-
Notifications
You must be signed in to change notification settings - Fork 116
Expand file tree
/
Copy pathclass-filter-input.php
More file actions
165 lines (147 loc) · 4.71 KB
/
class-filter-input.php
File metadata and controls
165 lines (147 loc) · 4.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<?php
/**
* Processes form input
*
* @package WP_Stream
*/
namespace WP_Stream;
/**
* Class - Filter_Input
*/
class Filter_Input {
/**
* Callbacks to be used for input validation/sanitation.
*
* @var array
*/
public static $filter_callbacks = array(
FILTER_DEFAULT => null,
// Validate.
FILTER_VALIDATE_BOOLEAN => 'is_bool',
FILTER_VALIDATE_EMAIL => 'is_email',
FILTER_VALIDATE_FLOAT => 'is_float',
FILTER_VALIDATE_INT => 'is_int',
FILTER_VALIDATE_IP => array( __CLASS__, 'is_ip_address' ),
FILTER_VALIDATE_REGEXP => array( __CLASS__, 'is_regex' ),
FILTER_VALIDATE_URL => 'wp_http_validate_url',
// Sanitize.
FILTER_SANITIZE_EMAIL => 'sanitize_email',
FILTER_SANITIZE_ENCODED => 'esc_url_raw',
FILTER_SANITIZE_NUMBER_FLOAT => 'floatval',
FILTER_SANITIZE_NUMBER_INT => 'intval',
FILTER_SANITIZE_SPECIAL_CHARS => 'htmlspecialchars',
FILTER_SANITIZE_FULL_SPECIAL_CHARS => 'sanitize_text_field',
FILTER_SANITIZE_URL => 'esc_url_raw',
// Other.
FILTER_UNSAFE_RAW => null,
);
/**
* Returns input variable
*
* @param int $type Input type.
* @param string $variable_name Variable key.
* @param int $filter Filter callback.
* @param array $options Filter callback parameters.
* @throws \Exception Invalid input type provided.
* @return mixed
*/
public static function super( $type, $variable_name, $filter = null, $options = array() ) {
$super = null;
// @codingStandardsIgnoreStart
switch ( $type ) {
case INPUT_POST :
$super = $_POST;
break;
case INPUT_GET :
$super = $_GET;
break;
case INPUT_COOKIE :
$super = $_COOKIE;
break;
case INPUT_ENV :
$super = $_ENV;
break;
case INPUT_SERVER :
$super = $_SERVER;
break;
}
// @codingStandardsIgnoreEnd
if ( is_null( $super ) ) {
throw new \Exception( esc_html__( 'Invalid use, type must be one of INPUT_* family.', 'stream' ) );
}
$value = isset( $super[ $variable_name ] ) ? $super[ $variable_name ] : null;
$value = self::filter( $value, $filter, $options );
return $value;
}
/**
* Sanitize or validate input.
*
* @param mixed $value Raw input value.
* @param int $filter Filter callback.
* @param array $options Filter callback parameters.
*
* @return mixed
* @throws \Exception Unsupported filter provided.
*/
public static function filter( $value, $filter = null, $options = array() ) {
// Default filter is a sanitizer, not validator.
$filter_type = 'sanitizer';
// Only filter value if it is not null.
if ( isset( $value ) && $filter && FILTER_DEFAULT !== $filter ) {
if ( ! isset( self::$filter_callbacks[ $filter ] ) ) {
throw new \Exception( esc_html__( 'Filter not supported.', 'stream' ) );
}
$filter_callback = self::$filter_callbacks[ $filter ];
$result = call_user_func( $filter_callback, $value );
/**
* "filter_var / filter_input" treats validation/sanitization filters the same
* they both return output and change the var value, this shouldn't be the case here.
* We'll do a boolean check on validation function, and let sanitizers change the value
*/
$filter_type = ( $filter < 500 ) ? 'validator' : 'sanitizer';
if ( 'validator' === $filter_type ) { // Validation functions.
if ( ! $result ) {
$value = false;
}
} else { // Santization functions.
$value = $result;
}
}
// Detect FILTER_REQUIRE_ARRAY flag.
if ( isset( $value ) && is_int( $options ) && FILTER_REQUIRE_ARRAY === $options ) {
if ( ! is_array( $value ) ) {
$value = ( 'validator' === $filter_type ) ? false : null;
}
}
// Polyfill the `default` attribute only, for now.
if ( is_array( $options ) && ! empty( $options['options']['default'] ) ) {
if ( 'validator' === $filter_type && false === $value ) {
$value = $options['options']['default'];
} elseif ( 'sanitizer' === $filter_type && null === $value ) {
$value = $options['options']['default'];
}
}
return $value;
}
/**
* Returns whether the variable is a Regular Expression or not?
*
* @param string $maybe_regex Raw input value.
*
* @return boolean
*/
public static function is_regex( $maybe_regex ) {
$test = @preg_match( $maybe_regex, '' ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
return false !== $test;
}
/**
* Returns whether the variable is an IP address or not?
*
* @param string $maybe_ip Raw input.
*
* @return boolean
*/
public static function is_ip_address( $maybe_ip ) {
return false !== \WP_Http::is_ip_address( $maybe_ip );
}
}