LLMS_Form_Handler::validate_fields( array $posted_data, string $location, array[] $fields, string $action )
Form fields submission validation.
Parameters Parameters
- $posted_data
-
(array) (Required) User-submitted form data.
- $location
-
(string) (Required) Form location ID.
- $fields
-
(array[]) (Required) Array of LifterLMS Form Fields.
- $action
-
(string) (Required) User action to perform.
Return Return
(boolean|WP_Error) Returns true on success and an error object on failure.
Source Source
File: includes/forms/class-llms-form-handler.php
continue;
}
// Determine the effective storage key, falling back to the field name as `LLMS_Form_Field` does.
$key = '';
if ( ! empty( $field['data_store_key'] ) ) {
$key = $field['data_store_key'];
} elseif ( ! empty( $field['name'] ) ) {
$key = $field['name'];
}
if ( $key && $this->is_protected_user_field( $store, $key ) ) {
return new WP_Error(
'llms-form-protected-field',
__( 'This form contains a field that cannot be saved. Please contact the site administrator.', 'lifterlms' )
);
}
}
return true;
}
/**
* Determine if a storage destination targets a protected user property.
*
* @since 10.0.8
*
* @param string $store Storage location. Either "users" or "usermeta".
* @param string $key Storage key (column name for "users" or meta key for "usermeta").
* @return bool
*/
protected function is_protected_user_field( $store, $key ) {
global $wpdb;
/**
* Filter the list of protected user storage destinations that form fields may not write to.
*
* @since 10.0.8
*
* @param array $protected {
* Array of protected storage keys, keyed by storage location.
*
* @type string[] $users Protected `wp_users` column names.
* @type string[] $usermeta Protected `wp_usermeta` meta keys.
* }
*/
$protected = apply_filters(
'llms_form_protected_user_fields',
array(
'users' => array( 'role', 'user_level' ),
'usermeta' => array(
'role',
$wpdb->prefix . 'capabilities',
$wpdb->prefix . 'user_level',
),
)
);
$keys = isset( $protected[ $store ] ) ? (array) $protected[ $store ] : array();
if ( in_array( $key, $keys, true ) ) {
return true;
}
// Also match custom-prefixed capability and level meta keys.
if ( 'usermeta' === $store && ( preg_match( '/capabilities$/', $key ) || preg_match( '/user_level$/', $key ) ) ) {
return true;
}
return false;
}
/**
* Form fields submission validation.
*
* @since 7.0.0
*
* @param array $posted_data User-submitted form data.
* @param string $location Form location ID.
* @param array[] $fields Array of LifterLMS Form Fields.
* @param string $action User action to perform.
* @return boolean|WP_Error Returns `true` on success and an error object on failure.
*/
protected function validate_fields( $posted_data, $location, $fields, $action ) {
// Ensure no field maps submitted data to a protected user property (e.g. role or capabilities).
Expand full source code Collapse full source code View on GitHub
Changelog Changelog
| Version | Description |
|---|---|
| 7.0.0 | Introduced. |