GC_Customize_Widgets::sanitize_widget_instance()

最后更新于:2021-11-27 12:21:34

GC_Customize_Widgets::sanitize_widget_instance( array$value, string$id_base=null)

Sanitizes a widget instance.

参数

$value

(array) (Required) Widget instance to sanitize.

$id_base

(string) (Optional) Base of the ID of the widget being sanitized.

Default value: null

响应

(array|void) Sanitized widget instance.

源文件

文件: gc-includes/class-gc-customize-widgets.php 

	public function sanitize_widget_instance( $value, $id_base = null ) {
		global $gc_widget_factory;

		if ( array() === $value ) {
			return $value;
		}

		if ( isset( $value['raw_instance'] ) && $id_base && gc_use_widgets_block_editor() ) {
			$widget_object = $gc_widget_factory->get_widget_object( $id_base );
			if ( ! empty( $widget_object->widget_options['show_instance_in_rest'] ) ) {
				if ( 'block' === $id_base && ! current_user_can( 'unfiltered_html' ) ) {
					/*
					 * The content of the 'block' widget is not filtered on the
					 * fly while editing. Filter the content here to prevent
					 * vulnerabilities.
					 */
					$value['raw_instance']['content'] = gc_kses_post( $value['raw_instance']['content'] );
				}

				return $value['raw_instance'];
			}
		}

		if (
			empty( $value['is_widget_customizer_js_value'] ) ||
			empty( $value['instance_hash_key'] ) ||
			empty( $value['encoded_serialized_instance'] )
		) {
			return;
		}

		$decoded = base64_decode( $value['encoded_serialized_instance'], true );
		if ( false === $decoded ) {
			return;
		}

		if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
			return;
		}

		$instance = unserialize( $decoded );
		if ( false === $instance ) {
			return;
		}

		return $instance;
	}