adjust sanitization of settings and warning messages

2019-03-06 17:23:06 +01:00 · 2019-03-06 17:23:06 +01:00 · b691f2c618
commit b691f2c618
parent c511dcb517
2 changed files with 105 additions and 47 deletions
--- a/inc/class-statifyblacklist-admin.php
+++ b/inc/class-statifyblacklist-admin.php
@ -20,6 +20,9 @@ if ( ! defined( 'ABSPATH' ) ) {
 * @since   1.0.0
 */
 class StatifyBlacklist_Admin extends StatifyBlacklist {
+	const MODE_NORMAL   = 0;
+	const MODE_REGEX    = 1;
+	const MODE_REGEX_CI = 2;

 	/**
 	 * Initialize admin-only components of the plugin.
@ -61,27 +64,51 @@ class StatifyBlacklist_Admin extends StatifyBlacklist {
 	 */
 	public static function update_options( $options = null ) {
 		if ( isset( $options ) && current_user_can( 'manage_options' ) ) {
-			// Sanitize URLs and remove empty inputs.
+
+			// Sanitize referer list.
 			$given_referer = $options['referer']['blacklist'];
-			if ( 0 === $options['referer']['regexp'] ) {
+			if ( self::MODE_NORMAL === $options['referer']['regexp'] ) {
+				// Sanitize URLs and remove empty inputs.
 				$sanitized_referer = self::sanitizeURLs( $given_referer );
+			} elseif ( self::MODE_REGEX === $options['referer']['regexp'] || self::MODE_REGEX_CI === $options['referer']['regexp'] ) {
+				// TODO Check regular expressions.
+				$sanitized_referer = $given_referer;
 			} else {
 				$sanitized_referer = $given_referer;
 			}

-			// Sanitize IPs and Subnets and remove empty inputs.
+			// Sanitize target list.
+			$given_target = $options['target']['blacklist'];
+			if ( self::MODE_REGEX === $options['target']['regexp'] || self::MODE_REGEX_CI === $options['target']['regexp'] ) {
+				// TODO Check regular expressions.
+				$sanitized_target = $given_target;
+			} else {
+				$sanitized_target = $given_target;
+			}
+
+			// Sanitize IPs and subnets and remove empty inputs.
 			$given_ip     = $options['ip']['blacklist'];
 			$sanitized_ip = self::sanitizeIPs( $given_ip );

 			// Abort on errors.
-			if ( ! empty( array_diff( array_keys( $given_referer ), array_keys( $sanitized_referer ) ) ) ) {
-				return array(
-					'referer' => $sanitized_referer,
-				);
-			} elseif ( ! empty( array_diff( $given_ip, $sanitized_ip ) ) ) {
-				return array(
-					'ip' => array_diff( $given_ip, $sanitized_ip ),
-				);
+			$errors = [
+				'referer' => [
+					'sanitized' => $sanitized_referer,
+					'diff'      => array_diff( $given_referer, $sanitized_referer ),
+				],
+				'target' => [
+					'sanitized' => $sanitized_target,
+					'diff'      => array_diff( $given_target, $sanitized_target ),
+				],
+				'ip'      => [
+					'sanitized' => $sanitized_ip,
+					'diff'      => array_diff( $given_ip, $sanitized_ip ),
+				],
+			];
+			if ( ! empty( $errors['referer']['diff'] )
+				|| ! empty( $errors['target']['diff'] )
+				|| ! empty( $errors['ip']['diff'] ) ) {
+				return $errors;
 			}

 			// Update database on success.
@ -300,10 +327,10 @@ class StatifyBlacklist_Admin extends StatifyBlacklist {
 					'/^((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])(\/([0-9]|[1-2][0-9]|3[0-2]))?$/',
 					$ip
 				) ||
-					preg_match(
-						'/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/',
-						$ip
-					);
+				preg_match(
+					'/^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$/',
+					$ip
+				);
 			}
 		);
 	}
--- a/views/settings-page.php
+++ b/views/settings-page.php
@ -29,31 +29,61 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 		// Extract referer array.
 		$referer_str = sanitize_textarea_field( wp_unslash( $_POST['statifyblacklist']['referer']['blacklist'] ) );
 		if ( empty( trim( $referer_str ) ) ) {
-			$referer = array();
+			$referer = [];
 		} else {
-			$referer = explode( "\r\n", $referer_str );
+			$referer = array_filter(
+				array_map(
+					function ( $a ) {
+						return trim( $a );
+					},
+					explode( "\r\n", $referer_str )
+				),
+				function ( $a ) {
+					return ! empty( $a );
+				}
+			);
 		}

 		// Extract target array.
 		$target_str = sanitize_textarea_field( wp_unslash( $_POST['statifyblacklist']['target']['blacklist'] ) );
 		if ( empty( trim( $target_str ) ) ) {
-			$target = array();
+			$target = [];
 		} else {
-			$target = explode( "\r\n", str_replace( '\\\\', '\\', $target_str ) );
+			$target = array_filter(
+				array_map(
+					function ( $a ) {
+						return trim( $a );
+					},
+					explode( "\r\n", str_replace( '\\\\', '\\', $target_str ) )
+				),
+				function ( $a ) {
+					return ! empty( $a );
+				}
+			);
 		}

 		// Extract IP array.
 		$ip_str = sanitize_textarea_field( wp_unslash( $_POST['statifyblacklist']['ip']['blacklist'] ) );
 		if ( empty( trim( $ip_str ) ) ) {
-			$ip = array();
+			$ip = [];
 		} else {
-			$ip = explode( "\r\n", $ip_str );
+			$ip = array_filter(
+				array_map(
+					function ( $a ) {
+						return trim( $a );
+					},
+					explode( "\r\n", $ip_str )
+				),
+				function ( $a ) {
+					return ! empty( $a );
+				}
+			);
 		}

 		// Update options (data will be sanitized).
 		$statifyblacklist_update_result = StatifyBlacklist_Admin::update_options(
-			array(
-				'referer' => array(
+			[
+				'referer' => [
 					'active'    => isset( $_POST['statifyblacklist']['referer']['active'] )
 						? (int) $_POST['statifyblacklist']['referer']['active'] : 0,
 					'cron'      => isset( $_POST['statifyblacklist']['referer']['cron'] )
@ -61,8 +91,8 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 					'regexp'    => isset( $_POST['statifyblacklist']['referer']['regexp'] )
 						? (int) $_POST['statifyblacklist']['referer']['regexp'] : 0,
 					'blacklist' => array_flip( $referer ),
-				),
-				'target'  => array(
+				],
+				'target'  => [
 					'active'    => isset( $_POST['statifyblacklist']['target']['active'] )
 						? (int) $_POST['statifyblacklist']['target']['active'] : 0,
 					'cron'      => isset( $_POST['statifyblacklist']['target']['cron'] )
@ -70,23 +100,25 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 					'regexp'    => isset( $_POST['statifyblacklist']['target']['regexp'] )
 						? (int) $_POST['statifyblacklist']['target']['regexp'] : 0,
 					'blacklist' => array_flip( $target ),
-				),
-				'ip'      => array(
+				],
+				'ip'      => [
 					'active'    => isset( $_POST['statifyblacklist']['ip']['active'] )
 						? (int) $_POST['statifyblacklist']['ip']['active'] : 0,
 					'blacklist' => $ip,
-				),
+				],
 				'version' => StatifyBlacklist::VERSION_MAIN,
-			)
+			]
 		);

 		// Generate messages.
 		if ( false !== $statifyblacklist_update_result ) {
-			if ( array_key_exists( 'referer', $statifyblacklist_update_result ) ) {
-				$statifyblacklist_post_warning = __( 'Some URLs are invalid and have been sanitized.', 'statify-blacklist' );
-			} elseif ( array_key_exists( 'ip', $statifyblacklist_update_result ) ) {
+			$statifyblacklist_post_warning = [];
+			if ( ! empty( $statifyblacklist_update_result['referer']['diff'] ) ) {
+				$statifyblacklist_post_warning[] = __( 'Some URLs are invalid and have been sanitized.', 'statify-blacklist' );
+			}
+			if ( ! empty( $statifyblacklist_update_result['ip']['diff'] ) ) {
 				// translators: List of invalid IP addresses (comma separated).
-				$statifyblacklist_post_warning = sprintf( __( 'Some IPs are invalid : %s', 'statify-blacklist' ), implode( ', ', $statifyblacklist_update_result['ip'] ) );
+				$statifyblacklist_post_warning[] = sprintf( __( 'Some IPs are invalid: %s', 'statify-blacklist' ), implode( ', ', $statifyblacklist_update_result['ip']['diff'] ) );
 			}
 		} else {
 			$statifyblacklist_post_success = __( 'Settings updated successfully.', 'statify-blacklist' );
@ -111,11 +143,10 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 		print '</p></div>';
 	}
 	if ( isset( $statifyblacklist_post_warning ) ) {
-		print '<div class="notice notice-warning"><p>' .
-			esc_html( $statifyblacklist_post_warning );
-		print '<br>';
-		esc_html_e( 'Settings have not been saved yet.', 'statify-blacklist' );
-		print '</p></div>';
+		foreach ( $statifyblacklist_post_warning as $w ) {
+			print '<div class="notice notice-warning"><p>' . esc_html( $w ) . '</p></div>';
+		}
+		print '<div class="notice notice-warning"><p>' . esc_html( 'Settings have not been saved yet.', 'statify-blacklist' ) . '</p></div>';
 	}
 	if ( isset( $statifyblacklist_post_success ) ) {
 		print '<div class="notice notice-success"><p>' .
@ -187,10 +218,10 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 				</th>
 				<td>
 					<textarea cols="40" rows="5" name="statifyblacklist[referer][blacklist]" id="statify-blacklist_referer"><?php
-					if ( isset( $statifyblacklist_update_result['referer'] ) ) {
-						print esc_html( implode( "\r\n", array_keys( $statifyblacklist_update_result['referer'] ) ) );
-					} else {
+					if ( empty( $statifyblacklist_update_result['referer'] ) ) {
 						print esc_html( implode( "\r\n", array_keys( StatifyBlacklist::$_options['referer']['blacklist'] ) ) );
+					} else {
+						print esc_html( implode( "\r\n", array_keys( $statifyblacklist_update_result['referer']['sanitized'] ) ) );
 					}
 					?></textarea>
 					<p class="description">
@ -270,10 +301,10 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 				</th>
 				<td>
 					<textarea cols="40" rows="5" name="statifyblacklist[target][blacklist]" id="statify-blacklist_target"><?php
-					if ( isset( $statifyblacklist_update_result['target'] ) ) {
-						print esc_html( implode( "\r\n", array_keys( $statifyblacklist_update_result['target'] ) ) );
-					} else {
+					if ( empty( $statifyblacklist_update_result['target'] ) ) {
 						print esc_html( implode( "\r\n", array_keys( StatifyBlacklist::$_options['target']['blacklist'] ) ) );
+					} else {
+						print esc_html( implode( "\r\n", array_keys( $statifyblacklist_update_result['target']['sanitized'] ) ) );
 					}
 					?></textarea>

@ -311,10 +342,10 @@ if ( ! empty( $_POST['statifyblacklist'] ) ) {
 				</th>
 				<td>
 					<textarea cols="40" rows="5" name="statifyblacklist[ip][blacklist]" id="statify-blacklist_ip"><?php
-					if ( isset( $statifyblacklist_update_result['ip'] ) ) {
-						print esc_html( implode( "\r\n", $statifyblacklist_update_result['ip'] ) );
-					} else {
+					if ( empty( $statifyblacklist_update_result['ip'] ) ) {
 						print esc_html( implode( "\r\n", StatifyBlacklist::$_options['ip']['blacklist'] ) );
+					} else {
+						print esc_html( implode( "\r\n", $statifyblacklist_update_result['ip']['sanitized'] ) );
 					}
 					?></textarea>