Completed
Branch BUG-10458-sql-injection-via-sh... (c8fb1e)
by
unknown
129:18 queued 116:23
created

EES_Shortcode::sanitize_attributes()   C

Complexity

Conditions 11
Paths 17

Size

Total Lines 37
Code Lines 27

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 11
eloc 27
nc 17
nop 2
dl 0
loc 37
rs 5.2653
c 0
b 0
f 0

How to fix   Complexity   

Long Method

Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.

For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.

Commonly applied refactorings include:

1
<?php if ( ! defined('EVENT_ESPRESSO_VERSION')) exit('No direct script access allowed');
2
/**
3
 * Event Espresso
4
 *
5
 * Event Registration and Management Plugin for WordPress
6
 *
7
 * @ package			Event Espresso
8
 * @ author				Event Espresso
9
 * @ copyright		(c) 2008-2011 Event Espresso  All Rights Reserved.
10
 * @ license			http://eventespresso.com/support/terms-conditions/   * see Plugin Licensing *
11
 * @ link					http://www.eventespresso.com
12
 * @ version		 	4.0
13
 *
14
 * ------------------------------------------------------------------------
15
 *
16
 * EES_Shortcode
17
 *
18
 * @package			Event Espresso
19
 * @subpackage	/shortcodes/
20
 * @author				Brent Christensen
21
 *
22
 * ------------------------------------------------------------------------
23
 */
24
abstract class EES_Shortcode extends EE_Base {
25
26
	/**
27
	 * @protected 	public
28
	 * @var 	array $_attributes
29
	 */
30
	protected $_attributes = array();
31
32
	/**
33
	 * run - initial shortcode module setup called during "parse_request" hook by
34
	 * \EE_Front_Controller::_initialize_shortcodes() IF this shortcode is going to execute during this request !
35
	 * It may also get called by \EES_Shortcode::fallback_shortcode_processor() if the shortcode is being implemented
36
	 * by a theme or plugin in a non-standard way.
37
	 * Basically this method is primarily used for loading resources and assets like CSS or JS
38
	 * that will be required by the shortcode when it is actually processed.
39
	 * Please note that assets may not load if the fallback_shortcode_processor() is being used.
40
	 *
41
	 * @access    public
42
	 * @param WP $WP
43
	 * @return    void
44
	 */
45
	public abstract function run( WP $WP );
46
47
48
49
	/**
50
	 * 	process_shortcode
51
	 * 	this method is the callback function for the actual shortcode, and is what runs when WP encounters the shortcode within the_content
52
	 *
53
	 *  @access 	public
54
	 *  @param		array 	$attributes
55
	 *  @return 	mixed
56
	 */
57
	public abstract function process_shortcode( $attributes = array() );
58
59
60
61
	/**
62
	 *    instance - returns instance of child class object
63
	 *
64
	 * @access 	public
65
	 * @param 	string $shortcode_class
66
	 * @return 	\EES_Shortcode
67
	 */
68
	final public static function instance( $shortcode_class = null ) {
69
		$shortcode_class = ! empty( $shortcode_class ) ? $shortcode_class : get_called_class();
70
		if ( $shortcode_class === 'EES_Shortcode' || empty( $shortcode_class )) {
71
			return null;
72
		}
73
		$shortcode = str_replace( 'EES_', '', strtoupper( $shortcode_class ));
74
		$shortcode_obj = isset( EE_Registry::instance()->shortcodes->{$shortcode} )
75
            ? EE_Registry::instance()->shortcodes->{$shortcode}
76
            : null;
77
		return $shortcode_obj instanceof $shortcode_class || $shortcode_class === 'self'
78
            ? $shortcode_obj
79
            : new $shortcode_class();
80
	}
81
82
83
84
85
	/**
86
	 *    fallback_shortcode_processor - create instance and call process_shortcode
87
	 *    NOTE: shortcode may not function perfectly dues to missing assets, but it's better than not having things work at all
88
	 *
89
	 * @access 	public
90
	 * @param 	$attributes
91
	 * @return 	mixed
92
	 */
93
	final public static function fallback_shortcode_processor( $attributes ) {
94
		if ( EE_Maintenance_Mode::disable_frontend_for_maintenance() ) {
95
			return null;
96
		}
97
		// what shortcode was actually parsed ?
98
		$shortcode_class = get_called_class();
99
		// notify rest of system that fallback processor was triggered
100
		add_filter( 'FHEE__fallback_shortcode_processor__' . $shortcode_class, '__return_true' );
101
		// get instance of actual shortcode
102
		$shortcode_obj = self::instance( $shortcode_class );
103
		// verify class
104
		if ( $shortcode_obj instanceof EES_Shortcode ) {
105
			global $wp;
106
			$shortcode_obj->run( $wp );
107
			// set attributes and run the shortcode
108
			$shortcode_obj->_attributes = (array)$attributes;
109
			return $shortcode_obj->process_shortcode( $shortcode_obj->_attributes );
110
		} else {
111
			return null;
112
		}
113
	}
114
115
116
117
118
	/**
119
	 *    invalid_shortcode_processor -  used in cases where we know the shortcode is invalid, most likely due to a deactivated addon, and simply returns an empty string
120
	 *
121
	 * @access 	public
122
	 * @param 	$attributes
123
	 * @return 	string
124
	 */
125
	final public static function invalid_shortcode_processor( $attributes ) {
0 ignored issues
show
Unused Code introduced by
The parameter $attributes is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
126
		return '';
127
	}
128
129
130
131
	/**
132
	 * class constructor - should ONLY be instantiated by EE_Front_Controller
133
	 */
134
	final public function __construct() {
135
		// get classname, remove EES_prefix, and convert to UPPERCASE
136
		$shortcode = strtoupper( str_replace( 'EES_', '', get_class( $this )));
137
		// assign shortcode to the preferred callback, which overwrites the "fallback shortcode processor" assigned earlier
138
		add_shortcode( $shortcode, array( $this, 'process_shortcode' ));
139
		// make sure system knows this is an EE page
140
		EE_Registry::instance()->REQ->set_espresso_page( TRUE );
141
	}
142
143
144
145
    /**
146
     * @param array $attributes
147
     * @param array $custom_sanitization
148
     * @return array
149
     */
150
    public static function sanitize_attributes(array $attributes, $custom_sanitization = array())
151
    {
152
        foreach ($attributes as $key => $value) {
153
            // is a custom sanitization callback specified ?
154
            if ( isset($custom_sanitization[$key])) {
155
                $callback = $custom_sanitization[$key];
156
                if ($callback === 'skip_sanitization') {
157
                    $attributes[$key] = $value;
158
                    continue;
159
                } else if (function_exists($callback)){
160
                    $attributes[$key] = $callback($value);
161
                    continue;
162
                }
163
            }
164
            switch (true) {
165
                case $value === null :
166
                case is_int($value) :
167
                case is_float($value) :
168
                    // typical booleans
169
                case in_array($value, array(true, 'true', '1', 'on', 'yes', false, 'false', '0', 'off', 'no'), true) :
170
                    $attributes[$key] = $value;
171
                    break;
172
                case is_string($value) :
173
                    $attributes[$key] = sanitize_text_field($value);
174
                    break;
175
                case is_array($value) :
176
                    $attributes[$key] = \EES_Shortcode::sanitize_attributes($value);
177
                    break;
178
                default :
179
                    // only remaining data types are Object and Resource
180
                    // which are not allowed as shortcode attributes
181
                    $attributes[$key] = null;
182
                    break;
183
            }
184
        }
185
        return $attributes;
186
	}
187
188
189
}
190
// End of file EES_Shortcode.shortcode.php
191
// Location: /shortcodes/EES_Shortcode.shortcode.php