Add validation so user cannot enter invalid regular expressions

berkmancenter · May 3, 2015 · b714b2f · b714b2f
1 parent c6731e9
commit b714b2f
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/amber/amber-settings.php b/amber/amber-settings.php
@@ -230,7 +230,6 @@ public function sanitize( $input )
 
  $valid_string_options = array(
  'amber_storage_location',
- 'amber_excluded_sites',
  'amber_excluded_formats',
  'amber_country_id'
  );
@@ -239,7 +238,32 @@ public function sanitize( $input )
  $new_input[$opt] = sanitize_text_field( $input[$opt] );
  }
 
+ /* Validate excluded sites regular expressions */
+ $excluded_sites = explode( ',' , $input['amber_excluded_sites'] );
+ $sanitized_excluded_sites = array();
+ foreach ($excluded_sites as $site) {
+ $blacklistitem = preg_replace("/https?:\\/\\//i", "", trim($site));
+ if ($blacklistitem) {
+ $blacklistitem = str_replace("@", "\@", $blacklistitem); 
+ $blacklistitem = '@' . $blacklistitem . '@'; 
+ /* Hide warning messages from preg_match() that can be generated by
+ invalid user-entered regular expressions. */
+ $default_error_logging_level = error_reporting();
+ error_reporting(0);
+ $match_result = preg_match($blacklistitem, "foobar"); 
+ error_reporting($default_error_logging_level); 
+ if ($match_result === FALSE) {
+ add_settings_error('amber_excluded_sites', 'amber_excluded_sites', 
+ "'${site}' is not a valid regular expression for Excluded URL Patterns");
+ } else {
+ $sanitized_excluded_sites[] = $site;
+ }
+ }
+ }
+ $new_input['amber_excluded_sites'] = sanitize_text_field( implode( ",", $sanitized_excluded_sites ) );
+
  return $new_input;
+
  }
 
  /**