@@ -11,60 +11,60 @@ |
||
11 | 11 | */ |
12 | 12 | class ServerSanitizer |
13 | 13 | { |
14 | - /** |
|
15 | - * @param string $key |
|
16 | - * @param string $value |
|
17 | - * @return mixed|string |
|
18 | - */ |
|
19 | - public function clean($key, $value) |
|
20 | - { |
|
21 | - switch ($key) { |
|
22 | - case 'AUTH_TYPE': |
|
23 | - $valid_types = [ |
|
24 | - 'Basic', |
|
25 | - 'Bearer', |
|
26 | - 'Digest', |
|
27 | - 'HOBA', |
|
28 | - 'Mutual', |
|
29 | - 'Negotiate', |
|
30 | - 'OAuth', |
|
31 | - 'SCRAM-SHA-1', |
|
32 | - 'SCRAM-SHA-256', |
|
33 | - 'vapid', |
|
34 | - ]; |
|
35 | - return in_array($value, $valid_types, true) ? $value : 'Basic'; |
|
36 | - case 'argc': |
|
37 | - case 'HTTP_DNT': |
|
38 | - case 'HTTP_UPGRADE_INSECURE_REQUESTS': |
|
39 | - case 'SERVER_PORT': |
|
40 | - case 'REMOTE_PORT': |
|
41 | - case 'REQUEST_TIME': |
|
42 | - return (int) filter_var($value, FILTER_SANITIZE_NUMBER_INT); |
|
43 | - case 'REQUEST_TIME_FLOAT': |
|
44 | - return (float) filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); |
|
45 | - case 'REQUEST_METHOD': |
|
46 | - $valid_types = [ |
|
47 | - 'CONNECT', |
|
48 | - 'DELETE', |
|
49 | - 'GET', |
|
50 | - 'HEAD', |
|
51 | - 'OPTIONS', |
|
52 | - 'PATCH', |
|
53 | - 'POST', |
|
54 | - 'PUT', |
|
55 | - 'TRACE', |
|
56 | - ]; |
|
57 | - return in_array($value, $valid_types, true) ? $value : 'GET'; |
|
58 | - case 'HTTP_HOST': |
|
59 | - case 'QUERY_STRING': |
|
60 | - case 'REQUEST_URI': |
|
61 | - case 'SCRIPT_NAME': |
|
62 | - case 'SERVER_NAME': |
|
63 | - return filter_var($value, FILTER_SANITIZE_URL); |
|
64 | - case 'SERVER_ADMIN': |
|
65 | - return filter_var($value, FILTER_SANITIZE_EMAIL); |
|
66 | - default: |
|
67 | - return filter_var($value, FILTER_SANITIZE_STRING); |
|
68 | - } |
|
69 | - } |
|
14 | + /** |
|
15 | + * @param string $key |
|
16 | + * @param string $value |
|
17 | + * @return mixed|string |
|
18 | + */ |
|
19 | + public function clean($key, $value) |
|
20 | + { |
|
21 | + switch ($key) { |
|
22 | + case 'AUTH_TYPE': |
|
23 | + $valid_types = [ |
|
24 | + 'Basic', |
|
25 | + 'Bearer', |
|
26 | + 'Digest', |
|
27 | + 'HOBA', |
|
28 | + 'Mutual', |
|
29 | + 'Negotiate', |
|
30 | + 'OAuth', |
|
31 | + 'SCRAM-SHA-1', |
|
32 | + 'SCRAM-SHA-256', |
|
33 | + 'vapid', |
|
34 | + ]; |
|
35 | + return in_array($value, $valid_types, true) ? $value : 'Basic'; |
|
36 | + case 'argc': |
|
37 | + case 'HTTP_DNT': |
|
38 | + case 'HTTP_UPGRADE_INSECURE_REQUESTS': |
|
39 | + case 'SERVER_PORT': |
|
40 | + case 'REMOTE_PORT': |
|
41 | + case 'REQUEST_TIME': |
|
42 | + return (int) filter_var($value, FILTER_SANITIZE_NUMBER_INT); |
|
43 | + case 'REQUEST_TIME_FLOAT': |
|
44 | + return (float) filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION); |
|
45 | + case 'REQUEST_METHOD': |
|
46 | + $valid_types = [ |
|
47 | + 'CONNECT', |
|
48 | + 'DELETE', |
|
49 | + 'GET', |
|
50 | + 'HEAD', |
|
51 | + 'OPTIONS', |
|
52 | + 'PATCH', |
|
53 | + 'POST', |
|
54 | + 'PUT', |
|
55 | + 'TRACE', |
|
56 | + ]; |
|
57 | + return in_array($value, $valid_types, true) ? $value : 'GET'; |
|
58 | + case 'HTTP_HOST': |
|
59 | + case 'QUERY_STRING': |
|
60 | + case 'REQUEST_URI': |
|
61 | + case 'SCRIPT_NAME': |
|
62 | + case 'SERVER_NAME': |
|
63 | + return filter_var($value, FILTER_SANITIZE_URL); |
|
64 | + case 'SERVER_ADMIN': |
|
65 | + return filter_var($value, FILTER_SANITIZE_EMAIL); |
|
66 | + default: |
|
67 | + return filter_var($value, FILTER_SANITIZE_STRING); |
|
68 | + } |
|
69 | + } |
|
70 | 70 | } |
@@ -11,25 +11,25 @@ |
||
11 | 11 | */ |
12 | 12 | class MultipleAttributes |
13 | 13 | { |
14 | - /** |
|
15 | - * @param string $attributes |
|
16 | - * @param array $allowed_tags |
|
17 | - * @param string $tag |
|
18 | - * @return mixed|string |
|
19 | - */ |
|
20 | - public static function clean(string $attributes, array $allowed_tags, string $tag = 'div') |
|
21 | - { |
|
22 | - if (trim($attributes) === '') { |
|
23 | - return ''; |
|
24 | - } |
|
25 | - $html = '<' . $tag . ' ' . $attributes . '>'; |
|
26 | - $escaped = wp_kses($html, $allowed_tags); |
|
27 | - $start = strpos($escaped, ' '); |
|
28 | - $end = strpos($escaped, '>'); |
|
29 | - if ($start === false || $end === false) { |
|
30 | - return ''; |
|
31 | - } |
|
32 | - $length = $end - $start; |
|
33 | - return trim(substr($escaped, $start, $length)); |
|
34 | - } |
|
14 | + /** |
|
15 | + * @param string $attributes |
|
16 | + * @param array $allowed_tags |
|
17 | + * @param string $tag |
|
18 | + * @return mixed|string |
|
19 | + */ |
|
20 | + public static function clean(string $attributes, array $allowed_tags, string $tag = 'div') |
|
21 | + { |
|
22 | + if (trim($attributes) === '') { |
|
23 | + return ''; |
|
24 | + } |
|
25 | + $html = '<' . $tag . ' ' . $attributes . '>'; |
|
26 | + $escaped = wp_kses($html, $allowed_tags); |
|
27 | + $start = strpos($escaped, ' '); |
|
28 | + $end = strpos($escaped, '>'); |
|
29 | + if ($start === false || $end === false) { |
|
30 | + return ''; |
|
31 | + } |
|
32 | + $length = $end - $start; |
|
33 | + return trim(substr($escaped, $start, $length)); |
|
34 | + } |
|
35 | 35 | } |
@@ -22,7 +22,7 @@ |
||
22 | 22 | if (trim($attributes) === '') { |
23 | 23 | return ''; |
24 | 24 | } |
25 | - $html = '<' . $tag . ' ' . $attributes . '>'; |
|
25 | + $html = '<'.$tag.' '.$attributes.'>'; |
|
26 | 26 | $escaped = wp_kses($html, $allowed_tags); |
27 | 27 | $start = strpos($escaped, ' '); |
28 | 28 | $end = strpos($escaped, '>'); |
@@ -27,11 +27,11 @@ discard block |
||
27 | 27 | class="clickable ee-collapsible <?php echo sanitize_html_class($ee_collapsible_status); ?>"> |
28 | 28 | <span class="dashicons dashicons-clock ee-icon-size-20"></span> |
29 | 29 | <?php |
30 | - esc_html_e( |
|
31 | - 'Event Datetimes', |
|
32 | - 'event_espresso' |
|
33 | - ); |
|
34 | - ?> |
|
30 | + esc_html_e( |
|
31 | + 'Event Datetimes', |
|
32 | + 'event_espresso' |
|
33 | + ); |
|
34 | + ?> |
|
35 | 35 | </span> |
36 | 36 | </h3> |
37 | 37 | <?php echo wp_kses($event_datetime_help_link, AllowedTags::getAllowedTags()); ?> |
@@ -68,10 +68,10 @@ discard block |
||
68 | 68 | </div> <!-- end .event-datetimes-container --> |
69 | 69 | <div id="add-event-datetime" class="event-datetime-row add-dtt-row" style="display:none;"> |
70 | 70 | <h4 class="datetime-tickets-heading"><?php |
71 | - esc_html_e( |
|
72 | - 'Add New Datetime', |
|
73 | - 'event_espresso' |
|
74 | - ); ?></h4><?php echo wp_kses($add_new_dtt_help_link, AllowedTags::getAllowedTags()); ?> |
|
71 | + esc_html_e( |
|
72 | + 'Add New Datetime', |
|
73 | + 'event_espresso' |
|
74 | + ); ?></h4><?php echo wp_kses($add_new_dtt_help_link, AllowedTags::getAllowedTags()); ?> |
|
75 | 75 | <div> |
76 | 76 | <table id="add-new-event-datetime-table" class="datetime-edit-table"> |
77 | 77 | <tr> |
@@ -85,10 +85,10 @@ discard block |
||
85 | 85 | <td class="event-datetime-column date-column"> |
86 | 86 | <label class="add-new-event-datetime-DTT_EVT_start_label" |
87 | 87 | for="add-new-event-datetime-DTT_EVT_start"><?php |
88 | - esc_html_e( |
|
89 | - 'Event Start', |
|
90 | - 'event_espresso' |
|
91 | - ); ?></label> |
|
88 | + esc_html_e( |
|
89 | + 'Event Start', |
|
90 | + 'event_espresso' |
|
91 | + ); ?></label> |
|
92 | 92 | <input type="text" name="add_new_datetime[DTT_EVT_start]" |
93 | 93 | id="add-new-event-datetime-DTT_EVT_start" class="ee-text-inp ee-datepicker" |
94 | 94 | data-context="start-dtt" data-date-field-context="#add-event-datetime" |
@@ -98,10 +98,10 @@ discard block |
||
98 | 98 | <td class="event-datetime-column date-column"> |
99 | 99 | <label class="add-new-event-datetime-DTT_EVT_end_label" |
100 | 100 | for="add-new-event-datetime-DTT_EVT_end"><?php |
101 | - esc_html_e( |
|
102 | - 'Event End', |
|
103 | - 'event_espresso' |
|
104 | - ); ?></label> |
|
101 | + esc_html_e( |
|
102 | + 'Event End', |
|
103 | + 'event_espresso' |
|
104 | + ); ?></label> |
|
105 | 105 | <input type="text" name="add_new_datetime[DTT_EVT_end]" id="add-new-event-datetime-DTT_EVT_end" |
106 | 106 | class="ee-text-inp ee-datepicker" data-context="end-dtt" |
107 | 107 | data-date-field-context="#add-event-datetime" |
@@ -111,10 +111,10 @@ discard block |
||
111 | 111 | <td class="event-datetime-column reg-limit-column"> |
112 | 112 | <label class="add-new-event-datetime-DTT_EVT_end_label" |
113 | 113 | for="add-new-event-datetime-DTT_reg_limit"><?php |
114 | - esc_html_e( |
|
115 | - 'Limit', |
|
116 | - 'event_espresso' |
|
117 | - ); ?></label> |
|
114 | + esc_html_e( |
|
115 | + 'Limit', |
|
116 | + 'event_espresso' |
|
117 | + ); ?></label> |
|
118 | 118 | <input type="text" name="add_new_datetime[DTT_reg_limit]" |
119 | 119 | id="add-new-event-datetime-DTT_reg_limit" class="ee-numeric ee-small-text-inp"> |
120 | 120 | </td> |
@@ -137,16 +137,16 @@ discard block |
||
137 | 137 | <h3 class="event-tickets-datetimes-title"><span data-target=".event-tickets-container" |
138 | 138 | class="clickable ee-collapsible <?php echo sanitize_html_class($ee_collapsible_status); ?>"><span |
139 | 139 | class="ee-icon ee-icon-tickets ee-icon-size-20"></span><?php |
140 | - esc_html_e( |
|
141 | - 'Available Tickets', |
|
142 | - 'event_espresso' |
|
143 | - ); ?></span></h3> |
|
140 | + esc_html_e( |
|
141 | + 'Available Tickets', |
|
142 | + 'event_espresso' |
|
143 | + ); ?></span></h3> |
|
144 | 144 | <div class="event-tickets-container ee-create-ticket-button" <?php echo MultipleAttributes::clean($show_tickets_container, AllowedTags::getAllowedTags()); ?>> |
145 | 145 | <button class="ee-create-ticket-button button-secondary ee-create-button" data-context="ticket"><?php |
146 | - esc_html_e( |
|
147 | - 'Create Ticket', |
|
148 | - 'event_espresso' |
|
149 | - ); ?></button> |
|
146 | + esc_html_e( |
|
147 | + 'Create Ticket', |
|
148 | + 'event_espresso' |
|
149 | + ); ?></button> |
|
150 | 150 | </div> |
151 | 151 | <div style="clear:both"></div> |
152 | 152 | <div class="event-tickets-container" <?php echo MultipleAttributes::clean($show_tickets_container, AllowedTags::getAllowedTags()); ?>> |