diff --git a/classes/class-sailthru-scout.php b/classes/class-sailthru-scout.php index c93c7ed..e1a067d 100644 --- a/classes/class-sailthru-scout.php +++ b/classes/class-sailthru-scout.php @@ -62,9 +62,9 @@ public function register_scout_scripts() { // Check first, otherwise js could throw errors. if ( "1" === get_option( 'sailthru_setup_complete' ) ) { - + $post_id = $this->create_scout_page(); - + // If conceirge is on, we want noPageView to be set to true $conceirge = get_option( 'sailthru_concierge_options' ); /** This filter is documented in class-sailthru-horizon.php */ @@ -239,8 +239,8 @@ function widget($args, $instance) { public function update( $new_instance, $old_instance ) { $instance = array(); - $instance['title'] = filter_var( $new_instance['title'], FILTER_SANITIZE_STRING ); - $instance['sailthru_spm_section'] = filter_var( $new_instance['sailthru_spm_section'], FILTER_SANITIZE_STRING ); + $instance['title'] = filter_var( $new_instance['title'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); + $instance['sailthru_spm_section'] = filter_var( $new_instance['sailthru_spm_section'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); return $instance; diff --git a/js/ajax.php b/js/ajax.php index 4fea875..f478e05 100644 --- a/js/ajax.php +++ b/js/ajax.php @@ -43,18 +43,21 @@ $email = filter_var( $email, FILTER_VALIDATE_EMAIL ); } - if ( isset( $_POST['first_name'] ) && !empty( $_POST['first_name'] ) ){ - $first_name = filter_var( trim( sanitize_text_field( $_POST['first_name'] ) ), FILTER_SANITIZE_STRING ); + if ( ! empty( $_POST['first_name'] ) ) { + $first_name = filter_var( $_POST['first_name'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $first_name = ''; } - if ( isset( $_POST['last_name'] ) && !empty( $_POST['last_name'] ) ){ - $last_name = filter_var( trim( sanitize_text_field( $_POST['last_name'] ) ), FILTER_SANITIZE_STRING ) ; + if ( ! empty( $_POST['last_name'] ) ) { + $last_name = filter_var( $_POST['last_name'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $last_name = ''; } + $first_name = trim( $first_name ); + $last_name = trim( $last_name ); + if ( $first_name || $last_name ) { $options = [ 'vars' => [ diff --git a/views/admin.functions.setup.options.php b/views/admin.functions.setup.options.php index 161dc47..52d9b9f 100644 --- a/views/admin.functions.setup.options.php +++ b/views/admin.functions.setup.options.php @@ -3,9 +3,9 @@ function validate_api_setup() { $validate = true; - + if ( isset( $_GET['verify'] ) || isset ( $_POST['sailthru_skip_validation']) ) { - + if ( isset ( $_GET['verify'] ) ) { $v = sanitize_text_field( $_GET['verify'] ) === 'false' ? false : true; } @@ -13,7 +13,7 @@ function validate_api_setup() { if ( isset ( $_POST['sailthru_skip_validation']) ) { $v = sanitize_text_field( $_POST['sailthru_skip_validation'] ) === '1' ? false : true; } - + if (false === $v) { add_filter('sailthru_api_verification', '__return_true'); $validate = false === apply_filters( 'sailthru_api_verification', true ); @@ -105,7 +105,7 @@ function sailthru_initialize_setup_options() { ) ); - if ( ! $validate_api ) { + if ( ! $validate_api ) { add_settings_section( 'sailthru_support_section', // ID used to identify this section and with which to register options @@ -248,7 +248,7 @@ function sailthru_initialize_setup_options() { 'recaptcha_setup_callback', // Callback used to render the description of the section 'sailthru_setup_options' // Page on which to add this section of options ); - + add_settings_field( 'google_recaptcha_site_key', __( 'reCaptcha Site Key', 'sailthru-for-wordpress' ), @@ -262,7 +262,7 @@ function sailthru_initialize_setup_options() { 'google_recaptcha_site_key', ) ); - + add_settings_field( 'google_recaptcha_secret', __( 'reCaptcha Secret Key', 'sailthru-for-wordpress' ), @@ -340,7 +340,7 @@ function sailthru_initialize_setup_options() { */ function sailthru_setup_callback() { - + // render the admin tabs // sailthru_admin_tabs('sailthru_configuration_page'); echo '

API Keys

'; @@ -616,21 +616,21 @@ function sailthru_setup_handler( $input ) { $output = array(); // api key if ( isset( $input['sailthru_api_key'] ) ) { - $output['sailthru_api_key'] = filter_var( $input['sailthru_api_key'], FILTER_SANITIZE_STRING ); + $output['sailthru_api_key'] = filter_var( $input['sailthru_api_key'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_api_key'] = false; } // api secret if ( isset( $input['sailthru_api_secret'] ) ) { - $output['sailthru_api_secret'] = filter_var( $input['sailthru_api_secret'], FILTER_SANITIZE_STRING ); + $output['sailthru_api_secret'] = filter_var( $input['sailthru_api_secret'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_api_secret'] = false; } // customer Id if ( isset( $input['sailthru_customer_id'] ) ) { - $output['sailthru_customer_id'] = filter_var( $input['sailthru_customer_id'], FILTER_SANITIZE_STRING ); + $output['sailthru_customer_id'] = filter_var( $input['sailthru_customer_id'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_customer_id'] = ''; } @@ -646,21 +646,21 @@ function sailthru_setup_handler( $input ) { if ( ! $validate_api ) { - // If the customer is overriding verification store the SPM value in the settings. + // If the customer is overriding verification store the SPM value in the settings. if ( isset( $input['features']['spm_enabled'] ) ) { - - $output['features']['spm_enabled'] = filter_var( $input['features']['spm_enabled'], FILTER_SANITIZE_STRING ); + + $output['features']['spm_enabled'] = filter_var( $input['features']['spm_enabled'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); if ( '1' === $output['features']['spm_enabled'] ) { $st_settings['features']['spm_enabled'] = '1'; } $st_settings['customer_id'] = $output['sailthru_customer_id']; - + update_option( 'sailthru_settings', $st_settings ); - } + } - // if API verification has been overriden assume the API is good and allow error to surface in template call. + // if API verification has been overriden assume the API is good and allow error to surface in template call. update_option( 'sailthru_api_validated', true ); } else { @@ -670,7 +670,7 @@ function sailthru_setup_handler( $input ) { if ( $settings ) { // Get the Customer ID from Sailthru. - $output['sailthru_customer_id'] = filter_var( $settings['customer_id'], FILTER_SANITIZE_STRING ); + $output['sailthru_customer_id'] = filter_var( $settings['customer_id'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); $st_settings = array( 'customer_id' => $settings['customer_id'], @@ -696,45 +696,45 @@ function sailthru_setup_handler( $input ) { // recaptcha settings $output['google_recaptcha_site_key'] = ''; if ( isset( $input['google_recaptcha_site_key'] ) ) { - $output['google_recaptcha_site_key'] = filter_var( $input['google_recaptcha_site_key'], FILTER_SANITIZE_STRING ); + $output['google_recaptcha_site_key'] = filter_var( $input['google_recaptcha_site_key'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } $output['google_recaptcha_secret'] = ''; if ( isset( $input['google_recaptcha_secret'] ) ) { - $output['google_recaptcha_secret'] = filter_var( $input['google_recaptcha_secret'], FILTER_SANITIZE_STRING ); + $output['google_recaptcha_secret'] = filter_var( $input['google_recaptcha_secret'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } // javascript type if ( isset( $input['sailthru_js_type'] ) ) { - $output['sailthru_js_type'] = filter_var( $input['sailthru_js_type'], FILTER_SANITIZE_STRING ); + $output['sailthru_js_type'] = filter_var( $input['sailthru_js_type'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_js_type'] = ''; } // auto pageviews if ( isset( $input['sailthru_js_auto_track_pageview'] ) ) { - $output['sailthru_js_auto_track_pageview'] = filter_var( $input['sailthru_js_auto_track_pageview'], FILTER_SANITIZE_STRING ); + $output['sailthru_js_auto_track_pageview'] = filter_var( $input['sailthru_js_auto_track_pageview'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_js_auto_track_pageview'] = false; } // ignore stored tags if ( isset( $input['sailthru_ignore_personalize_stored_tags'] ) ) { - $output['sailthru_ignore_personalize_stored_tags'] = filter_var( $input['sailthru_ignore_personalize_stored_tags'], FILTER_SANITIZE_STRING ); + $output['sailthru_ignore_personalize_stored_tags'] = filter_var( $input['sailthru_ignore_personalize_stored_tags'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_ignore_personalize_stored_tags'] = false; } // exclude content if ( isset( $input['sailthru_js_exclude_content'] ) ) { - $output['sailthru_js_exclude_content'] = filter_var( $input['sailthru_js_exclude_content'], FILTER_SANITIZE_STRING ); + $output['sailthru_js_exclude_content'] = filter_var( $input['sailthru_js_exclude_content'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_js_exclude_content'] = false; } // // horizon domain if ( isset( $input['sailthru_horizon_domain'] ) ) { - $output['sailthru_horizon_domain'] = filter_var( $input['sailthru_horizon_domain'], FILTER_SANITIZE_STRING ); + $output['sailthru_horizon_domain'] = filter_var( $input['sailthru_horizon_domain'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['sailthru_horizon_domain'] = ''; } @@ -775,7 +775,7 @@ function sailthru_setup_handler( $input ) { if ( $api_validated ) { // creates an email template if one does not already exist - // don't try and setup the template if validation is disabled. + // don't try and setup the template if validation is disabled. if ( $validate_api ) { sailthru_create_wordpress_template(); } @@ -796,7 +796,7 @@ function sailthru_setup_handler( $input ) { // Content Vars if ( isset( $input['content_vars'] ) ) { - $output['content_vars'] = filter_var( $input['content_vars'], FILTER_SANITIZE_STRING ); + $output['content_vars'] = filter_var( $input['content_vars'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ); } else { $output['content_vars'] = ''; } diff --git a/widget.subscribe.php b/widget.subscribe.php index 1e17ca5..1405b13 100644 --- a/widget.subscribe.php +++ b/widget.subscribe.php @@ -112,11 +112,11 @@ public function widget( $args, $instance ) { public function update( $new_instance, $old_instance ) { $instance = [ - 'title' => filter_var( $new_instance['title'], FILTER_SANITIZE_STRING ), - 'source' => filter_var( $new_instance['source'], FILTER_SANITIZE_STRING ), - 'lo_event_name' => filter_var( $new_instance['lo_event_name'], FILTER_SANITIZE_STRING ), - 'reset_optout_status' => filter_var ( $new_instance[ 'reset_optout_status' ], FILTER_SANITIZE_STRING ), - 'hide_title_status' => filter_var ( $new_instance[ 'hide_title_status' ], FILTER_SANITIZE_STRING ), + 'title' => filter_var( $new_instance['title'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ), + 'source' => filter_var( $new_instance['source'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ), + 'lo_event_name' => filter_var( $new_instance['lo_event_name'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ), + 'reset_optout_status' => filter_var( $new_instance['reset_optout_status'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ), + 'hide_title_status' => filter_var( $new_instance['hide_title_status'], FILTER_CALLBACK, array( 'options' => 'sanitize_text_field' ) ), ]; $customfields = get_option( 'sailthru_forms_options' );