llms_filter_input_sanitize_string( string $type, string $variable_name, int[] $flags = array() )

Function used to sanitize user input in a manner similar to the (deprecated) FILTER_SANITIZE_STRING.

Contents

Description Description

This function retrieves the raw user input via llms_filter_input() using the FILTER_UNSAFE_RAW filter, strips all tags, and then encodes single and double quotes with the relevant HTML entity codes.

In many cases, the usage of FILTER_SANITIZE_STRING can be easily replaced with FILTER_SANITIZE_FULL_SPECIAL_CHARS but in some cases, especially when storing the user input, encoding all special characters can result in an stored XSS injection so this function can be used to preserve the pre PHP 8.1 behavior where sanitization is expected during the retrieval of user input.

Top ↑

Parameters Parameters

$type

(string) (Required) One of INPUT_GET, INPUT_POST, INPUT_COOKIE, INPUT_SERVER, or INPUT_ENV.

$variable_name

(string) (Required) Name of a variable to retrieve.

$flags

(int[]) (Optional) Array of supported filter options and flags. Accepts FILTER_REQUIRE_ARRAY in order to require the input to be an array. Accepts FILTER_FLAG_NO_ENCODE_QUOTES to prevent encoding of quotes.

Default value: array()

Top ↑

Return Return

(string|string[]|null|boolean) Value of the requested variable on success, false if the filter fails, or null if the $variable_name variable is not set.

Top ↑

Source Source

File: includes/llms.functions.core.php 

 */
function llms_filter_input_sanitize_string( $type, $variable_name, $flags = array() ) {

	$require_array = in_array( FILTER_REQUIRE_ARRAY, $flags, true );

	$string = llms_filter_input( $type, $variable_name, FILTER_UNSAFE_RAW, $require_array ? FILTER_REQUIRE_ARRAY : array() );

	// If we have an empty string or the input var isn't found we can return early.
	if ( empty( $string ) ) {
		return $string;
	}

	$string = $require_array ? array_map( 'wp_strip_all_tags', $string ) : wp_strip_all_tags( $string );

	if ( ! in_array( FILTER_FLAG_NO_ENCODE_QUOTES, $flags, true ) ) {
		$string = str_replace(
			array( "'", '"' ),
			array( ''', '"' ),
			$string
		);
	}

	return $string;

Expand full source code Collapse full source code View on GitHub

Top ↑

Uses Uses

Uses
Uses Description
includes/functions/llms-functions-wrappers.php: llms_filter_input()

Gets a specific external variable by name and optionally filters it

Top ↑

Used By Used By

Used By
Used By Description
includes/admin/class.llms.admin.settings.php: LLMS_Admin_Settings::get_array_field_posted_value()

Retrieves the posted value for an array type setting field.
includes/class.llms.ajax.handler.php: LLMS_AJAX_Handler::check_voucher_duplicate()

Determines if voucher codes already exist.
includes/admin/post-types/meta-boxes/class.llms.meta.box.order.details.php: LLMS_Meta_Box_Order_Details::save_remaining_payments()

Save remaining payment date for expiring recurring orders
includes/forms/controllers/class.llms.controller.account.php: LLMS_Controller_Account::reset_password_link_redirect()

Automatically redirect password reset links to the password reset form page.
includes/forms/controllers/class.llms.controller.account.php: LLMS_Controller_Account::reset_password_handler()

Handle the submission of the password reset form.
includes/forms/class-llms-form-field.php: LLMS_Form_Field::prepare_value()

Prepare the field’s value.
includes/forms/controllers/class.llms.controller.account.php: LLMS_Controller_Account::redeem_voucher()

Redeem a voucher from the “Redeem Voucher” endpoint of the student dashboard
includes/admin/class.llms.admin.setup.wizard.php: LLMS_Admin_Setup_Wizard::save_payments()

Save the “Payments” step.
includes/admin/reporting/tabs/class.llms.admin.reporting.tab.memberships.php: LLMS_Admin_Reporting_Tab_Memberships::output()

Output tab content.
includes/admin/post-types/meta-boxes/class.llms.meta.box.order.enrollment.php: LLMS_Meta_Box_Order_Enrollment::save_update_enrollment()

Update enrollment data based on posted values.
includes/class.llms.ajax.php: LLMS_AJAX::query_quiz_questions()

Retrieve Quiz Questions
includes/class.llms.review.php: LLMS_Reviews::process_review()

This function adds the review to the database. It is called by the AJAX handler when the submit review button is pressed. This function gathers the data from $_POST and then adds the review with the appropriate content.
includes/abstracts/abstract.llms.analytics.widget.php: LLMS_Analytics_Widget::get_posted_dates()

Retrieve posted dates.
includes/functions/llms.functions.templates.dashboard.php: lifterlms_template_student_dashboard_my_grades()

Output the “My Grades” template screen on the student dashboard.
includes/class.llms.ajax.handler.php: LLMS_AJAX_Handler::query_students()

Retrieve Students.
includes/class.llms.ajax.handler.php: LLMS_AJAX_Handler::select2_query_posts()

Handle Select2 Search boxes for WordPress Posts by Post Type and Post Status.
includes/controllers/class.llms.controller.admin.quiz.attempts.php: LLMS_Controller_Admin_Quiz_Attempts::save_grade()

Saves changes to a quiz
includes/forms/controllers/class.llms.controller.account.php: LLMS_Controller_Account::lost_password()

Handle form submission of the Lost Password form
includes/shortcodes/class.llms.shortcode.checkout.php: LLMS_Shortcode_Checkout::output()

Gather a bunch of information and output the actual content for the shortcode.
includes/class.llms.view.manager.php: LLMS_View_Manager::get_inline_script()

Inline JS.
includes/admin/class.llms.admin.page.status.php: LLMS_Admin_Page_Status::output_logs_content()

Output the HTML for the Logs tab
includes/admin/class.llms.admin.page.status.php: LLMS_Admin_Page_Status::output()

Output the system report
includes/admin/class.llms.admin.page.status.php: LLMS_Admin_Page_Status::do_tool()

Handle tools actions
includes/admin/class.llms.admin.setup.wizard.php: LLMS_Admin_Setup_Wizard::get_current_step()

Retrieve the current step and default to the intro
includes/admin/class.llms.admin.settings.php: LLMS_Admin_Settings::save_fields()

Save admin fields.
includes/admin/class.llms.admin.settings.php: LLMS_Admin_Settings::output()

Settings Page output tabs
includes/admin/settings/class.llms.settings.notifications.php: LLMS_Settings_Notifications::after_save()

Send a test notification after notification data is saved
includes/admin/settings/class.llms.settings.notifications.php: LLMS_Settings_Notifications::get_notification_settings()

Get settings specific to the current notification type
includes/admin/settings/class.llms.settings.notifications.php: LLMS_Settings_Notifications::get_settings()

Get settings array
includes/admin/reporting/class.llms.admin.reporting.php: LLMS_Admin_Reporting::get_date_start()

Get the current start date according to filters.
includes/admin/reporting/class.llms.admin.reporting.php: LLMS_Admin_Reporting::get_date_end()

Get the current end date according to filters.
includes/admin/reporting/class.llms.admin.reporting.php: LLMS_Admin_Reporting::get_current_tab()

Retrieve the current reporting tab.
includes/admin/reporting/class.llms.admin.reporting.php: LLMS_Admin_Reporting::get_current_range()

Get the currently selected date range filter.
includes/admin/reporting/tabs/class.llms.admin.reporting.tab.students.php: LLMS_Admin_Reporting_Tab_Students::output()

Output HTML for the current view within the students tab
includes/admin/reporting/tabs/class.llms.admin.reporting.tab.courses.php: LLMS_Admin_Reporting_Tab_Courses::output()

Output tab content
includes/admin/reporting/tabs/class.llms.admin.reporting.tab.quizzes.php: LLMS_Admin_Reporting_Tab_Quizzes::output()

Output tab content
includes/admin/post-types/post-tables/class.llms.admin.post.table.instructors.php: LLMS_Admin_Post_Table_Instructors::get_views()

Ensure that the “Mine” view quick link at the top of the table displays the correct number Most of this is based on WordPress core functions found in wp-admin/includes/class-wp-posts-list-table.php
includes/admin/post-types/post-tables/class.llms.admin.post.table.orders.php: LLMS_Admin_Post_Table_Orders::modify_admin_search()

Modify the search query for various post types before retrieving posts.
includes/admin/post-types/meta-boxes/class.llms.meta.box.engagement.php: LLMS_Meta_Box_Engagement::save()

Custom save method.
includes/admin/post-types/meta-boxes/class.llms.meta.box.visibility.php: LLMS_Meta_Box_Visibility::save()

Save the settings
includes/admin/post-types/meta-boxes/class.llms.meta.box.membership.php: LLMS_Meta_Box_Membership::save()

Save field data.
includes/admin/post-types/meta-boxes/class.llms.meta.box.voucher.php: LLMS_Meta_Box_Voucher::save()

Save method
includes/admin/post-types/meta-boxes/class.llms.meta.box.order.transactions.php: LLMS_Meta_Box_Order_Transactions::save_transaction()

Save method, records manual transactions
includes/admin/post-types/meta-boxes/class.llms.meta.box.order.transactions.php: LLMS_Meta_Box_Order_Transactions::save_refund()

Save method, processes refunds
includes/admin/post-types/meta-boxes/class.llms.meta.box.order.details.php: LLMS_Meta_Box_Order_Details::save()

Save method
includes/admin/post-types/meta-boxes/class.llms.meta.box.course.options.php: LLMS_Meta_Box_Course_Options::save_before()

Update course difficulty on save
includes/admin/post-types/meta-boxes/class.llms.meta.box.order.submit.php: LLMS_Meta_Box_Order_Submit::save()

Save action, update order status
includes/admin/post-types/meta-boxes/class.llms.meta.box.voucher.export.php: LLMS_Meta_Box_Voucher_Export::export()

Export vouchers.
includes/admin/post-types/meta-boxes/class.llms.meta.box.coupon.php: LLMS_Meta_Box_Coupon::save()

Save all metadata
includes/admin/class.llms.admin.addons.php: LLMS_Admin_AddOns::get_current_section()

Retrieves the current section from the query string.
includes/admin/class.llms.admin.user.custom.fields.php: LLMS_Admin_User_Custom_Fields::save()

Save custom field data for a user
includes/admin/class.llms.admin.reviews.php: LLMS_Admin_Reviews::save_review_meta_boxes()

Save metabox fields.
Show 47 more used by Hide more used by

Top ↑

Changelog Changelog

Changelog
Version Description
5.9.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.