Filter uncanny-automator

automator_sanitize_input_fields

Filters input fields before they are saved, allowing modification of their values and meta keys.

add_filter( 'automator_sanitize_input_fields', $callback, 10, 3 );

Description

Filters input fields before saving them to a recipe. Developers can use this hook to sanitize or modify meta keys, meta values, and the recipe ID, ensuring data integrity and security before it's stored. The first parameter `true` can be used to short-circuit sanitization if needed.

Usage

add_filter( 'automator_sanitize_input_fields', 'your_function_name', 10, 3 );

Parameters

$meta_key (mixed)
This parameter is a boolean flag that determines whether the input fields should be sanitized.
$meta_value (mixed)
This parameter holds the meta key for the current field being processed.
$recipe (mixed)
This parameter contains the recipe object that the current meta value belongs to.

Return Value

The filtered value.

Examples

<?php

/**
 * Example of a custom sanitization for specific meta keys.
 *
 * This function demonstrates how to hook into the 'automator_sanitize_input_fields'
 * filter to perform custom sanitization on specific meta keys before they are saved.
 * In this example, we're ensuring that a meta key named 'custom_email_subject'
 * is always sanitized as a string, even if it comes in as something else,
 * and we're also performing a more aggressive sanitization for any meta key
 * that looks like a URL to prevent XSS.
 *
 * @param bool $should_sanitize The default value indicating whether to sanitize.
 * @param string $meta_key The meta key being processed.
 * @param mixed $meta_value The meta value being processed.
 * @param int $recipe_id The ID of the recipe.
 *
 * @return bool|mixed The modified value to be sanitized or not.
 */
function my_automator_custom_input_sanitization( $should_sanitize, $meta_key, $meta_value, $recipe_id ) {
	// If the default is already set to false, respect that.
	if ( false === $should_sanitize ) {
		return false;
	}

	// Example 1: Ensure a specific meta key is always sanitized as a string.
	if ( 'custom_email_subject' === $meta_key ) {
		// We want to sanitize it as a string, so return true to proceed with general sanitization.
		// The general sanitization by Automator()->utilities->automator_sanitize()
		// will handle the string conversion.
		return true;
	}

	// Example 2: Aggressive sanitization for potential URLs to prevent XSS.
	// This is a simplified example; a real-world scenario might involve more complex checks.
	if ( is_string( $meta_value ) && ( strpos( $meta_value, 'http://' ) === 0 || strpos( $meta_value, 'https://' ) === 0 ) ) {
		// Use a more robust sanitization function if available, or a standard one.
		// For this example, we'll assume the global automator_sanitize is sufficient
		// or we could introduce a custom sanitize_url function here.
		// We return true to allow the existing automator_sanitize to run.
		return true;
	}

	// For all other cases, let the default sanitization behavior apply.
	return $should_sanitize;
}

add_filter( 'automator_sanitize_input_fields', 'my_automator_custom_input_sanitization', 10, 4 );

/**
 * Example of a recipe-specific sanitization.
 *
 * This function demonstrates how to hook into the 'automator_sanitize_input_fields_{recipe_id}'
 * filter to apply unique sanitization rules for a particular recipe.
 * Here, for recipe ID 123, we'll strip all HTML tags from a meta key named 'user_comment'.
 *
 * @param bool $should_sanitize The default value indicating whether to sanitize.
 * @param string $meta_key The meta key being processed.
 * @param mixed $meta_value The meta value being processed.
 *
 * @return bool|mixed The modified value to be sanitized or not.
 */
function my_automator_recipe_123_specific_sanitization( $should_sanitize, $meta_key, $meta_value ) {
	// If the default is already set to false, respect that.
	if ( false === $should_sanitize ) {
		return false;
	}

	// Apply specific sanitization only for recipe ID 123 and a specific meta key.
	if ( 'user_comment' === $meta_key ) {
		// Strip all HTML tags from the meta value.
		$sanitized_value = wp_strip_all_tags( $meta_value );
		// You might want to update the meta_value directly if the filter allowed modification
		// of the value, but this filter primarily controls *whether* to sanitize.
		// To modify the value directly, you'd typically use a different filter or
		// modify it *after* this check if this filter returns true.
		// For demonstration, we'll assume the main loop will then sanitize this value.
		// If you wanted to *replace* the value entirely, you'd do it here and return it.
		return true; // Indicate that sanitization should proceed (which will use wp_strip_all_tags implicitly or explicitly later).
	}

	// For other meta keys within recipe 123, or for other recipes,
	// let the default sanitization behavior apply.
	return $should_sanitize;
}

// Hook this function specifically for recipe ID 123.
// The '.123' part of the hook name is dynamic.
add_filter( 'automator_sanitize_input_fields_123', 'my_automator_recipe_123_specific_sanitization', 10, 3 );

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

src/core/automator-post-types/uo-recipe/class-recipe-post-rest-api.php:571

*/
			do_action( 'automator_recipe_closure_created', $post_id, $item_code, $request );
		}

		if ( ! empty( $default_meta ) && is_array( $default_meta ) ) {
			foreach ( $default_meta as $meta_key => $meta_value ) {
				if (
					true === apply_filters( 'automator_sanitize_input_fields', true, $meta_key, $meta_value, $recipe->ID ) &&
					true === apply_filters( 'automator_sanitize_input_fields_' . $recipe->ID, true, $meta_key, $meta_value )
				) {
					$meta_value = Automator()->utilities->automator_sanitize( $meta_value );
					$meta_key   = Automator()->utilities->automator_sanitize( $meta_key );
				}
				update_post_meta( $post_id, $meta_key, $meta_value );
			}
Scroll to Top