Improve data validation.

* Improve data validation to have a better and sanitize information save and read.

subscribe-to-comments-reloaded/options/index.php

@@ -12,28 +12,38 @@ function subscribe_reloaded_update_option( $_option = '', $_value = '', $_type =
 
 	// Prevent XSS/CSRF attacks
 	$_value = stripslashes( $_value );
-	$_value = esc_attr( $_value ); // esc_attr Will encode all the text.
 
 	switch ( $_type ) {
 		case 'yesno':
 			if ( $_value == 'yes' || $_value == 'no' ) {
-				update_option( 'subscribe_reloaded_' . $_option, $_value );
+				update_option( 'subscribe_reloaded_' . $_option, esc_attr( $_value ) );
 
 				return true;
 			}
 			break;
 		case 'integer':
-			update_option( 'subscribe_reloaded_' . $_option, abs( intval( $_value ) ) );
+			update_option( 'subscribe_reloaded_' . $_option, abs( intval( esc_attr( $_value ) ) ) );
 
 			return true;
 			break;
-		case 'text-html-encode':
-			update_option( 'subscribe_reloaded_' . $_option, htmlentities( $_value, ENT_QUOTES, 'UTF-8' ) );
+        case 'text':
+            update_option( 'subscribe_reloaded_' . $_option, sanitize_text_field( $_value ) );
 
-			return true;
-			break;
+            return true;
+        case 'text-html':
+            update_option( 'subscribe_reloaded_' . $_option, esc_html( $_value ) );
+
+            return true;
+        case 'email':
+            update_option( 'subscribe_reloaded_' . $_option, sanitize_email( esc_attr( $_value ) ) );
+
+            return true;
+        case 'url':
+            update_option( 'subscribe_reloaded_' . $_option, esc_url( $_value ) );
+
+            return true;
 		default:
-			update_option( 'subscribe_reloaded_' . $_option, $_value );
+			update_option( 'subscribe_reloaded_' . $_option, esc_attr( $_value ) );
 
 			return true;
 			break;

subscribe-to-comments-reloaded/options/panel2.php

@@ -23,23 +23,23 @@
 	if ( isset( $_POST['options']['default_subscription_type'] ) && ! subscribe_reloaded_update_option( 'default_subscription_type', $_POST['options']['default_subscription_type'], 'integer' ) ) {
 		$faulty_fields = __( 'Advanced subscription', 'subscribe-reloaded' ) . ', ';
 	}
-	if ( isset( $_POST['options']['checkbox_inline_style'] ) && ! subscribe_reloaded_update_option( 'checkbox_inline_style', $_POST['options']['checkbox_inline_style'], 'text-no-encode' ) ) {
+	if ( isset( $_POST['options']['checkbox_inline_style'] ) && ! subscribe_reloaded_update_option( 'checkbox_inline_style', $_POST['options']['checkbox_inline_style'], 'text-html' ) ) {
 		$faulty_fields = __( 'Custom inline style', 'subscribe-reloaded' ) . ', ';
 	}
-	if ( isset( $_POST['options']['checkbox_html'] ) && ! subscribe_reloaded_update_option( 'checkbox_html', $_POST['options']['checkbox_html'], 'text-no-encode' ) ) {
+	if ( isset( $_POST['options']['checkbox_html'] ) && ! subscribe_reloaded_update_option( 'checkbox_html', $_POST['options']['checkbox_html'], 'text-html' ) ) {
 		$faulty_fields = __( 'Custom HTML', 'subscribe-reloaded' ) . ', ';
 	}
 	// default_subscription_type
-	if ( isset( $_POST['options']['checkbox_label'] ) && ! subscribe_reloaded_update_option( 'checkbox_label', $_POST['options']['checkbox_label'], 'text-no-encode' ) ) {
+	if ( isset( $_POST['options']['checkbox_label'] ) && ! subscribe_reloaded_update_option( 'checkbox_label', $_POST['options']['checkbox_label'], 'text-html' ) ) {
 		$faulty_fields = __( 'Checkbox label', 'subscribe-reloaded' ) . ', ';
 	}
-	if ( isset( $_POST['options']['subscribed_label'] ) && ! subscribe_reloaded_update_option( 'subscribed_label', $_POST['options']['subscribed_label'], 'text-no-encode' ) ) {
+	if ( isset( $_POST['options']['subscribed_label'] ) && ! subscribe_reloaded_update_option( 'subscribed_label', $_POST['options']['subscribed_label'], 'text-html' ) ) {
 		$faulty_fields = __( 'Subscribed label', 'subscribe-reloaded' ) . ', ';
 	}
-	if ( isset( $_POST['options']['subscribed_waiting_label'] ) && ! subscribe_reloaded_update_option( 'subscribed_waiting_label', $_POST['options']['subscribed_waiting_label'], 'text-no-encode' ) ) {
+	if ( isset( $_POST['options']['subscribed_waiting_label'] ) && ! subscribe_reloaded_update_option( 'subscribed_waiting_label', $_POST['options']['subscribed_waiting_label'], 'text-html' ) ) {
 		$faulty_fields = __( 'Awaiting label', 'subscribe-reloaded' ) . ', ';
 	}
-	if ( isset( $_POST['options']['author_label'] ) && ! subscribe_reloaded_update_option( 'author_label', $_POST['options']['author_label'], 'text-no-encode' ) ) {
+	if ( isset( $_POST['options']['author_label'] ) && ! subscribe_reloaded_update_option( 'author_label', $_POST['options']['author_label'], 'text-html' ) ) {
 		$faulty_fields = __( 'Author label', 'subscribe-reloaded' ) . ', ';
 	}
 

subscribe-to-comments-reloaded/options/panel3.php

@@ -18,38 +18,38 @@
 		$faulty_fields = __( 'Page title', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['manager_page'] )
-		&& ! subscribe_reloaded_update_option( 'manager_page', $_POST['options']['manager_page'], 'text-no-encode' )
+		&& ! subscribe_reloaded_update_option( 'manager_page', $_POST['options']['manager_page'], 'url' )
 	) {
 		$faulty_fields = __( 'Management URL', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['custom_header_meta'] )
-		&& ! subscribe_reloaded_update_option( 'custom_header_meta', $_POST['options']['custom_header_meta'], 'text-no-encode' )
+		&& ! subscribe_reloaded_update_option( 'custom_header_meta', $_POST['options']['custom_header_meta'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Custom HEAD meta', 'subscribe-reloaded' ) . ', ';
 	}
 
 	if ( isset( $_POST['options']['request_mgmt_link'] )
-		&& ! subscribe_reloaded_update_option( 'request_mgmt_link', $_POST['options']['request_mgmt_link'], 'text' )
+		&& ! subscribe_reloaded_update_option( 'request_mgmt_link', $_POST['options']['request_mgmt_link'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Request link', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['request_mgmt_link_thankyou'] )
-		&& ! subscribe_reloaded_update_option( 'request_mgmt_link_thankyou', $_POST['options']['request_mgmt_link_thankyou'], 'text' )
+		&& ! subscribe_reloaded_update_option( 'request_mgmt_link_thankyou', $_POST['options']['request_mgmt_link_thankyou'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Request submitted', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['subscribe_without_commenting'] )
-		&& ! subscribe_reloaded_update_option( 'subscribe_without_commenting', $_POST['options']['subscribe_without_commenting'], 'text' )
+		&& ! subscribe_reloaded_update_option( 'subscribe_without_commenting', $_POST['options']['subscribe_without_commenting'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Subscribe without commenting', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['subscription_confirmed'] )
-		&& ! subscribe_reloaded_update_option( 'subscription_confirmed', $_POST['options']['subscription_confirmed'], 'text' )
+		&& ! subscribe_reloaded_update_option( 'subscription_confirmed', $_POST['options']['subscription_confirmed'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Subscription processed', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['subscription_confirmed_dci'] )
-		&& ! subscribe_reloaded_update_option( 'subscription_confirmed_dci', $_POST['options']['subscription_confirmed_dci'], 'text' )
+		&& ! subscribe_reloaded_update_option( 'subscription_confirmed_dci', $_POST['options']['subscription_confirmed_dci'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Subscription processed (DCI)', 'subscribe-reloaded' ) . ', ';
 	}

subscribe-to-comments-reloaded/options/panel4.php

@@ -15,12 +15,12 @@
 		$faulty_fields = __( 'Sender name', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['from_email'] ) &&
-		! subscribe_reloaded_update_option( 'from_email', $_POST['options']['from_email'], 'text' )
+		! subscribe_reloaded_update_option( 'from_email', $_POST['options']['from_email'], 'email' )
 	) {
 		$faulty_fields = __( 'Sender email address', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['reply_to'] ) &&
-		! subscribe_reloaded_update_option( 'reply_to', $_POST['options']['reply_to'], 'text' )
+		! subscribe_reloaded_update_option( 'reply_to', $_POST['options']['reply_to'], 'email' )
 	) {
 		$faulty_fields = __( 'Sender email address', 'subscribe-reloaded' ) . ', ';
 	}
@@ -31,13 +31,13 @@
 	}
 	if ( isset( $_POST['options']['notification_content'] ) &&
 		trim( $_POST['options']['notification_content'] ) == false &&
-		! subscribe_reloaded_update_option( 'notification_content', "<h1>There is a new comment on [post_title].</h1><hr><p><strong>Comment link:</strong>&nbsp;<a href=\"[comment_permalink]\" data-mce-href=\"[comment_permalink]\">[comment_permalink]</a>&nbsp;<br><strong>Author:</strong>&nbsp;[comment_author]</p><p><strong>Comment:</strong><br>[comment_content]</p><div style=\"font-size: 0.8em\" data-mce-style=\"font-size: 0.8em;\"><strong>Permalink:</strong>&nbsp;<a href=\"[post_permalink]\" data-mce-href=\"[post_permalink]\">[post_permalink]</a><br><a href=\"[manager_link]\" data-mce-href=\"[manager_link]\">Manage your subscriptions</a>&nbsp;|&nbsp;<a href=\"[oneclick_link]\" data-mce-href=\"[oneclick_link]\">One click unsubscribe</a></div>", 'text-no-encode' )
+		! subscribe_reloaded_update_option( 'notification_content', "<h1>There is a new comment on [post_title].</h1><hr><p><strong>Comment link:</strong>&nbsp;<a href=\"[comment_permalink]\" data-mce-href=\"[comment_permalink]\">[comment_permalink]</a>&nbsp;<br><strong>Author:</strong>&nbsp;[comment_author]</p><p><strong>Comment:</strong><br>[comment_content]</p><div style=\"font-size: 0.8em\" data-mce-style=\"font-size: 0.8em;\"><strong>Permalink:</strong>&nbsp;<a href=\"[post_permalink]\" data-mce-href=\"[post_permalink]\">[post_permalink]</a><br><a href=\"[manager_link]\" data-mce-href=\"[manager_link]\">Manage your subscriptions</a>&nbsp;|&nbsp;<a href=\"[oneclick_link]\" data-mce-href=\"[oneclick_link]\">One click unsubscribe</a></div>", 'text-html' )
 	) {
 		$faulty_fields = __( 'Notification message', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['notification_content'] ) &&
 		trim( $_POST['options']['notification_content'] )  &&
-		! subscribe_reloaded_update_option( 'notification_content', $_POST['options']['notification_content'], 'text-no-encode' )
+		! subscribe_reloaded_update_option( 'notification_content', $_POST['options']['notification_content'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Notification message', 'subscribe-reloaded' ) . ', ';
 	}
@@ -47,7 +47,7 @@
 		$faulty_fields = __( 'Double check subject', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['double_check_content'] ) &&
-		! subscribe_reloaded_update_option( 'double_check_content', $_POST['options']['double_check_content'], 'text' )
+		! subscribe_reloaded_update_option( 'double_check_content', $_POST['options']['double_check_content'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Double check message', 'subscribe-reloaded' ) . ', ';
 	}
@@ -57,17 +57,17 @@
 		$faulty_fields = __( 'Management subject', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['management_content'] ) &&
-		! subscribe_reloaded_update_option( 'management_content', $_POST['options']['management_content'], 'text' )
+		! subscribe_reloaded_update_option( 'management_content', $_POST['options']['management_content'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Management message', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['oneclick_text'] ) &&
-		! subscribe_reloaded_update_option( 'oneclick_text', $_POST['options']['oneclick_text'], 'text' )
+		! subscribe_reloaded_update_option( 'oneclick_text', $_POST['options']['oneclick_text'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Management message', 'subscribe-reloaded' ) . ', ';
 	}
 	if ( isset( $_POST['options']['management_email_content'] ) &&
-		! subscribe_reloaded_update_option( 'management_email_content', $_POST['options']['management_email_content'], 'text' )
+		! subscribe_reloaded_update_option( 'management_email_content', $_POST['options']['management_email_content'], 'text-html' )
 	) {
 		$faulty_fields = __( 'Management Email message', 'subscribe-reloaded' ) . ', ';
 	}