PluginProbe ʕ •ᴥ•ʔ
WP STAGING – WordPress Backup, Restore, Migration & Clone / 3.8.2
WP STAGING – WordPress Backup, Restore, Migration & Clone v3.8.2
4.9.1 4.9.0 4.8.1 trunk 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.1.0 3.1.1 3.1.2 3.1.3 3.1.4 3.10.0 3.2.0 3.3.1 3.3.2 3.3.3 3.4.1 3.4.3 3.5.0 3.6.0 3.7.1 3.8.0 3.8.1 3.8.2 3.8.3 3.8.4 3.8.5 3.8.6 3.8.7 3.9.0 3.9.1 3.9.2 3.9.3 3.9.4 4.0.0 4.1.0 4.1.1 4.1.2 4.1.3 4.1.4 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.0 4.7.0 4.7.1 4.7.2 4.7.3 4.8.0
wp-staging / Framework / Utils / Sanitize.php
wp-staging / Framework / Utils Last commit date
Cache 2 years ago DBPermissions.php 2 years ago DataEncoder.php 2 years ago Escape.php 2 years ago Glob.php 2 years ago Hooks.php 2 years ago Math.php 2 years ago PluginInfo.php 2 years ago Sanitize.php 2 years ago ServerVars.php 2 years ago SlashMode.php 5 years ago Strings.php 2 years ago Times.php 2 years ago Urls.php 2 years ago Version.php 2 years ago WpDefaultDirectories.php 2 years ago
Sanitize.php
258 lines
1 <?php
2
3 namespace WPStaging\Framework\Utils;
4
5 use WPStaging\Core\WPStaging;
6
7 class Sanitize
8 {
9 protected $config = [];
10
11 /**
12 * Sanitize string and array. Automatically urldecode.
13 *
14 * @param array|string $value
15 * @param bool $shouldUrlDecode
16 * @return array|string
17 */
18 public function sanitizeString($value, $shouldUrlDecode = true)
19 {
20 if (is_object($value)) {
21 return $value;
22 }
23
24 if ($shouldUrlDecode) {
25 $value = wpstg_urldecode($value);
26 }
27
28 if (!is_array($value)) {
29 return htmlspecialchars($value);
30 }
31
32 $sanitized = [];
33 foreach ($value as $string) {
34 $sanitized[] = is_string($string) ? htmlspecialchars($string) : $string;
35 }
36
37 return $sanitized;
38 }
39
40 /**
41 * @param string $password
42 * @return string
43 */
44 public function sanitizePassword($password)
45 {
46 if (!is_string($password)) {
47 return '';
48 }
49
50 return trim(stripslashes($password));
51 }
52
53 /**
54 * Sanitize integer. Optionally use abs flag.
55 *
56 * @param int|string $value
57 * @param bool $useAbsValue
58 * @return int
59 */
60 public function sanitizeInt($value, $useAbsValue = false)
61 {
62 $integer = filter_var($value, FILTER_VALIDATE_INT);
63 if ($useAbsValue) {
64 return absint($integer);
65 }
66
67 return $integer;
68 }
69
70 /**
71 * @param int|bool|string $value
72 * @return bool
73 */
74 public function sanitizeBool($value)
75 {
76 // FILTER_VALIDATE_BOOL is alias of FILTER_VALIDATE_BOOLEAN and was introduced in PHP 8.0 but php.net say that we use the BOOL variant,
77 // See if we should use like this or just use the BOOLEAN variant?
78 return filter_var($value, defined('FILTER_VALIDATE_BOOL') ? FILTER_VALIDATE_BOOL : FILTER_VALIDATE_BOOLEAN);
79 }
80
81 /**
82 * @param string $value
83 * @return string
84 */
85 public function sanitizeEmail($value): string
86 {
87 return filter_var($value, FILTER_VALIDATE_EMAIL) ? $value : '';
88 }
89
90 /**
91 * Sanitize the path, remove spaces and trailing slashes.
92 *
93 * @param string $value
94 * @return string|false returns false if $value is an array or object
95 */
96 public function sanitizePath($value)
97 {
98 if (is_array($value) || is_object($value)) {
99 return false;
100 }
101
102 $value = $this->sanitizeString($value);
103
104 // Remove trailing slashes.
105 $path = rtrim($value, '/\\');
106
107 // To support network path on windows.
108 if (WPStaging::isWindowsOs()) {
109 return $path;
110 }
111
112 // Remove whitespace and spaces.
113 $path = preg_replace('/\s+/', '', $path);
114
115 // Convert all invalid slashes to one single forward slash
116 $replacements = [
117 '//' => '/',
118 ];
119
120 return strtr($path, $replacements);
121 }
122
123 /**
124 * Html decode and then sanitize.
125 *
126 * @param string $text
127 * @return string
128 */
129 public function htmlDecodeAndSanitize($text)
130 {
131 return sanitize_text_field(html_entity_decode($text));
132 }
133
134 /**
135 * @param array $file
136 * @param array
137 */
138 public function sanitizeFileUpload($file)
139 {
140 if (!is_array($file)) {
141 return;
142 }
143
144 if (!isset($file['tmp_name'])) {
145 return;
146 }
147
148 return $file;
149 }
150
151 /**
152 * @param array|string $htmlPost
153 * @return array
154 */
155 public function sanitizeExcludeRules($htmlPost)
156 {
157 if (is_object($htmlPost)) {
158 return [];
159 }
160
161 $decoded = wpstg_urldecode($htmlPost);
162
163 if (!is_array($decoded)) {
164 $items = explode(',', $decoded);
165 } else {
166 $items = $decoded;
167 }
168
169 $sanitized = [];
170 foreach ($items as $item) {
171 $sanitized[] = $this->sanitizeString($item);
172 }
173
174 return $sanitized;
175 }
176
177 /**
178 * @param array $items
179 * @return array
180 */
181 public function sanitizeArrayInt($items)
182 {
183 // Early bail if not array
184 if (!is_array($items) || empty($items)) {
185 return [];
186 }
187
188 $sanitized = [];
189 foreach ($items as $item) {
190 $sanitized[] = $this->sanitizeInt($item);
191 }
192
193 return $sanitized;
194 }
195
196 /**
197 * @param array $items
198 * @param array $config An array that defines the expected type of a key,e.g. ['thisIsAbooleanValue' => true, 'thisShouldBeAnInteger' => int]
199 * @return array
200 */
201 public function sanitizeArray($items, $config = [])
202 {
203 // Early bail if not array
204 if (!is_array($items) || empty($items)) {
205 return [];
206 }
207
208 $sanitized = [];
209 if (!is_array($config) || empty($config)) {
210 $config = $this->config;
211 } else {
212 $this->config = $config;
213 }
214
215 foreach ($items as $key => $value) {
216 $sanitized[$key] = isset($config[$key]) ? $this->sanitizeCall($value, $config[$key]) : $this->sanitizeString($value);
217 }
218
219 return $sanitized;
220 }
221
222 /**
223 * @param string $text
224 * @return string
225 */
226 public function decodeBase64AndSanitize($text)
227 {
228 return $this->sanitizeString(base64_decode($text));
229 }
230
231 /**
232 * @param int|bool|string|array $value
233 * @param string $method
234 * @return int|bool|string|array
235 */
236 protected function sanitizeCall($value, $method)
237 {
238 $methodName = 'sanitize' . ucfirst($method);
239 if (!method_exists($this, $methodName)) {
240 return $this->sanitizeString($value);
241 }
242
243 return $this->{$methodName}($value);
244 }
245
246 /**
247 * Wrapper for sanitize_url and esc_url_raw.
248 *
249 * @param string $url
250 * @param string[] $protocols Optional. An array of acceptable protocols.
251 * @return string
252 */
253 public function sanitizeUrl($url, $protocols = null)
254 {
255 return esc_url($url, $protocols, 'db');
256 }
257 }
258