Changeset 2457799

Timestamp:

01/17/2021 11:39:13 AM (5 years ago)

Author:

anadnet

Message:

Sanitizing

File:

• quick-pagepost-redirect-plugin/trunk/page_post_redirect_plugin.php (modified) (9 diffs)

quick-pagepost-redirect-plugin/trunk/page_post_redirect_plugin.php

@@ -104 +104 @@
         add_action( 'admin_init', array( $this, 'ppr_init_check_version' ), 1 );                                // checks version of plugin in DB and updates if needed.
         add_action( 'admin_init', array( $this, 'qppr_meta_plugin_has_addon' ) );
-        add_action( 'init', array( $this, 'ppr_parse_request_new' ) );                                          // parse query vars
+            add_action( 'init', array( $this, 'ppr_parse_request_new' ) );                                          // parse query vars
         add_action( 'save_post', array( $this,'ppr_save_metadata' ), 11, 2 );                                   // save the custom fields
         add_action( 'admin_menu', array( $this,'ppr_add_menu_and_metaboxes' ) );                                // add the menu items & Metaboxes needed
@@ -177 +177 @@
         // make sure the function is present
         if ( ! function_exists('is_plugin_active'))
-            require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
+                require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
 
         // WP Super Cache
@@ -753 +753 @@
         echo '
         <div class="wrap">
-            <h2>' . __( 'Quick Page/Post Redirect FAQs/Help', 'quick-pagepost-redirect-plugin' ) . '</h2>
+            <h2>' . __( 'Quick Page/Post Redirect FAQs/Help', 'quick-pagepost-redirect-plugin' ) . '</h2>
             <div align="left"><p>' . __( 'The FAQS are now on a feed that can be updated on the fly. If you have a question and don\'t see an answer, please send an email to <a href="mailto:[email protected]">[email protected]</a> and ask your question. If it is relevant to the plugin, it will be added to the FAQs feed so it will show up here. Please be sure to include the plugin you are asking a question about (Quick Page/Post Redirect Plugin) and any other information like your WordPress version and examples if the plugin is not working correctly for you. THANKS!', 'quick-pagepost-redirect-plugin' ) . '</p>
             <hr noshade color="#C0C0C0" size="1" />
@@ -761 +761 @@
         $linkcontent    = array();
         if (!is_wp_error( $rss ) ) :
-            $maxitems   = $rss->get_item_quantity( 100 );
-            $rss_items  = $rss->get_items( 0, $maxitems );
+                $maxitems   = $rss->get_item_quantity( 100 );
+                $rss_items  = $rss->get_items( 0, $maxitems );
         endif;
             $aqr = 0;
-            if ($maxitems != 0){
-                foreach ( $rss_items as $item ) :
-                    $aqr++;
-                    $linkfaq[]      = '<li class="faq-top-item"><a href="#faq-'.$aqr.'">'.esc_html( $item->get_title() ).'</a></li>';
-                    $linkcontent[]  = '<li class="faq-item"><a name="faq-'.$aqr.'"></a><h3 class="qa"><span class="qa">Q. </span>'.esc_html( $item->get_title() ).'</h3><div class="qa-content"><span class="qa answer">A. </span>'.$item->get_content().'</div><div class="toplink"><a href="#faq-top">top &uarr;</a></li>';
-                endforeach;
+                if ($maxitems != 0){
+                    foreach ( $rss_items as $item ) :
+                        $aqr++;
+                        $linkfaq[]      = '<li class="faq-top-item"><a href="#faq-'.$aqr.'">'.esc_html( $item->get_title() ).'</a></li>';
+                        $linkcontent[]  = '<li class="faq-item"><a name="faq-'.$aqr.'"></a><h3 class="qa"><span class="qa">Q. </span>'.esc_html( $item->get_title() ).'</h3><div class="qa-content"><span class="qa answer">A. </span>'.$item->get_content().'</div><div class="toplink"><a href="#faq-top">top &uarr;</a></li>';
+                    endforeach;
             }
         echo '<a name="faq-top"></a><h2>'.__('Table of Contents','quick-pagepost-redirect-plugin').'</h2>';
@@ -929 +929 @@
             }
          ?>
-            </tbody>
+            </tbody>
         </table>
     </div>
@@ -1210 +1210 @@
             ';
             $screen->add_help_tab( array(
-               'id' => 'qppr_sample_redirects',
-               'title' => __( 'Examples', 'quick-pagepost-redirect-plugin' ),
-               'content' => $content ,
+                 'id' => 'qppr_sample_redirects',
+                 'title' => __( 'Examples', 'quick-pagepost-redirect-plugin' ),
+                 'content' => $content ,
             ) );
             $screen->add_help_tab( array(
-               'id' => 'qppr_add_redirects',
-               'title' => __( 'Troubleshooting', 'quick-pagepost-redirect-plugin' ),
-               'content' => '
-               <div style="padding:10px 0;">
+                 'id' => 'qppr_add_redirects',
+                 'title' => __( 'Troubleshooting', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '
+                 <div style="padding:10px 0;">
                 <b style="color:red;">' . __( 'IMPORTANT TROUBLESHOOTING NOTES:', 'quick-pagepost-redirect-plugin' ) . '</b>
                 <ol style="margin-top:5px;">
@@ -1238 +1238 @@
         }elseif( $screen_id == 'quick-redirects_page_redirect-import-export' ){
             $screen->add_help_tab( array(
-               'id' => 'qppr_export_redirects',
-               'title' => __( 'Export Redirects', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>' . __( 'You can export redirects in two formats - Encoded or Delimited.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
+                 'id' => 'qppr_export_redirects',
+                 'title' => __( 'Export Redirects', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>' . __( 'You can export redirects in two formats - Encoded or Delimited.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
             ) );
             $screen->add_help_tab( array(
-               'id' => 'qppr_import_redirects',
-               'title' => __( 'Import Redirects', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>Help content coming soon.</p></div>' ,
+                 'id' => 'qppr_import_redirects',
+                 'title' => __( 'Import Redirects', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>Help content coming soon.</p></div>' ,
             ) );
         }elseif( $screen_id == 'quick-redirects_page_meta_addon' ){
             $screen->add_help_tab( array(
-               'id' => 'qppr-load-page-content',
-               'title' => __( 'Load Content?', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>' . __( 'Use the <strong>Load Content?</strong> option to allow the page content to load as normal or to only load a blank page or the content provided in the <strong>Page Content</strong> section. ', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'If checked, all of the original content will load, so keep this in mind when setting the <strong>Redirect Seconds</strong> - if set too low, the page will not compeletely load. ', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
+                 'id' => 'qppr-load-page-content',
+                 'title' => __( 'Load Content?', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>' . __( 'Use the <strong>Load Content?</strong> option to allow the page content to load as normal or to only load a blank page or the content provided in the <strong>Page Content</strong> section. ', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'If checked, all of the original content will load, so keep this in mind when setting the <strong>Redirect Seconds</strong> - if set too low, the page will not compeletely load. ', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
             ) );
             $screen->add_help_tab( array(
-               'id' => 'qppr-redirect-seconds',
-               'title' => __( 'Redirect Seconds', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>' . __( 'Enter the nuber of seconds to wait before the redirect happens. Enter 0 to have an instant redirect*.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( '*Keep in mind that the redirect seconds will start counting only AFTER the <strong>Redirect Trigger</strong> element is loaded - so 0 may be slightly longer than instant, depending on how much content needs to load before the trigger happens.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
+                 'id' => 'qppr-redirect-seconds',
+                 'title' => __( 'Redirect Seconds', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>' . __( 'Enter the nuber of seconds to wait before the redirect happens. Enter 0 to have an instant redirect*.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( '*Keep in mind that the redirect seconds will start counting only AFTER the <strong>Redirect Trigger</strong> element is loaded - so 0 may be slightly longer than instant, depending on how much content needs to load before the trigger happens.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
             ) );
             $screen->add_help_tab( array(
-               'id' => 'qppr-redirect-trigger',
-               'title' => __( 'Redirect Trigger', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>' . __( 'The class or id or tag name of the element to load before the redirect starts counting down. If nothing is used, it will default to the body tag as a trigger.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'If you use a class, the class name should have the "." in the name, i.e., <strong>.my-class-name</strong>', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'If you use an id, the id should have the "#" in the name, i.e., <strong>#my-id-name</strong>.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'If you use a tag name, the name should NOT have the "&lt;" or "&gt;" characters in the name, i.e., &lt;body&gt; would just be <strong>body</strong>.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'Do not use a tag name that is common, like "a" or "div" as it will trigger on all events.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
+                 'id' => 'qppr-redirect-trigger',
+                 'title' => __( 'Redirect Trigger', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>' . __( 'The class or id or tag name of the element to load before the redirect starts counting down. If nothing is used, it will default to the body tag as a trigger.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'If you use a class, the class name should have the "." in the name, i.e., <strong>.my-class-name</strong>', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'If you use an id, the id should have the "#" in the name, i.e., <strong>#my-id-name</strong>.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'If you use a tag name, the name should NOT have the "&lt;" or "&gt;" characters in the name, i.e., &lt;body&gt; would just be <strong>body</strong>.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'Do not use a tag name that is common, like "a" or "div" as it will trigger on all events.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
             ) );
             $screen->add_help_tab( array(
-               'id' => 'qppr-redirect-append',
-               'title' => __( 'Append Content To', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>' . __( 'The class, id or tag name that you want the content in the <strong>Page Content</strong> to be loading into.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'If you are loading the content of the page, use an existing class or id for an existing element (i.e., .page-content) so your additional page content (if any) is loaded into that element.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'When no class, id or tag name is used, the <strong>body</strong> tag will be used.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
+                 'id' => 'qppr-redirect-append',
+                 'title' => __( 'Append Content To', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>' . __( 'The class, id or tag name that you want the content in the <strong>Page Content</strong> to be loading into.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'If you are loading the content of the page, use an existing class or id for an existing element (i.e., .page-content) so your additional page content (if any) is loaded into that element.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'When no class, id or tag name is used, the <strong>body</strong> tag will be used.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
             ) );
             $screen->add_help_tab( array(
-               'id' => 'qppr-redirect-content',
-               'title' => __( 'Page Content', 'quick-pagepost-redirect-plugin' ),
-               'content' => '<div style="padding:10px 0;"><p>' . __( 'This is your page content you want to add. If you have a "tracking pixel" script or image tag you want to use, add it here.', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'A good example of use, is adding a tracking script (or Facebook Conversion Pixel) to the <strong>Page Content box</strong> and unchecking the <strong>Load Content?</strong> box. Then set the <strong>Redirect Seconds</strong> to 1 or 2 so the script has a chance to load and set <strong>Append Content</strong> To to "body" and <strong>Redirect Trigger</strong> to "body".', 'quick-pagepost-redirect-plugin' ) . '</p>
-               <p>' . __( 'Additionally, you can add the redirect counter to the page by adding the code sample under the <strong>Page Content</strong> box.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
+                 'id' => 'qppr-redirect-content',
+                 'title' => __( 'Page Content', 'quick-pagepost-redirect-plugin' ),
+                 'content' => '<div style="padding:10px 0;"><p>' . __( 'This is your page content you want to add. If you have a "tracking pixel" script or image tag you want to use, add it here.', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'A good example of use, is adding a tracking script (or Facebook Conversion Pixel) to the <strong>Page Content box</strong> and unchecking the <strong>Load Content?</strong> box. Then set the <strong>Redirect Seconds</strong> to 1 or 2 so the script has a chance to load and set <strong>Append Content</strong> To to "body" and <strong>Redirect Trigger</strong> to "body".', 'quick-pagepost-redirect-plugin' ) . '</p>
+                 <p>' . __( 'Additionally, you can add the redirect counter to the page by adding the code sample under the <strong>Page Content</strong> box.', 'quick-pagepost-redirect-plugin' ) . '</p></div>' ,
             ) );
         }
@@ -2252 +2252 @@
         $hook_name  = 'ppr_meta_head_hook';
         // check URL override
-        if($this->pproverride_URL !=''){
+            if($this->pproverride_URL !=''){
             $urlsite = $this->pproverride_URL;
         } else {
             $urlsite = $this->ppr_metaurl;
         }
-        $this->pproverride_URL = ''; //reset
-        if($this->pprmeta_seconds==''){
+            $this->pproverride_URL = ''; //reset
+            if($this->pprmeta_seconds==''){
             $this->pprmeta_seconds='0';
         }
@@ -2629 +2629 @@
     return sanitize_title_with_dashes( 'browser-'.$name );
 }
+
+function qppr_sanitize_option_redirects( $value ) {
+    $new_value = [];
+
+    foreach ( $value as $url_from => $url_to ) {
+        $new_value[esc_url($url_from)] = esc_url($url_to);
+    }
+
+    return $new_value;
+}
+add_filter( 'sanitize_option_quickppr_redirects', 'qppr_sanitize_option_redirects', 10, 1 );
+
+function qppr_sanitize_option_redirects_meta( $value ) {
+    $new_value = [];
+
+    foreach ( $value as $url => $meta ) {
+        $new_value[$url] = array(
+            'newwindow' => absint( $meta['newwindow'] ),
+            'nofollow' => absint( $meta['newwindow'] ),
+        );
+    }
+
+    return $new_value;
+}
+add_filter( 'sanitize_option_quickppr_redirects_meta', 'qppr_sanitize_option_redirects_meta', 10, 1 );
+
+function qppr_sanitize_pprredirect_active_meta( $meta_value ) {
+    return absint( $meta_value );
+}
+add_filter( 'sanitize_post_meta__pprredirect_active', 'qppr_sanitize_pprredirect_active_meta', 10, 1 );
+
+function qppr_sanitize_pprredirect_newwindow_meta( $meta_value ) {
+    return sanitize_text_field( $meta_value );
+}
+add_filter( 'sanitize_post_meta__pprredirect_newwindow', 'qppr_sanitize_pprredirect_newwindow_meta', 10, 1 );
+
+function qppr_sanitize_pprredirect_relnofollow_meta( $meta_value ) {
+    return absint( $meta_value );
+}
+add_filter( 'sanitize_post_meta__pprredirect_relnofollow', 'qppr_sanitize_pprredirect_relnofollow_meta', 10, 1 );
+
+function qppr_sanitize_pprredirect_rewritelink_meta( $meta_value ) {
+    return absint( $meta_value );
+}
+add_filter( 'sanitize_post_meta__pprredirect_rewritelink', 'qppr_sanitize_pprredirect_rewritelink_meta', 10, 1 );
+
+function qppr_sanitize_pprredirect_type_meta( $meta_value ) {
+    if ( $meta_value != 'meta' ) {
+        return absint( $meta_value );
+    }
+
+    return sanitize_text_field( $meta_value );
+}
+add_filter( 'sanitize_post_meta__pprredirect_type', 'qppr_sanitize_pprredirect_type_meta', 10, 1 );