $get[ $key ]
168 : ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value );
169 }
170
171 /**
172 * Sanitize value
173 *
174 * @since 2.0.2
175 *
176 * @param string $value input value.
177 * @param string $default default value if input key is not exit.
178 * @param string $type Default is Input::TYPE_STRING.
179 * @param boolean $trim remove blank splace from start and end.
180 *
181 * @return mixed
182 */
183 public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) {
184 return self::data_sanitizer( $value, $default, $type, $trim );
185 }
186
187 /**
188 * Get input value from GET request
189 *
190 * @param string $key $_GET request key.
191 * @param mixed $default default value if input key is not exit.
192 * @param string $type input type. Default is Input::TYPE_STRING.
193 * @param boolean $trim remove blank splace from start and end.
194 *
195 * @return mixed
196 */
197 public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
198 return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST );
199 }
200
201 /**
202 * Get input value from POST request
203 *
204 * @since 2.0.2
205 *
206 * @param string $key $_POST request key.
207 * @param mixed $default default value if input key is not exit.
208 * @param string $type input type. Default is Input::TYPE_STRING.
209 * @param boolean $trim remove blank splace from start and end.
210 * @return mixed
211 */
212 public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) {
213 return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST );
214 }
215
216 /**
217 * Check input has key or not
218 *
219 * @since 2.0.2
220 * @since 4.0.0 param $method added.
221 *
222 * @param string $key input key name.
223 * @param string $method request method.
224 *
225 * @return boolean
226 */
227 public static function has( $key, $method = '' ) {
228 if ( empty( $method ) ) {
229 //phpcs:ignore WordPress.Security.NonceVerification
230 return isset( $_REQUEST[ $key ] );
231 }
232
233 //phpcs:ignore WordPress.Security.NonceVerification
234 return self::GET_REQUEST === $method ? isset( $_GET[ $key ] ) : isset( $_POST[ $key ] );
235 }
236
237 /**
238 * Check input has any keys.
239 *
240 * @since 4.0.0
241 *
242 * @param array $keys keys.
243 * @param string $method request method.
244 *
245 * @return boolean
246 */
247 public static function has_any( array $keys, $method = '' ) {
248 foreach ( $keys as $key ) {
249 if ( self::has( $key, $method ) ) {
250 return true;
251 }
252 }
253
254 return false;
255 }
256
257 /**
258 * Check input has all keys.
259 *
260 * @since 4.0.0
261 *
262 * @param array $keys keys.
263 * @param string $method request method.
264 *
265 * @return boolean
266 */
267 public static function has_all( array $keys, $method = '' ) {
268 foreach ( $keys as $key ) {
269 if ( ! self::has( $key, $method ) ) {
270 return false;
271 }
272 }
273
274 return true;
275 }
276
277 /**
278 * Sanitize & unslash a request data
279 *
280 * @since 2.1.3
281 *
282 * @param string $key a request key.
283 * @param mixed $default_value a default value if key not exists.
284 *
285 * @return mixed
286 */
287 public static function sanitize_request_data( string $key, $default_value = '' ) {
288 if ( self::has( $key ) ) {
289 return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore
290 }
291 return $default_value;
292 }
293
294 /**
295 * Sanitize array, single or multi dimensional array
296 * Explicitly setup how should a value sanitize by the
297 * sanitize function.
298 *
299 * @since 2.1.3
300 *
301 * @see available sanitize func
302 * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
303 *
304 * @param array $input array to sanitize.
305 * @param array $sanitize_mapping single dimensional map key value
306 * pair to set up sanitization process. Key name should by inside
307 * input array and the value will be callable func.
308 * For ex: [key1 => sanitize_email, key2 => wp_kses_post ]
309 *
310 * If key not passed then default sanitize_text_field will be used.
311 *
312 * @param bool $allow_iframe if set true then iframe tag will be allowed.
313 *
314 * @return array
315 */
316 public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ): array {
317 $array = array();
318
319 if ( $allow_iframe ) {
320 add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 );
321 }
322
323 if ( is_array( $input ) && count( $input ) ) {
324 foreach ( $input as $key => $value ) {
325 if ( is_array( $value ) ) {
326 $array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe );
327 } else {
328 $key = sanitize_text_field( $key );
329
330 // If mapping exists then use callback.
331 if ( isset( $sanitize_mapping[ $key ] ) ) {
332 $callback = $sanitize_mapping[ $key ];
333 $value = call_user_func( $callback, wp_unslash( $value ) );
334 } else {
335 $value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) );
336 }
337 $array[ $key ] = $value;
338 }
339 }
340 }
341 return is_array( $array ) && count( $array ) ? $array : array();
342 }
343
344 /**
345 * This method is used with wp_kses_allowed_html filter
346 * to allow iframe
347 *
348 * @since 2.1.3
349 *
350 * @param array $tags allowed HTML tags.
351 * @param string $context context name.
352 *
353 * @return array
354 */
355 public static function allow_iframe( $tags, $context ) {
356 $tags['iframe'] = array(
357 'src' => true,
358 'title' => true,
359 'height' => true,
360 'width' => true,
361 'frameborder' => true,
362 'allowfullscreen' => true,
363 'allow' => true,
364 'style' => true,
365 );
366 return $tags;
367 }
368
369 /**
370 * This method is used with wp_kses_allowed_html filter
371 * to allow svg tags.
372 *
373 * @since 4.0.0
374 *
375 * @param array $allowed_tags allowed HTML tags.
376 *
377 * @return array
378 */
379 public static function allow_svg( $allowed_tags ) {
380 $attr_id = array( 'id' => true );
381 $attr_fill = array( 'fill' => true );
382 $attr_dims = array(
383 'width' => true,
384 'height' => true,
385 'x' => true,
386 'y' => true,
387 );
388 $attr_transform = array( 'transform' => true );
389 $attr_clip = array(
390 'clip-path' => true,
391 'clip-rule' => true,
392 );
393 $attr_center = array(
394 'cx' => true,
395 'cy' => true,
396 );
397 $attr_stroke = array(
398 'stroke' => true,
399 'stroke-width' => true,
400 'stroke-linecap' => true,
401 'stroke-linejoin' => true,
402 'stroke-dasharray' => true,
403 'stroke-dashoffset' => true,
404 );
405 $attr_style = array( 'style' => true );
406 $attr_opacity = array( 'opacity' => true );
407 $attr_xlink = array( 'xlink:href' => true );
408
409 $svg_tags = array(
410 'svg' => array_merge(
411 $attr_id,
412 $attr_fill,
413 $attr_dims,
414 $attr_style,
415 array(
416 'class' => true,
417 'aria-hidden' => true,
418 'aria-label' => true,
419 'role' => true,
420 'xmlns' => true,
421 'viewbox' => true,
422 'viewBox' => true,
423 'opacity' => true,
424 )
425 ),
426 'g' => array_merge(
427 $attr_id,
428 $attr_fill,
429 $attr_clip,
430 $attr_transform,
431 $attr_style,
432 $attr_opacity
433 ),
434 'defs' => array(),
435 'clipPath' => $attr_id,
436 'clippath' => $attr_id,
437 'path' => array_merge(
438 $attr_id,
439 $attr_fill,
440 $attr_stroke,
441 $attr_clip,
442 $attr_transform,
443 $attr_style,
444 array(
445 'd' => true,
446 'fill-rule' => true,
447 'mask' => true,
448 'opacity' => true,
449 )
450 ),
451 'mask' => array_merge(
452 $attr_id,
453 $attr_fill,
454 $attr_dims,
455 $attr_style,
456 array(
457 'maskunits' => true,
458 'mask-type' => true,
459 'opacity' => true,
460 )
461 ),
462 'circle' => array_merge(
463 $attr_id,
464 $attr_fill,
465 $attr_center,
466 $attr_transform,
467 $attr_stroke,
468 $attr_style,
469 array(
470 'r' => true,
471 'opacity' => true,
472 )
473 ),
474 'ellipse' => array_merge(
475 $attr_id,
476 $attr_fill,
477 $attr_center,
478 $attr_transform,
479 $attr_style,
480 array(
481 'rx' => true,
482 'ry' => true,
483 'opacity' => true,
484 )
485 ),
486 'rect' => array_merge(
487 $attr_id,
488 $attr_fill,
489 $attr_dims,
490 $attr_stroke,
491 $attr_transform,
492 $attr_style,
493 array(
494 'maskunits' => true,
495 'rx' => true,
496 'opacity' => true,
497 )
498 ),
499 'line' => array_merge(
500 $attr_id,
501 $attr_stroke,
502 $attr_transform,
503 $attr_style,
504 array(
505 'x1' => true,
506 'x2' => true,
507 'y1' => true,
508 'y2' => true,
509 'opacity' => true,
510 )
511 ),
512 'polyline' => array_merge(
513 $attr_id,
514 $attr_fill,
515 $attr_stroke,
516 $attr_transform,
517 $attr_style,
518 array(
519 'points' => true,
520 'opacity' => true,
521 )
522 ),
523 'polygon' => array_merge(
524 $attr_id,
525 $attr_fill,
526 $attr_stroke,
527 $attr_transform,
528 $attr_style,
529 array(
530 'points' => true,
531 'opacity' => true,
532 )
533 ),
534 'lineargradient' => array_merge(
535 $attr_id,
536 $attr_xlink,
537 array(
538 'x1' => true,
539 'y1' => true,
540 'x2' => true,
541 'y2' => true,
542 'gradientunits' => true,
543 'gradienttransform' => true,
544 'spreadmethod' => true,
545 )
546 ),
547 'radialgradient' => array_merge(
548 $attr_id,
549 $attr_center,
550 $attr_xlink,
551 array(
552 'r' => true,
553 'fx' => true,
554 'fy' => true,
555 'gradientunits' => true,
556 'gradienttransform' => true,
557 'spreadmethod' => true,
558 )
559 ),
560 'stop' => array(
561 'offset' => true,
562 'stop-color' => true,
563 'stop-opacity' => true,
564 ),
565 'use' => array_merge(
566 $attr_id,
567 $attr_dims,
568 $attr_xlink
569 ),
570 );
571
572 return array_merge( $allowed_tags, $svg_tags );
573 }
574 }
575