pagelab/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Sanitize the WordPress Customizer

WordPress Snippets

  
## sanitize_checkbox.php
/*
* Sanitize Checkbox
*/

// Source: https://github.com/FlagshipWP/flagship-library/blob/develop/customizer/classes/customizer-base.php
	/**
	 * Sanitize a checkbox to only allow 0 or 1
	 *
	 * @since  1.2.0
	 * @access public
	 * @param  $input
	 * @return int
	 */
	public function sanitize_checkbox( $input ) {
		return ( 1 === absint( $input ) ) ? 1 : 0;
	}

	//Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

	/**
 * Checkbox Sanitization Callback
 *
 * Sanitization callback for 'checkbox' type controls.
 * This callback sanitizes $input as a Boolean value, either
 * TRUE or FALSE.
 */
function theme_slug_sanitize_checkbox( $input ) {

	// Boolean check
	return ( ( isset( $input ) && true == $input ) ? true : false );
}


## sanitize_css.php
// Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php
// Reference: https://make.wordpress.org/themes/2015/02/10/custom-css-boxes-in-themes/
// Reference: http://mikejolley.com/2013/08/keeping-your-shit-secure-whilst-developing-for-wordpress/

function theme_slug_sanitize_css( $input ) {
	return wp_filter_nohtml_kses( $input );
}


/**
 * Sanitization: css
 * Control: text, textarea
 *
 * Sanitization callback for 'css' type textarea inputs. This
 * callback sanitizes $input for valid CSS.
 *
 * NOTE: wp_strip_all_tags() can be passed directly as
 * $wp_customize->add_setting() 'sanitize_callback'. It
 * is wrapped in a callback here merely for example
 * purposes.
 *
 * @uses	wp_strip_all_tags()	https://developer.wordpress.org/reference/functions/wp_strip_all_tags/
 */
function theme_slug_sanitize_css( $input ) {
	return wp_strip_all_tags( $input );
}

## sanitize_html.php
/**
 * Sanitization: html
 * Control: textarea
 *
 * Sanitization callback for 'html' type text inputs. This
 * callback sanitizes $input for HTML allowable in posts.
 *
 * https://codex.wordpress.org/Function_Reference/wp_kses
 * https://gist.github.com/adamsilverstein/10783774
 * https://github.com/devinsays/options-framework-plugin/blob/master/options-check/functions.php#L69
 * http://ottopress.com/2010/wp-quickie-kses/
 *
 * @uses	wp_filter_post_kses()	https://developer.wordpress.org/reference/functions/wp_filter_post_kses/
 * @uses	wp_kses()	https://developer.wordpress.org/reference/functions/wp_kses/
 */

function theme_slug_sanitize_html( $input ) {
	global $allowedposttags;

	return wp_kses( $input, $allowedposttags );
/*
	$allowed = array(
			    'a' => array(
			        'href' => array(),
			        'title' => array(),
			        'target' => array(),
			        'class' => array()
			    ),
			    'br' => array(),
			    'em' => array(),
			    'strong' => array(),
			    'p' => array(
			        'class' => array()
			    )
			);
*/
	//return wp_kses( $input, $allowed );

	//return wp_post_kses( $input );
	//return wp_filter_post_kses( $input );
}

## sanitize_image.php
//https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php
//https://shellcreeper.com/how-to-sanitize-image-upload/
//https://github.com/turtlepod/fx-favicon/blob/master/includes/settings.php#L52


/**
 * Sanitization: image
 * Control: text, WP_Customize_Image_Control
 *
 * Sanitization callback for images.
 *
 * @uses	theme_slug_validate_image()
 * @uses	esc_url_raw()				http://codex.wordpress.org/Function_Reference/esc_url_raw
 */
function theme_slug_sanitize_image( $input, $setting ) {
	return esc_url_raw( theme_slug_validate_image( $input, $setting->default ) );
}

/**
 * Validation: image
 * Control: text, WP_Customize_Image_Control
 *
 * @uses	wp_check_filetype()		https://developer.wordpress.org/reference/functions/wp_check_filetype/
 * @uses	in_array()				http://php.net/manual/en/function.in-array.php
 */

function theme_slug_validate_image( $input, $default = '' ) {
	// Array of valid image file types
	// The array includes image mime types
	// that are included in wp_get_mime_types()
	$mimes = array(
		'jpg|jpeg|jpe' => 'image/jpeg',
		'gif'          => 'image/gif',
		'png'          => 'image/png',
		'bmp'          => 'image/bmp',
		'tif|tiff'     => 'image/tiff',
		'ico'          => 'image/x-icon'
	);
	// Return an array with file extension
	// and mime_type
	$file = wp_check_filetype( $input, $mimes );
	// If $input has a valid mime_type,
	// return it; otherwise, return
	// the default.
	return ( $file['ext'] ? $input : $default );
}

## sanitize_range_slider.php
// Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

/**
 * Sanitization: number_range
 * Control: number, tel
 *
 * Sanitization callback for 'number' or 'tel' type text inputs. This
 * callback sanitizes $input as an absolute integer within a defined
 * min-max range.
 *
 * @uses	absint()	https://developer.wordpress.org/reference/functions/absint/
 * @link	is_int()	http://php.net/manual/en/function.is-int.php
 */
function theme_slug_sanitize_number_range( $input ) {

	// Ensure input is an absolute integer
	$input = absint( $input );

	// Get the input attributes
	// associated with the setting
	$atts = $setting->manager->get_control( $setting->id )->input_attrs;

	// Get min
	$min = ( isset( $atts['min'] ) ? $atts['min'] : $input );

	// Get max
	$max = ( isset( $atts['max'] ) ? $atts['max'] : $input );

	// Get Step
	$step = ( isset( $atts['step'] ) ? $atts['step'] : 1 );

	// If the input is within the valid range,
	// return it; otherwise, return the default
	return ( $min <= $input && $input <= $max && is_int( $input / $step ) ? $input : $setting->default );
}

## sanitize_select_radio.php
// Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

/**
 * Sanitization: select
 * Control: select, radio
 *
 * Sanitization callback for 'select' and 'radio' type controls.
 * This callback sanitizes $input as a slug, and then validates
 * $input against the choices defined for the control.
 *
 * @uses	sanitize_key()			https://developer.wordpress.org/reference/functions/sanitize_key/
 * @uses	$wp_customize->get_control()	https://developer.wordpress.org/reference/classes/wp_customize_manager/get_control/
 */
function theme_slug_sanitize_select( $input, $setting ) {

	// Ensure input is a slug
	$input = sanitize_key( $input );

	// Get list of choices from the control
	// associated with the setting
	$choices = $setting->manager->get_control( $setting->id )->choices;

	// If the input is a valid key, return it;
	// otherwise, return the default
	return ( array_key_exists( $input, $choices ) ? $input : $setting->default );
}

## sanitize_text.php
esc_attr
esc_textarea

// Source: https://github.com/FlagshipWP/flagship-library/blob/develop/customizer/classes/customizer-base.php

/**
 * Sanitize a string to allow only tags in the allowedtags array.
 *
 * @since  1.2.0
 * @param  string $string The unsanitized string.
 * @return string The sanitized string.
 */
public function sanitize_text( $string ) {
	global $allowedtags;
	return wp_kses( $string , $allowedtags );
}
	/*
	* Sanitize Checkbox
	*/

	// Source: https://github.com/FlagshipWP/flagship-library/blob/develop/customizer/classes/customizer-base.php
	/**
	* Sanitize a checkbox to only allow 0 or 1
	*
	* @since 1.2.0
	* @access public
	* @param $input
	* @return int
	*/
	public function sanitize_checkbox( $input ) {
	return ( 1 === absint( $input ) ) ? 1 : 0;
	}

	//Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

	/**
	* Checkbox Sanitization Callback
	*
	* Sanitization callback for 'checkbox' type controls.
	* This callback sanitizes $input as a Boolean value, either
	* TRUE or FALSE.
	*/
	function theme_slug_sanitize_checkbox( $input ) {

	// Boolean check
	return ( ( isset( $input ) && true == $input ) ? true : false );
	}
	// Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php
	// Reference: https://make.wordpress.org/themes/2015/02/10/custom-css-boxes-in-themes/
	// Reference: http://mikejolley.com/2013/08/keeping-your-shit-secure-whilst-developing-for-wordpress/

	function theme_slug_sanitize_css( $input ) {
	return wp_filter_nohtml_kses( $input );
	}


	/**
	* Sanitization: css
	* Control: text, textarea
	*
	* Sanitization callback for 'css' type textarea inputs. This
	* callback sanitizes $input for valid CSS.
	*
	* NOTE: wp_strip_all_tags() can be passed directly as
	* $wp_customize->add_setting() 'sanitize_callback'. It
	* is wrapped in a callback here merely for example
	* purposes.
	*
	* @uses wp_strip_all_tags() https://developer.wordpress.org/reference/functions/wp_strip_all_tags/
	*/
	function theme_slug_sanitize_css( $input ) {
	return wp_strip_all_tags( $input );
	}
	/**
	* Sanitization: html
	* Control: textarea
	*
	* Sanitization callback for 'html' type text inputs. This
	* callback sanitizes $input for HTML allowable in posts.
	*
	* https://codex.wordpress.org/Function_Reference/wp_kses
	* https://gist.github.com/adamsilverstein/10783774
	* https://github.com/devinsays/options-framework-plugin/blob/master/options-check/functions.php#L69
	* http://ottopress.com/2010/wp-quickie-kses/
	*
	* @uses wp_filter_post_kses() https://developer.wordpress.org/reference/functions/wp_filter_post_kses/
	* @uses wp_kses() https://developer.wordpress.org/reference/functions/wp_kses/
	*/

	function theme_slug_sanitize_html( $input ) {
	global $allowedposttags;

	return wp_kses( $input, $allowedposttags );
	/*
	$allowed = array(
	'a' => array(
	'href' => array(),
	'title' => array(),
	'target' => array(),
	'class' => array()
	),
	'br' => array(),
	'em' => array(),
	'strong' => array(),
	'p' => array(
	'class' => array()
	)
	);
	*/
	//return wp_kses( $input, $allowed );

	//return wp_post_kses( $input );
	//return wp_filter_post_kses( $input );
	}
	//https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php
	//https://shellcreeper.com/how-to-sanitize-image-upload/
	//https://github.com/turtlepod/fx-favicon/blob/master/includes/settings.php#L52


	/**
	* Sanitization: image
	* Control: text, WP_Customize_Image_Control
	*
	* Sanitization callback for images.
	*
	* @uses theme_slug_validate_image()
	* @uses esc_url_raw() http://codex.wordpress.org/Function_Reference/esc_url_raw
	*/
	function theme_slug_sanitize_image( $input, $setting ) {
	return esc_url_raw( theme_slug_validate_image( $input, $setting->default ) );
	}

	/**
	* Validation: image
	* Control: text, WP_Customize_Image_Control
	*
	* @uses wp_check_filetype() https://developer.wordpress.org/reference/functions/wp_check_filetype/
	* @uses in_array() http://php.net/manual/en/function.in-array.php
	*/

	function theme_slug_validate_image( $input, $default = '' ) {
	// Array of valid image file types
	// The array includes image mime types
	// that are included in wp_get_mime_types()
	$mimes = array(
	'jpg\|jpeg\|jpe' => 'image/jpeg',
	'gif' => 'image/gif',
	'png' => 'image/png',
	'bmp' => 'image/bmp',
	'tif\|tiff' => 'image/tiff',
	'ico' => 'image/x-icon'
	);
	// Return an array with file extension
	// and mime_type
	$file = wp_check_filetype( $input, $mimes );
	// If $input has a valid mime_type,
	// return it; otherwise, return
	// the default.
	return ( $file['ext'] ? $input : $default );
	}
	// Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

	/**
	* Sanitization: number_range
	* Control: number, tel
	*
	* Sanitization callback for 'number' or 'tel' type text inputs. This
	* callback sanitizes $input as an absolute integer within a defined
	* min-max range.
	*
	* @uses absint() https://developer.wordpress.org/reference/functions/absint/
	* @link is_int() http://php.net/manual/en/function.is-int.php
	*/
	function theme_slug_sanitize_number_range( $input ) {

	// Ensure input is an absolute integer
	$input = absint( $input );

	// Get the input attributes
	// associated with the setting
	$atts = $setting->manager->get_control( $setting->id )->input_attrs;

	// Get min
	$min = ( isset( $atts['min'] ) ? $atts['min'] : $input );

	// Get max
	$max = ( isset( $atts['max'] ) ? $atts['max'] : $input );

	// Get Step
	$step = ( isset( $atts['step'] ) ? $atts['step'] : 1 );

	// If the input is within the valid range,
	// return it; otherwise, return the default
	return ( $min <= $input && $input <= $max && is_int( $input / $step ) ? $input : $setting->default );
	}
	// Source: https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

	/**
	* Sanitization: select
	* Control: select, radio
	*
	* Sanitization callback for 'select' and 'radio' type controls.
	* This callback sanitizes $input as a slug, and then validates
	* $input against the choices defined for the control.
	*
	* @uses sanitize_key() https://developer.wordpress.org/reference/functions/sanitize_key/
	* @uses $wp_customize->get_control() https://developer.wordpress.org/reference/classes/wp_customize_manager/get_control/
	*/
	function theme_slug_sanitize_select( $input, $setting ) {

	// Ensure input is a slug
	$input = sanitize_key( $input );

	// Get list of choices from the control
	// associated with the setting
	$choices = $setting->manager->get_control( $setting->id )->choices;

	// If the input is a valid key, return it;
	// otherwise, return the default
	return ( array_key_exists( $input, $choices ) ? $input : $setting->default );
	}
	esc_attr
	esc_textarea

	// Source: https://github.com/FlagshipWP/flagship-library/blob/develop/customizer/classes/customizer-base.php

	/**
	* Sanitize a string to allow only tags in the allowedtags array.
	*
	* @since 1.2.0
	* @param string $string The unsanitized string.
	* @return string The sanitized string.
	*/
	public function sanitize_text( $string ) {
	global $allowedtags;
	return wp_kses( $string , $allowedtags );
	}