- intermediate results with sanitizing form handlers;

This commit is contained in:
Nikita Sinelnikov
2021-06-29 02:51:54 +03:00
parent 23d1b982a4
commit 07e664be80
63 changed files with 4337 additions and 2812 deletions
+50 -171
View File
@@ -1,4 +1,6 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit;
<?php if ( ! defined( 'ABSPATH' ) ) {
exit;
}
wp_enqueue_script( 'postbox' );
wp_enqueue_media();
@@ -42,7 +44,7 @@ do_action( 'um_roles_add_meta_boxes', 'um_role_meta' );
*/
do_action( 'um_roles_add_meta_boxes_um_role_meta' );
$data = array();
$data = array();
$option = array();
global $wp_roles;
@@ -60,11 +62,11 @@ if ( ! empty( $_GET['id'] ) ) {
if ( ! empty( $_POST['role'] ) ) {
$id = '';
$id = '';
$redirect = '';
$error = '';
$error = '';
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
if ( ! wp_verify_nonce( $_POST['um_nonce'], 'um-add-role' ) ) {
$error = __( 'Security Issue', 'ultimate-member' ) . '<br />';
}
@@ -76,155 +78,9 @@ if ( ! empty( $_POST['role'] ) ) {
if ( empty( $error ) ) {
$data = $_POST['role'];
$data = UM()->admin()->sanitize_role_meta( $_POST['role'] );
$all_roles = array_keys( UM()->roles()->get_roles() );
if ( array_key_exists( '_um_priority', $data ) ) {
$data['_um_priority'] = (int) $data['_um_priority'];
}
if ( array_key_exists( '_um_can_access_wpadmin', $data ) ) {
$data['_um_can_access_wpadmin'] = (bool) $data['_um_can_access_wpadmin'];
}
if ( array_key_exists( '_um_can_not_see_adminbar', $data ) ) {
$data['_um_can_not_see_adminbar'] = (bool) $data['_um_can_not_see_adminbar'];
}
if ( array_key_exists( '_um_can_edit_everyone', $data ) ) {
$data['_um_can_edit_everyone'] = (bool) $data['_um_can_edit_everyone'];
}
if ( array_key_exists( '_um_can_edit_roles', $data ) && ! empty( $data['_um_can_edit_roles'] ) ) {
$data['_um_can_edit_roles'] = array_filter( $data['_um_can_edit_roles'], function( $v, $k ) use ( $all_roles ) {
return in_array( $v, $all_roles );
}, ARRAY_FILTER_USE_BOTH );
}
if ( array_key_exists( '_um_can_delete_everyone', $data ) ) {
$data['_um_can_delete_everyone'] = (bool) $data['_um_can_delete_everyone'];
}
if ( array_key_exists( '_um_can_delete_roles', $data ) && ! empty( $data['_um_can_delete_roles'] ) ) {
$data['_um_can_delete_roles'] = array_filter( $data['_um_can_delete_roles'], function( $v, $k ) use ( $all_roles ) {
return in_array( $v, $all_roles );
}, ARRAY_FILTER_USE_BOTH );
}
if ( array_key_exists( '_um_can_edit_profile', $data ) ) {
$data['_um_can_edit_profile'] = (bool) $data['_um_can_edit_profile'];
}
if ( array_key_exists( '_um_can_delete_profile', $data ) ) {
$data['_um_can_delete_profile'] = (bool) $data['_um_can_delete_profile'];
}
if ( array_key_exists( '_um_can_view_all', $data ) ) {
$data['_um_can_view_all'] = (bool) $data['_um_can_view_all'];
}
if ( array_key_exists( '_um_can_view_roles', $data ) && ! empty( $data['_um_can_view_roles'] ) ) {
$data['_um_can_view_roles'] = array_filter( $data['_um_can_view_roles'], function( $v, $k ) use ( $all_roles ) {
return in_array( $v, $all_roles );
}, ARRAY_FILTER_USE_BOTH );
}
if ( array_key_exists( '_um_can_make_private_profile', $data ) ) {
$data['_um_can_make_private_profile'] = (bool) $data['_um_can_make_private_profile'];
}
if ( array_key_exists( '_um_can_access_private_profile', $data ) ) {
$data['_um_can_access_private_profile'] = (bool) $data['_um_can_access_private_profile'];
}
if ( array_key_exists( '_um_profile_noindex', $data ) ) {
$data['_um_profile_noindex'] = $data['_um_profile_noindex'] !== '' ? (bool) $data['_um_profile_noindex'] : $data['_um_profile_noindex'];
}
if ( array_key_exists( '_um_default_homepage', $data ) ) {
$data['_um_default_homepage'] = (bool) $data['_um_default_homepage'];
}
if ( array_key_exists( '_um_redirect_homepage', $data ) ) {
$data['_um_redirect_homepage'] = esc_url_raw( $data['_um_redirect_homepage'] );
}
if ( array_key_exists( '_um_status', $data ) ) {
$data['_um_status'] = ! in_array( sanitize_key( $data['_um_status'] ), [ 'approved', 'checkmail', 'pending' ] ) ? 'approved' : sanitize_key( $data['_um_status'] );
}
if ( array_key_exists( '_um_auto_approve_act', $data ) ) {
$data['_um_auto_approve_act'] = ! in_array( sanitize_key( $data['_um_auto_approve_act'] ), [ 'redirect_profile', 'redirect_url' ] ) ? 'redirect_profile' : sanitize_key( $data['_um_auto_approve_act'] );
}
if ( array_key_exists( '_um_auto_approve_url', $data ) ) {
$data['_um_auto_approve_url'] = esc_url_raw( $data['_um_auto_approve_url'] );
}
if ( array_key_exists( '_um_login_email_activate', $data ) ) {
$data['_um_login_email_activate'] = (bool) $data['_um_login_email_activate'];
}
if ( array_key_exists( '_um_checkmail_action', $data ) ) {
$data['_um_checkmail_action'] = ! in_array( sanitize_key( $data['_um_checkmail_action'] ), [ 'show_message', 'redirect_url' ] ) ? 'show_message' : sanitize_key( $data['_um_checkmail_action'] );
}
if ( array_key_exists( '_um_checkmail_message', $data ) ) {
$data['_um_checkmail_message'] = sanitize_textarea_field( $data['_um_checkmail_message'] );
}
if ( array_key_exists( '_um_checkmail_url', $data ) ) {
$data['_um_checkmail_url'] = esc_url_raw( $data['_um_checkmail_url'] );
}
if ( array_key_exists( '_um_url_email_activate', $data ) ) {
$data['_um_url_email_activate'] = esc_url_raw( $data['_um_url_email_activate'] );
}
if ( array_key_exists( '_um_pending_action', $data ) ) {
$data['_um_pending_action'] = ! in_array( sanitize_key( $data['_um_pending_action'] ), [ 'show_message', 'redirect_url' ] ) ? 'show_message' : sanitize_key( $data['_um_pending_action'] );
}
if ( array_key_exists( '_um_pending_message', $data ) ) {
$data['_um_pending_message'] = sanitize_textarea_field( $data['_um_pending_message'] );
}
if ( array_key_exists( '_um_pending_url', $data ) ) {
$data['_um_pending_url'] = esc_url_raw( $data['_um_pending_url'] );
}
if ( array_key_exists( '_um_after_login', $data ) ) {
$data['_um_after_login'] = ! in_array( sanitize_key( $data['_um_after_login'] ), [ 'redirect_profile', 'redirect_url', 'refresh', 'redirect_admin' ] ) ? 'redirect_profile' : sanitize_key( $data['_um_after_login'] );
}
if ( array_key_exists( '_um_login_redirect_url', $data ) ) {
$data['_um_login_redirect_url'] = esc_url_raw( $data['_um_login_redirect_url'] );
}
if ( array_key_exists( '_um_after_logout', $data ) ) {
$data['_um_after_logout'] = ! in_array( sanitize_key( $data['_um_after_logout'] ), [ 'redirect_home', 'redirect_url' ] ) ? 'redirect_home' : sanitize_key( $data['_um_after_logout'] );
}
if ( array_key_exists( '_um_logout_redirect_url', $data ) ) {
$data['_um_logout_redirect_url'] = esc_url_raw( $data['_um_logout_redirect_url'] );
}
if ( array_key_exists( '_um_after_delete', $data ) ) {
$data['_um_after_delete'] = ! in_array( sanitize_key( $data['_um_after_delete'] ), [ 'redirect_home', 'redirect_url' ] ) ? 'redirect_home' : sanitize_key( $data['_um_after_delete'] );
}
if ( array_key_exists( '_um_delete_redirect_url', $data ) ) {
$data['_um_delete_redirect_url'] = esc_url_raw( $data['_um_delete_redirect_url'] );
}
if ( array_key_exists( 'wp_capabilities', $data ) && ! empty( $data['wp_capabilities'] ) ) {
$data['wp_capabilities'] = array_map( 'boolval', array_filter( $data['wp_capabilities'] ) );
}
$data = apply_filters( 'um_save_role_meta_sanitize', $data );
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
$data['name'] = trim( esc_html( strip_tags( $data['name'] ) ) );
@@ -237,11 +93,11 @@ if ( ! empty( $_POST['role'] ) ) {
} else {
$auto_increment = UM()->options()->get( 'custom_roles_increment' );
$auto_increment = ! empty( $auto_increment ) ? $auto_increment : 1;
$id = 'custom_role_' . $auto_increment;
$id = 'custom_role_' . $auto_increment;
}
$redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) );
} elseif ( 'edit' == sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
} elseif ( 'edit' === sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
$id = sanitize_key( $_GET['id'] );
$pre_role_meta = get_option( "um_role_{$id}_meta", array() );
@@ -254,16 +110,16 @@ if ( ! empty( $_POST['role'] ) ) {
$all_roles = array_keys( get_editable_roles() );
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
if ( in_array( 'um_' . $id, $all_roles ) || in_array( $id, $all_roles ) ) {
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
if ( in_array( 'um_' . $id, $all_roles, true ) || in_array( $id, $all_roles, true ) ) {
$error .= __( 'Role already exists!', 'ultimate-member' ) . '<br />';
}
}
if ( '' == $error ) {
if ( '' === $error ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
$roles = get_option( 'um_roles', array() );
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
$roles = get_option( 'um_roles', array() );
$roles[] = $id;
update_option( 'um_roles', $roles );
@@ -297,14 +153,30 @@ $screen_id = $current_screen->id; ?>
<div class="wrap">
<h2>
<?php echo ( 'add' == sanitize_key( $_GET['tab'] ) ) ? __( 'Add New Role', 'ultimate-member' ) : __( 'Edit Role', 'ultimate-member' ) ?>
<?php if ( 'edit' == sanitize_key( $_GET['tab'] ) ) { ?>
<a class="add-new-h2" href="<?php echo esc_url( add_query_arg( array( 'page' => 'um_roles', 'tab' => 'add' ), admin_url( 'admin.php' ) ) ) ?>"><?php _e( 'Add New', 'ultimate-member' ) ?></a>
<?php } ?>
<?php
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
esc_html_e( 'Add New Role', 'ultimate-member' );
} elseif ( 'edit' === sanitize_key( $_GET['tab'] ) ) {
esc_html_e( 'Edit Role', 'ultimate-member' );
$add_new_link = add_query_arg(
array(
'page' => 'um_roles',
'tab' => 'add',
),
admin_url( 'admin.php' )
);
?>
<a class="add-new-h2" href="<?php echo esc_url( $add_new_link ); ?>">
<?php esc_html_e( 'Add New', 'ultimate-member' ); ?>
</a>
<?php
}
?>
</h2>
<?php if ( ! empty( $_GET['msg'] ) ) {
switch( sanitize_key( $_GET['msg'] ) ) {
<?php
if ( ! empty( $_GET['msg'] ) ) {
switch ( sanitize_key( $_GET['msg'] ) ) {
case 'a':
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Added</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
break;
@@ -316,13 +188,13 @@ $screen_id = $current_screen->id; ?>
if ( ! empty( $error ) ) { ?>
<div id="message" class="error fade">
<p><?php echo $error ?></p>
<p><?php echo $error; ?></p>
</div>
<?php } ?>
<form id="um_edit_role" action="" method="post">
<input type="hidden" name="role[id]" value="<?php echo isset( $_GET['id'] ) ? esc_attr( sanitize_key( $_GET['id'] ) ) : '' ?>" />
<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
<?php if ( 'add' === sanitize_key( $_GET['tab'] ) ) { ?>
<input type="hidden" name="role[_um_is_custom]" value="1" />
<input type="hidden" name="um_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-add-role' ) ) ?>" />
<?php } else { ?>
@@ -335,7 +207,7 @@ $screen_id = $current_screen->id; ?>
<div id="post-body-content">
<div id="titlediv">
<div id="titlewrap">
<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
<?php if ( 'add' === sanitize_key( $_GET['tab'] ) ) { ?>
<label for="title" class="screen-reader-text"><?php _e( 'Title', 'ultimate-member' ) ?></label>
<input type="text" name="role[name]" placeholder="<?php esc_attr_e( 'Enter Title Here', 'ultimate-member' ) ?>" id="title" value="<?php echo isset( $data['name'] ) ? $data['name'] : '' ?>" />
<?php } else { ?>
@@ -345,11 +217,18 @@ $screen_id = $current_screen->id; ?>
</div>
</div>
<?php
$object = array(
'data' => $data,
'option' => $option,
);
?>
<div id="postbox-container-1" class="postbox-container">
<?php do_meta_boxes( 'um_role_meta', 'side', array( 'data' => $data, 'option' => $option ) ); ?>
<?php do_meta_boxes( 'um_role_meta', 'side', $object ); ?>
</div>
<div id="postbox-container-2" class="postbox-container">
<?php do_meta_boxes( 'um_role_meta', 'normal', array( 'data' => $data, 'option' => $option ) ); ?>
<?php do_meta_boxes( 'um_role_meta', 'normal', $object ); ?>
</div>
</div>
</div>