Options Framework - Version 1.8.3

Version Description

  • Update: sanitization of info option and description field
  • Update: Sanitization of editor field
Download this release

Release Info

Developer downstairsdev
Plugin Icon wp plugin Options Framework
Version 1.8.3
Comparing to
See all releases

Code changes from version 1.8.2 to 1.8.3

Files changed (6) hide show
  1. includes/class-options-framework.php +1 -1
  2. includes/class-options-interface.php +1 -1
  3. includes/class-options-sanitization.php +125 -56
  4. languages/options-framework.pot +0 -0
  5. options-framework.php +1 -1
  6. readme.txt +7 -2
includes/class-options-framework.php CHANGED
@@ -15,7 +15,7 @@ class Options_Framework {
15
  * @since 1.7.0
16
  * @type string
17
  */
18
- const VERSION = '1.8.2';
19
 
20
  /**
21
  * Initialize the plugin.
15
  * @since 1.7.0
16
  * @type string
17
  */
18
+ const VERSION = '1.8.3';
19
 
20
  /**
21
  * Initialize the plugin.
includes/class-options-interface.php CHANGED
@@ -383,7 +383,7 @@ class Options_Framework_Interface {
383
  $output .= '<h4 class="heading">' . esc_html( $value['name'] ) . '</h4>' . "\n";
384
  }
385
  if ( isset( $value['desc'] ) ) {
386
- $output .= apply_filters('of_sanitize_info', $value['desc'] ) . "\n";
387
  }
388
  $output .= '</div>' . "\n";
389
  break;
383
  $output .= '<h4 class="heading">' . esc_html( $value['name'] ) . '</h4>' . "\n";
384
  }
385
  if ( isset( $value['desc'] ) ) {
386
+ $output .= $value['desc'] . "\n";
387
  }
388
  $output .= '</div>' . "\n";
389
  break;
includes/class-options-sanitization.php CHANGED
@@ -7,38 +7,60 @@
7
  * @copyright 2010-2014 WP Theming
8
  */
9
 
10
- /* Text */
11
-
 
 
 
12
  add_filter( 'of_sanitize_text', 'sanitize_text_field' );
13
 
14
- /* Password */
15
-
 
 
 
16
  add_filter( 'of_sanitize_password', 'sanitize_text_field' );
17
 
18
- /* Textarea */
19
-
20
- function of_sanitize_textarea( $input) {
21
- global $allowedposttags;
22
- $output = wp_kses( $input, $allowedposttags);
23
- return $output;
24
- }
25
-
26
- add_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' );
27
-
28
- /* Select */
29
-
30
  add_filter( 'of_sanitize_select', 'of_sanitize_enum', 10, 2 );
31
 
32
- /* Radio */
33
-
 
 
 
34
  add_filter( 'of_sanitize_radio', 'of_sanitize_enum', 10, 2 );
35
 
36
- /* Images */
37
-
 
 
 
38
  add_filter( 'of_sanitize_images', 'of_sanitize_enum', 10, 2 );
39
 
40
- /* Checkbox */
 
 
 
 
 
 
 
 
 
 
 
41
 
 
 
 
 
 
 
42
  function of_sanitize_checkbox( $input ) {
43
  if ( $input ) {
44
  $output = '1';
@@ -49,8 +71,12 @@ function of_sanitize_checkbox( $input ) {
49
  }
50
  add_filter( 'of_sanitize_checkbox', 'of_sanitize_checkbox' );
51
 
52
- /* Multicheck */
53
-
 
 
 
 
54
  function of_sanitize_multicheck( $input, $option ) {
55
  $output = '';
56
  if ( is_array( $input ) ) {
@@ -59,7 +85,7 @@ function of_sanitize_multicheck( $input, $option ) {
59
  }
60
  foreach( $input as $key => $value ) {
61
  if ( array_key_exists( $key, $option['options'] ) && $value ) {
62
- $output[$key] = "1";
63
  }
64
  }
65
  }
@@ -67,12 +93,14 @@ function of_sanitize_multicheck( $input, $option ) {
67
  }
68
  add_filter( 'of_sanitize_multicheck', 'of_sanitize_multicheck', 10, 2 );
69
 
70
- /* Color Picker */
71
-
72
- add_filter( 'of_sanitize_color', 'of_sanitize_hex' );
73
-
74
- /* Uploader */
75
-
 
 
76
  function of_sanitize_upload( $input ) {
77
  $output = '';
78
  $filetype = wp_check_filetype( $input );
@@ -83,39 +111,61 @@ function of_sanitize_upload( $input ) {
83
  }
84
  add_filter( 'of_sanitize_upload', 'of_sanitize_upload' );
85
 
86
- /* Editor */
87
-
 
 
 
 
 
 
88
  function of_sanitize_editor( $input ) {
89
  if ( current_user_can( 'unfiltered_html' ) ) {
90
  $output = $input;
91
  }
92
  else {
93
- global $allowedtags;
94
- $output = wpautop(wp_kses( $input, $allowedtags));
95
  }
96
  return $output;
97
  }
98
  add_filter( 'of_sanitize_editor', 'of_sanitize_editor' );
99
 
100
- /* Allowed Tags */
101
-
 
 
 
 
 
 
102
  function of_sanitize_allowedtags( $input ) {
103
  global $allowedtags;
104
  $output = wpautop( wp_kses( $input, $allowedtags ) );
105
  return $output;
106
  }
107
 
108
- /* Allowed Post Tags */
109
-
 
 
 
 
 
 
110
  function of_sanitize_allowedposttags( $input ) {
111
  global $allowedposttags;
112
  $output = wpautop( wp_kses( $input, $allowedposttags) );
113
  return $output;
114
  }
115
- add_filter( 'of_sanitize_info', 'of_sanitize_allowedposttags' );
116
-
117
- /* Check that the key value sent is valid */
118
 
 
 
 
 
 
 
 
119
  function of_sanitize_enum( $input, $option ) {
120
  $output = '';
121
  if ( array_key_exists( $input, $option['options'] ) ) {
@@ -124,9 +174,13 @@ function of_sanitize_enum( $input, $option ) {
124
  return $output;
125
  }
126
 
127
- /* Background */
128
-
 
 
 
129
  function of_sanitize_background( $input ) {
 
130
  $output = wp_parse_args( $input, array(
131
  'color' => '',
132
  'image' => '',
@@ -145,6 +199,11 @@ function of_sanitize_background( $input ) {
145
  }
146
  add_filter( 'of_sanitize_background', 'of_sanitize_background' );
147
 
 
 
 
 
 
148
  function of_sanitize_background_repeat( $value ) {
149
  $recognized = of_recognized_background_repeat();
150
  if ( array_key_exists( $value, $recognized ) ) {
@@ -154,6 +213,11 @@ function of_sanitize_background_repeat( $value ) {
154
  }
155
  add_filter( 'of_background_repeat', 'of_sanitize_background_repeat' );
156
 
 
 
 
 
 
157
  function of_sanitize_background_position( $value ) {
158
  $recognized = of_recognized_background_position();
159
  if ( array_key_exists( $value, $recognized ) ) {
@@ -163,6 +227,11 @@ function of_sanitize_background_position( $value ) {
163
  }
164
  add_filter( 'of_background_position', 'of_sanitize_background_position' );
165
 
 
 
 
 
 
166
  function of_sanitize_background_attachment( $value ) {
167
  $recognized = of_recognized_background_attachment();
168
  if ( array_key_exists( $value, $recognized ) ) {
@@ -172,9 +241,9 @@ function of_sanitize_background_attachment( $value ) {
172
  }
173
  add_filter( 'of_background_attachment', 'of_sanitize_background_attachment' );
174
 
175
-
176
- /* Typography */
177
-
178
  function of_sanitize_typography( $input, $option ) {
179
 
180
  $output = wp_parse_args( $input, array(
@@ -200,6 +269,9 @@ function of_sanitize_typography( $input, $option ) {
200
  }
201
  add_filter( 'of_sanitize_typography', 'of_sanitize_typography', 10, 2 );
202
 
 
 
 
203
  function of_sanitize_font_size( $value ) {
204
  $recognized = of_recognized_font_sizes();
205
  $value_check = preg_replace('/px/','', $value);
@@ -210,7 +282,9 @@ function of_sanitize_font_size( $value ) {
210
  }
211
  add_filter( 'of_font_size', 'of_sanitize_font_size' );
212
 
213
-
 
 
214
  function of_sanitize_font_style( $value ) {
215
  $recognized = of_recognized_font_styles();
216
  if ( array_key_exists( $value, $recognized ) ) {
@@ -220,7 +294,9 @@ function of_sanitize_font_style( $value ) {
220
  }
221
  add_filter( 'of_font_style', 'of_sanitize_font_style' );
222
 
223
-
 
 
224
  function of_sanitize_font_face( $value ) {
225
  $recognized = of_recognized_font_faces();
226
  if ( array_key_exists( $value, $recognized ) ) {
@@ -234,7 +310,6 @@ add_filter( 'of_font_face', 'of_sanitize_font_face' );
234
  * Get recognized background repeat settings
235
  *
236
  * @return array
237
- *
238
  */
239
  function of_recognized_background_repeat() {
240
  $default = array(
@@ -250,7 +325,6 @@ function of_recognized_background_repeat() {
250
  * Get recognized background positions
251
  *
252
  * @return array
253
- *
254
  */
255
  function of_recognized_background_position() {
256
  $default = array(
@@ -271,7 +345,6 @@ function of_recognized_background_position() {
271
  * Get recognized background attachment
272
  *
273
  * @return array
274
- *
275
  */
276
  function of_recognized_background_attachment() {
277
  $default = array(
@@ -287,7 +360,6 @@ function of_recognized_background_attachment() {
287
  * @param string Color in hexidecimal notation. "#" may or may not be prepended to the string.
288
  * @param string The value that this function should return if it cannot be recognized as a color.
289
  * @return string
290
- *
291
  */
292
 
293
  function of_sanitize_hex( $hex, $default = '' ) {
@@ -296,6 +368,7 @@ function of_sanitize_hex( $hex, $default = '' ) {
296
  }
297
  return $default;
298
  }
 
299
 
300
  /**
301
  * Get recognized font sizes.
@@ -322,7 +395,6 @@ function of_recognized_font_sizes() {
322
  * while values are ready for display in in html.
323
  *
324
  * @return array
325
- *
326
  */
327
  function of_recognized_font_faces() {
328
  $default = array(
@@ -346,7 +418,6 @@ function of_recognized_font_faces() {
346
  * while values are ready for display in in html.
347
  *
348
  * @return array
349
- *
350
  */
351
  function of_recognized_font_styles() {
352
  $default = array(
@@ -363,9 +434,7 @@ function of_recognized_font_styles() {
363
  *
364
  * @param string Color in hexidecimal notation. "#" may or may not be prepended to the string.
365
  * @return bool
366
- *
367
  */
368
-
369
  function of_validate_hex( $hex ) {
370
  $hex = trim( $hex );
371
  /* Strip recognized prefixes. */
7
  * @copyright 2010-2014 WP Theming
8
  */
9
 
10
+ /**
11
+ * Sanitization for text input
12
+ *
13
+ * @link http://developer.wordpress.org/reference/functions/sanitize_text_field/
14
+ */
15
  add_filter( 'of_sanitize_text', 'sanitize_text_field' );
16
 
17
+ /**
18
+ * Sanitization for password input
19
+ *
20
+ * @link http://developer.wordpress.org/reference/functions/sanitize_text_field/
21
+ */
22
  add_filter( 'of_sanitize_password', 'sanitize_text_field' );
23
 
24
+ /**
25
+ * Sanitization for select input
26
+ *
27
+ * Validates that the selected option is a valid option.
28
+ */
 
 
 
 
 
 
 
29
  add_filter( 'of_sanitize_select', 'of_sanitize_enum', 10, 2 );
30
 
31
+ /**
32
+ * Sanitization for radio input
33
+ *
34
+ * Validates that the selected option is a valid option.
35
+ */
36
  add_filter( 'of_sanitize_radio', 'of_sanitize_enum', 10, 2 );
37
 
38
+ /**
39
+ * Sanitization for image selector
40
+ *
41
+ * Validates that the selected option is a valid option.
42
+ */
43
  add_filter( 'of_sanitize_images', 'of_sanitize_enum', 10, 2 );
44
 
45
+ /**
46
+ * Sanitization for textarea field
47
+ *
48
+ * @param $input string
49
+ * @return $output sanitized string
50
+ */
51
+ function of_sanitize_textarea( $input ) {
52
+ global $allowedposttags;
53
+ $output = wp_kses( $input, $allowedposttags );
54
+ return $output;
55
+ }
56
+ add_filter( 'of_sanitize_textarea', 'of_sanitize_textarea' );
57
 
58
+ /**
59
+ * Sanitization for checkbox input
60
+ *
61
+ * @param $input string (1 or empty) checkbox state
62
+ * @return $output '1' or false
63
+ */
64
  function of_sanitize_checkbox( $input ) {
65
  if ( $input ) {
66
  $output = '1';
71
  }
72
  add_filter( 'of_sanitize_checkbox', 'of_sanitize_checkbox' );
73
 
74
+ /**
75
+ * Sanitization for multicheck
76
+ *
77
+ * @param array of checkbox values
78
+ * @return array of sanitized values ('1' or false)
79
+ */
80
  function of_sanitize_multicheck( $input, $option ) {
81
  $output = '';
82
  if ( is_array( $input ) ) {
85
  }
86
  foreach( $input as $key => $value ) {
87
  if ( array_key_exists( $key, $option['options'] ) && $value ) {
88
+ $output[$key] = '1';
89
  }
90
  }
91
  }
93
  }
94
  add_filter( 'of_sanitize_multicheck', 'of_sanitize_multicheck', 10, 2 );
95
 
96
+ /**
97
+ * File upload sanitization.
98
+ *
99
+ * Returns a sanitized filepath if it has a valid extension.
100
+ *
101
+ * @param string $input filepath
102
+ * @returns string $output filepath
103
+ */
104
  function of_sanitize_upload( $input ) {
105
  $output = '';
106
  $filetype = wp_check_filetype( $input );
111
  }
112
  add_filter( 'of_sanitize_upload', 'of_sanitize_upload' );
113
 
114
+ /**
115
+ * Sanitization for editor input.
116
+ *
117
+ * Returns unfiltered HTML if user has permissions.
118
+ *
119
+ * @param string $input
120
+ * @returns string $output
121
+ */
122
  function of_sanitize_editor( $input ) {
123
  if ( current_user_can( 'unfiltered_html' ) ) {
124
  $output = $input;
125
  }
126
  else {
127
+ global $allowedposttags;
128
+ $output = wp_kses( $input, $allowedposttags );
129
  }
130
  return $output;
131
  }
132
  add_filter( 'of_sanitize_editor', 'of_sanitize_editor' );
133
 
134
+ /**
135
+ * Sanitization of input with allowed tags and wpautotop.
136
+ *
137
+ * Allows allowed tags in html input and ensures tags close properly.
138
+ *
139
+ * @param string $input
140
+ * @returns string $output
141
+ */
142
  function of_sanitize_allowedtags( $input ) {
143
  global $allowedtags;
144
  $output = wpautop( wp_kses( $input, $allowedtags ) );
145
  return $output;
146
  }
147
 
148
+ /**
149
+ * Sanitization of input with allowed post tags and wpautotop.
150
+ *
151
+ * Allows allowed post tags in html input and ensures tags close properly.
152
+ *
153
+ * @param string $input
154
+ * @returns string $output
155
+ */
156
  function of_sanitize_allowedposttags( $input ) {
157
  global $allowedposttags;
158
  $output = wpautop( wp_kses( $input, $allowedposttags) );
159
  return $output;
160
  }
 
 
 
161
 
162
+ /**
163
+ * Validates that the $input is one of the avilable choices
164
+ * for that specific option.
165
+ *
166
+ * @param string $input
167
+ * @returns string $output
168
+ */
169
  function of_sanitize_enum( $input, $option ) {
170
  $output = '';
171
  if ( array_key_exists( $input, $option['options'] ) ) {
174
  return $output;
175
  }
176
 
177
+ /**
178
+ * Sanitization for background option.
179
+ *
180
+ * @returns array $output
181
+ */
182
  function of_sanitize_background( $input ) {
183
+
184
  $output = wp_parse_args( $input, array(
185
  'color' => '',
186
  'image' => '',
199
  }
200
  add_filter( 'of_sanitize_background', 'of_sanitize_background' );
201
 
202
+ /**
203
+ * Sanitization for background repeat
204
+ *
205
+ * @returns string $value if it is valid
206
+ */
207
  function of_sanitize_background_repeat( $value ) {
208
  $recognized = of_recognized_background_repeat();
209
  if ( array_key_exists( $value, $recognized ) ) {
213
  }
214
  add_filter( 'of_background_repeat', 'of_sanitize_background_repeat' );
215
 
216
+ /**
217
+ * Sanitization for background position
218
+ *
219
+ * @returns string $value if it is valid
220
+ */
221
  function of_sanitize_background_position( $value ) {
222
  $recognized = of_recognized_background_position();
223
  if ( array_key_exists( $value, $recognized ) ) {
227
  }
228
  add_filter( 'of_background_position', 'of_sanitize_background_position' );
229
 
230
+ /**
231
+ * Sanitization for background attachment
232
+ *
233
+ * @returns string $value if it is valid
234
+ */
235
  function of_sanitize_background_attachment( $value ) {
236
  $recognized = of_recognized_background_attachment();
237
  if ( array_key_exists( $value, $recognized ) ) {
241
  }
242
  add_filter( 'of_background_attachment', 'of_sanitize_background_attachment' );
243
 
244
+ /**
245
+ * Sanitization for typography option.
246
+ */
247
  function of_sanitize_typography( $input, $option ) {
248
 
249
  $output = wp_parse_args( $input, array(
269
  }
270
  add_filter( 'of_sanitize_typography', 'of_sanitize_typography', 10, 2 );
271
 
272
+ /**
273
+ * Sanitization for font size
274
+ */
275
  function of_sanitize_font_size( $value ) {
276
  $recognized = of_recognized_font_sizes();
277
  $value_check = preg_replace('/px/','', $value);
282
  }
283
  add_filter( 'of_font_size', 'of_sanitize_font_size' );
284
 
285
+ /**
286
+ * Sanitization for font style
287
+ */
288
  function of_sanitize_font_style( $value ) {
289
  $recognized = of_recognized_font_styles();
290
  if ( array_key_exists( $value, $recognized ) ) {
294
  }
295
  add_filter( 'of_font_style', 'of_sanitize_font_style' );
296
 
297
+ /**
298
+ * Sanitization for font face
299
+ */
300
  function of_sanitize_font_face( $value ) {
301
  $recognized = of_recognized_font_faces();
302
  if ( array_key_exists( $value, $recognized ) ) {
310
  * Get recognized background repeat settings
311
  *
312
  * @return array
 
313
  */
314
  function of_recognized_background_repeat() {
315
  $default = array(
325
  * Get recognized background positions
326
  *
327
  * @return array
 
328
  */
329
  function of_recognized_background_position() {
330
  $default = array(
345
  * Get recognized background attachment
346
  *
347
  * @return array
 
348
  */
349
  function of_recognized_background_attachment() {
350
  $default = array(
360
  * @param string Color in hexidecimal notation. "#" may or may not be prepended to the string.
361
  * @param string The value that this function should return if it cannot be recognized as a color.
362
  * @return string
 
363
  */
364
 
365
  function of_sanitize_hex( $hex, $default = '' ) {
368
  }
369
  return $default;
370
  }
371
+ add_filter( 'of_sanitize_color', 'of_sanitize_hex' );
372
 
373
  /**
374
  * Get recognized font sizes.
395
  * while values are ready for display in in html.
396
  *
397
  * @return array
 
398
  */
399
  function of_recognized_font_faces() {
400
  $default = array(
418
  * while values are ready for display in in html.
419
  *
420
  * @return array
 
421
  */
422
  function of_recognized_font_styles() {
423
  $default = array(
434
  *
435
  * @param string Color in hexidecimal notation. "#" may or may not be prepended to the string.
436
  * @return bool
 
437
  */
 
438
  function of_validate_hex( $hex ) {
439
  $hex = trim( $hex );
440
  /* Strip recognized prefixes. */
languages/options-framework.pot CHANGED
File without changes
options-framework.php CHANGED
@@ -12,7 +12,7 @@
12
  * Plugin Name: Options Framework
13
  * Plugin URI: http://wptheming.com
14
  * Description: A framework for building theme options.
15
- * Version: 1.8.2
16
  * Author: Devin Price
17
  * Author URI: http://wptheming.com
18
  * License: GPL-2.0+
12
  * Plugin Name: Options Framework
13
  * Plugin URI: http://wptheming.com
14
  * Description: A framework for building theme options.
15
+ * Version: 1.8.3
16
  * Author: Devin Price
17
  * Author URI: http://wptheming.com
18
  * License: GPL-2.0+
readme.txt CHANGED
@@ -4,8 +4,8 @@ Contributors: downstairsdev
4
  Tags: options, theme options
5
  Donate link: http://bit.ly/options-donate-2
6
  Requires at least: 3.6
7
- Tested up to: 4.0
8
- Stable tag: 1.8.2
9
  License: GPLv2
10
 
11
  == Description ==
@@ -68,6 +68,11 @@ You can also watch the video screencast I have at [http://wptheming.com/options-
68
 
69
  == Changelog ==
70
 
 
 
 
 
 
71
  = 1.8.2 =
72
 
73
  * Fix for translation textdomain
4
  Tags: options, theme options
5
  Donate link: http://bit.ly/options-donate-2
6
  Requires at least: 3.6
7
+ Tested up to: 4.1
8
+ Stable tag: 1.8.3
9
  License: GPLv2
10
 
11
  == Description ==
68
 
69
  == Changelog ==
70
 
71
+ = 1.8.3 =
72
+
73
+ * Update: sanitization of info option and description field
74
+ * Update: Sanitization of editor field
75
+
76
  = 1.8.2 =
77
 
78
  * Fix for translation textdomain