/
var
/
www
/
barefootlaw.org
/
wp-content
/
plugins
/
wp-migrate-db
/
class
/
Common
/
Upload File
HOME
<?php namespace DeliciousBrains\WPMDB\Common; use DeliciousBrains\WPMDB\Common\Exceptions\SanitizationFailureException; use DeliciousBrains\WPMDB\Common\Util\Util; /** * * Class Sanitize * * * @package DeliciousBrains\WPMDB\Common */ class Sanitize { protected static $field_key; /** * Sanitize and validate data. * * @param string|array $data The data to the sanitized. * @param string|array $key_rules The keys in the data (if data is an array) and the sanitization rule(s) to apply for each key. * @param string $context Additional context data for messages etc. * * @return array|int|mixed|string|\WP_Error * @throws SanitizationFailureException */ public static function sanitize_data($data, $key_rules, $context) { if (empty($data) || empty($key_rules)) { return $data; } $result = null; try { $result = self::_sanitize_data($data, $key_rules, $context); } catch (\Exception $exception) { return new \WP_Error('wpmdb_sanitization_error', $exception->getMessage()); } return $result; } protected static function create_error_string($type, $context, $data, $key) { return sprintf(__('Sanitization Error: `%1$s` method was expecting %2$s for the `%3$s` field, but got something else: "%4$s"', 'wp-db-migrate-pro'), $context, $type, $key, $data); } /** * Sanitize and validate data. * * @param string|array $data The data to the sanitized. * @param string|array $key_rules The keys in the data (if data is an array) and the sanitization rule(s) to apply for each key. * @param string $context Additional context data for messages etc. * @param int $recursion_level How deep in the recursion are we? Optional, defaults to 0. * * @return mixed The sanitized data, the data if no key rules supplied or `false` if an unrecognized rule supplied. * @throws SanitizationFailureException */ private static function _sanitize_data($data, $key_rules, $context, $recursion_level = 0) { if (empty($data) || empty($key_rules)) { return $data; } if (0 === $recursion_level && is_array($data)) { // We always expect associative arrays. if (!is_array($key_rules)) { throw new SanitizationFailureException(sprintf(__('%1$s was not expecting data to be an array.', 'wp-db-migrate-pro'), $context)); } foreach ($data as $key => $value) { // If a key does not have a rule it's not ours and can be removed. // We should not fail if there is extra data as plugins like Polylang add their own data to each ajax request. if (!array_key_exists($key, $key_rules)) { unset($data[$key]); continue; } static::$field_key = $key; $data[$key] = self::_sanitize_data($value, $key_rules[$key], $context, ($recursion_level + 1)); } } elseif (is_array($key_rules)) { foreach ($key_rules as $rule) { $data = self::_sanitize_data($data, $rule, $context, ($recursion_level + 1)); } } else { // Neither $data or $key_rules are a first level array so can be analysed. if ('array' === $key_rules) { if (!is_array($data)) { throw new SanitizationFailureException(self::create_error_string('an array', $context, $data, self::$field_key)); } // @TODO - Needs sanitizing } elseif ('string' === $key_rules) { if (!is_string($data)) { throw new SanitizationFailureException(self::create_error_string('a string', $context, $data, self::$field_key)); } $data = filter_var($data, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_FLAG_NO_ENCODE_QUOTES); } elseif ('regex' === $key_rules) { if (Util::is_regex_pattern_valid($data) === false) { throw new SanitizationFailureException(self::create_error_string('a regex string', $context, $data, self::$field_key)); } $data = $data; } elseif ('key' === $key_rules) { $key_name = sanitize_key($data); if ($key_name !== $data) { throw new SanitizationFailureException(self::create_error_string('a valid key', $context, $data, self::$field_key)); } $data = $key_name; } elseif ('text' === $key_rules) { $text = sanitize_text_field($data); if ($text !== trim($data)) { throw new SanitizationFailureException(self::create_error_string('text', $context, $data, self::$field_key)); } $data = $text; } elseif ('serialized' === $key_rules) { if (!is_string($data) || !is_serialized($data)) { throw new SanitizationFailureException(self::create_error_string('serialized data', $context, $data, self::$field_key)); } // @TODO - Needs sanitizing } elseif ('json_array' === $key_rules) { if (!is_string($data) || !Util::is_json($data)) { throw new SanitizationFailureException(self::create_error_string('JSON data', $context, $data, self::$field_key)); } // @TODO - Needs sanitizing $data = json_decode($data, true); } elseif ('json' === $key_rules) { if (!is_string($data) || !Util::is_json($data)) { throw new SanitizationFailureException(self::create_error_string('JSON data', $context, $data, self::$field_key)); } // @TODO - Needs sanitizing } elseif ('numeric' === $key_rules) { if (!is_numeric($data)) { throw new SanitizationFailureException(self::create_error_string('a valid numeric value', $context, $data, self::$field_key)); } } elseif ('int' === $key_rules) { // As we are sanitizing form data, even integers are within a string. if (!is_numeric($data) || (int)$data != $data) { throw new SanitizationFailureException(self::create_error_string('an integer', $context, $data, self::$field_key)); } $data = (int)$data; } elseif ('positive_int' === $key_rules) { if (!is_numeric($data) || (int)$data != $data || 0 > $data) { throw new SanitizationFailureException(self::create_error_string('a positive number (int)', $context, $data, self::$field_key)); } $data = floor($data); } elseif ('negative_int' === $key_rules) { if (!is_numeric($data) || (int)$data !== $data || 0 < $data) { throw new SanitizationFailureException(self::create_error_string('a negative number (int)', $context, $data, self::$field_key)); } $data = ceil($data); } elseif ('zero_int' === $key_rules) { if (!is_numeric($data) || (int)$data !== $data || 0 !== $data) { throw new SanitizationFailureException(self::create_error_string('0 (int)', $context, $data, self::$field_key)); } $data = 0; } elseif ('empty' === $key_rules) { if (!empty($data)) { throw new SanitizationFailureException(self::create_error_string('an empty value', $context, $data, self::$field_key)); } } elseif ('url' === $key_rules) { $url = esc_url_raw($data); if (empty($url)) { throw new SanitizationFailureException(self::create_error_string('URL', $context, $data, self::$field_key)); } $data = $url; } elseif ( 'bool' === $key_rules ) { $bool = rest_sanitize_boolean( $data ); if ( is_bool( $bool ) ) { return $bool; } if ( in_array( $bool, array('true', 'false') ) ) { return $bool; } throw new SanitizationFailureException( self::create_error_string( 'a bool', $context, $data, self::$field_key ) ); } else { throw new SanitizationFailureException(sprintf(__('Unknown sanitization rule "%1$s" supplied by %2$s', 'wp-db-migrate-pro'), $key_rules, $context)); } } return $data; } }