Addons.php
22 hours ago
Admin.php
22 hours ago
Ajax.php
22 hours ago
Announcements.php
22 hours ago
Assets.php
22 hours ago
Backend_Page_Trait.php
1 year ago
BaseController.php
1 year ago
Config.php
22 hours ago
Container.php
11 months ago
Course.php
22 hours ago
Course_Embed.php
3 years ago
Course_Filter.php
22 hours ago
Course_List.php
22 hours ago
Course_Settings_Tabs.php
22 hours ago
Course_Widget.php
1 year ago
Custom_Validation.php
22 hours ago
Dashboard.php
22 hours ago
Earnings.php
9 months ago
FormHandler.php
22 hours ago
Frontend.php
22 hours ago
Gutenberg.php
1 year ago
Icon.php
22 hours ago
Input.php
22 hours ago
Instructor.php
22 hours ago
Instructors_List.php
22 hours ago
Lesson.php
22 hours ago
Options_V2.php
22 hours ago
Permalink.php
22 hours ago
Post_types.php
1 day ago
Private_Course_Access.php
22 hours ago
Q_And_A.php
22 hours ago
Question_Answers_List.php
11 months ago
Quiz.php
22 hours ago
QuizBuilder.php
22 hours ago
Quiz_Attempts_List.php
22 hours ago
RestAPI.php
2 years ago
Reviews.php
22 hours ago
Rewrite_Rules.php
2 years ago
SampleCourse.php
22 hours ago
Shortcode.php
22 hours ago
Singleton.php
1 year ago
Student.php
22 hours ago
Students_List.php
1 year ago
Taxonomies.php
1 year ago
Template.php
22 hours ago
Theme_Compatibility.php
3 years ago
Tools.php
1 year ago
Tools_V2.php
4 weeks ago
Tutor.php
22 hours ago
TutorEDD.php
22 hours ago
Tutor_Base.php
2 years ago
Tutor_Setup.php
22 hours ago
Upgrader.php
22 hours ago
User.php
22 hours ago
UserPreference.php
22 hours ago
Utils.php
22 hours ago
Video_Stream.php
3 years ago
WhatsNew.php
10 months ago
Withdraw.php
22 hours ago
Withdraw_Requests_List.php
11 months ago
WooCommerce.php
22 hours ago
Input.php
575 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Input class for sanitize GET and POST request |
| 4 | * |
| 5 | * @package Tutor |
| 6 | * @author Themeum <support@themeum.com> |
| 7 | * @link https://themeum.com |
| 8 | * @since 2.0.2 |
| 9 | */ |
| 10 | |
| 11 | namespace TUTOR; |
| 12 | |
| 13 | if ( ! defined( 'ABSPATH' ) ) { |
| 14 | exit; |
| 15 | } |
| 16 | /** |
| 17 | * Input class |
| 18 | * |
| 19 | * @since 2.0.2 |
| 20 | */ |
| 21 | class Input { |
| 22 | |
| 23 | const TYPE_STRING = 'string'; |
| 24 | const TYPE_INT = 'int'; |
| 25 | const TYPE_NUMERIC = 'numeric'; |
| 26 | const TYPE_BOOL = 'bool'; |
| 27 | const TYPE_ARRAY = 'array'; |
| 28 | const TYPE_TEXTAREA = 'textarea'; |
| 29 | const TYPE_KSES_POST = 'kses-post'; |
| 30 | |
| 31 | const GET_REQUEST = 'get'; |
| 32 | const POST_REQUEST = 'post'; |
| 33 | |
| 34 | /** |
| 35 | * Common data sanitizer method |
| 36 | * |
| 37 | * @since 2.0.2 |
| 38 | * |
| 39 | * @param string $value input value. |
| 40 | * @param string $default default value if input key is not exit. |
| 41 | * @param string $type Default is Input::TYPE_STRING. |
| 42 | * @param boolean $trim remove blank splace from start and end. |
| 43 | * @param string $request_method request method get or post. |
| 44 | * |
| 45 | * @return mixed |
| 46 | */ |
| 47 | private static function data_sanitizer( $value, $default = null, $type = self::TYPE_STRING, $trim = true, $request_method = null ) { |
| 48 | $is_input_request = in_array( $request_method, array( self::GET_REQUEST, self::POST_REQUEST ), true ); |
| 49 | $key = null; |
| 50 | |
| 51 | //phpcs:disable WordPress.Security.NonceVerification |
| 52 | if ( $is_input_request ) { |
| 53 | $key = $value; |
| 54 | if ( self::GET_REQUEST === $request_method && ! isset( $_GET[ $key ] ) ) { |
| 55 | if ( self::TYPE_ARRAY === $type ) { |
| 56 | return is_array( $default ) ? $default : array(); |
| 57 | } else { |
| 58 | return $default; |
| 59 | } |
| 60 | } |
| 61 | if ( self::POST_REQUEST === $request_method && ! isset( $_POST[ $key ] ) ) { |
| 62 | if ( self::TYPE_ARRAY === $type ) { |
| 63 | return is_array( $default ) ? $default : array(); |
| 64 | } else { |
| 65 | return $default; |
| 66 | } |
| 67 | } |
| 68 | } |
| 69 | |
| 70 | $sanitized_value = null; |
| 71 | |
| 72 | switch ( $type ) { |
| 73 | case self::TYPE_STRING: |
| 74 | case self::TYPE_INT: |
| 75 | case self::TYPE_NUMERIC: |
| 76 | case self::TYPE_BOOL: |
| 77 | default: |
| 78 | $sanitized_value = sanitize_text_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) ); |
| 79 | if ( self::TYPE_INT === $type ) { |
| 80 | $sanitized_value = (int) $sanitized_value; |
| 81 | } |
| 82 | if ( self::TYPE_NUMERIC === $type ) { |
| 83 | $sanitized_value = is_numeric( $sanitized_value ) ? $sanitized_value + 0 : 0; |
| 84 | } |
| 85 | if ( self::TYPE_BOOL === $type ) { |
| 86 | $sanitized_value = in_array( strtolower( $sanitized_value ), array( '1', 'true', 'on' ), true ); |
| 87 | } |
| 88 | |
| 89 | break; |
| 90 | |
| 91 | case self::TYPE_ARRAY: |
| 92 | if ( ! is_array( $default ) ) { |
| 93 | $sanitized_value = array(); |
| 94 | } else { |
| 95 | $sanitized_value = array_map( |
| 96 | 'sanitize_text_field', |
| 97 | wp_unslash( |
| 98 | is_array( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) |
| 99 | ? ( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) |
| 100 | : $default |
| 101 | ) |
| 102 | ); |
| 103 | } |
| 104 | |
| 105 | break; |
| 106 | |
| 107 | case self::TYPE_TEXTAREA: |
| 108 | $sanitized_value = sanitize_textarea_field( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) ); |
| 109 | break; |
| 110 | |
| 111 | case self::TYPE_KSES_POST: |
| 112 | $sanitized_value = wp_kses_post( wp_unslash( self::get_value( $request_method, $_GET, $_POST, $key, $value ) ) ); |
| 113 | break; |
| 114 | |
| 115 | } |
| 116 | |
| 117 | //phpcs:enable WordPress.Security.NonceVerification |
| 118 | |
| 119 | if ( $trim ) { |
| 120 | if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) { |
| 121 | $sanitized_value = array_map( 'trim', $sanitized_value ); |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | if ( self::TYPE_ARRAY === $type && is_array( $sanitized_value ) ) { |
| 126 | $final_array = array(); |
| 127 | $is_assoc = array_keys( $sanitized_value ) !== range( 0, count( $sanitized_value ) - 1 ); |
| 128 | |
| 129 | foreach ( $sanitized_value as $input_key => $input_value ) { |
| 130 | /** |
| 131 | * Sanitize array key if array is assoc. |
| 132 | * When from form submit like person['name'], person['age'] etc |
| 133 | */ |
| 134 | if ( $is_assoc ) { |
| 135 | $input_key = sanitize_text_field( wp_unslash( $input_key ) ); |
| 136 | } |
| 137 | |
| 138 | if ( is_numeric( $input_value ) ) { |
| 139 | $input_value = $input_value + 0; |
| 140 | } |
| 141 | |
| 142 | $final_array[ $input_key ] = $input_value; |
| 143 | } |
| 144 | |
| 145 | $sanitized_value = $final_array; |
| 146 | |
| 147 | } |
| 148 | |
| 149 | return $sanitized_value; |
| 150 | } |
| 151 | |
| 152 | /** |
| 153 | * Dynamically get value |
| 154 | * |
| 155 | * @since 2.2.0 |
| 156 | * |
| 157 | * @param string $request_method detect called from get or post method. |
| 158 | * @param array $get GET superglobal. |
| 159 | * @param array $post POST superglobal. |
| 160 | * @param string $key GET or POST input key name. |
| 161 | * @param string $value value of variable or DB value. |
| 162 | * |
| 163 | * @return mixed |
| 164 | */ |
| 165 | private static function get_value( $request_method, $get, $post, $key, $value ) { |
| 166 | return self::GET_REQUEST === $request_method |
| 167 | ? $get[ $key ] |
| 168 | : ( self::POST_REQUEST === $request_method ? $post[ $key ] : $value ); |
| 169 | } |
| 170 | |
| 171 | /** |
| 172 | * Sanitize value |
| 173 | * |
| 174 | * @since 2.0.2 |
| 175 | * |
| 176 | * @param string $value input value. |
| 177 | * @param string $default default value if input key is not exit. |
| 178 | * @param string $type Default is Input::TYPE_STRING. |
| 179 | * @param boolean $trim remove blank splace from start and end. |
| 180 | * |
| 181 | * @return mixed |
| 182 | */ |
| 183 | public static function sanitize( $value, $default = null, $type = self::TYPE_STRING, $trim = true ) { |
| 184 | return self::data_sanitizer( $value, $default, $type, $trim ); |
| 185 | } |
| 186 | |
| 187 | /** |
| 188 | * Get input value from GET request |
| 189 | * |
| 190 | * @param string $key $_GET request key. |
| 191 | * @param mixed $default default value if input key is not exit. |
| 192 | * @param string $type input type. Default is Input::TYPE_STRING. |
| 193 | * @param boolean $trim remove blank splace from start and end. |
| 194 | * |
| 195 | * @return mixed |
| 196 | */ |
| 197 | public static function get( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) { |
| 198 | return self::data_sanitizer( $key, $default, $type, $trim, self::GET_REQUEST ); |
| 199 | } |
| 200 | |
| 201 | /** |
| 202 | * Get input value from POST request |
| 203 | * |
| 204 | * @since 2.0.2 |
| 205 | * |
| 206 | * @param string $key $_POST request key. |
| 207 | * @param mixed $default default value if input key is not exit. |
| 208 | * @param string $type input type. Default is Input::TYPE_STRING. |
| 209 | * @param boolean $trim remove blank splace from start and end. |
| 210 | * @return mixed |
| 211 | */ |
| 212 | public static function post( $key, $default = null, $type = self::TYPE_STRING, $trim = true ) { |
| 213 | return self::data_sanitizer( $key, $default, $type, $trim, self::POST_REQUEST ); |
| 214 | } |
| 215 | |
| 216 | /** |
| 217 | * Check input has key or not |
| 218 | * |
| 219 | * @since 2.0.2 |
| 220 | * @since 4.0.0 param $method added. |
| 221 | * |
| 222 | * @param string $key input key name. |
| 223 | * @param string $method request method. |
| 224 | * |
| 225 | * @return boolean |
| 226 | */ |
| 227 | public static function has( $key, $method = '' ) { |
| 228 | if ( empty( $method ) ) { |
| 229 | //phpcs:ignore WordPress.Security.NonceVerification |
| 230 | return isset( $_REQUEST[ $key ] ); |
| 231 | } |
| 232 | |
| 233 | //phpcs:ignore WordPress.Security.NonceVerification |
| 234 | return self::GET_REQUEST === $method ? isset( $_GET[ $key ] ) : isset( $_POST[ $key ] ); |
| 235 | } |
| 236 | |
| 237 | /** |
| 238 | * Check input has any keys. |
| 239 | * |
| 240 | * @since 4.0.0 |
| 241 | * |
| 242 | * @param array $keys keys. |
| 243 | * @param string $method request method. |
| 244 | * |
| 245 | * @return boolean |
| 246 | */ |
| 247 | public static function has_any( array $keys, $method = '' ) { |
| 248 | foreach ( $keys as $key ) { |
| 249 | if ( self::has( $key, $method ) ) { |
| 250 | return true; |
| 251 | } |
| 252 | } |
| 253 | |
| 254 | return false; |
| 255 | } |
| 256 | |
| 257 | /** |
| 258 | * Check input has all keys. |
| 259 | * |
| 260 | * @since 4.0.0 |
| 261 | * |
| 262 | * @param array $keys keys. |
| 263 | * @param string $method request method. |
| 264 | * |
| 265 | * @return boolean |
| 266 | */ |
| 267 | public static function has_all( array $keys, $method = '' ) { |
| 268 | foreach ( $keys as $key ) { |
| 269 | if ( ! self::has( $key, $method ) ) { |
| 270 | return false; |
| 271 | } |
| 272 | } |
| 273 | |
| 274 | return true; |
| 275 | } |
| 276 | |
| 277 | /** |
| 278 | * Sanitize & unslash a request data |
| 279 | * |
| 280 | * @since 2.1.3 |
| 281 | * |
| 282 | * @param string $key a request key. |
| 283 | * @param mixed $default_value a default value if key not exists. |
| 284 | * |
| 285 | * @return mixed |
| 286 | */ |
| 287 | public static function sanitize_request_data( string $key, $default_value = '' ) { |
| 288 | if ( self::has( $key ) ) { |
| 289 | return sanitize_text_field( wp_unslash( $_REQUEST[ $key ] ) ); //phpcs:ignore |
| 290 | } |
| 291 | return $default_value; |
| 292 | } |
| 293 | |
| 294 | /** |
| 295 | * Sanitize array, single or multi dimensional array |
| 296 | * Explicitly setup how should a value sanitize by the |
| 297 | * sanitize function. |
| 298 | * |
| 299 | * @since 2.1.3 |
| 300 | * |
| 301 | * @see available sanitize func |
| 302 | * https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/ |
| 303 | * |
| 304 | * @param array $input array to sanitize. |
| 305 | * @param array $sanitize_mapping single dimensional map key value |
| 306 | * pair to set up sanitization process. Key name should by inside |
| 307 | * input array and the value will be callable func. |
| 308 | * For ex: [key1 => sanitize_email, key2 => wp_kses_post ] |
| 309 | * |
| 310 | * If key not passed then default sanitize_text_field will be used. |
| 311 | * |
| 312 | * @param bool $allow_iframe if set true then iframe tag will be allowed. |
| 313 | * |
| 314 | * @return array |
| 315 | */ |
| 316 | public static function sanitize_array( array $input, array $sanitize_mapping = array(), $allow_iframe = false ): array { |
| 317 | $array = array(); |
| 318 | |
| 319 | if ( $allow_iframe ) { |
| 320 | add_filter( 'wp_kses_allowed_html', __CLASS__ . '::allow_iframe', 10, 2 ); |
| 321 | } |
| 322 | |
| 323 | if ( is_array( $input ) && count( $input ) ) { |
| 324 | foreach ( $input as $key => $value ) { |
| 325 | if ( is_array( $value ) ) { |
| 326 | $array[ $key ] = self::sanitize_array( $value, $sanitize_mapping, $allow_iframe ); |
| 327 | } else { |
| 328 | $key = sanitize_text_field( $key ); |
| 329 | |
| 330 | // If mapping exists then use callback. |
| 331 | if ( isset( $sanitize_mapping[ $key ] ) ) { |
| 332 | $callback = $sanitize_mapping[ $key ]; |
| 333 | $value = call_user_func( $callback, wp_unslash( $value ) ); |
| 334 | } else { |
| 335 | $value = is_null( $value ) ? null : sanitize_text_field( wp_unslash( $value ) ); |
| 336 | } |
| 337 | $array[ $key ] = $value; |
| 338 | } |
| 339 | } |
| 340 | } |
| 341 | return is_array( $array ) && count( $array ) ? $array : array(); |
| 342 | } |
| 343 | |
| 344 | /** |
| 345 | * This method is used with wp_kses_allowed_html filter |
| 346 | * to allow iframe |
| 347 | * |
| 348 | * @since 2.1.3 |
| 349 | * |
| 350 | * @param array $tags allowed HTML tags. |
| 351 | * @param string $context context name. |
| 352 | * |
| 353 | * @return array |
| 354 | */ |
| 355 | public static function allow_iframe( $tags, $context ) { |
| 356 | $tags['iframe'] = array( |
| 357 | 'src' => true, |
| 358 | 'title' => true, |
| 359 | 'height' => true, |
| 360 | 'width' => true, |
| 361 | 'frameborder' => true, |
| 362 | 'allowfullscreen' => true, |
| 363 | 'allow' => true, |
| 364 | 'style' => true, |
| 365 | ); |
| 366 | return $tags; |
| 367 | } |
| 368 | |
| 369 | /** |
| 370 | * This method is used with wp_kses_allowed_html filter |
| 371 | * to allow svg tags. |
| 372 | * |
| 373 | * @since 4.0.0 |
| 374 | * |
| 375 | * @param array $allowed_tags allowed HTML tags. |
| 376 | * |
| 377 | * @return array |
| 378 | */ |
| 379 | public static function allow_svg( $allowed_tags ) { |
| 380 | $attr_id = array( 'id' => true ); |
| 381 | $attr_fill = array( 'fill' => true ); |
| 382 | $attr_dims = array( |
| 383 | 'width' => true, |
| 384 | 'height' => true, |
| 385 | 'x' => true, |
| 386 | 'y' => true, |
| 387 | ); |
| 388 | $attr_transform = array( 'transform' => true ); |
| 389 | $attr_clip = array( |
| 390 | 'clip-path' => true, |
| 391 | 'clip-rule' => true, |
| 392 | ); |
| 393 | $attr_center = array( |
| 394 | 'cx' => true, |
| 395 | 'cy' => true, |
| 396 | ); |
| 397 | $attr_stroke = array( |
| 398 | 'stroke' => true, |
| 399 | 'stroke-width' => true, |
| 400 | 'stroke-linecap' => true, |
| 401 | 'stroke-linejoin' => true, |
| 402 | 'stroke-dasharray' => true, |
| 403 | 'stroke-dashoffset' => true, |
| 404 | ); |
| 405 | $attr_style = array( 'style' => true ); |
| 406 | $attr_opacity = array( 'opacity' => true ); |
| 407 | $attr_xlink = array( 'xlink:href' => true ); |
| 408 | |
| 409 | $svg_tags = array( |
| 410 | 'svg' => array_merge( |
| 411 | $attr_id, |
| 412 | $attr_fill, |
| 413 | $attr_dims, |
| 414 | $attr_style, |
| 415 | array( |
| 416 | 'class' => true, |
| 417 | 'aria-hidden' => true, |
| 418 | 'aria-label' => true, |
| 419 | 'role' => true, |
| 420 | 'xmlns' => true, |
| 421 | 'viewbox' => true, |
| 422 | 'viewBox' => true, |
| 423 | 'opacity' => true, |
| 424 | ) |
| 425 | ), |
| 426 | 'g' => array_merge( |
| 427 | $attr_id, |
| 428 | $attr_fill, |
| 429 | $attr_clip, |
| 430 | $attr_transform, |
| 431 | $attr_style, |
| 432 | $attr_opacity |
| 433 | ), |
| 434 | 'defs' => array(), |
| 435 | 'clipPath' => $attr_id, |
| 436 | 'clippath' => $attr_id, |
| 437 | 'path' => array_merge( |
| 438 | $attr_id, |
| 439 | $attr_fill, |
| 440 | $attr_stroke, |
| 441 | $attr_clip, |
| 442 | $attr_transform, |
| 443 | $attr_style, |
| 444 | array( |
| 445 | 'd' => true, |
| 446 | 'fill-rule' => true, |
| 447 | 'mask' => true, |
| 448 | 'opacity' => true, |
| 449 | ) |
| 450 | ), |
| 451 | 'mask' => array_merge( |
| 452 | $attr_id, |
| 453 | $attr_fill, |
| 454 | $attr_dims, |
| 455 | $attr_style, |
| 456 | array( |
| 457 | 'maskunits' => true, |
| 458 | 'mask-type' => true, |
| 459 | 'opacity' => true, |
| 460 | ) |
| 461 | ), |
| 462 | 'circle' => array_merge( |
| 463 | $attr_id, |
| 464 | $attr_fill, |
| 465 | $attr_center, |
| 466 | $attr_transform, |
| 467 | $attr_stroke, |
| 468 | $attr_style, |
| 469 | array( |
| 470 | 'r' => true, |
| 471 | 'opacity' => true, |
| 472 | ) |
| 473 | ), |
| 474 | 'ellipse' => array_merge( |
| 475 | $attr_id, |
| 476 | $attr_fill, |
| 477 | $attr_center, |
| 478 | $attr_transform, |
| 479 | $attr_style, |
| 480 | array( |
| 481 | 'rx' => true, |
| 482 | 'ry' => true, |
| 483 | 'opacity' => true, |
| 484 | ) |
| 485 | ), |
| 486 | 'rect' => array_merge( |
| 487 | $attr_id, |
| 488 | $attr_fill, |
| 489 | $attr_dims, |
| 490 | $attr_stroke, |
| 491 | $attr_transform, |
| 492 | $attr_style, |
| 493 | array( |
| 494 | 'maskunits' => true, |
| 495 | 'rx' => true, |
| 496 | 'opacity' => true, |
| 497 | ) |
| 498 | ), |
| 499 | 'line' => array_merge( |
| 500 | $attr_id, |
| 501 | $attr_stroke, |
| 502 | $attr_transform, |
| 503 | $attr_style, |
| 504 | array( |
| 505 | 'x1' => true, |
| 506 | 'x2' => true, |
| 507 | 'y1' => true, |
| 508 | 'y2' => true, |
| 509 | 'opacity' => true, |
| 510 | ) |
| 511 | ), |
| 512 | 'polyline' => array_merge( |
| 513 | $attr_id, |
| 514 | $attr_fill, |
| 515 | $attr_stroke, |
| 516 | $attr_transform, |
| 517 | $attr_style, |
| 518 | array( |
| 519 | 'points' => true, |
| 520 | 'opacity' => true, |
| 521 | ) |
| 522 | ), |
| 523 | 'polygon' => array_merge( |
| 524 | $attr_id, |
| 525 | $attr_fill, |
| 526 | $attr_stroke, |
| 527 | $attr_transform, |
| 528 | $attr_style, |
| 529 | array( |
| 530 | 'points' => true, |
| 531 | 'opacity' => true, |
| 532 | ) |
| 533 | ), |
| 534 | 'lineargradient' => array_merge( |
| 535 | $attr_id, |
| 536 | $attr_xlink, |
| 537 | array( |
| 538 | 'x1' => true, |
| 539 | 'y1' => true, |
| 540 | 'x2' => true, |
| 541 | 'y2' => true, |
| 542 | 'gradientunits' => true, |
| 543 | 'gradienttransform' => true, |
| 544 | 'spreadmethod' => true, |
| 545 | ) |
| 546 | ), |
| 547 | 'radialgradient' => array_merge( |
| 548 | $attr_id, |
| 549 | $attr_center, |
| 550 | $attr_xlink, |
| 551 | array( |
| 552 | 'r' => true, |
| 553 | 'fx' => true, |
| 554 | 'fy' => true, |
| 555 | 'gradientunits' => true, |
| 556 | 'gradienttransform' => true, |
| 557 | 'spreadmethod' => true, |
| 558 | ) |
| 559 | ), |
| 560 | 'stop' => array( |
| 561 | 'offset' => true, |
| 562 | 'stop-color' => true, |
| 563 | 'stop-opacity' => true, |
| 564 | ), |
| 565 | 'use' => array_merge( |
| 566 | $attr_id, |
| 567 | $attr_dims, |
| 568 | $attr_xlink |
| 569 | ), |
| 570 | ); |
| 571 | |
| 572 | return array_merge( $allowed_tags, $svg_tags ); |
| 573 | } |
| 574 | } |
| 575 |