WP PLUGIN MTEE(Meta Tag etc Extend) 登録データのサニタイズ
・update_post_meta、update_term_metaのデータをサニタイズ
This commit is contained in:
+3
-1
@@ -13,6 +13,8 @@ if (!class_exists('MTEE')) {
|
||||
*/
|
||||
class MTEE {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
public function __construct() {
|
||||
add_action('admin_menu', array($this, 'add_pages'));
|
||||
}
|
||||
@@ -32,7 +34,7 @@ if (!class_exists('MTEE')) {
|
||||
//$_POST['_mtee'])があったら保存
|
||||
if (isset($_POST['_mtee'])) {
|
||||
check_admin_referer('check_options');
|
||||
$opt = $_POST['_mtee'];
|
||||
$opt = $this->get_post_sanitize_data('_mtee', 'array');
|
||||
update_option('_mtee', $opt);
|
||||
require_once MTEE_CONFIG::MTEE_TEMPLATE_DIR . 'success.php';
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@ if (!class_exists('mtee_canonical_setting')) {
|
||||
*/
|
||||
class mtee_canonical_setting {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
private $options;
|
||||
|
||||
public function __construct($options) {
|
||||
@@ -53,9 +55,9 @@ if (!class_exists('mtee_canonical_setting')) {
|
||||
public function insert_meta_fields() {
|
||||
global $post;
|
||||
echo '<div class="meta_key_desc_box">
|
||||
<label style="font-weight: bold; display: block">Canonical URL</label>
|
||||
<label class="block_bold">Canonical URL</label>
|
||||
<div>
|
||||
<input style="width:100%" type="text" name="' . MTEE_CONFIG::MTEE_CANONICAL_URL . '"
|
||||
<input class="width_100" type="text" name="' . MTEE_CONFIG::MTEE_CANONICAL_URL . '"
|
||||
value="' . get_post_meta($post->ID, MTEE_CONFIG::MTEE_CANONICAL_URL, true) . '"
|
||||
placeholder="' . $this->set_default_post_canonical_url($post->ID) . '" />
|
||||
</div>
|
||||
@@ -64,11 +66,7 @@ placeholder="' . $this->set_default_post_canonical_url($post->ID) . '" />
|
||||
|
||||
// カスタムフィールドの値を保存
|
||||
public function save_meta_fields($post_id) {
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_CANONICAL_URL])) { //meta_keywordsが入力されている場合
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_CANONICAL_URL, $_POST[MTEE_CONFIG::MTEE_CANONICAL_URL]); //値を保存
|
||||
} else { //未入力の場合は値を削除
|
||||
delete_post_meta($post_id, MTEE_CONFIG::MTEE_CANONICAL_URL);
|
||||
}
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_CANONICAL_URL);
|
||||
}
|
||||
|
||||
public function set_default_post_canonical_url($id) {
|
||||
@@ -143,9 +141,7 @@ placeholder="' . $this->set_default_post_canonical_url($post->ID) . '" />
|
||||
}
|
||||
|
||||
public function save_terms($term_id) {
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_CANONICAL_URL, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_CANONICAL_URL, $_POST[MTEE_CONFIG::MTEE_CANONICAL_URL]);
|
||||
}
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_CANONICAL_URL);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@ if (!class_exists('mtee_noindexnofolow_setting')) {
|
||||
*/
|
||||
class mtee_noindexnofolow_setting {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
public function __construct($options) {
|
||||
//posts
|
||||
add_action('admin_menu', array($this, 'add_meta_fields'));
|
||||
@@ -67,8 +69,8 @@ if (!class_exists('mtee_noindexnofolow_setting')) {
|
||||
|
||||
// カスタムフィールドの値を保存
|
||||
public function save_meta_fields($post_id) {
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_NOINDEX, $_POST[MTEE_CONFIG::MTEE_NAME_NOINDEX] ?? '');
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_NOFOLLOW, $_POST[MTEE_CONFIG::MTEE_NAME_NOFOLLOW] ?? '');
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_NOINDEX);
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_NOFOLLOW);
|
||||
}
|
||||
|
||||
//-------------------------------------------------------------------------------------------
|
||||
@@ -141,12 +143,8 @@ nofollow
|
||||
}
|
||||
|
||||
public function save_terms($term_id) {
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_NAME_NOINDEX, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_NOINDEX, $_POST[MTEE_CONFIG::MTEE_NAME_NOINDEX]);
|
||||
}
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_NAME_NOFOLLOW, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_NOFOLLOW, $_POST[MTEE_CONFIG::MTEE_NAME_NOFOLLOW]);
|
||||
}
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_NOINDEX);
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_NOFOLLOW);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -10,6 +10,8 @@ if (!class_exists('mtee_ogp_post_setting')) {
|
||||
*/
|
||||
class mtee_ogp_post_setting {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
private $options;
|
||||
|
||||
public function __construct($options) {
|
||||
@@ -93,21 +95,10 @@ var ogp_img_name = ' . "'" . MTEE_CONFIG::MTEE_OGP_IMG . "'" . '
|
||||
|
||||
// カスタムフィールドの値を保存
|
||||
public function save_meta_fields($post_id) {
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_OGP_TITLE])) { //meta_keywordsが入力されている場合
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_TITLE, $_POST[MTEE_CONFIG::MTEE_OGP_TITLE]); //値を保存
|
||||
} else { //未入力の場合は値を削除
|
||||
delete_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_TITLE);
|
||||
}
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_OGP_DESC])) {
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_DESC, $_POST[MTEE_CONFIG::MTEE_OGP_DESC]);
|
||||
} else {
|
||||
delete_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_DESC);
|
||||
}
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_OGP_IMG])) {
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_IMG, $_POST[MTEE_CONFIG::MTEE_OGP_IMG]);
|
||||
} else {
|
||||
delete_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_IMG);
|
||||
}
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_TITLE);
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_DESC);
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_OGP_IMG);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -10,6 +10,8 @@ if (!class_exists('mtee_ogp_tax_setting')) {
|
||||
*/
|
||||
class mtee_ogp_tax_setting {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
private $options;
|
||||
|
||||
public function __construct($options) {
|
||||
@@ -139,18 +141,9 @@ var ogp_img_name = ' . "'" . MTEE_CONFIG::MTEE_OGP_IMG . "'" . '
|
||||
}
|
||||
|
||||
function save_terms($term_id) {
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_OGP_TITLE, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_OGP_TITLE, $_POST[MTEE_CONFIG::MTEE_OGP_TITLE]);
|
||||
}
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_OGP_DESC, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_OGP_DESC, $_POST[MTEE_CONFIG::MTEE_OGP_DESC]);
|
||||
}
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_OGP_IMG])) {
|
||||
update_post_meta($term_id, MTEE_CONFIG::MTEE_OGP_IMG, $_POST[MTEE_CONFIG::MTEE_OGP_IMG]);
|
||||
} else {
|
||||
delete_post_meta($term_id, MTEE_CONFIG::MTEE_OGP_IMG);
|
||||
}
|
||||
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_OGP_TITLE);
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_OGP_DESC);
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_OGP_IMG);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -10,6 +10,8 @@ if (!class_exists('mtee_post_setting')) {
|
||||
*/
|
||||
class mtee_post_setting {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
private $options;
|
||||
|
||||
public function __construct($options) {
|
||||
@@ -60,16 +62,8 @@ placeholder="' . $this->set_default_description() . '"/>
|
||||
|
||||
// カスタムフィールドの値を保存
|
||||
public function save_meta_fields($post_id) {
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_NAME_KEYWORDS])) { //meta_keywordsが入力されている場合
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_KEYWORDS, $_POST[MTEE_CONFIG::MTEE_NAME_KEYWORDS]); //値を保存
|
||||
} else { //未入力の場合は値を削除
|
||||
delete_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_KEYWORDS);
|
||||
}
|
||||
if (!empty($_POST[MTEE_CONFIG::MTEE_NAME_DESCRIPTION])) {
|
||||
update_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_DESCRIPTION, $_POST[MTEE_CONFIG::MTEE_NAME_DESCRIPTION]);
|
||||
} else {
|
||||
delete_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_DESCRIPTION);
|
||||
}
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_KEYWORDS);
|
||||
$this->save_post_meta($post_id, MTEE_CONFIG::MTEE_NAME_DESCRIPTION);
|
||||
}
|
||||
|
||||
public function set_default_keywords() {
|
||||
|
||||
@@ -10,6 +10,8 @@ if (!class_exists('mtee_tax_setting')) {
|
||||
*/
|
||||
class mtee_tax_setting {
|
||||
|
||||
use mtee_utils;
|
||||
|
||||
private $options;
|
||||
|
||||
public function __construct($options) {
|
||||
@@ -127,12 +129,8 @@ class="tax-meta-field" />
|
||||
}
|
||||
|
||||
function save_terms($term_id) {
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_NAME_KEYWORDS, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_KEYWORDS, $_POST[MTEE_CONFIG::MTEE_NAME_KEYWORDS]);
|
||||
}
|
||||
if (array_key_exists(MTEE_CONFIG::MTEE_NAME_DESCRIPTION, $_POST)) {
|
||||
update_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_DESCRIPTION, $_POST[MTEE_CONFIG::MTEE_NAME_DESCRIPTION]);
|
||||
}
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_KEYWORDS);
|
||||
$this->save_term_meta($term_id, MTEE_CONFIG::MTEE_NAME_DESCRIPTION);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -125,6 +125,15 @@ label.mtee-label {
|
||||
margin-top: 1em;
|
||||
}
|
||||
|
||||
.width_100{
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.block_bold {
|
||||
font-weight: bold;
|
||||
display: block
|
||||
}
|
||||
|
||||
@media screen and (max-width: 768px) {
|
||||
.mtee_description_tmp_list {
|
||||
display: block;
|
||||
|
||||
@@ -18,6 +18,7 @@ Twitter
|
||||
*/
|
||||
|
||||
include_once __DIR__ . '/mtee_config.php';
|
||||
include_once MTEE_CONFIG::MTEE_TRAIT_DIR . 'mtee_utils.php';
|
||||
include_once MTEE_CONFIG::MTEE_CLASS_DIR . 'mtee.php';
|
||||
|
||||
//admin css/js setting
|
||||
|
||||
+2
-2
@@ -199,7 +199,7 @@ $rss_disabled = $this->get_key_setting('rss_disabled');
|
||||
<input type="hidden" name="_mtee[wp_ver_disabled]" value="0">
|
||||
<input type="checkbox"
|
||||
name="_mtee[wp_ver_disabled]" <?php checked($wp_ver_disabled, 1); ?>
|
||||
value="1">削除
|
||||
value="1">表示しない
|
||||
</label>
|
||||
</div>
|
||||
<div class="mtee-form-box mtee_box_border">
|
||||
@@ -208,7 +208,7 @@ $rss_disabled = $this->get_key_setting('rss_disabled');
|
||||
<input type="hidden" name="_mtee[asset_ver_disabled]" value="0">
|
||||
<input type="checkbox"
|
||||
name="_mtee[asset_ver_disabled]" <?php checked($asset_ver_disabled, 1); ?>
|
||||
value="1">削除
|
||||
value="1">表示しない
|
||||
</label>
|
||||
</div>
|
||||
<div class="mtee-form-box mtee_box_border">
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
if (!defined('ABSPATH')) {
|
||||
exit;
|
||||
} // Exit if accessed directly
|
||||
|
||||
if (!trait_exists('mtee_utils')) {
|
||||
|
||||
trait mtee_utils {
|
||||
|
||||
public function get_post_sanitize_data($var_name, $type = 'str') {
|
||||
if ($type == 'str') {
|
||||
return filter_input(INPUT_POST, $var_name, FILTER_SANITIZE_STRING);
|
||||
}
|
||||
if ($type == 'array') {
|
||||
return filter_input(INPUT_POST, $var_name, FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public function save_post_meta($post_id, $var_name) {
|
||||
if (!empty($_POST[$var_name])) {
|
||||
update_post_meta($post_id, $var_name, $this->get_post_sanitize_data($var_name)); //値を保存
|
||||
} else { //未入力の場合は値を削除
|
||||
delete_post_meta($post_id, $var_name);
|
||||
}
|
||||
}
|
||||
|
||||
public function save_term_meta($term_id, $var_name) {
|
||||
if (array_key_exists($var_name, $_POST)) {
|
||||
update_term_meta($term_id, $var_name, $this->get_post_sanitize_data($var_name));
|
||||
} else { //未入力の場合は値を削除
|
||||
delete_term_meta($term_id, $var_name);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user