add sanitize callbacks

This commit is contained in:
Matthias Pfefferle 2023-04-26 17:23:28 +02:00
parent 4a4a06de37
commit 0ee1266c30
2 changed files with 48 additions and 9 deletions

View file

@ -2,6 +2,7 @@
namespace Activitypub\Collection; namespace Activitypub\Collection;
use WP_Error; use WP_Error;
use Exception;
use WP_Term_Query; use WP_Term_Query;
use Activitypub\Webfinger; use Activitypub\Webfinger;
use Activitypub\Model\Activity; use Activitypub\Model\Activity;
@ -67,7 +68,9 @@ class Followers {
array( array(
'type' => 'string', 'type' => 'string',
'single' => true, 'single' => true,
//'sanitize_callback' => array( self::class, 'validate_displayname' ), 'sanitize_callback' => function( $value ) {
return sanitize_user( $value );
},
) )
); );
@ -77,7 +80,9 @@ class Followers {
array( array(
'type' => 'string', 'type' => 'string',
'single' => true, 'single' => true,
//'sanitize_callback' => array( self::class, 'validate_username' ), 'sanitize_callback' => function( $value ) {
return sanitize_user( $value, true );
},
) )
); );
@ -87,7 +92,13 @@ class Followers {
array( array(
'type' => 'string', 'type' => 'string',
'single' => true, 'single' => true,
//'sanitize_callback' => array( self::class, 'validate_avatar' ), 'sanitize_callback' => function( $value ) {
if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) {
return '';
}
return esc_url_raw( $value );
},
) )
); );
@ -97,7 +108,29 @@ class Followers {
array( array(
'type' => 'string', 'type' => 'string',
'single' => true, 'single' => true,
//'sanitize_callback' => array( self::class, 'validate_inbox' ), 'sanitize_callback' => function( $value ) {
if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) {
throw new Exception( '"inbox" has to be a valid URL' );
}
return esc_url_raw( $value );
},
)
);
register_term_meta(
self::TAXONOMY,
'shared_inbox',
array(
'type' => 'string',
'single' => true,
'sanitize_callback' => function( $value ) {
if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) {
return null;
}
return esc_url_raw( $value );
},
) )
); );
@ -107,7 +140,13 @@ class Followers {
array( array(
'type' => 'string', 'type' => 'string',
'single' => true, 'single' => true,
//'sanitize_callback' => array( self::class, 'validate_updated_at' ), 'sanitize_callback' => function( $value ) {
if ( ! is_numeric( $value ) && (int) $value !== $value ) {
$value = strtotime( 'now' );
}
return $value;
},
) )
); );

View file

@ -229,21 +229,21 @@ class Follower {
foreach ( $this->map_meta as $remote => $internal ) { foreach ( $this->map_meta as $remote => $internal ) {
if ( ! empty( $meta[ $remote ] ) ) { if ( ! empty( $meta[ $remote ] ) ) {
update_term_meta( $this->id, $internal, esc_html( $meta[ $remote ] ), true ); update_term_meta( $this->id, $internal, $meta[ $remote ], true );
$this->$internal = $meta[ $remote ]; $this->$internal = $meta[ $remote ];
} }
} }
if ( ! empty( $meta['icon']['url'] ) ) { if ( ! empty( $meta['icon']['url'] ) ) {
update_term_meta( $this->id, 'avatar', esc_url_raw( $meta['icon']['url'] ), true ); update_term_meta( $this->id, 'avatar', $meta['icon']['url'], true );
$this->avatar = $meta['icon']['url']; $this->avatar = $meta['icon']['url'];
} }
if ( ! empty( $meta['endpoints']['sharedInbox'] ) ) { if ( ! empty( $meta['endpoints']['sharedInbox'] ) ) {
update_term_meta( $this->id, 'shared_inbox', esc_url_raw( $meta['endpoints']['sharedInbox'] ), true ); update_term_meta( $this->id, 'shared_inbox', $meta['endpoints']['sharedInbox'], true );
$this->shared_inbox = $meta['endpoints']['sharedInbox']; $this->shared_inbox = $meta['endpoints']['sharedInbox'];
} elseif ( ! empty( $meta['inbox'] ) ) { } elseif ( ! empty( $meta['inbox'] ) ) {
update_term_meta( $this->id, 'shared_inbox', esc_url_raw( $meta['inbox'] ), true ); update_term_meta( $this->id, 'shared_inbox', $meta['inbox'], true );
$this->shared_inbox = $meta['inbox']; $this->shared_inbox = $meta['inbox'];
} }