Escaping URLs before they go into the DB.

thethemefoundry · Aug 13, 2012 · 0eded74 · 0eded74
1 parent 3e938f9
commit 0eded74
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/classes/struts/option/image.php b/classes/struts/option/image.php
@@ -12,6 +12,8 @@ public function input_html() {
 	}
 
 	protected function standard_validation( $value ) {
+		$value = esc_url_raw( $value );
+
 		return trim( $value );
 	}
 

diff --git a/classes/struts/option/text.php b/classes/struts/option/text.php
@@ -1,6 +1,16 @@
 <?php
 
 class Struts_Option_Text extends Struts_Option {
+	protected $_is_url;
+
+	public function is_url( $is_url = NULL ) {
+		if ( NULL === $is_url )
+			return $this->_is_url;
+
+		$this->_is_url = $is_url;
+		return $this;
+	}
+
 	public function input_html() {
 		$id = esc_attr( $this->html_id() );
 		$name = esc_attr( $this->html_name() );
@@ -10,6 +20,10 @@ public function input_html() {
 	}
 
 	protected function standard_validation( $value ) {
+		if ( $this->is_url() ) {
+			$value = esc_url_raw( $value );
+		}
+
 		return trim( $value );
 	}
 }