Changeset 3405128
- Timestamp:
- 11/28/2025 11:59:21 AM (3 months ago)
- Location:
- review-for-discount
- Files:
-
- 4 edited
-
tags/1.0.6/admin/class-xswcrd-review-discounts-admin.php (modified) (3 diffs)
-
tags/1.0.6/admin/class-xswcrd-review-discounts-settings.php (modified) (1 diff)
-
trunk/admin/class-xswcrd-review-discounts-admin.php (modified) (3 diffs)
-
trunk/admin/class-xswcrd-review-discounts-settings.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
review-for-discount/tags/1.0.6/admin/class-xswcrd-review-discounts-admin.php
r3404686 r3405128 210 210 */ 211 211 public function xswcrd_sanitize_setting( $input ) { 212 // If input is not an array, return it as-is (let WordPress handle it). 212 213 if ( ! is_array( $input ) ) { 213 return array();214 return $input; 214 215 } 215 216 … … 218 219 foreach ( $input as $key => $value ) { 219 220 220 // Checkbox (on/off). 221 if ( is_bool( $value ) || 'on' === $value || 'off' === $value ) { 222 $clean[ $key ] = ! empty( $value ) ? 'on' : 'off'; 223 continue; 224 } 225 226 // Array (multi-select, checkboxes). 221 // 1. Handle arrays (multi-select dropdowns like email_notices). 227 222 if ( is_array( $value ) ) { 228 223 $clean[ $key ] = array_map( 'sanitize_text_field', $value ); … … 230 225 } 231 226 232 // Email fields. 233 if ( strpos( $key, 'email' ) !== false ) { 227 // 2. Handle checkboxes (enable, delete_auto_coupons, etc.). 228 // Checkboxes send 'on' when checked, nothing when unchecked. 229 if ( 'enable' === $key || 'delete_auto_coupons' === $key || strpos( $key, 'enable_' ) === 0 ) { 230 $clean[ $key ] = 'on' === $value ? 'on' : 'off'; 231 continue; 232 } 233 234 // 3. Handle color fields (email_header_color, stars_color, etc.). 235 if ( strpos( $key, '_color' ) !== false || strpos( $key, 'color_' ) !== false ) { 236 $clean[ $key ] = sanitize_hex_color( $value ); 237 continue; 238 } 239 240 // 4. Handle numeric fields (max_files, email_delay). 241 if ( in_array( $key, array( 'max_files', 'email_delay' ), true ) ) { 242 $clean[ $key ] = absint( $value ); 243 continue; 244 } 245 246 // 5. Handle email content fields (textarea - preserve line breaks). 247 // These are: single_email_content, multi_email_content, target_email_content, buy_email_content, photo_email_content. 248 if ( strpos( $key, '_content' ) !== false && strpos( $key, 'email' ) !== false ) { 249 $clean[ $key ] = wp_kses_post( $value ); 250 continue; 251 } 252 253 // 6. Handle test email address fields (single_email_test, multi_email_test, etc.). 254 if ( strpos( $key, '_test' ) !== false && strpos( $key, 'email' ) !== false ) { 234 255 $clean[ $key ] = sanitize_email( $value ); 235 256 continue; 236 257 } 237 258 238 // Color fields.239 if ( strpos( $key, 'color' ) !== false) {240 $clean[ $key ] = sanitize_ hex_color( $value );259 // 7. Handle SendGrid from email field. 260 if ( 'email' === $key ) { 261 $clean[ $key ] = sanitize_email( $value ); 241 262 continue; 242 263 } 243 264 244 // HTML allowed fields (email contents). 245 if ( strpos( $key, 'content' ) !== false ) { 246 $clean[ $key ] = wp_kses_post( $value ); 247 continue; 248 } 249 250 // Default text sanitization. 265 // 8. Handle email subject fields and other text fields. 266 // This includes: single_email_subject, multi_email_subject, etc. 251 267 $clean[ $key ] = sanitize_text_field( $value ); 252 268 } -
review-for-discount/tags/1.0.6/admin/class-xswcrd-review-discounts-settings.php
r3404686 r3405128 140 140 141 141 // Save General Settings (xswcrd_settings). 142 // Note: Sanitization is handled by the registered callback in class-xswcrd-review-discounts-admin.php 142 143 if ( isset( $_POST['xswcrd_settings'] ) ) { 143 $settings = array(); 144 //phpcs:ignore 145 foreach ( $_POST['xswcrd_settings'] as $key => $value ) { 146 if ( is_array( $value ) ) { 147 $settings[ sanitize_key( $key ) ] = array_map( 'sanitize_text_field', $value ); 148 } else { 149 $settings[ sanitize_key( $key ) ] = sanitize_text_field( $value ); 150 } 151 } 152 update_option( 'xswcrd_settings', $settings ); 144 //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 145 update_option( 'xswcrd_settings', wp_unslash( $_POST['xswcrd_settings'] ) ); 153 146 } 154 147 155 148 // Save SendGrid Settings (xswcrd_sendgrid). 149 // Note: Sanitization is handled by the registered callback in class-xswcrd-review-discounts-admin.php 156 150 if ( isset( $_POST['xswcrd_sendgrid'] ) ) { 157 $sendgrid_settings = array(); 158 //phpcs:ignore 159 foreach ( $_POST['xswcrd_sendgrid'] as $key => $value ) { 160 if ( 'email' === $key ) { 161 $sendgrid_settings[ sanitize_key( $key ) ] = sanitize_email( $value ); 162 } else { 163 $sendgrid_settings[ sanitize_key( $key ) ] = sanitize_text_field( $value ); 164 } 165 } 166 update_option( 'xswcrd_sendgrid', $sendgrid_settings ); 151 //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 152 update_option( 'xswcrd_sendgrid', wp_unslash( $_POST['xswcrd_sendgrid'] ) ); 167 153 } 168 154 169 155 // Save Photo Review Settings (xswcrd_photo_settings). 156 // Note: Sanitization is handled by the registered callback in class-xswcrd-review-discounts-admin.php 170 157 if ( isset( $_POST['xswcrd_photo_settings'] ) ) { 171 $photo_settings = array(); 172 //phpcs:ignore 173 foreach ( $_POST['xswcrd_photo_settings'] as $key => $value ) { 174 if ( in_array( $key, array( 'max_files', 'email_delay' ), true ) ) { 175 $photo_settings[ sanitize_key( $key ) ] = absint( $value ); 176 } else { 177 $photo_settings[ sanitize_key( $key ) ] = sanitize_text_field( $value ); 178 } 179 } 180 update_option( 'xswcrd_photo_settings', $photo_settings ); 158 //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 159 update_option( 'xswcrd_photo_settings', wp_unslash( $_POST['xswcrd_photo_settings'] ) ); 181 160 } 182 161 } -
review-for-discount/trunk/admin/class-xswcrd-review-discounts-admin.php
r3404686 r3405128 210 210 */ 211 211 public function xswcrd_sanitize_setting( $input ) { 212 // If input is not an array, return it as-is (let WordPress handle it). 212 213 if ( ! is_array( $input ) ) { 213 return array();214 return $input; 214 215 } 215 216 … … 218 219 foreach ( $input as $key => $value ) { 219 220 220 // Checkbox (on/off). 221 if ( is_bool( $value ) || 'on' === $value || 'off' === $value ) { 222 $clean[ $key ] = ! empty( $value ) ? 'on' : 'off'; 223 continue; 224 } 225 226 // Array (multi-select, checkboxes). 221 // 1. Handle arrays (multi-select dropdowns like email_notices). 227 222 if ( is_array( $value ) ) { 228 223 $clean[ $key ] = array_map( 'sanitize_text_field', $value ); … … 230 225 } 231 226 232 // Email fields. 233 if ( strpos( $key, 'email' ) !== false ) { 227 // 2. Handle checkboxes (enable, delete_auto_coupons, etc.). 228 // Checkboxes send 'on' when checked, nothing when unchecked. 229 if ( 'enable' === $key || 'delete_auto_coupons' === $key || strpos( $key, 'enable_' ) === 0 ) { 230 $clean[ $key ] = 'on' === $value ? 'on' : 'off'; 231 continue; 232 } 233 234 // 3. Handle color fields (email_header_color, stars_color, etc.). 235 if ( strpos( $key, '_color' ) !== false || strpos( $key, 'color_' ) !== false ) { 236 $clean[ $key ] = sanitize_hex_color( $value ); 237 continue; 238 } 239 240 // 4. Handle numeric fields (max_files, email_delay). 241 if ( in_array( $key, array( 'max_files', 'email_delay' ), true ) ) { 242 $clean[ $key ] = absint( $value ); 243 continue; 244 } 245 246 // 5. Handle email content fields (textarea - preserve line breaks). 247 // These are: single_email_content, multi_email_content, target_email_content, buy_email_content, photo_email_content. 248 if ( strpos( $key, '_content' ) !== false && strpos( $key, 'email' ) !== false ) { 249 $clean[ $key ] = wp_kses_post( $value ); 250 continue; 251 } 252 253 // 6. Handle test email address fields (single_email_test, multi_email_test, etc.). 254 if ( strpos( $key, '_test' ) !== false && strpos( $key, 'email' ) !== false ) { 234 255 $clean[ $key ] = sanitize_email( $value ); 235 256 continue; 236 257 } 237 258 238 // Color fields.239 if ( strpos( $key, 'color' ) !== false) {240 $clean[ $key ] = sanitize_ hex_color( $value );259 // 7. Handle SendGrid from email field. 260 if ( 'email' === $key ) { 261 $clean[ $key ] = sanitize_email( $value ); 241 262 continue; 242 263 } 243 264 244 // HTML allowed fields (email contents). 245 if ( strpos( $key, 'content' ) !== false ) { 246 $clean[ $key ] = wp_kses_post( $value ); 247 continue; 248 } 249 250 // Default text sanitization. 265 // 8. Handle email subject fields and other text fields. 266 // This includes: single_email_subject, multi_email_subject, etc. 251 267 $clean[ $key ] = sanitize_text_field( $value ); 252 268 } -
review-for-discount/trunk/admin/class-xswcrd-review-discounts-settings.php
r3404686 r3405128 140 140 141 141 // Save General Settings (xswcrd_settings). 142 // Note: Sanitization is handled by the registered callback in class-xswcrd-review-discounts-admin.php 142 143 if ( isset( $_POST['xswcrd_settings'] ) ) { 143 $settings = array(); 144 //phpcs:ignore 145 foreach ( $_POST['xswcrd_settings'] as $key => $value ) { 146 if ( is_array( $value ) ) { 147 $settings[ sanitize_key( $key ) ] = array_map( 'sanitize_text_field', $value ); 148 } else { 149 $settings[ sanitize_key( $key ) ] = sanitize_text_field( $value ); 150 } 151 } 152 update_option( 'xswcrd_settings', $settings ); 144 //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 145 update_option( 'xswcrd_settings', wp_unslash( $_POST['xswcrd_settings'] ) ); 153 146 } 154 147 155 148 // Save SendGrid Settings (xswcrd_sendgrid). 149 // Note: Sanitization is handled by the registered callback in class-xswcrd-review-discounts-admin.php 156 150 if ( isset( $_POST['xswcrd_sendgrid'] ) ) { 157 $sendgrid_settings = array(); 158 //phpcs:ignore 159 foreach ( $_POST['xswcrd_sendgrid'] as $key => $value ) { 160 if ( 'email' === $key ) { 161 $sendgrid_settings[ sanitize_key( $key ) ] = sanitize_email( $value ); 162 } else { 163 $sendgrid_settings[ sanitize_key( $key ) ] = sanitize_text_field( $value ); 164 } 165 } 166 update_option( 'xswcrd_sendgrid', $sendgrid_settings ); 151 //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 152 update_option( 'xswcrd_sendgrid', wp_unslash( $_POST['xswcrd_sendgrid'] ) ); 167 153 } 168 154 169 155 // Save Photo Review Settings (xswcrd_photo_settings). 156 // Note: Sanitization is handled by the registered callback in class-xswcrd-review-discounts-admin.php 170 157 if ( isset( $_POST['xswcrd_photo_settings'] ) ) { 171 $photo_settings = array(); 172 //phpcs:ignore 173 foreach ( $_POST['xswcrd_photo_settings'] as $key => $value ) { 174 if ( in_array( $key, array( 'max_files', 'email_delay' ), true ) ) { 175 $photo_settings[ sanitize_key( $key ) ] = absint( $value ); 176 } else { 177 $photo_settings[ sanitize_key( $key ) ] = sanitize_text_field( $value ); 178 } 179 } 180 update_option( 'xswcrd_photo_settings', $photo_settings ); 158 //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 159 update_option( 'xswcrd_photo_settings', wp_unslash( $_POST['xswcrd_photo_settings'] ) ); 181 160 } 182 161 }
Note: See TracChangeset
for help on using the changeset viewer.