UserSanitizedStringSetting.php
1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
namespace YahnisElsts\AdminMenuEditor\Customizable\Settings;
use WP_Error;
use YahnisElsts\AdminMenuEditor\Customizable\Storage\StorageInterface;
/**
* Like StringSetting, except it sanitizes the string if the current user
* doesn't have the "unfiltered_html" capability.
*/
class UserSanitizedStringSetting extends StringSetting {
/**
* Leave only HTML tags that are allowed in post content.
*/
const SANITIZE_POST_HTML = 1;
/**
* Strip all HTML tags and normalize entities.
*/
const SANITIZE_STRIP_HTML = 2;
/**
* Convert special characters to HTML entities (should not double-encode entities).
*/
const SANITIZE_ESCAPE_HTML = 3;
/**
* @var int What to do when the current user doesn't have the "unfiltered_html" capability.
*/
protected $sanitizationMode = self::SANITIZE_STRIP_HTML;
public function __construct($id, StorageInterface $store = null, $params = array()) {
parent::__construct($id, $store, $params);
if ( isset($params['sanitizationMode']) ) {
$this->sanitizationMode = $params['sanitizationMode'];
}
}
public function validate($errors, $value, $stopOnFirstError = false) {
$convertedValue = parent::validate($errors, $value);
if ( is_wp_error($convertedValue) || ($convertedValue === null) ) {
return $convertedValue;
}
if ( current_user_can('unfiltered_html') ) {
return $convertedValue;
} else {
switch ($this->sanitizationMode) {
case self::SANITIZE_POST_HTML:
return wp_kses_post($convertedValue);
case self::SANITIZE_STRIP_HTML:
return wp_kses($convertedValue, 'strip');
case self::SANITIZE_ESCAPE_HTML:
return esc_html($convertedValue);
default:
return new WP_Error(
'invalid_filter_mode',
'Invalid filter mode set for this setting'
);
}
}
}
}