Changeset 3044517
- Timestamp:
- 03/03/2024 03:44:52 PM (2 years ago)
- File:
-
- 1 edited
-
smart-app-banner/trunk/wsl-smart-app-banner.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
smart-app-banner/trunk/wsl-smart-app-banner.php
r3040576 r3044517 105 105 } 106 106 107 // We can't use the normal URL validator, since that expects a normal 108 // http/https protocol, with a white list of other accepted options. 109 // The URL is likely for an app's custom URL scheme. Instead, we check 110 // for something that looks like a URL and then add a blacklist of 111 // protocols that we shouldn't allow. 112 function wsl_custom_url_validator($url) { 113 // Use WordPress function to validate the URL structure 114 if (filter_var($url, FILTER_VALIDATE_URL) === false) { 115 return false; // Invalid URL 116 } 117 118 // check against blacklist of disallowed URL schemes 119 $protocol = wp_parse_url($url, PHP_URL_SCHEME); 120 $disallowed_protocols = array("javascript"); 121 if (in_array($protocol, $disallowed_protocols)) { 122 return false; 123 } 124 125 return true; // Valid URL 126 } 127 128 // Validate a new/updated app 129 function wsl_validate_input($app_id, $app_id_ipad, $affiliate_date, $app_argument) { 130 $error_message = null; 131 if (preg_match("/[^0-9]/", $app_id) == 1 ) { 132 $error_message = __("Invalid App ID"); 133 } 134 elseif (preg_match("/[^0-9]/", $app_id_ipad) == 1 ) { 135 $error_message = __("Invalid iPad App ID"); 136 } 137 elseif (isset($app_argument) and $app_argument != "" and !wsl_custom_url_validator($app_argument)) { 138 $error_message = __("Invalid URL for app argument"); 139 } 140 return $error_message; 141 } 142 143 // Admin screen 107 144 function wsl_smart_app_banner_options() { 108 145 //must check that the user has the required capability … … 142 179 143 180 if (!isset($_POST['wsl-update']) || !wp_verify_nonce($_POST['wsl-update'],'wsl-update')) { 144 die("<br><br>Invalid update");181 wp_die( __("<br><br>Invalid update")); 145 182 } 146 183 147 184 if (isset($_POST['add'])) { 148 185 // add new app 149 $app_name = $_POST[$new_app_name_field];186 $app_name = sanitize_text_field($_POST[$new_app_name_field]); 150 187 $app_id = $_POST[$new_app_id_field]; 151 188 $app_id_ipad = $_POST[$new_app_id_ipad_field]; 152 $app_affiliate_data = $_POST[$new_app_affiliate_field];189 $app_affiliate_data = sanitize_text_field ($_POST[$new_app_affiliate_field]); 153 190 $app_argument_data = $_POST[$new_app_argument_field]; 191 192 $error_message = wsl_validate_input($app_id, $app_id_ipad, $app_affiliate_data, $app_argument_data); 154 193 155 if (isset($app_id) and $app_id != "") { 194 if (isset($error_message)) { 195 ?> 196 <div class="error"><p><strong><?php _e( $error_message, 'smart-app-banner' ); ?></strong></p></div> 197 <?php 198 } 199 elseif (isset($app_id) and $app_id != "") { 156 200 $app_list[$app_id] = array ( 157 201 'app_name' => $app_name, … … 162 206 update_option ($app_list_field_name, $app_list); 163 207 164 // Put a nsettings updated message on the screen165 ?>166 <div class="updated"><p><strong><?php _e( 'app added.', 'smart-app-banner' ); ?></strong></p></div>167 <?php208 // Put a settings updated message on the screen 209 ?> 210 <div class="updated"><p><strong><?php _e( 'app added.', 'smart-app-banner' ); ?></strong></p></div> 211 <?php 168 212 } 169 213 170 214 } 171 215 elseif (isset($_POST['changeHome'])) { 172 173 216 // Read their posted value 174 217 $appid_val = $_POST[ $appid_field_name ]; 175 218 $appid_ipad_val = $_POST[ $appid_ipad_field_name ]; 176 $affiliate_val = $_POST[ $affiliate_field_name ];219 $affiliate_val = sanitize_text_field ($_POST[ $affiliate_field_name ]); 177 220 $argument_val = $_POST[ $argument_field_name ]; 178 221 $_POST[ $global_banner_field_name ] = isset( $_POST[ $global_banner_field_name ] ) ? $_POST[ $global_banner_field_name ] : ''; 179 222 $global_banner_val = $_POST[ $global_banner_field_name ]; 180 223 181 // Save the posted value in the database 182 update_option( $appid_field_name, $appid_val ); 183 update_option( $appid_ipad_field_name, $appid_ipad_val ); 184 update_option( $affiliate_field_name, $affiliate_val ); 185 update_option( $argument_field_name, $argument_val ); 186 if( $_POST[ $global_banner_field_name ] == "Yes") { 187 update_option( $global_banner_field_name, "Yes"); 224 $error_message = wsl_validate_input($appid_val, $appid_ipad_val, $affiliate_val, $argument_val); 225 226 if (isset($error_message)) { 227 ?> 228 <div class="error"><p><strong><?php _e( $error_message, 'smart-app-banner' ); ?></strong></p></div> 229 <?php 188 230 } 189 231 else { 190 update_option( $global_banner_field_name, "No"); 232 // Save the posted value in the database 233 update_option( $appid_field_name, $appid_val ); 234 update_option( $appid_ipad_field_name, $appid_ipad_val ); 235 update_option( $affiliate_field_name, $affiliate_val ); 236 update_option( $argument_field_name, $argument_val ); 237 if( $_POST[ $global_banner_field_name ] == "Yes") { 238 update_option( $global_banner_field_name, "Yes"); 239 } 240 else { 241 update_option( $global_banner_field_name, "No"); 242 } 243 // Put an settings updated message on the screen 244 ?> 245 <div class="updated"><p><strong><?php _e('settings saved.', 'smart-app-banner' ); ?></strong></p></div> 246 <?php 191 247 } 192 193 // Put an settings updated message on the screen194 195 ?>196 <div class="updated"><p><strong><?php _e('settings saved.', 'smart-app-banner' ); ?></strong></p></div>197 <?php198 248 } 199 249 else { // delete
Note: See TracChangeset
for help on using the changeset viewer.