如何在求职申请表中验证文本字段内容?确保内容只包含AZ和az中的字符,以避免SQL注入和其他错误的字符串,如 | _"' $ @ !; ...等???
答案 0 :(得分:1)
任何好的插件都应该已经进行了文本清理。如果你想通过自定义的PHP代码自己清理文本,你可以使用内置的WordPress函数PHP来完成这项工作:
http://php.net/manual/en/filter.filters.sanitize.php
或
https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data
例如,对于文本字段输入,我们可以过滤这样的内容:
$title = sanitize_text_field( $_POST['title'] );
update_post_meta( $post->ID, 'title', $title );
答案 1 :(得分:0)
我通过添加内容验证来自定义sjb(简单作业板)插件,该插件通过应用程序形式的插件生成的任何文本字段的特定模式添加内容验证,该插件仅允许字符[A-Z,a-z]。
只需替换此文件即可 简单的工作板/模板/单jobpost /作业application.php 通过这段代码:
<?php
/**
* Display the job application form.
*
* Override this template by copying it to yourtheme/simple_job_board/single-jobpost/job-application.php
*
* @author PressTigers
* @package Simple_Job_Board
* @subpackage Simple_Job_Board/Templates
* @version 1.0.0
* @since 2.1.0
* @since 2.2.2 Added more @hooks in application form.
* @since 2.3.0 Added "sjb_job_application_template" filter & "sjb_job_application_form_fields" filter.
*/
ob_start();
global $post;
/**
* Fires on job detail page before displaying job application section.
*
* @since 2.1.0
*/
do_action('sjb_job_application_before');
?>
<!-- Start Job Application Form
================================================== -->
<form class="jobpost-form" id="sjb-application-form" name="c-assignments-form" enctype="multipart/form-data">
<h3><?php echo apply_filters('sjb_job_application_form_title', esc_html__('Apply Online', 'simple-job-board')); ?></h3>
<div class="row">
<div class="col-md-12">
<?php
/**
* Fires on job detail page at start of job application form.
*
* @since 2.3.0
*/
do_action('sjb_job_application_form_fields_start');
$keys = get_post_custom_keys(get_the_ID());
if (NULL != $keys):
foreach ($keys as $key):
if (substr($key, 0, 7) == 'jobapp_'):
$val = get_post_meta(get_the_ID(), $key, TRUE);
$val = unserialize($val);
$is_required = isset($val['optional']) ? "checked" === $val['optional'] ? 'required="required"' : "" : 'required="required"';
$required_class = isset($val['optional']) ? "checked" === $val['optional'] ? "sjb-required" : "sjb-not-required" : "sjb-required";
$required_field_asterisk = isset($val['optional']) ? "checked" === $val['optional'] ? '<span class="required">*</span>' : "" : '<span id="sjb-required">*</span>';
$id = preg_replace('/[^\p{L}\p{N}\_]/u', '_', $key);
$name = preg_replace('/[^\p{L}\p{N}\_]/u', '_', $key);
$label = isset($val['label']) ? $val['label'] : ucwords(str_replace('_', ' ', substr($key, 7)));
// Field Type Meta
$field_type_meta = array(
'id' => $id,
'name' => $name,
'label' => $label,
'type' => $val['type'],
'is_required' => $is_required,
'required_class' => $required_class,
'required_field_asterisk' => $required_field_asterisk,
);
/**
* Fires on job detail page at start of job application form.
*
* @since 2.3.0
*/
do_action('sjb_job_application_form_fields', $field_type_meta);
//. '<input type="text" name="' . $name . '" class="form-control ' . $required_class . '" id="' . $id . '" ' . $is_required . ' >'
switch ($val['type']) {
case 'text':
echo '<div class="form-group">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<input type="text" name="' . $name . '" class="form-control sjb-text ' . $required_class . '" id="' . $id . '" ' . $is_required . '><span class="sjb-invalid-text validity-note">' . esc_html__('A valid text is required.', 'simple-job-board') . '</span>'
. '</div>';
break;
case 'text_area':
echo '<div class="form-group">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<textarea name="' . $name . '" class="form-control ' . $required_class . '" id="' . $id . '" ' . $is_required . '></textarea>'
. '</div>';
break;
case 'email':
echo '<div class="form-group">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<input type="email" name="' . $name . '" class="form-control sjb-email-address ' . $required_class . '" id="' . $id . '" ' . $is_required . '><span class="sjb-invalid-email validity-note">' . esc_html__('A valid email address is required.', 'simple-job-board') . '</span>'
. '</div>';
break;
case 'phone':
echo '<div class="form-group">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<input type="tel" name="' . $name . '" class="form-control sjb-phone-number ' . $required_class . '" id="' . $id . '" ' . $is_required . '><span class="sjb-invalid-phone validity-note" id="' . $id . '-invalid-phone">' . esc_html__('A valid phone number is required.', 'simple-job-board') . ' </span>'
. '</div>';
break;
case 'date':
echo '<div class="form-group">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<input type="text" name="' . $name . '" class="form-control sjb-datepicker ' . $required_class . '" id="' . $id . '" ' . $is_required . '>'
. '</div>';
break;
case 'radio':
if ($val['options'] != '') {
echo '<div class="form-group">'
. '<label class="sjb-label-control" for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<div id="' . $key . '" >';
$options = explode(',', $val['options']);
$i = 0;
foreach ($options as $option) {
echo '<label class="small"><input type="radio" name="' . $name . '" class=" ' . $required_class . '" id="' . $id . '" value="' . $option . '" ' . sjb_is_checked( $i ) . ' ' . $is_required . '>' . $option . ' </label> ';
$i++;
}
echo '</div></div>';
}
break;
case 'dropdown':
if ($val['options'] != '') {
echo '<div class="form-group">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<div id="' . $key . '" >'
. '<select class="form-control" name="' . $name . '" id="' . $id . '" ' . $is_required . '>';
$options = explode(',', $val['options']);
foreach ($options as $option) {
echo '<option class="' . $required_class . '" value="' . $option . '" >' . $option . ' </option>';
}
echo '</select></div></div>';
}
break;
case 'checkbox' :
if ($val['options'] != '') {
echo '<div class="form-group ">'
. '<label for="' . $key . '">' . $label . $required_field_asterisk . '</label>'
. '<div id="' . $key . '">';
$options = explode(',', $val['options']);
$i = 0;
foreach ($options as $option) {
echo '<label class="small"><input type="checkbox" name="' . $name . '[]" class="' . $required_class . '" id="' . $id . '" value="' . $option . '" ' . $i . ' ' . $is_required . '>' . $option . ' </label>';
$i++;
}
echo '</div></div>';
}
break;
}
endif;
endforeach;
endif;
/**
* Modify the output of file upload button.
*
* @since 2.2.0
*
* @param string $sjb_attach_resume Attach resume button.
*/
$sjb_attach_resume = '<div class="form-group">'
. '<label for="applicant_resume">' . apply_filters('sjb_resume_label', __('Attach Resume', 'simple-job-board')) . '<span class="sjb-required required">*</span></label>'
. '<input type="file" name="applicant_resume" id="applicant-resume" class="sjb-attachment form-control "' . apply_filters('sjb_resume_required', 'required="required"') . '>'
. '<span class="sjb-invalid-attachment validity-note" id="file-error-message"></span>'
. '</div>';
echo apply_filters('sjb_attach_resume', $sjb_attach_resume);
/**
* Fires on job detail page before job submit button.
*
* @since 2.2.0
*/
do_action('sjb_job_application_form_fields_end');
?>
<input type="hidden" name="job_id" value="<?php the_ID(); ?>" >
<input type="hidden" name="action" value="process_applicant_form" >
<input type="hidden" name="wp_nonce" value="<?php echo wp_create_nonce('jobpost_security_nonce') ?>" >
<div class="form-group" id="sjb-form-padding-button">
<button class="btn btn-primary app-submit"><?php esc_html_e('Submit', 'simple-job-board'); ?></button>
</div>
</div>
</div>
</form>
<div class="clearfix"></div>
<?php
/**
* Fires on job detail page after displaying job application form.
*
* @since 2.1.0
*/
do_action('sjb_job_application_end');
?>
<div id="jobpost_form_status"></div>
<!-- ==================================================
End Job Application Form -->
<?php
/**
* Fires on job detail page after displaying job application section.
*
* @since 2.1.0
*/
do_action('sjb_job_application_after');
$html_job_application = ob_get_clean();
/**
* Modify the Job Applicatin Form Template.
*
* @since 2.3.0
*
* @param html $html_job_application Job Application Form HTML.
*/
echo apply_filters('sjb_job_application_template', $html_job_application);
和这个文件simple-job-board / public / js / simple-job-board-public.js 使用此代码
/**
* Simple Job Board Core Front-end JS File - V 1.4.0
*
* @author PressTigers <support@presstigers.com>, 2016
*
* Actions List
* - Job Application Submission Callbacks
* - Date Picker Initialization
* - Validate Email
* - Initialize TelInput Plugin
* - Validate Phone Number
* - Allowable Uploaded File's Extensions
* - Validate Required Inputs ( Attachment, Phone & Email )
* - Checkbox Group Required Attribute Callbacks
* - Custom Styling of File Upload Button
*/
(function ($) {
'use strict';
$(document).ready(function () {
var jobpost_submit_button = $('.app-submit');
$(".jobpost-form").on("submit", function (event) {
var jobpost_form_status = $('#jobpost_form_status');
var datastring = new FormData(document.getElementById("sjb-application-form"));
/**
* Application Form Submit -> Validate Email & Phone & text
* @since 2.2.0
*/
var is_valid_email = sjb_is_valid_input(event, "email", "sjb-email-address");
var is_valid_phone = sjb_is_valid_input(event, "phone", "sjb-phone-number");
var is_valid_text = sjb_is_valid_input(event, "text", "sjb-text");
var is_attachment = sjb_is_attachment(event);
/* Stop Form Submission on Invalid Phone, Email & File Attachement Plus text*/
if ( !is_valid_email || !is_valid_phone || !is_attachment || !is_valid_text) {
return false;
}
$.ajax({
url: application_form.ajaxurl,
type: 'POST',
dataType: 'json',
data: datastring,
async: false,
cache: false,
contentType: false,
processData: false,
beforeSend: function () {
jobpost_form_status.html('Submitting.....');
jobpost_submit_button.attr('disabled', 'diabled');
},
success: function ( response ) {
if ( response['success'] == true ) {
$('.jobpost-form').slideUp();
/* Translation Ready String Through Script Locaization */
jobpost_form_status.html(response['success_alert']);
}
if ( response['success'] == false ) {
/* Translation Ready String Through Script Locaization */
jobpost_form_status.html( response['error'] + ' ' + application_form.jquery_alerts['application_not_submitted'] + '</div>' );
jobpost_submit_button.removeAttr( 'disabled' );
}
}
});
return false;
});
/* Date Picker */
$('.sjb-datepicker').datepicker({
dateFormat: 'dd-mm-yy',
changeMonth: true,
changeYear: true
});
/**
* Application Form -> On Input Email Validation
*
* @since 2.2.0
*/
$('.sjb-email-address').on('input', function () {
var input = $(this);
//alert("emaiiiil");
var re = /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/;
var is_email = re.test(input.val());
var error_element = $("span", $(this).parent());
if (is_email) {
input.removeClass("invalid").addClass("valid");
error_element.hide();
} else {
input.removeClass("valid").addClass("invalid");
}
});
/**
* Application Form -> On Input text Validation
*
* @since 2.2.0
*/
$('.sjb-text').on('input', function () {
var input = $(this);
// var re = /^[a-zA-Z.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z]+(?:\.[a-zA-Z]+)*$/;
var re = /^[a-zA-Z0-9]*$/;
var is_text = re.test(input.val());
var error_element = $("span", $(this).parent());
//error_element.show();
if (is_text) {
input.removeClass("invalid").addClass("valid");
error_element.hide();
} else {
input.removeClass("valid").addClass("invalid");
}
});
/**
* Initialize TelInput Plugin
*
* @since 2.2.0
*/
if ($('.sjb-phone-number').length) {
var telInput_id = $('.sjb-phone-number').map(function () {
return this.id;
}).get();
for (var input_ID in telInput_id) {
var telInput = $('#' + telInput_id[input_ID]);
telInput.intlTelInput({
initialCountry: "auto",
geoIpLookup: function (callback) {
$.get('https://ipinfo.io', function () {
}, "jsonp").always(function (resp) {
var countryCode = (resp && resp.country) ? resp.country : "";
callback(countryCode);
});
},
});
}
}
/**
* Application Form -> Phone Number Validation
*
* @since 2.2.0
*/
$('.sjb-phone-number').on('input', function () {
var telInput = $(this);
var telInput_id = $(this).attr('id');
var error_element = $("#" + telInput_id + "-invalid-phone");
error_element.hide();
// Validate Phone Number
if ($.trim(telInput.val())) {
if (telInput.intlTelInput("isValidNumber")) {
telInput.removeClass("invalid").addClass("valid");
error_element.hide();
} else {
telInput.removeClass("valid").addClass("invalid");
}
}
});
/**
* Check for Allowable Extensions of Uploaded File
*
* @since 2.3.0
*/
$('.sjb-attachment').on('change', function () {
var input = $(this);
var file = $("#" + $(this).attr("id"));
var error_element = file.parent().next("span");
error_element.text('');
error_element.hide();
// Validate on File Attachment
if ( 0 != file.get(0).files.length ) {
/**
* Uploded File Extensions Checks
* Get Uploded File Ext
*/
var file_ext = file.val().split('.').pop().toLowerCase();
// All Allowed File Extensions
var allowed_file_exts = application_form.allowed_extensions;
// Settings File Extensions && Getting value From Script Localization
var settings_file_exts = application_form.setting_extensions;
var selected_file_exts = (('yes' === application_form.all_extensions_check) || null == settings_file_exts) ? allowed_file_exts : settings_file_exts;
// File Extension Validation
if ($.inArray(file_ext, selected_file_exts) > -1) {
jobpost_submit_button.attr( 'disabled', false );
input.removeClass("invalid").addClass("valid");
} else {
/* Translation Ready String Through Script Locaization */
error_element.text(application_form.jquery_alerts['invalid_extension']);
error_element.show();
input.removeClass("valid").addClass("invalid");
}
}
});
/**
* Stop Form Submission -> On Required Attachments
*
* @since 2.3.0
*/
function sjb_is_attachment( event ) {
var error_free = true;
$(".sjb-attachment").each(function () {
var element = $("#" + $(this).attr("id"));
var valid = element.hasClass("valid");
var is_required_class = element.hasClass("sjb-not-required");
// Set Error Indicator on Invalid Attachment
if (!valid) {
if (!(is_required_class && 0 === element.get(0).files.length)) {
error_free = false;
}
}
// Stop Form Submission
if (!error_free) {
event.preventDefault();
}
});
return error_free;
}
/**
* Stop Form Submission -> On Invalid Email/Phone/text
*
* @since 2.2.0
*/
function sjb_is_valid_input(event, input_type, input_class) {
var jobpost_form_inputs = $("." + input_class).serializeArray();
var error_free = true;
for (var i in jobpost_form_inputs) {
var element = $("#" + jobpost_form_inputs[i]['name']);
var valid = element.hasClass("valid");
var is_required_class = element.hasClass("sjb-not-required");
if (!(is_required_class && "" === jobpost_form_inputs[i]['value'])) {
if ("email" === input_type) {
var error_element = $("span", element.parent());
} else if ("phone" === input_type) {
var error_element = $("#" + jobpost_form_inputs[i]['name'] + "-invalid-phone");
}else if ("text" === input_type) {
var error_element = $("span", element.parent());
}
// Set Error Indicator on Invalid Input
if (!valid) {
error_element.show();
error_free = false;
}
else {
error_element.hide();
}
// Stop Form Submission
if (!error_free) {
event.preventDefault();
}
}
}
return error_free;
}
/**
* Remove Required Attribute from Checkbox Group -> When one of the option is selected.
* Add Required Attribute from Checkboxes Group -> When none of the option is selected.
*
* @since 2.3.0
*/
var requiredCheckboxes = $(':checkbox[required]');
requiredCheckboxes.on('change', function () {
var checkboxGroup = requiredCheckboxes.filter('[name="' + $(this).attr('name') + '"]');
var isChecked = checkboxGroup.is(':checked');
checkboxGroup.prop('required', !isChecked);
});
});
/*
* Custom Styling of Upload Field Button
*
* @since 2.4.0
*/
var file = {
maxlength: 20, // maximum length of filename before it's trimmed
convert: function () {
// Convert all file type inputs.
$('input[type=file].sjb-attachment').each(function () {
$(this).wrap('<div class="file" />');
$(this).parent().prepend('<div>'+ application_form.file['browse']+'</div>');
$(this).parent().prepend('<span>'+ application_form.file['no_file_chosen']+'</span>');
$(this).fadeTo(0, 0);
$(this).attr('size', '50'); // Use this to adjust width for FireFox.
});
},
update: function (x) {
// Update the filename display.
var filename = x.val().replace(/^.*\\/g, '');
if (filename.length > $(this).maxlength) {
trim_start = $(this).maxlength / 2 - 1;
trim_end = trim_start + filename.length - $(this).maxlength + 1;
filename = filename.substr(0, trim_start) + '…' + filename.substr(trim_end);
}
if (filename == '')
filename = application_form.file['no_file_chosen'];
x.siblings('span').html(filename);
}
}
$(document).ready(function () {
file.convert();
$('input[type=file].sjb-attachment').change(function () {
file.update($(this));
});
});
})(jQuery);
注意:我的插件版本是2.4.6