WordPress Snippets
-
-
Save smjuber/fb40abfeecfb68e682158b0326de7831 to your computer and use it in GitHub Desktop.
Sanitization of WordPress Customizer controls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Sanitize Checkbox | |
| */ | |
| // Source: https://github.com/FlagshipWP/flagship-library/blob/develop/customizer/classes/customizer-base.php | |
| /** | |
| * Sanitize a checkbox to only allow 0 or 1 | |
| * | |
| * @since 1.2.0 | |
| * @access public | |
| * @param $input | |
| * @return int | |
| */ | |
| public function sanitize_checkbox( $input ) { | |
| return ( 1 === absint( $input ) ) ? 1 : 0; | |
| } | |
| //Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php | |
| /** | |
| * Checkbox Sanitization Callback | |
| * | |
| * Sanitization callback for 'checkbox' type controls. | |
| * This callback sanitizes $input as a Boolean value, either | |
| * TRUE or FALSE. | |
| */ | |
| function theme_slug_sanitize_checkbox( $input ) { | |
| // Boolean check | |
| return ( ( isset( $input ) && true == $input ) ? true : false ); | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php | |
| // Reference: https://make.wordpress.org/themes/2015/02/10/custom-css-boxes-in-themes/ | |
| // Reference: http://mikejolley.com/2013/08/keeping-your-shit-secure-whilst-developing-for-wordpress/ | |
| function theme_slug_sanitize_css( $input ) { | |
| return wp_filter_nohtml_kses( $input ); | |
| } | |
| /** | |
| * Sanitization: css | |
| * Control: text, textarea | |
| * | |
| * Sanitization callback for 'css' type textarea inputs. This | |
| * callback sanitizes $input for valid CSS. | |
| * | |
| * NOTE: wp_strip_all_tags() can be passed directly as | |
| * $wp_customize->add_setting() 'sanitize_callback'. It | |
| * is wrapped in a callback here merely for example | |
| * purposes. | |
| * | |
| * @uses wp_strip_all_tags() https://developer.wordpress.org/reference/functions/wp_strip_all_tags/ | |
| */ | |
| function theme_slug_sanitize_css( $input ) { | |
| return wp_strip_all_tags( $input ); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * Sanitization: html | |
| * Control: textarea | |
| * | |
| * Sanitization callback for 'html' type text inputs. This | |
| * callback sanitizes $input for HTML allowable in posts. | |
| * | |
| * https://codex.wordpress.org/Function_Reference/wp_kses | |
| * https://gist.github.com/adamsilverstein/10783774 | |
| * https://github.com/devinsays/options-framework-plugin/blob/master/options-check/functions.php#L69 | |
| * http://ottopress.com/2010/wp-quickie-kses/ | |
| * | |
| * @uses wp_filter_post_kses() https://developer.wordpress.org/reference/functions/wp_filter_post_kses/ | |
| * @uses wp_kses() https://developer.wordpress.org/reference/functions/wp_kses/ | |
| */ | |
| function theme_slug_sanitize_html( $input ) { | |
| global $allowedposttags; | |
| return wp_kses( $input, $allowedposttags ); | |
| /* | |
| $allowed = array( | |
| 'a' => array( | |
| 'href' => array(), | |
| 'title' => array(), | |
| 'target' => array(), | |
| 'class' => array() | |
| ), | |
| 'br' => array(), | |
| 'em' => array(), | |
| 'strong' => array(), | |
| 'p' => array( | |
| 'class' => array() | |
| ) | |
| ); | |
| */ | |
| //return wp_kses( $input, $allowed ); | |
| //return wp_post_kses( $input ); | |
| //return wp_filter_post_kses( $input ); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php | |
| //https://shellcreeper.com/how-to-sanitize-image-upload/ | |
| //https://github.com/turtlepod/fx-favicon/blob/master/includes/settings.php#L52 | |
| /** | |
| * Sanitization: image | |
| * Control: text, WP_Customize_Image_Control | |
| * | |
| * Sanitization callback for images. | |
| * | |
| * @uses theme_slug_validate_image() | |
| * @uses esc_url_raw() http://codex.wordpress.org/Function_Reference/esc_url_raw | |
| */ | |
| function theme_slug_sanitize_image( $input, $setting ) { | |
| return esc_url_raw( theme_slug_validate_image( $input, $setting->default ) ); | |
| } | |
| /** | |
| * Validation: image | |
| * Control: text, WP_Customize_Image_Control | |
| * | |
| * @uses wp_check_filetype() https://developer.wordpress.org/reference/functions/wp_check_filetype/ | |
| * @uses in_array() http://php.net/manual/en/function.in-array.php | |
| */ | |
| function theme_slug_validate_image( $input, $default = '' ) { | |
| // Array of valid image file types | |
| // The array includes image mime types | |
| // that are included in wp_get_mime_types() | |
| $mimes = array( | |
| 'jpg|jpeg|jpe' => 'image/jpeg', | |
| 'gif' => 'image/gif', | |
| 'png' => 'image/png', | |
| 'bmp' => 'image/bmp', | |
| 'tif|tiff' => 'image/tiff', | |
| 'ico' => 'image/x-icon' | |
| ); | |
| // Return an array with file extension | |
| // and mime_type | |
| $file = wp_check_filetype( $input, $mimes ); | |
| // If $input has a valid mime_type, | |
| // return it; otherwise, return | |
| // the default. | |
| return ( $file['ext'] ? $input : $default ); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php | |
| /** | |
| * Sanitization: number_range | |
| * Control: number, tel | |
| * | |
| * Sanitization callback for 'number' or 'tel' type text inputs. This | |
| * callback sanitizes $input as an absolute integer within a defined | |
| * min-max range. | |
| * | |
| * @uses absint() https://developer.wordpress.org/reference/functions/absint/ | |
| * @link is_int() http://php.net/manual/en/function.is-int.php | |
| */ | |
| function theme_slug_sanitize_number_range( $input ) { | |
| // Ensure input is an absolute integer | |
| $input = absint( $input ); | |
| // Get the input attributes | |
| // associated with the setting | |
| $atts = $setting->manager->get_control( $setting->id )->input_attrs; | |
| // Get min | |
| $min = ( isset( $atts['min'] ) ? $atts['min'] : $input ); | |
| // Get max | |
| $max = ( isset( $atts['max'] ) ? $atts['max'] : $input ); | |
| // Get Step | |
| $step = ( isset( $atts['step'] ) ? $atts['step'] : 1 ); | |
| // If the input is within the valid range, | |
| // return it; otherwise, return the default | |
| return ( $min <= $input && $input <= $max && is_int( $input / $step ) ? $input : $setting->default ); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php | |
| /** | |
| * Sanitization: select | |
| * Control: select, radio | |
| * | |
| * Sanitization callback for 'select' and 'radio' type controls. | |
| * This callback sanitizes $input as a slug, and then validates | |
| * $input against the choices defined for the control. | |
| * | |
| * @uses sanitize_key() https://developer.wordpress.org/reference/functions/sanitize_key/ | |
| * @uses $wp_customize->get_control() https://developer.wordpress.org/reference/classes/wp_customize_manager/get_control/ | |
| */ | |
| function theme_slug_sanitize_select( $input, $setting ) { | |
| // Ensure input is a slug | |
| $input = sanitize_key( $input ); | |
| // Get list of choices from the control | |
| // associated with the setting | |
| $choices = $setting->manager->get_control( $setting->id )->choices; | |
| // If the input is a valid key, return it; | |
| // otherwise, return the default | |
| return ( array_key_exists( $input, $choices ) ? $input : $setting->default ); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| esc_attr | |
| esc_textarea | |
| // Source: https://github.com/FlagshipWP/flagship-library/blob/develop/customizer/classes/customizer-base.php | |
| /** | |
| * Sanitize a string to allow only tags in the allowedtags array. | |
| * | |
| * @since 1.2.0 | |
| * @param string $string The unsanitized string. | |
| * @return string The sanitized string. | |
| */ | |
| public function sanitize_text( $string ) { | |
| global $allowedtags; | |
| return wp_kses( $string , $allowedtags ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment